Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

redirect problems and popup ads [Closed]


  • This topic is locked This topic is locked

#1
skippyj

skippyj

    New Member

  • Member
  • Pip
  • 4 posts
My computer has some kind of problem where popups appear every time I go to a new webpage in the lower right hand corner of the browser. I also am experiencing a lot of redirects to different ads and websites. Any help would be appreciated. Thanks

Attached Files


  • 0

Advertisements


#2
Nedklaw

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hello, skippyj! :wave:

:welcome: I'm Nedklaw and I'll be glad to help you with your malware issues. :)

I am currently still in training and my posts have to be approved by an expert so please expect a delay between my posts.

These instructions are specifically designed for skippyj only. No one else should follow these instructions because it can cause serious damage to your computer.

Before we start to clean your computer of malware, please read through the following points to help me and you, and prevent damage to your computer:
  • Please completely read through all of the instructions given to you before attempting to follow them. Reading too lightly will cause you to miss important steps, which could have DESTRUCTIVE effects. If you can't perform a certain step or you are unsure about what to do, let me know!
  • Don't be afraid to ask questions! If you are unsure about anything, ask me! No question is considered stupid here!
  • Be patient with me, logs can take some time to research and my life can mean that I'm busy.
  • Please copy and paste all logs into your reply. Do not attach logs to a post unless I tell you to or if they don't fit in the post.
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • NEVER fix anything in OTL or other programs on your own! This can be very dangerous and cause harm to your system.
  • Refrain from running any other tools apart from the ones I tell you to.
Note: You should save or print out my instructions for easy reference, as part of the fix may be in Safe Mode and you won't be able to access GeeksToGo.


Step 1

Posted Image Download OTL to your desktop.

  • Double click on the icon to run it. Make sure all other windows are closed to let it run uninterrupted.
    • Select Scan All Users.
    • Under the Custom Scan box paste this in:
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    services.*
    explorer.exe
    winlogon.exe
    userinit.exe
    svchost.exe
    /md5stop
    HKEY_CURRENT_USER\Software\Microsoft\Windows Media\WMSDK\Local\AutoProxyCache /s
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

Step 2

Download aswMBR.exe (4.5MB) to your desktop.

Double click aswMBR.exe to run it.

Click the "Scan" button to start the scan.
If Avast asks to download definitions, please say Yes.

Posted Image


On completion of the scan click save log, save it to your desktop and post it in your next reply.

Posted Image


Things I want to see in your next reply

  • OTL.txt
  • Extras.txt
  • aswMBR.txt

  • 0

#3
skippyj

skippyj

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
OTL logfile created on: 8/6/2012 5:43:21 PM - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Tim\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.91 Gb Total Physical Memory | 0.93 Gb Available Physical Memory | 23.65% Memory free
7.83 Gb Paging File | 3.27 Gb Available in Paging File | 41.76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 282.21 Gb Total Space | 189.84 Gb Free Space | 67.27% Space Free | Partition Type: NTFS

Computer Name: TIM-PC | User Name: Tim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/06 17:40:33 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Tim\Downloads\OTL.exe
PRC - [2012/08/06 11:07:38 | 007,601,880 | ---- | M] (Spotify Ltd) -- C:\Users\Tim\AppData\Roaming\Spotify\spotify.exe
PRC - [2012/08/06 01:36:50 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/07/16 09:31:32 | 007,445,416 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
PRC - [2012/07/16 09:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012/07/16 09:22:42 | 000,106,408 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe
PRC - [2012/07/11 15:24:52 | 001,536,712 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
PRC - [2012/07/05 18:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/07/03 11:21:30 | 004,273,976 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/07/03 11:21:29 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/04/04 00:53:54 | 001,496,472 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
PRC - [2012/04/04 00:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/02/22 22:11:19 | 000,307,824 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2012/02/17 21:54:46 | 001,150,464 | ---- | M] () -- C:\Program Files (x86)\WinRAR\WinRAR.exe
PRC - [2012/02/10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE
PRC - [2012/02/09 21:46:02 | 000,135,608 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe
PRC - [2012/01/24 18:24:26 | 002,416,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2011/11/29 21:17:50 | 000,138,248 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ccsvchst.exe
PRC - [2011/11/11 19:18:24 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2011/10/12 07:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/07/19 10:59:30 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
PRC - [2011/07/19 10:44:18 | 004,442,552 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\hsplayer.exe
PRC - [2011/06/17 12:33:04 | 000,272,528 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe
PRC - [2010/12/20 20:24:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/12/20 20:24:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/02/28 03:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE


========== Modules (No Company Name) ==========

MOD - [2012/08/06 11:07:38 | 020,219,096 | ---- | M] () -- C:\Users\Tim\AppData\Roaming\Spotify\Data\libcef.dll
MOD - [2012/08/06 01:36:48 | 002,003,424 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/07/11 15:24:52 | 009,465,032 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
MOD - [2012/04/04 00:53:52 | 000,249,232 | ---- | M] () -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\sqlite.dll
MOD - [2012/04/01 14:30:55 | 011,833,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\42ae8760f0a74ab774e82a64368aa1f6\System.Web.ni.dll
MOD - [2012/04/01 14:30:21 | 012,433,408 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll
MOD - [2012/04/01 14:30:14 | 001,587,200 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll
MOD - [2012/04/01 14:29:54 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
MOD - [2012/04/01 14:29:36 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll
MOD - [2012/04/01 14:29:35 | 007,967,232 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
MOD - [2012/02/17 21:54:46 | 001,150,464 | ---- | M] () -- C:\Program Files (x86)\WinRAR\WinRAR.exe
MOD - [2011/12/08 14:56:33 | 000,220,672 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\2c2215e99c21daeec6bf697cf7bcf103\CustomMarshalers.ni.dll
MOD - [2011/12/08 08:06:16 | 000,025,600 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\31fce331fded94dd06627603f6fe4562\Accessibility.ni.dll
MOD - [2011/12/08 08:06:13 | 011,490,304 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/12/06 23:46:59 | 008,007,680 | ---- | M] () -- C:\windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/10/05 03:52:30 | 000,756,048 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL
MOD - [2010/11/20 22:24:01 | 000,069,120 | ---- | M] () -- C:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
MOD - [2010/02/28 03:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE


========== Win32 Services (SafeList) ==========

SRV - [2012/08/06 01:36:49 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/08/03 19:28:52 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/16 09:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/07/05 18:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/04/04 00:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/02/10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012/02/10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE -- (BBSvc)
SRV - [2012/02/09 21:46:02 | 000,135,608 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
SRV - [2011/11/29 21:17:50 | 000,138,248 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe -- (NIS)
SRV - [2011/10/12 07:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/08/02 07:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/07/19 10:59:30 | 000,126,392 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe -- (PCCUJobMgr)
SRV - [2011/07/11 19:16:06 | 000,057,216 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2011/06/17 12:33:04 | 000,237,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe -- (McComponentHostService)
SRV - [2010/12/20 20:24:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/12/20 20:24:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/05/28 04:14:56 | 001,044,840 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV - [2012/01/07 04:24:09 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20120106.032\ex64.sys -- (NAVEX15)
DRV - [2012/01/07 04:24:09 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20120106.032\eng64.sys -- (NAVENG)
DRV - [2011/11/30 22:09:18 | 000,482,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2011/11/30 21:25:03 | 001,157,240 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20111223.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2011/11/30 17:07:46 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20120106.002\IDSviA64.sys -- (IDSVia64)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2006/11/02 17:57:04 | 000,036,624 | ---- | M] (Sonic Solutions) [Kernel | Boot | Stopped] -- C:\Windows\SysWOW64\drivers\pxhelp20.sys -- (PxHelp20)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}: "URL" = http://www.google.co...ng}&rlz=1I7TSNO
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-662330982-3678032730-1561750087-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/?cid=C001B2Y
IE - HKU\S-1-5-21-662330982-3678032730-1561750087-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-662330982-3678032730-1561750087-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-662330982-3678032730-1561750087-1001\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-662330982-3678032730-1561750087-1001\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-662330982-3678032730-1561750087-1001\..\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}: "URL" = http://www.google.co...ng}&rlz=1I7TSNO
IE - HKU\S-1-5-21-662330982-3678032730-1561750087-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-662330982-3678032730-1561750087-1001\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7ACAW
IE - HKU\S-1-5-21-662330982-3678032730-1561750087-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7TSNO_enUS460
IE - HKU\S-1-5-21-662330982-3678032730-1561750087-1001\..\SearchScopes\{F3DDE8CC-32EF-41BE-A0B0-E102069D7073}: "URL" = http://www.google.co...ng}&rlz=1I7TSNO
IE - HKU\S-1-5-21-662330982-3678032730-1561750087-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-662330982-3678032730-1561750087-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Wikipedia (en)"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.4
FF - prefs.js..extensions.enabledItems: [email protected]:9.0.0.736
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1
FF - prefs.js..extensions.enabledItems: [email protected]:0.3.4.9
FF - prefs.js..extensions.enabledItems: {5fb1186a-3398-4c47-b579-0f2eee222ad1}:1.0.4.9
FF - prefs.js..extensions.enabledItems: {d47a9f51-8281-43fa-f450-f28ef8735e9a}:2.1.1
FF - prefs.js..extensions.enabledItems: [email protected]:3.13.2.19401
FF - prefs.js..extensions.enabledItems: {27ACE843-F2CF-4284-8501-C9306CE44D4A}:3.0.1
FF - prefs.js..keyword.URL: "http://search.condui...rchSource=2&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.socks: "71.36.107.4"
FF - prefs.js..network.proxy.socks_port: 3129
FF - prefs.js..network.proxy.type: 1


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\IPSFFPlgn\ [2012/03/28 15:12:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\coFFPlgn\ [2012/03/28 15:12:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/02/01 12:21:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/07/16 18:01:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/08/06 01:36:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/12/01 22:01:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tim\AppData\Roaming\Mozilla\Extensions
[2012/07/15 18:43:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\ex37d9a8.default\extensions
[2012/07/15 18:43:01 | 000,000,000 | ---D | M] (Vuze Remote Community Toolbar) -- C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\ex37d9a8.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2011/11/30 22:35:06 | 000,000,000 | ---D | M] (Pixlr Grabber) -- C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\ex37d9a8.default\extensions\{d47a9f51-8281-43fa-f450-f28ef8735e9a}
[2012/06/29 10:52:10 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\ex37d9a8.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2012/06/25 17:57:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/07/17 11:31:19 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/04/04 00:26:47 | 000,399,561 | ---- | M] () (No name found) -- C:\USERS\TIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EX37D9A8.DEFAULT\EXTENSIONS\{53A03D43-5363-4669-8190-99061B2DEBA5}.XPI
[2012/08/06 01:36:50 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/08/06 01:36:45 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/08/06 01:36:45 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://start.toshiba.com/?cid=C001B2Y
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://start.toshiba.com/?cid=C001B2Y
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.60\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.250.6 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U25 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.60\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.60\pdf.dll
CHR - plugin: Norton Confidential (Enabled) = C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.2.1.6_0\npcoplgn.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: YouTube = C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: AVG Safe Search = C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: No name found = C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\
CHR - Extension: AVG Safe Search = C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\
CHR - Extension: Skype Click to Call = C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.1.0.10441_0\
CHR - Extension: Gmail = C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/03/29 12:20:50 | 000,001,401 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 68.168.222.226 www.google-analytics.com.
O1 - Hosts: 68.168.222.226 ad-emea.doubleclick.net.
O1 - Hosts: 68.168.222.226 www.statcounter.com.
O1 - Hosts: 108.163.215.51 www.google-analytics.com.
O1 - Hosts: 108.163.215.51 ad-emea.doubleclick.net.
O1 - Hosts: 108.163.215.51 www.statcounter.com.
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-662330982-3678032730-1561750087-1001\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-662330982-3678032730-1561750087-1001\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe (Toshiba)
O4 - HKLM..\Run: [ToshibaAppPlace] C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe (Toshiba)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TSleepSrv] C:\Program Files (x86)\Toshiba\TOSHIBA Sleep Utility\TSleepSrv.exe (TOSHIBA)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-662330982-3678032730-1561750087-1001..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKU\S-1-5-21-662330982-3678032730-1561750087-1001..\Run: [Spotify] C:\Users\Tim\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKU\S-1-5-21-662330982-3678032730-1561750087-1001..\Run: [Spotify Web Helper] C:\Users\Tim\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: iMacros V8 - {602AB448-D389-4a54-B6A6-CE57AA0CCFC4} - C:\Program Files (x86)\iOpus\iMacros\iMacrosSidebar.dll ()
O9 - Extra 'Tools' menuitem : iMacros V8 - {602AB448-D389-4a54-B6A6-CE57AA0CCFC4} - Reg Error: Value error. File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{162D375F-33C8-4AE2-B142-D5EA7ADFB5E3}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DB69A453-338B-4EE9-88FD-5FF45E6053E2}: DhcpNameServer = 10.1.10.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/08/06 10:34:51 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{AD48D42C-6F83-40E2-87CF-F54F6FC024A2}
[2012/08/06 10:34:37 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{772FFD79-86D5-4DB1-9A2B-A3768732176B}
[2012/08/06 01:37:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/08/06 01:37:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/08/05 22:34:23 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{5FA577AC-D9A1-46F7-8A5D-812E6CDF9E21}
[2012/08/05 22:33:59 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{CC3FFFAA-FA2A-4947-93B4-D5A6F510663F}
[2012/08/05 11:00:00 | 000,000,000 | ---D | C] -- C:\Users\Tim\temp
[2012/08/05 10:59:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer
[2012/08/05 10:33:30 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{548E9B8C-D36D-44B3-B685-C618742DDB11}
[2012/08/05 10:33:01 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{CCA993FF-38C5-4575-9BEE-4842ADAAE96A}
[2012/08/04 19:27:19 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{80E780B0-6713-4CB9-A089-64730BA5188C}
[2012/08/04 19:26:56 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{92632240-3189-49AD-82DE-7DCA1B9F50F6}
[2012/08/04 07:27:04 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{F773F962-D9AB-461E-BDB7-D87EA0B74481}
[2012/08/03 14:53:13 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{E078393D-F85D-4EC4-93F0-FF277F45EECA}
[2012/08/03 02:49:40 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{D00E8AA1-C379-46F9-B89B-CEB64786941E}
[2012/08/02 10:49:12 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{CC82F696-049A-4862-97B0-A3A8F91DC84E}
[2012/08/02 10:48:50 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{547161FE-01BA-4487-83DB-6348D2D1A10B}
[2012/08/01 22:48:36 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{4583F71E-D786-4E8E-B11D-3EEFD8A06910}
[2012/08/01 22:48:13 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{88A3CC5D-C6FA-442C-8B7B-4C42782C76B6}
[2012/08/01 10:47:54 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{E5A0260B-B8F2-4B3C-8170-4509916F6C24}
[2012/08/01 10:47:30 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{03F0ABBB-D6B4-4D28-8DF7-36240CC066AD}
[2012/07/31 15:31:45 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{9C8DE80E-7C2D-4F77-94F8-F15F444871B9}
[2012/07/31 15:31:19 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{DFD07447-7287-4953-A1C7-9F3D1D208788}
[2012/07/31 03:28:29 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{311AD7F0-7624-46B4-B29C-A63E62AE961B}
[2012/07/30 12:08:58 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{107BD635-FF58-4434-BC74-F0A9868EFBE6}
[2012/07/30 12:08:36 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{29A196C3-2B2A-48AA-882F-E07D1525FC4E}
[2012/07/30 00:07:50 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{6078E827-2539-4581-A2A4-458FE6ABD910}
[2012/07/30 00:07:32 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{49640341-5D20-4829-B441-6CE8779854B2}
[2012/07/28 07:50:57 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{AB1AEDCB-16F4-46AF-A990-607C552D5DB7}
[2012/07/28 07:50:35 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{2EB202C9-F656-4527-8029-B79E32927032}
[2012/07/27 14:27:32 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{0E27335C-BFEF-4A03-9841-330AF52D8E32}
[2012/07/27 14:27:09 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{8F351E56-41BC-4EA5-A412-5570073D8E80}
[2012/07/26 22:58:11 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{0C69D84F-FAC3-4C4B-AF31-FCC6B0F86101}
[2012/07/26 22:57:49 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{5E6EE0D8-5DDC-48E9-9E9D-817C86A2C0E8}
[2012/07/26 09:44:29 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{D8D39E48-9889-47B0-B3CE-83A1D87B5940}
[2012/07/26 09:44:05 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{8F3A0A53-F1C5-4E24-82F0-58ABB5EECEAF}
[2012/07/25 21:43:37 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{81749C3E-BC8B-41A7-8AE2-D1E8AFDFC88D}
[2012/07/25 21:43:14 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{D3D6CD3B-0969-48FC-8DA1-CC21C42427DC}
[2012/07/25 13:44:52 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\Diagnostics
[2012/07/25 09:35:19 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{DBA7BB3B-DE3A-4F6D-AE9E-55141C2910D5}
[2012/07/25 09:34:56 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{A2299B7D-7D24-4698-B041-2553B3A3AC32}
[2012/07/24 21:34:30 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{542C17EA-1C78-490A-AA45-58D2257A2841}
[2012/07/24 21:34:11 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{C7BDBC4F-AFD0-4BBD-AA9D-42E3546FFF3A}
[2012/07/24 05:53:09 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{3FEE3188-D94E-4573-BF8F-C7866F1D797A}
[2012/07/23 16:08:50 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{944418F0-2B7A-4C65-8D6C-0348A0402BF4}
[2012/07/23 16:08:28 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{2B2B04BD-0C0C-4A3D-9682-D13D3B252E01}
[2012/07/23 03:53:44 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{7B85B8D0-A731-4184-B661-C406895E0930}
[2012/07/22 10:37:54 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{B918D522-8E25-421D-A367-CC1F8B0BB22E}
[2012/07/20 16:06:48 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{D4084B8E-A7B9-4F08-B147-6127F0DAD869}
[2012/07/20 16:06:26 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{898BB33A-9859-4424-84CB-D661F048F13A}
[2012/07/20 02:53:06 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{B6287EE4-166C-44A7-BAED-3857460227BA}
[2012/07/19 20:12:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Soulseek NS
[2012/07/19 20:12:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SoulseekNS
[2012/07/19 20:12:38 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Soulseek NS
[2012/07/19 10:50:02 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{210F8A56-40A3-451A-AA6A-ED63D87026A6}
[2012/07/19 10:49:34 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{D7AC55E3-A000-4975-8495-9DEB31287EBA}
[2012/07/18 16:32:26 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{5754ACA0-BFD5-4FE0-822B-B441536A594E}
[2012/07/18 16:32:03 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{F586015A-7D2F-438B-9F77-6B2414B7F52D}
[2012/07/18 04:32:09 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{1DCB1D86-D3AA-4138-8996-230F76734DFB}
[2012/07/17 11:30:46 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{E3729DBE-761E-4094-B1C6-F715A27FDC85}
[2012/07/17 11:30:26 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{B6647090-5572-4C19-8BC6-36A2DA96264E}
[2012/07/16 18:01:30 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{8850B9A0-5B5F-48A6-9B91-CFEFD9E0C863}
[2012/07/16 18:01:07 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{93511005-3EFE-4A64-B762-99EDF7081116}
[2012/07/16 06:57:45 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{74AF08F8-B53E-4E3A-8396-375DFE3D8358}
[2012/07/16 00:38:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2012/07/15 14:04:35 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{CD9A908C-56BB-4778-8C2A-2B0087C17444}
[2012/07/15 14:04:13 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{1BA4D831-9594-4E75-83AE-3FA1C9EADDFE}
[2012/07/15 02:02:13 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{29C6D9A7-FF26-41F0-BCB1-7915B27A573D}
[2012/07/14 10:06:16 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{60394F2E-F682-46EC-B8FB-25C3BD260023}
[2012/07/14 10:05:38 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{CDB8254B-5387-4413-8447-0528C002796F}
[2012/07/13 21:53:25 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{6279921F-B21E-41F7-AB86-5ACAF5C0D94B}
[2012/07/13 21:53:02 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{A3074539-502D-40F9-9549-2554412E8C15}
[2012/07/13 09:50:22 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{479DDDBA-71CE-4249-8FF7-59ACA9F5DB76}
[2012/07/13 01:03:28 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{A54D8CAC-DC96-449E-B147-96A4DD7B4A99}
[2012/07/13 01:02:42 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{DBF32FF5-0E8E-4C9B-A486-10F7242C46CC}
[2012/07/12 10:44:13 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{01947419-9D65-4A13-A6C3-6FE329A846C7}
[2012/07/12 10:43:36 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{B6439CEC-7290-48EE-827B-2D0448AEE115}
[2012/07/11 22:43:20 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{608129FF-6775-471A-932B-F6B7F378578D}
[2012/07/11 22:42:56 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{CD6CE277-3B5E-494F-A182-31E08B3E9888}
[2012/07/11 09:47:06 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{21CD0473-E334-4A7A-9452-90AFC3C1F837}
[2012/07/11 09:46:43 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{22510CFE-D157-44FD-8A80-C2514DE4D6A4}
[2012/07/10 21:46:28 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{562DDFCE-EE74-462B-B888-37855D4D4CDC}
[2012/07/10 21:45:52 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{E6934E59-C79C-4394-9750-D07E17B1FE20}
[2012/07/10 09:45:17 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{D516C6F4-6277-4DD5-B65C-93028A463965}
[2012/07/10 04:02:22 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{88BBB4DD-AA94-4FBC-B590-4947A04CE36B}
[2012/07/09 11:38:14 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{D93B18A6-11A0-4797-BA1F-CEF554FE4AC8}
[2012/07/08 14:24:10 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{D95FB1DA-A8A4-47A7-9F24-C60A540E4ED0}
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/06 17:29:00 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/06 17:06:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/08/06 16:56:32 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/08/05 19:37:30 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/05 10:59:55 | 000,001,173 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 7.lnk
[2012/08/03 19:28:52 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2012/08/03 19:28:52 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/07/16 18:03:35 | 3151,998,976 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/16 18:02:05 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\config.nt
[2012/07/16 17:53:04 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/16 00:38:34 | 000,002,105 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2012/07/16 00:38:34 | 000,002,105 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/05 10:59:55 | 000,001,185 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 7.lnk
[2012/08/05 10:59:55 | 000,001,173 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 7.lnk
[2012/06/26 17:26:07 | 000,009,356 | ---- | C] () -- C:\Users\Tim\statement5.pdf
[2012/06/26 17:24:25 | 000,009,487 | ---- | C] () -- C:\Users\Tim\statement2.pdf
[2012/06/13 00:01:52 | 000,000,017 | ---- | C] () -- C:\windows\SysWow64\shortcut_ex.dat
[2012/01/11 02:05:43 | 000,001,526 | -HS- | C] () -- C:\Users\Tim\AppData\Local\uyy2qb2nixeuy64x76lad14
[2012/01/11 02:05:43 | 000,001,526 | -HS- | C] () -- C:\ProgramData\uyy2qb2nixeuy64x76lad14
[2012/01/09 02:20:06 | 000,001,530 | -HS- | C] () -- C:\Users\Tim\AppData\Local\85gfhs16d178dr1hh0xjm30p6h0q21116cdd7446x2am34
[2012/01/09 02:20:06 | 000,001,530 | -HS- | C] () -- C:\ProgramData\85gfhs16d178dr1hh0xjm30p6h0q21116cdd7446x2am34
[2011/12/23 14:49:38 | 000,193,049 | ---- | C] () -- C:\windows\hpwins22.dat
[2011/12/23 14:49:38 | 000,002,850 | ---- | C] () -- C:\windows\hpwmdl22.dat
[2011/12/06 23:32:27 | 000,000,794 | ---- | C] () -- C:\windows\SysWow64\Settings.ini
[2011/12/06 12:34:38 | 000,747,538 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/12/02 01:11:57 | 000,003,654 | ---- | C] () -- C:\windows\SysWow64\drivers\Sonyhcp.dll
[2011/10/13 15:21:24 | 000,072,080 | ---- | C] () -- C:\Users\Tim\g2mdlhlpx.exe
[2011/09/28 13:58:34 | 000,451,072 | ---- | C] () -- C:\windows\SysWow64\ISSRemoveSP.exe
[2011/09/28 13:53:17 | 000,128,312 | ---- | C] () -- C:\windows\SysWow64\GFNEX.dll
[2011/04/04 22:07:00 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin
[2011/04/04 22:06:58 | 000,963,116 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin
[2011/04/04 22:06:58 | 000,216,876 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin
[2011/02/03 21:56:58 | 000,066,856 | ---- | C] () -- C:\windows\SysWow64\SynTPEnhPS.dll
[2011/01/28 13:54:06 | 000,048,640 | ---- | C] () -- C:\windows\fsViewer_acm.exe
[2011/01/28 13:53:52 | 000,051,200 | ---- | C] () -- C:\windows\fsViewer_h.dll
[2010/06/30 13:40:05 | 000,503,508 | ---- | C] () -- C:\Users\Tim\Grand 3+R+R Rasin(7#).jpg
[2010/06/30 13:40:05 | 000,173,335 | ---- | C] () -- C:\Users\Tim\Denning 3+R+R RAISN(#7).jpg

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 01:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 22:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/20 22:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: SERVICES >
[2009/06/10 16:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services

< MD5 for: SERVICES.CFG >
[2012/04/04 00:53:54 | 000,585,987 | ---- | M] () MD5=7BAB089A4F862C6BC86E0201D5BF1779 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Services\Services.cfg
[2012/04/04 00:53:54 | 000,585,987 | ---- | M] () MD5=7BAB089A4F862C6BC86E0201D5BF1779 -- C:\Users\Tim\AppData\Local\Temp\Services.cfg
[2011/06/06 12:55:30 | 000,584,045 | R--- | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\services.cfg

< MD5 for: SERVICES.DAT >
[2012/05/11 17:52:56 | 000,010,240 | ---- | M] () MD5=E1CDC438DA4DDBC34C975697F099A6C7 -- C:\Users\Tim\AppData\Roaming\Adobe\Acrobat\10.0\Security\services.dat

< MD5 for: SERVICES.EXE >
[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\windows\SysNative\services.exe
[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2010/11/21 02:06:16 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\windows\SysNative\en-US\services.exe.mui
[2010/11/21 02:06:16 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui

< MD5 for: SERVICES.HTML >
[2010/07/16 10:31:00 | 000,005,011 | ---- | M] () MD5=D301B211EF990E2843AA75C67CFD1EE4 -- C:\Users\Tim\Documents\CoffeeCup Software\Themes\HTML Editor\HTML5 Themes\Basic Gray\html\services.html

< MD5 for: SERVICES.LNK >
[2009/07/13 23:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 23:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2009/06/10 15:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\windows\SysNative\wbem\services.mof
[2009/06/10 15:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof

< MD5 for: SERVICES.MSC >
[2010/11/21 02:06:14 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\windows\SysNative\en-US\services.msc
[2009/06/10 15:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\windows\SysNative\services.msc
[2010/11/21 02:06:17 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2009/06/10 16:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2010/11/21 02:06:14 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/10 15:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2010/11/21 02:06:17 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 16:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

< MD5 for: SERVICES.PNG >
[2008/03/27 05:57:28 | 000,003,334 | ---- | M] () MD5=5FF3A00670DE8D80ADA4BD034B55D154 -- C:\Users\Tim\Documents\CoffeeCup Software\Graphics\CoffeeCup Graphics Pack Samples\Red\services.png
[2008/03/27 05:38:18 | 000,003,827 | ---- | M] () MD5=BFC0958B73C61EE6C5EEA8D8C6073D26 -- C:\Users\Tim\Documents\CoffeeCup Software\Graphics\CoffeeCup Graphics Pack Samples\Blue\services.png

< MD5 for: SERVICES.PTXML >
[2009/07/13 15:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 15:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml

< MD5 for: SVCHOST.EXE >
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2011/03/01 03:10:51 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=635455A95EB8EC47AC72142E501465ED -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7601.21671_none_14271b75353e4391\svchost.exe
[2011/03/01 03:07:49 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=6F68F63794097E54F36474ED4384B759 -- C:\windows\SysNative\svchost.exe
[2011/03/01 03:07:49 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=6F68F63794097E54F36474ED4384B759 -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7601.17568_none_13af509c1c123937\svchost.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2011/03/01 03:07:49 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=A91A288C91F9D9F1CFA4FAA9893C4D55 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7601.21671_none_b8087ff17ce0d25b\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
[2011/03/01 03:05:31 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=ECDB182F885292145826C58252B53000 -- C:\Windows\SysWOW64\svchost.exe
[2011/03/01 03:05:31 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=ECDB182F885292145826C58252B53000 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7601.17568_none_b790b51863b4c801\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 22:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 22:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/20 22:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\windows\SysNative\userinit.exe
[2010/11/20 22:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 22:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\windows\SysNative\winlogon.exe
[2010/11/20 22:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

< HKEY_CURRENT_USER\Software\Microsoft\Windows Media\WMSDK\Local\AutoProxyCache /s >

========== Files - Unicode (All) ==========
[2010/07/08 01:15:59 | 001,547,748 | ---- | M] ()(C:\Users\Tim\Documents\??1.jpg) -- C:\Users\Tim\Documents\图片1.jpg
[2010/07/08 01:14:44 | 001,547,748 | ---- | C] ()(C:\Users\Tim\Documents\??1.jpg) -- C:\Users\Tim\Documents\图片1.jpg
[2010/07/01 11:17:17 | 000,112,212 | ---- | M] ()(C:\Users\Tim\Documents\88???.jpg) -- C:\Users\Tim\Documents\88型三人.jpg
[2010/07/01 11:17:09 | 000,112,212 | ---- | C] ()(C:\Users\Tim\Documents\88???.jpg) -- C:\Users\Tim\Documents\88型三人.jpg
[2010/07/01 11:02:05 | 000,626,122 | ---- | M] ()(C:\Users\Tim\Documents\3R,??,???,w.jpg) -- C:\Users\Tim\Documents\3R,浅棕,带茶几,w.jpg
[2010/07/01 11:01:32 | 000,626,122 | ---- | C] ()(C:\Users\Tim\Documents\3R,??,???,w.jpg) -- C:\Users\Tim\Documents\3R,浅棕,带茶几,w.jpg
[2010/06/30 13:43:01 | 001,599,607 | ---- | M] ()(C:\Users\Tim\??3.jpg) -- C:\Users\Tim\图片3.jpg
[2010/06/30 13:43:01 | 001,483,342 | ---- | M] ()(C:\Users\Tim\??2.jpg) -- C:\Users\Tim\图片2.jpg
[2010/06/30 13:42:59 | 001,547,748 | ---- | M] ()(C:\Users\Tim\??1.jpg) -- C:\Users\Tim\图片1.jpg
[2010/06/30 13:42:58 | 001,447,531 | ---- | M] ()(C:\Users\Tim\??4.jpg) -- C:\Users\Tim\图片4.jpg
[2010/06/30 13:40:05 | 001,599,607 | ---- | C] ()(C:\Users\Tim\??3.jpg) -- C:\Users\Tim\图片3.jpg
[2010/06/30 13:40:05 | 001,547,748 | ---- | C] ()(C:\Users\Tim\??1.jpg) -- C:\Users\Tim\图片1.jpg
[2010/06/30 13:40:05 | 001,483,342 | ---- | C] ()(C:\Users\Tim\??2.jpg) -- C:\Users\Tim\图片2.jpg
[2010/06/30 13:40:05 | 001,447,531 | ---- | C] ()(C:\Users\Tim\??4.jpg) -- C:\Users\Tim\图片4.jpg
[2010/06/29 19:29:55 | 000,235,950 | ---- | M] ()(C:\Users\Tim\Documents\CX-943(3??).jpg) -- C:\Users\Tim\Documents\CX-943(3人位).jpg
[2010/06/29 19:29:46 | 000,219,237 | ---- | M] ()(C:\Users\Tim\Documents\CX-943(2??).jpg) -- C:\Users\Tim\Documents\CX-943(2人位).jpg
[2010/06/29 19:29:45 | 000,213,210 | ---- | M] ()(C:\Users\Tim\Documents\CX-943(1??).jpg) -- C:\Users\Tim\Documents\CX-943(1人位).jpg
[2010/06/29 19:26:59 | 000,219,237 | ---- | C] ()(C:\Users\Tim\Documents\CX-943(2??).jpg) -- C:\Users\Tim\Documents\CX-943(2人位).jpg
[2010/06/29 19:26:58 | 000,213,210 | ---- | C] ()(C:\Users\Tim\Documents\CX-943(1??).jpg) -- C:\Users\Tim\Documents\CX-943(1人位).jpg
[2010/06/29 19:26:54 | 000,235,950 | ---- | C] ()(C:\Users\Tim\Documents\CX-943(3??).jpg) -- C:\Users\Tim\Documents\CX-943(3人位).jpg
[2010/06/28 21:55:05 | 000,072,872 | ---- | M] ()(C:\Users\Tim\Documents\??.jpg) -- C:\Users\Tim\Documents\尺寸.jpg
[2010/06/28 21:54:58 | 000,072,872 | ---- | C] ()(C:\Users\Tim\Documents\??.jpg) -- C:\Users\Tim\Documents\尺寸.jpg
[2010/05/24 23:10:30 | 000,103,294 | ---- | M] ()(C:\Users\Tim\Documents\????.png) -- C:\Users\Tim\Documents\床垫图片.png
[2010/05/24 23:10:22 | 000,103,294 | ---- | C] ()(C:\Users\Tim\Documents\????.png) -- C:\Users\Tim\Documents\床垫图片.png
[2010/05/19 21:50:53 | 000,024,576 | ---- | M] ()(C:\Users\Tim\Documents\??.pdf.tpl) -- C:\Users\Tim\Documents\床架.pdf.tpl
[2010/05/19 21:49:26 | 000,024,576 | ---- | C] ()(C:\Users\Tim\Documents\??.pdf.tpl) -- C:\Users\Tim\Documents\床架.pdf.tpl
[2010/05/19 20:36:00 | 000,022,287 | ---- | M] ()(C:\Users\Tim\Documents\???8976?.jpg) -- C:\Users\Tim\Documents\未命名8976捎.jpg
[2010/05/19 20:35:55 | 000,022,287 | ---- | C] ()(C:\Users\Tim\Documents\???8976?.jpg) -- C:\Users\Tim\Documents\未命名8976捎.jpg
[2010/05/13 22:32:42 | 000,153,600 | ---- | M] ()(C:\Users\Tim\Documents\?? Microsoft Word ?? (4).doc) -- C:\Users\Tim\Documents\新建 Microsoft Word 文档 (4).doc
[2010/05/13 22:32:36 | 000,153,600 | ---- | C] ()(C:\Users\Tim\Documents\?? Microsoft Word ?? (4).doc) -- C:\Users\Tim\Documents\新建 Microsoft Word 文档 (4).doc
[2010/05/13 11:47:34 | 000,058,483 | ---- | M] ()(C:\Users\Tim\Documents\?? 177_nEO_IMG.jpg) -- C:\Users\Tim\Documents\照片 177_nEO_IMG.jpg
[2010/05/13 11:47:22 | 000,058,483 | ---- | C] ()(C:\Users\Tim\Documents\?? 177_nEO_IMG.jpg) -- C:\Users\Tim\Documents\照片 177_nEO_IMG.jpg

< End of report >
----------------------------------------------
OTL Extras logfile created on: 8/6/2012 5:43:21 PM - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Tim\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.91 Gb Total Physical Memory | 0.93 Gb Available Physical Memory | 23.65% Memory free
7.83 Gb Paging File | 3.27 Gb Available in Paging File | 41.76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 282.21 Gb Total Space | 189.84 Gb Free Space | 67.27% Space Free | Partition Type: NTFS

Computer Name: TIM-PC | User Name: Tim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-662330982-3678032730-1561750087-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A1A63B9-9FDF-4BCC-9D63-8994C854A28F}" = lport=137 | protocol=17 | dir=in | app=system |
"{0ADC15DE-1447-436D-B0B4-7EA3180BD1DA}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{0BA7E47F-4C12-4878-8CAD-F7767BC49DE2}" = lport=10243 | protocol=6 | dir=in | app=system |
"{0C6A5066-E947-4FDB-85CC-D3512E60BF47}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{109FC9BE-FD61-45D1-8D16-6059B832B8A2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{198E5B8C-CA36-461B-A183-54BF69AAA57C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1B2F01CB-7CB7-42E0-B198-8A22D488C6F3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{218B8136-AE82-4DFC-8A2A-DFD82FE86467}" = lport=10255 | protocol=6 | dir=in | name=tmc_plugin_port |
"{2AD3C796-61A2-4F39-B3C3-E6060DF4F2C2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2CE795D4-1F13-4CA9-8E40-CA057CC8DB52}" = rport=10243 | protocol=6 | dir=out | app=system |
"{4641FAC9-2122-477B-B904-82BDA1AFF40D}" = rport=139 | protocol=6 | dir=out | app=system |
"{4C0DF08F-7A15-449D-A338-5D3871FF843A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{53B05DB8-04BC-4000-B003-BF4BC882DCE3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6418B1F8-C2C1-4E1C-B5AC-CDF23BF72BDC}" = lport=138 | protocol=17 | dir=in | app=system |
"{807B340C-4BC4-4EEF-A678-1DAF3952AE99}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{844AE88C-158A-4812-9756-17B6D1BEB7E2}" = rport=138 | protocol=17 | dir=out | app=system |
"{86ED6703-E3B9-4530-A58B-3D4E2DC3C0AE}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{91533A44-DE1E-4996-893E-3CE09F7F4177}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{939BBC50-52FC-40D9-8461-479A60FD6DBA}" = rport=137 | protocol=17 | dir=out | app=system |
"{A98AAC02-7F80-44DE-B47A-5C691F19DD6D}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{BFFFE0E1-059D-4467-8C20-FAA3DAEC4848}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{C0FEF435-C8B7-4021-B619-D6FDACE2769C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C118CA60-26F9-4AC9-B94E-3729BE11DC12}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C5A825F5-87BA-4088-AC34-A3B11682F6DA}" = lport=139 | protocol=6 | dir=in | app=system |
"{C767CC50-C105-42EF-B8B8-4594BC138637}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{C9B4CB40-47E9-4CB4-91E3-AACA4D3B0568}" = rport=445 | protocol=6 | dir=out | app=system |
"{F1564EB0-EBD1-44D7-9973-81505698E614}" = lport=445 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05BE8EE3-07CC-4548-9862-35B21F1D7B1E}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{08BE1AA0-6C32-4BD5-A37B-82DFCDEAC8CD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0D6275E4-C83F-4CA3-A2D7-95B2B7DECF95}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{0DDDB02F-7408-4C05-A153-C2896D5967FE}" = protocol=6 | dir=out | app=system |
"{0DE1108A-99EE-48AC-A259-5F62AD87552B}" = protocol=6 | dir=in | app=c:\users\tim\appdata\local\temp\7zs45df\hppiw.exe |
"{0EBCD28A-4088-4934-8A29-B0F3B89D7361}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\devicesetup.exe |
"{127F0F03-8D20-4098-A448-2D38F3538F42}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\devicesetup.exe |
"{1771E7EA-B8F8-4D2A-9800-66532A36EA3D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{18217998-2AC1-4F1A-A098-A9B9BB9CA4D6}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe |
"{1BBEB0FB-8C1D-4BEC-B0F5-3A718BB125F5}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{2125B79F-56E3-4864-9249-58A170A511BF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{24396872-C5D1-47B1-A1BF-DE16912E3202}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2EB4E1CC-167E-4CD8-BEBF-B2BE078B2427}" = protocol=58 | dir=in | [email protected],-28545 |
"{2F97B423-D803-4497-8240-6BC11CCDEC40}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{3361721D-E57F-4B21-9A99-95D5D9439940}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{33A1AE54-E329-47A0-9899-0CA161E48FDF}" = protocol=17 | dir=in | app=c:\users\tim\appdata\local\temp\7zs45df\hppiw.exe |
"{3592C328-C33D-4D51-B849-665C6A5013CB}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{35C6879B-2DBC-4269-9BD2-1A64E8A5FA8B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{3F88B3FA-0D51-4EEA-9E79-1FB5659C8EAD}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{414D5D2B-8AE4-41EC-9E4F-3E1A55C26FA1}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{4993C833-CB9C-4E2A-8FF5-C3B67DB48901}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{5042E326-D765-4666-88AA-D1EEE89B86C6}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{58AFB35B-7318-4B90-A7C5-C36C0DCC26BC}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{6DE48FA9-CB64-4BE3-8133-B24AFE14879F}" = protocol=1 | dir=out | [email protected],-28544 |
"{6F12B868-C7E4-4755-93E4-5A114AE9D3C8}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{7D2DD069-595F-41AD-8464-5EFADB0F5216}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7D99574F-578D-44E1-ABEF-BA6917A5A8B1}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe |
"{8191F668-DDEA-4E1D-A2FA-8657DB0ECD05}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{846DEADC-E1EA-44F3-A41A-F39B186080F0}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{84BD6836-BB53-45EA-8C00-434C86CE304B}" = protocol=58 | dir=out | [email protected],-28546 |
"{858C442B-DC92-4226-957A-700322383DB5}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{87172C79-CB17-40FB-AD44-EE27C78CE3CE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9AD3BAB8-866F-408B-9162-8C53C423D539}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9E084D3D-84B6-481B-9F64-D12D957BA473}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{9E91DEFD-DB7A-4D2F-8C1F-0628FB297A84}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{AF18BCA4-ADAB-4D8D-AF99-B6317FEF72A0}" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"{B511BA2D-38B8-4A75-8F47-CFC8DC821CA8}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{BAA19C16-AD46-4A96-92B0-782F8D5792DA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C4E83849-87A6-492C-993A-D4E9AB2D537D}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D30EF69D-B98C-4191-887B-40AE5881B1B5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D6BE1803-57B4-426D-ABE8-EC864496B876}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{D98CBBAD-D94D-4AE3-81B3-207F98E4F494}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{DABE3AFB-B663-4C8D-9C55-D291DCE508E6}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E3DEC186-FCE1-4746-962E-5D053D189D33}" = protocol=1 | dir=in | [email protected],-28543 |
"{E4B968B0-99E8-46C4-911F-AB13F85D0B22}" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"{E715C3FE-0781-4E4D-8418-519A64352B06}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F1DC5B00-2ABD-400D-B0E6-D57923BF251C}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{FD52FA57-572F-48A9-9D27-779C000FE429}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D795777-9D60-4692-8386-F2B3F2B5E5BF}" = [email protected] 1.0
"{119826A8-4EF6-4BE5-A88B-D2D81FA7CEE2}" = TOSHIBA Supervisor Password
"{16FCDD97-AE09-476B-88CD-261D852BD34C}" = Marketsplash Shortcuts
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java™ 6 Update 25
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{2FD5D2C5-A7A1-4065-89BA-90542BF7CCD3}" = TOSHIBA Hardware Setup
"{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3D73DC7A-2D1D-45CF-8A67-24873925C716}" = bpd_scan
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = TOSHIBARegistration
"{5B01BCB7-A5D3-476F-AF11-E515BA206591}" = TOSHIBA Wireless LAN Indicator
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{643F4F69-5A6A-4B52-BD56-5909800B556F}" = 8500A909_Help_BasicWeb
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{654F7484-88C5-46DC-AB32-C66BCB0E2102}" = TOSHIBA Sleep Utility
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}" = TOSHIBA Resolution+ Plug-in for Windows Media Player
"{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-toshiba" = WildTangent Games App (Toshiba Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{871B2A9D-0F12-44B3-88C1-E0CB10A232E4}" = HP Officejet Pro 8500 A910 Help
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = TOSHIBA Application Installer
"{978AFF1A-B939-4177-B85A-C87B1867AC5C}" = 8500A909_BasicWeb
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C5118F7-E26D-4fc0-B7F4-4A067A0808FA}_is1" = iMacros Version 8.0.0.1865
"{9D3D8C60-A55F-4fed-B2B9-173001290E16}" = Realtek WLAN Driver
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A14962A7-2B7D-456E-BFCD-F54E3A88D41F}" = Toshiba Book Place
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7A02E23-805C-4AAC-B408-D59A1D53AEA6}" = BPDSoftware
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{AD0AA962-111E-41D5-A705-0E3D9178A661}" = BPDSoftware_Ini
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}" = TOSHIBA Assist
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Toshiba Online Backup
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C7A4F26F-F9B0-41B2-8659-99181108CDE3}" = TOSHIBA Media Controller
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}" = Bing Bar
"{D7CA2DF8-95CE-4C80-9296-98E21219A1E5}}_is1" = BovadaPoker
"{DA84ECBF-4B79-47F2-B34C-95C38484C058}" = Skype Launcher
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E69992ED-A7F6-406C-9280-1C156417BC49}" = TOSHIBA Quality Application
"{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}" = Toshiba App Place
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FD86D586-D504-4B44-BF7F-D5234117ABE8}" = File Secure Pro Viewer
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"avast" = avast! Free Antivirus
"Bovada Casino" = Bovada Casino
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Google Chrome" = Google Chrome
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NIS" = Norton Internet Security
"NortonPCCheckup" = Toshiba Laptop Checkup
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Soulseek" = SoulSeek Client 156c
"Soulseek2" = SoulSeek 157 NS 13e
"TeamViewer 7" = TeamViewer 7
"Vuze_Remote Toolbar" = Vuze Remote Toolbar
"WildTangent toshiba Master Uninstall" = WildTangent Games
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.11 (32-bit)
"WTA-037585f2-76a6-470d-a23f-2033172dbd87" = Polar Bowler
"WTA-1cadec17-e038-48a6-a0d7-062e1135f084" = FATE - The Traitor Soul
"WTA-3b7c1b93-0361-4646-9573-10dd208c75b1" = Penguins!
"WTA-401333bd-ec00-468c-ae72-f1d7b680e086" = Fishdom ™ 2
"WTA-5aba9c93-7714-42dd-95c8-feea5ebe788d" = Zuma's Revenge
"WTA-6645422e-1f58-40f7-b562-a83fba70c774" = Chuzzle Deluxe
"WTA-a1135f15-9ff5-4b48-994a-b5de9cc592fd" = Virtual Villagers 5 - New Believers
"WTA-e4fceb6b-586e-4532-9c46-0d2918a056ad" = Bejeweled 3
"WTA-e5a1e994-7331-4169-ba5f-1c242f36ae2b" = Tom Clancy's Splinter Cell
"WTA-ef65bb77-1efc-4e2c-90bf-b132321273a9" = Plants vs. Zombies - Game of the Year

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-662330982-3678032730-1561750087-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Spotify" = Spotify

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/2/2012 7:08:03 PM | Computer Name = Tim-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 7/2/2012 7:08:03 PM | Computer Name = Tim-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1201

Error - 7/2/2012 7:08:03 PM | Computer Name = Tim-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1201

Error - 7/2/2012 7:08:05 PM | Computer Name = Tim-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 7/2/2012 7:08:05 PM | Computer Name = Tim-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2340

Error - 7/2/2012 7:08:05 PM | Computer Name = Tim-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2340

Error - 7/2/2012 7:08:06 PM | Computer Name = Tim-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 7/2/2012 7:08:06 PM | Computer Name = Tim-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3494

Error - 7/2/2012 7:08:06 PM | Computer Name = Tim-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3494

Error - 7/3/2012 5:19:50 AM | Computer Name = Tim-PC | Source = CVHSVC | ID = 100
Description = Information only. (Patch task for {90140011-0066-0409-0000-0000000FF1CE}):
DownloadLatest Failed: There are currently no active network connections. Background
Intelligent Transfer Service (BITS) will try again when an adapter is connected.


[ System Events ]
Error - 7/16/2012 7:04:26 PM | Computer Name = Tim-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the AVG
WatchDog service to connect.

Error - 7/16/2012 7:04:26 PM | Computer Name = Tim-PC | Source = Service Control Manager | ID = 7000
Description = The AVG WatchDog service failed to start due to the following error:
%%1053

Error - 7/16/2012 7:04:29 PM | Computer Name = Tim-PC | Source = Service Control Manager | ID = 7003
Description = The IKE and AuthIP IPsec Keying Modules service depends the following
service: BFE. This service might not be installed.

Error - 7/16/2012 7:04:29 PM | Computer Name = Tim-PC | Source = Service Control Manager | ID = 7003
Description = The IPsec Policy Agent service depends the following service: BFE.
This service might not be installed.

Error - 7/16/2012 7:04:36 PM | Computer Name = Tim-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
BHDrvx64 ccSet_NIS PxHelp20 SymIRON

Error - 7/16/2012 7:05:20 PM | Computer Name = Tim-PC | Source = Service Control Manager | ID = 7024
Description = The HomeGroup Listener service terminated with service-specific error
%%-2147023143.

Error - 7/18/2012 11:17:04 AM | Computer Name = Tim-PC | Source = DCOM | ID = 10010
Description =

Error - 7/18/2012 11:17:05 AM | Computer Name = Tim-PC | Source = DCOM | ID = 10010
Description =

Error - 7/22/2012 11:37:52 AM | Computer Name = Tim-PC | Source = Service Control Manager | ID = 7034
Description = The Google Update Service (gupdate) service terminated unexpectedly.
It has done this 1 time(s).

Error - 7/22/2012 11:38:22 AM | Computer Name = Tim-PC | Source = DCOM | ID = 10010
Description =


< End of report >





-------------------------------------------------------------------

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-06 18:58:54
-----------------------------
18:58:54.120 OS Version: Windows x64 6.1.7601 Service Pack 1
18:58:54.121 Number of processors: 2 586 0x2A07
18:58:54.123 ComputerName: TIM-PC UserName: Tim
18:58:55.629 Initialize success
18:58:56.227 AVAST engine defs: 12080601
18:59:12.998 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
18:59:13.004 Disk 0 Vendor: Hitachi_ ES2O Size: 305245MB BusType: 3
18:59:13.017 Disk 0 MBR read successfully
18:59:13.024 Disk 0 MBR scan
18:59:13.032 Disk 0 Windows VISTA default MBR code
18:59:13.040 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
18:59:13.056 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 288988 MB offset 3074048
18:59:13.089 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 14756 MB offset 594921472
18:59:13.136 Disk 0 scanning C:\windows\system32\drivers
18:59:22.959 Service scanning
19:00:00.101 Modules scanning
19:00:00.119 Disk 0 trace - called modules:
19:00:00.139 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
19:00:00.484 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80046b0060]
19:00:00.495 3 CLASSPNP.SYS[fffff8800182c43f] -> nt!IofCallDriver -> [0xfffffa800411e200]
19:00:00.506 5 ACPI.sys[fffff88000f9d7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80041ba050]
19:00:01.264 AVAST engine scan C:\windows
19:00:03.976 AVAST engine scan C:\windows\system32
19:03:11.693 AVAST engine scan C:\windows\system32\drivers
19:03:23.694 AVAST engine scan C:\Users\Tim
19:07:20.632 Disk 0 MBR has been saved successfully to "C:\Users\Tim\Desktop\MBR.dat"
19:07:20.639 The log file has been saved successfully to "C:\Users\Tim\Desktop\aswMBR.txt"
  • 0

#4
Nedklaw

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hi. :)


Step 1

You are running too many antivirus programs. This is not a good idea as this can cause problems such as slowness in computer speed, conflicts and cause more vulnerability to infection.

Keep the paid version of Norton only if the subscription is up-to-date. If it isn't, uninstall it and keep one of the other free antivirus programs.

Uninstall Avast, AVG or Norton via Control Panel > Uninstall a Program.


Step 2

Please uninstall the following programs via Control Panel > Uninstall a Program (if present):
  • SoulSeek Client 156c
  • SoulSeek 157 NS 13e
  • Vuze
  • Vuze Remote Toolbar

I recommend you remove your P2P program, SoulSeek. P2P programs are bad because shared files can contain security risks such as viruses, spyware and other unwanted software. The files distributed on these sites are packed with malware and are distributed all over the internet. You don't know where they have been, someone could have infected the files with malware.


Step 3

If you have the paid version of Malwarebytes 1.6 or later installed, please disable it for the duration of this run.

To disable MBAM

Open the scanner and select the Protection tab.
Remove the tick from Start protection module with Windows.
Reboot and then run OTL.

Posted Image


Run OTL.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    :Commands 
    [CREATERESTOREPOINT] 
    
    :OTL 
    IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
    IE - HKU\S-1-5-21-662330982-3678032730-1561750087-1001\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
    FF - prefs.js..extensions.enabledItems: [email protected]:3.13.2.19401
    FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=2&q="
    FF - prefs.js..network.proxy.socks: "71.36.107.4"
    FF - prefs.js..network.proxy.socks_port: 3129
    FF - prefs.js..network.proxy.type: 1
    [2012/07/15 18:43:01 | 000,000,000 | ---D | M] (Vuze Remote Community Toolbar) -- C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\ex37d9a8.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
    O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKU\S-1-5-21-662330982-3678032730-1561750087-1001\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
    O4 - HKLM..\Run: [] File not found
    [2012/01/11 02:05:43 | 000,001,526 | -HS- | C] () -- C:\Users\Tim\AppData\Local\uyy2qb2nixeuy64x76lad14
    [2012/01/11 02:05:43 | 000,001,526 | -HS- | C] () -- C:\ProgramData\uyy2qb2nixeuy64x76lad14
    [2012/01/09 02:20:06 | 000,001,530 | -HS- | C] () -- C:\Users\Tim\AppData\Local\85gfhs16d178dr1hh0xjm30p6h0q21116cdd7446x2am34
    [2012/01/09 02:20:06 | 000,001,530 | -HS- | C] () -- C:\ProgramData\85gfhs16d178dr1hh0xjm30p6h0q21116cdd7446x2am34
    [2011/12/06 23:32:27 | 000,000,794 | ---- | C] () -- C:\windows\SysWow64\Settings.ini
    [2011/10/13 15:21:24 | 000,072,080 | ---- | C] () -- C:\Users\Tim\g2mdlhlpx.exe
    [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
    
    :Reg
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{AF18BCA4-ADAB-4D8D-AF99-B6317FEF72A0}"=-
    "{E4B968B0-99E8-46C4-911F-AB13F85D0B22}"=-
    
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [resethosts] 
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top.
  • Let the program run unhindered, reboot the PC when it is done.
  • Post the log that appears upon reboot in your next reply.
  • If no log appears upon reboot, the OTL Fix log should be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date and the time of the tool run.
  • Open OTL again and select the "Scan All Users" box.
  • Click the Quick Scan button. Post the log it produces in your next reply.

Step 4

Are you still getting redirects after performing the OTL fix?


Things I want to see in your next reply

  • OTL Fix Log
  • OTL.txt
  • Answer to my question

  • 0

#5
skippyj

skippyj

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{ba14329e-9550-4989-b3f2-9732e92d17cc} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ not found.
File C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll not found.
Registry value HKEY_USERS\S-1-5-21-662330982-3678032730-1561750087-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{ba14329e-9550-4989-b3f2-9732e92d17cc} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ not found.
File C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll not found.
Prefs.js: [email protected]:3.13.2.19401 removed from extensions.enabledItems
Prefs.js: "http://search.condui...rchSource=2&q=" removed from keyword.URL
Prefs.js: "71.36.107.4" removed from network.proxy.socks
Prefs.js: 3129 removed from network.proxy.socks_port
Prefs.js: 1 removed from network.proxy.type
C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\ex37d9a8.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\searchplugin folder moved successfully.
C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\ex37d9a8.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\Plugins folder moved successfully.
C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\ex37d9a8.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\modules folder moved successfully.
C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\ex37d9a8.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\META-INF folder moved successfully.
C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\ex37d9a8.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\defaults folder moved successfully.
C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\ex37d9a8.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components folder moved successfully.
C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\ex37d9a8.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\chrome folder moved successfully.
C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\ex37d9a8.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc} folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ not found.
File C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ba14329e-9550-4989-b3f2-9732e92d17cc} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ not found.
File C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-662330982-3678032730-1561750087-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BA14329E-9550-4989-B3F2-9732E92D17CC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BA14329E-9550-4989-B3F2-9732E92D17CC}\ not found.
File C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
C:\Users\Tim\AppData\Local\uyy2qb2nixeuy64x76lad14 moved successfully.
C:\ProgramData\uyy2qb2nixeuy64x76lad14 moved successfully.
C:\Users\Tim\AppData\Local\85gfhs16d178dr1hh0xjm30p6h0q21116cdd7446x2am34 moved successfully.
C:\ProgramData\85gfhs16d178dr1hh0xjm30p6h0q21116cdd7446x2am34 moved successfully.
C:\Windows\SysWOW64\Settings.ini moved successfully.
C:\Users\Tim\g2mdlhlpx.exe moved successfully.
C:\windows\msdownld.tmp folder deleted successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AF18BCA4-ADAB-4D8D-AF99-B6317FEF72A0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF18BCA4-ADAB-4D8D-AF99-B6317FEF72A0}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E4B968B0-99E8-46C4-911F-AB13F85D0B22} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E4B968B0-99E8-46C4-911F-AB13F85D0B22}\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Tim\Downloads\cmd.bat deleted successfully.
C:\Users\Tim\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Amazon account
->Temp folder emptied: 33529 bytes
->Temporary Internet Files folder emptied: 9109687 bytes
->FireFox cache emptied: 48552862 bytes
->Flash cache emptied: 56986 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes
->Flash cache emptied: 56466 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Tim
->Temp folder emptied: 1754130054 bytes
->Temporary Internet Files folder emptied: 1151930817 bytes
->Java cache emptied: 2752533 bytes
->FireFox cache emptied: 64211175 bytes
->Google Chrome cache emptied: 11245132 bytes
->Flash cache emptied: 57076 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 219830975 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 120112182 bytes

Total Files Cleaned = 3,225.00 mb


OTL by OldTimer - Version 3.2.56.0 log created on 08082012_233347

Files\Folders moved on Reboot...
File\Folder C:\Users\Tim\AppData\Local\Temp\CVHLauncher(20120808003900178C).log not found!
C:\Users\Tim\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Tim\AppData\Local\Temp\~DF29E988BBE5DA2474.TMP not found!
File\Folder C:\Users\Tim\AppData\Local\Temp\~DF2AC5ACE71BD88870.TMP not found!
File\Folder C:\Users\Tim\AppData\Local\Temp\~DF620C0812E1E42173.TMP not found!
File\Folder C:\Users\Tim\AppData\Local\Temp\~DF93366FB2442B68C5.TMP not found!
File\Folder C:\Users\Tim\AppData\Local\Temp\~DF9468C6BCD2A6CD74.TMP not found!
File\Folder C:\Users\Tim\AppData\Local\Temp\~DF9F0BDED8054656F8.TMP not found!
File\Folder C:\Users\Tim\AppData\Local\Temp\~DFBBB0293012A03F77.TMP not found!
File\Folder C:\Users\Tim\AppData\Local\Temp\~DFCDD9320D6CC7B679.TMP not found!
File\Folder C:\Users\Tim\AppData\Local\Temp\~DFDD09BE9851A5EACE.TMP not found!
File\Folder C:\Users\Tim\AppData\Local\Temp\~DFDDB393C8BB9633C4.TMP not found!
File\Folder C:\Users\Tim\AppData\Local\Temp\~DFFB8C7982C5D91BF9.TMP not found!
File\Folder C:\Users\Tim\AppData\Local\Temp\~DFFDB1B5CFE3891877.TMP not found!
C:\Users\Tim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZNT3SRRH\nashville_craigslist_org[1].htm moved successfully.
C:\Users\Tim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L5RIOYF5\ads[1].htm moved successfully.
C:\Users\Tim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L5RIOYF5\image-ads[1].htm moved successfully.
File\Folder C:\Users\Tim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L5RIOYF5\like[1].htm not found!
File\Folder C:\Users\Tim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5FYYZEV1\fastbutton[1].htm not found!

PendingFileRenameOperations files...
File C:\Users\Tim\AppData\Local\Temp\CVHLauncher(20120808003900178C).log not found!
File C:\Users\Tim\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
File C:\Users\Tim\AppData\Local\Temp\~DF29E988BBE5DA2474.TMP not found!
File C:\Users\Tim\AppData\Local\Temp\~DF2AC5ACE71BD88870.TMP not found!
File C:\Users\Tim\AppData\Local\Temp\~DF620C0812E1E42173.TMP not found!
File C:\Users\Tim\AppData\Local\Temp\~DF93366FB2442B68C5.TMP not found!
File C:\Users\Tim\AppData\Local\Temp\~DF9468C6BCD2A6CD74.TMP not found!
File C:\Users\Tim\AppData\Local\Temp\~DF9F0BDED8054656F8.TMP not found!
File C:\Users\Tim\AppData\Local\Temp\~DFBBB0293012A03F77.TMP not found!
File C:\Users\Tim\AppData\Local\Temp\~DFCDD9320D6CC7B679.TMP not found!
File C:\Users\Tim\AppData\Local\Temp\~DFDD09BE9851A5EACE.TMP not found!
File C:\Users\Tim\AppData\Local\Temp\~DFDDB393C8BB9633C4.TMP not found!
File C:\Users\Tim\AppData\Local\Temp\~DFFB8C7982C5D91BF9.TMP not found!
File C:\Users\Tim\AppData\Local\Temp\~DFFDB1B5CFE3891877.TMP not found!
File C:\Users\Tim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZNT3SRRH\nashville_craigslist_org[1].htm not found!
File C:\Users\Tim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L5RIOYF5\ads[1].htm not found!
File C:\Users\Tim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L5RIOYF5\image-ads[1].htm not found!
File C:\Users\Tim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L5RIOYF5\like[1].htm not found!
File C:\Users\Tim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5FYYZEV1\fastbutton[1].htm not found!

Registry entries deleted on Reboot...
------------------------------------------------------
OTL logfile created on: 8/9/2012 12:03:34 AM - Run 2
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Tim\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.91 Gb Total Physical Memory | 2.07 Gb Available Physical Memory | 52.87% Memory free
7.83 Gb Paging File | 5.73 Gb Available in Paging File | 73.16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 282.21 Gb Total Space | 196.67 Gb Free Space | 69.69% Space Free | Partition Type: NTFS

Computer Name: TIM-PC | User Name: Tim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/08 22:09:25 | 000,123,320 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe
PRC - [2012/08/06 17:40:33 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Tim\Downloads\OTL.exe
PRC - [2012/08/06 11:07:38 | 001,193,176 | ---- | M] () -- C:\Users\Tim\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2012/08/06 01:36:50 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/08/03 19:28:52 | 001,536,712 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe
PRC - [2012/07/16 09:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012/07/05 18:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/04/04 00:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/02/10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE
PRC - [2012/02/10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE
PRC - [2012/01/24 18:24:26 | 002,416,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2011/11/29 21:17:50 | 000,138,248 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ccsvchst.exe
PRC - [2011/11/11 19:18:24 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/08/02 07:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/07/19 10:59:30 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
PRC - [2011/06/17 12:33:04 | 000,272,528 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe
PRC - [2010/12/20 20:24:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/12/20 20:24:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe


========== Modules (No Company Name) ==========

MOD - [2012/08/06 11:07:38 | 001,193,176 | ---- | M] () -- C:\Users\Tim\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
MOD - [2012/08/06 01:36:48 | 002,003,424 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/08/03 19:28:52 | 009,465,032 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll
MOD - [2012/04/01 14:30:21 | 012,433,408 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll
MOD - [2012/04/01 14:30:14 | 001,587,200 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll
MOD - [2012/04/01 14:29:54 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
MOD - [2012/04/01 14:29:36 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll
MOD - [2012/04/01 14:29:35 | 007,967,232 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
MOD - [2011/12/08 08:06:16 | 000,025,600 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\31fce331fded94dd06627603f6fe4562\Accessibility.ni.dll
MOD - [2011/12/08 08:06:13 | 011,490,304 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/07/01 13:46:14 | 000,828,856 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2011/06/09 23:10:00 | 000,138,152 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2011/05/24 11:58:12 | 000,294,848 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2011/05/17 16:34:18 | 000,574,896 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2010/10/20 16:41:00 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/09/09 19:26:34 | 000,162,824 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\GFNEXSrv.exe -- (GFNEXSrv)
SRV - [2012/08/08 22:09:25 | 000,123,320 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
SRV - [2012/08/06 01:36:49 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/08/03 19:28:52 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/16 09:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/07/05 18:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/04/04 00:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/02/10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012/02/10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE -- (BBSvc)
SRV - [2011/11/29 21:17:50 | 000,138,248 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe -- (NIS)
SRV - [2011/10/12 07:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/08/02 07:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/07/19 10:59:30 | 000,126,392 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe -- (PCCUJobMgr)
SRV - [2011/07/11 19:16:06 | 000,057,216 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2011/06/17 12:33:04 | 000,237,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe -- (McComponentHostService)
SRV - [2010/12/20 20:24:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/12/20 20:24:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/05/28 04:14:56 | 001,044,840 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/07 00:50:01 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012/03/06 18:02:45 | 000,028,504 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\SysNative\drivers\aswKbd.sys -- (aswKbd)
DRV:64bit: - [2011/11/23 21:23:47 | 001,092,728 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1305000.091\symefa64.sys -- (SymEFA)
DRV:64bit: - [2011/11/23 20:50:27 | 000,738,936 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1305000.091\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2011/11/23 20:50:27 | 000,037,496 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1305000.091\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2011/11/16 22:37:59 | 000,405,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1305000.091\symnets.sys -- (SymNetS)
DRV:64bit: - [2011/11/16 22:17:49 | 000,190,072 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1305000.091\ironx64.sys -- (SymIRON)
DRV:64bit: - [2011/11/04 18:59:30 | 000,167,048 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1305000.091\ccsetx64.sys -- (ccSet_NIS)
DRV:64bit: - [2011/10/01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/08/02 18:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/05/16 15:03:26 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1305000.091\symds64.sys -- (SymDS)
DRV:64bit: - [2011/04/04 22:10:14 | 012,262,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/08 21:07:00 | 000,038,096 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2011/02/03 21:59:06 | 001,413,680 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/01/13 21:58:30 | 000,413,800 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/01/12 19:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/02 18:48:38 | 001,103,464 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)
DRV:64bit: - [2010/10/29 18:11:42 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/10/19 18:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/15 03:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2009/07/30 22:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 17:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/24 17:36:48 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2009/06/19 21:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2012/01/07 04:24:09 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20120106.032\ex64.sys -- (NAVEX15)
DRV - [2012/01/07 04:24:09 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20120106.032\eng64.sys -- (NAVENG)
DRV - [2011/11/30 22:09:18 | 000,482,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2011/11/30 21:25:03 | 001,157,240 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20111223.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2011/11/30 17:07:46 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20120106.002\IDSviA64.sys -- (IDSVia64)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2006/11/02 17:57:04 | 000,036,624 | ---- | M] (Sonic Solutions) [Kernel | Boot | Stopped] -- C:\Windows\SysWOW64\drivers\pxhelp20.sys -- (PxHelp20)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...g4z105t4422x24p
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}: "URL" = http://www.google.co...ng}&rlz=1I7TSNO
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}: "URL" = http://www.google.co...ng}&rlz=1I7TSNO
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-662330982-3678032730-1561750087-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/?cid=C001B2Y
IE - HKU\S-1-5-21-662330982-3678032730-1561750087-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-662330982-3678032730-1561750087-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-662330982-3678032730-1561750087-1001\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-662330982-3678032730-1561750087-1001\..\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}: "URL" = http://www.google.co...ng}&rlz=1I7TSNO
IE - HKU\S-1-5-21-662330982-3678032730-1561750087-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-662330982-3678032730-1561750087-1001\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7ACAW
IE - HKU\S-1-5-21-662330982-3678032730-1561750087-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7TSNO_enUS460
IE - HKU\S-1-5-21-662330982-3678032730-1561750087-1001\..\SearchScopes\{F3DDE8CC-32EF-41BE-A0B0-E102069D7073}: "URL" = http://www.google.co...ng}&rlz=1I7TSNO
IE - HKU\S-1-5-21-662330982-3678032730-1561750087-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-662330982-3678032730-1561750087-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Wikipedia (en)"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\IPSFFPlgn\ [2012/03/28 15:12:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\coFFPlgn\ [2012/03/28 15:12:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/02/01 12:21:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/08/06 01:36:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/12/01 22:01:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tim\AppData\Roaming\Mozilla\Extensions
[2012/08/08 23:34:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\ex37d9a8.default\extensions
[2011/11/30 22:35:06 | 000,000,000 | ---D | M] (Pixlr Grabber) -- C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\ex37d9a8.default\extensions\{d47a9f51-8281-43fa-f450-f28ef8735e9a}
[2012/06/29 10:52:10 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\ex37d9a8.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2012/06/25 17:57:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/07/17 11:31:19 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/04/04 00:26:47 | 000,399,561 | ---- | M] () (No name found) -- C:\USERS\TIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EX37D9A8.DEFAULT\EXTENSIONS\{53A03D43-5363-4669-8190-99061B2DEBA5}.XPI
[2012/08/06 01:36:50 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/08/06 01:36:45 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/08/06 01:36:45 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://start.toshiba.com/?cid=C001B2Y
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://start.toshiba.com/?cid=C001B2Y
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.60\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.250.6 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U25 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.60\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.60\pdf.dll
CHR - plugin: Norton Confidential (Enabled) = C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.2.1.6_0\npcoplgn.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: YouTube = C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: AVG Safe Search = C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: No name found = C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\
CHR - Extension: AVG Safe Search = C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\
CHR - Extension: Skype Click to Call = C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.1.0.10441_0\
CHR - Extension: Gmail = C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/08/08 23:34:11 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKU\S-1-5-21-662330982-3678032730-1561750087-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-662330982-3678032730-1561750087-1001\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe (Toshiba)
O4 - HKLM..\Run: [ToshibaAppPlace] C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe (Toshiba)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TSleepSrv] C:\Program Files (x86)\Toshiba\TOSHIBA Sleep Utility\TSleepSrv.exe (TOSHIBA)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-662330982-3678032730-1561750087-1001..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKU\S-1-5-21-662330982-3678032730-1561750087-1001..\Run: [Spotify] C:\Users\Tim\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKU\S-1-5-21-662330982-3678032730-1561750087-1001..\Run: [Spotify Web Helper] C:\Users\Tim\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: iMacros V8 - {602AB448-D389-4a54-B6A6-CE57AA0CCFC4} - C:\Program Files (x86)\iOpus\iMacros\iMacrosSidebar.dll ()
O9 - Extra 'Tools' menuitem : iMacros V8 - {602AB448-D389-4a54-B6A6-CE57AA0CCFC4} - Reg Error: Value error. File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{162D375F-33C8-4AE2-B142-D5EA7ADFB5E3}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DB69A453-338B-4EE9-88FD-5FF45E6053E2}: DhcpNameServer = 10.1.10.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/08 23:33:47 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/08/08 22:39:27 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{45C0406A-1CFF-43DB-84C7-D0472A3EB319}
[2012/08/08 22:39:05 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{AC616D60-791B-4C84-83F2-66C1957E1FE1}
[2012/08/08 10:38:51 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{B6BE8195-7106-4A9F-9516-018AA10A1170}
[2012/08/08 10:38:28 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{B95F9DF4-CD09-43C8-9BCE-0F092ECDF236}
[2012/08/07 22:38:02 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{5D518989-BEBF-428F-8559-B5F2A1DF1F26}
[2012/08/07 22:36:57 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{5C1A9B68-6237-49A6-87F8-D927F4690026}
[2012/08/07 19:44:25 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\AVG2012
[2012/08/07 10:36:30 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{AF34F5D6-C220-461F-8329-E9D47F67B827}
[2012/08/07 10:36:07 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{9BAEC31D-5BD8-48FA-8743-13047E3FE70D}
[2012/08/06 22:35:52 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{318339A3-9783-408A-A206-B3B41F4E176C}
[2012/08/06 22:35:19 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{6E00D611-8C33-4F26-813B-E90A31F2D005}
[2012/08/06 10:34:51 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{AD48D42C-6F83-40E2-87CF-F54F6FC024A2}
[2012/08/06 10:34:37 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{772FFD79-86D5-4DB1-9A2B-A3768732176B}
[2012/08/06 01:37:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/08/06 01:37:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/08/05 22:34:23 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{5FA577AC-D9A1-46F7-8A5D-812E6CDF9E21}
[2012/08/05 22:33:59 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{CC3FFFAA-FA2A-4947-93B4-D5A6F510663F}
[2012/08/05 11:00:00 | 000,000,000 | ---D | C] -- C:\Users\Tim\temp
[2012/08/05 10:59:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer
[2012/08/05 10:33:30 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{548E9B8C-D36D-44B3-B685-C618742DDB11}
[2012/08/05 10:33:01 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{CCA993FF-38C5-4575-9BEE-4842ADAAE96A}
[2012/08/04 19:27:19 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{80E780B0-6713-4CB9-A089-64730BA5188C}
[2012/08/04 19:26:56 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{92632240-3189-49AD-82DE-7DCA1B9F50F6}
[2012/08/04 07:27:04 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{F773F962-D9AB-461E-BDB7-D87EA0B74481}
[2012/08/03 14:53:13 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{E078393D-F85D-4EC4-93F0-FF277F45EECA}
[2012/08/03 02:49:40 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{D00E8AA1-C379-46F9-B89B-CEB64786941E}
[2012/08/02 10:49:12 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{CC82F696-049A-4862-97B0-A3A8F91DC84E}
[2012/08/02 10:48:50 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{547161FE-01BA-4487-83DB-6348D2D1A10B}
[2012/08/01 22:48:36 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{4583F71E-D786-4E8E-B11D-3EEFD8A06910}
[2012/08/01 22:48:13 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{88A3CC5D-C6FA-442C-8B7B-4C42782C76B6}
[2012/08/01 10:47:54 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{E5A0260B-B8F2-4B3C-8170-4509916F6C24}
[2012/08/01 10:47:30 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{03F0ABBB-D6B4-4D28-8DF7-36240CC066AD}
[2012/07/31 15:31:45 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{9C8DE80E-7C2D-4F77-94F8-F15F444871B9}
[2012/07/31 15:31:19 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{DFD07447-7287-4953-A1C7-9F3D1D208788}
[2012/07/31 03:28:29 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{311AD7F0-7624-46B4-B29C-A63E62AE961B}
[2012/07/30 12:08:58 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{107BD635-FF58-4434-BC74-F0A9868EFBE6}
[2012/07/30 12:08:36 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{29A196C3-2B2A-48AA-882F-E07D1525FC4E}
[2012/07/30 00:07:50 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{6078E827-2539-4581-A2A4-458FE6ABD910}
[2012/07/30 00:07:32 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{49640341-5D20-4829-B441-6CE8779854B2}
[2012/07/28 07:50:57 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{AB1AEDCB-16F4-46AF-A990-607C552D5DB7}
[2012/07/28 07:50:35 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{2EB202C9-F656-4527-8029-B79E32927032}
[2012/07/27 14:27:32 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{0E27335C-BFEF-4A03-9841-330AF52D8E32}
[2012/07/27 14:27:09 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{8F351E56-41BC-4EA5-A412-5570073D8E80}
[2012/07/26 22:58:11 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{0C69D84F-FAC3-4C4B-AF31-FCC6B0F86101}
[2012/07/26 22:57:49 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{5E6EE0D8-5DDC-48E9-9E9D-817C86A2C0E8}
[2012/07/26 09:44:29 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{D8D39E48-9889-47B0-B3CE-83A1D87B5940}
[2012/07/26 09:44:05 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{8F3A0A53-F1C5-4E24-82F0-58ABB5EECEAF}
[2012/07/25 21:43:37 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{81749C3E-BC8B-41A7-8AE2-D1E8AFDFC88D}
[2012/07/25 21:43:14 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{D3D6CD3B-0969-48FC-8DA1-CC21C42427DC}
[2012/07/25 13:44:52 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\Diagnostics
[2012/07/25 09:35:19 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{DBA7BB3B-DE3A-4F6D-AE9E-55141C2910D5}
[2012/07/25 09:34:56 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{A2299B7D-7D24-4698-B041-2553B3A3AC32}
[2012/07/24 21:34:30 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{542C17EA-1C78-490A-AA45-58D2257A2841}
[2012/07/24 21:34:11 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{C7BDBC4F-AFD0-4BBD-AA9D-42E3546FFF3A}
[2012/07/24 05:53:09 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{3FEE3188-D94E-4573-BF8F-C7866F1D797A}
[2012/07/23 16:08:50 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{944418F0-2B7A-4C65-8D6C-0348A0402BF4}
[2012/07/23 16:08:28 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{2B2B04BD-0C0C-4A3D-9682-D13D3B252E01}
[2012/07/23 03:53:44 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{7B85B8D0-A731-4184-B661-C406895E0930}
[2012/07/22 10:37:54 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{B918D522-8E25-421D-A367-CC1F8B0BB22E}
[2012/07/20 16:06:48 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{D4084B8E-A7B9-4F08-B147-6127F0DAD869}
[2012/07/20 16:06:26 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{898BB33A-9859-4424-84CB-D661F048F13A}
[2012/07/20 02:53:06 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{B6287EE4-166C-44A7-BAED-3857460227BA}
[2012/07/19 20:12:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Soulseek NS
[2012/07/19 10:50:02 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{210F8A56-40A3-451A-AA6A-ED63D87026A6}
[2012/07/19 10:49:34 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{D7AC55E3-A000-4975-8495-9DEB31287EBA}
[2012/07/18 16:32:26 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{5754ACA0-BFD5-4FE0-822B-B441536A594E}
[2012/07/18 16:32:03 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{F586015A-7D2F-438B-9F77-6B2414B7F52D}
[2012/07/18 04:32:09 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{1DCB1D86-D3AA-4138-8996-230F76734DFB}
[2012/07/17 11:30:46 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{E3729DBE-761E-4094-B1C6-F715A27FDC85}
[2012/07/17 11:30:26 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{B6647090-5572-4C19-8BC6-36A2DA96264E}
[2012/07/16 18:01:30 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{8850B9A0-5B5F-48A6-9B91-CFEFD9E0C863}
[2012/07/16 18:01:07 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{93511005-3EFE-4A64-B762-99EDF7081116}
[2012/07/16 06:57:45 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{74AF08F8-B53E-4E3A-8396-375DFE3D8358}
[2012/07/16 00:38:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2012/07/15 14:04:35 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{CD9A908C-56BB-4778-8C2A-2B0087C17444}
[2012/07/15 14:04:13 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{1BA4D831-9594-4E75-83AE-3FA1C9EADDFE}
[2012/07/15 02:02:13 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{29C6D9A7-FF26-41F0-BCB1-7915B27A573D}
[2012/07/14 10:06:16 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{60394F2E-F682-46EC-B8FB-25C3BD260023}
[2012/07/14 10:05:38 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{CDB8254B-5387-4413-8447-0528C002796F}
[2012/07/13 21:53:25 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{6279921F-B21E-41F7-AB86-5ACAF5C0D94B}
[2012/07/13 21:53:02 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{A3074539-502D-40F9-9549-2554412E8C15}
[2012/07/13 09:50:22 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{479DDDBA-71CE-4249-8FF7-59ACA9F5DB76}
[2012/07/13 01:03:28 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{A54D8CAC-DC96-449E-B147-96A4DD7B4A99}
[2012/07/13 01:02:42 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{DBF32FF5-0E8E-4C9B-A486-10F7242C46CC}
[2012/07/12 10:44:13 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{01947419-9D65-4A13-A6C3-6FE329A846C7}
[2012/07/12 10:43:36 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{B6439CEC-7290-48EE-827B-2D0448AEE115}
[2012/07/11 22:43:20 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{608129FF-6775-471A-932B-F6B7F378578D}
[2012/07/11 22:42:56 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{CD6CE277-3B5E-494F-A182-31E08B3E9888}
[2012/07/11 09:47:06 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{21CD0473-E334-4A7A-9452-90AFC3C1F837}
[2012/07/11 09:46:43 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{22510CFE-D157-44FD-8A80-C2514DE4D6A4}
[2012/07/10 21:46:28 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{562DDFCE-EE74-462B-B888-37855D4D4CDC}
[2012/07/10 21:45:52 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{E6934E59-C79C-4394-9750-D07E17B1FE20}
[2012/07/10 09:45:17 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{D516C6F4-6277-4DD5-B65C-93028A463965}
[2012/07/10 04:02:22 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{88BBB4DD-AA94-4FBC-B590-4947A04CE36B}

========== Files - Modified Within 30 Days ==========

[2012/08/09 00:06:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/08/08 23:57:12 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/08 23:57:12 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/08 23:54:21 | 000,731,186 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/08/08 23:54:21 | 000,627,526 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/08/08 23:54:21 | 000,107,552 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/08/08 23:49:50 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/08 23:49:38 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/08/08 23:49:31 | 3151,998,976 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/08 23:34:11 | 000,000,098 | ---- | M] () -- C:\windows\SysNative\drivers\etc\Hosts
[2012/08/08 23:29:00 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/07 17:21:48 | 103,171,621 | ---- | M] () -- C:\windows\SysNative\drivers\AVG\incavi.avm
[2012/08/06 19:07:20 | 000,000,512 | ---- | M] () -- C:\Users\Tim\Desktop\MBR.dat
[2012/08/05 10:59:55 | 000,001,173 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 7.lnk
[2012/07/16 18:02:05 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\config.nt
[2012/07/16 17:53:04 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/16 00:38:34 | 000,002,105 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2012/07/16 00:38:34 | 000,002,105 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

========== Files Created - No Company Name ==========

[2012/08/06 19:07:20 | 000,000,512 | ---- | C] () -- C:\Users\Tim\Desktop\MBR.dat
[2012/08/05 10:59:55 | 000,001,185 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 7.lnk
[2012/08/05 10:59:55 | 000,001,173 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 7.lnk
[2012/06/26 17:26:07 | 000,009,356 | ---- | C] () -- C:\Users\Tim\statement5.pdf
[2012/06/26 17:24:25 | 000,009,487 | ---- | C] () -- C:\Users\Tim\statement2.pdf
[2012/06/13 00:01:52 | 000,000,017 | ---- | C] () -- C:\windows\SysWow64\shortcut_ex.dat
[2011/12/23 14:49:38 | 000,193,049 | ---- | C] () -- C:\windows\hpwins22.dat
[2011/12/23 14:49:38 | 000,002,850 | ---- | C] () -- C:\windows\hpwmdl22.dat
[2011/12/06 12:34:38 | 000,747,538 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/12/02 01:11:57 | 000,003,654 | ---- | C] () -- C:\windows\SysWow64\drivers\Sonyhcp.dll
[2011/09/28 13:58:34 | 000,451,072 | ---- | C] () -- C:\windows\SysWow64\ISSRemoveSP.exe
[2011/09/28 13:53:17 | 000,128,312 | ---- | C] () -- C:\windows\SysWow64\GFNEX.dll
[2011/04/04 22:07:00 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin
[2011/04/04 22:06:58 | 000,963,116 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin
[2011/04/04 22:06:58 | 000,216,876 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin
[2011/02/03 21:56:58 | 000,066,856 | ---- | C] () -- C:\windows\SysWow64\SynTPEnhPS.dll
[2011/01/28 13:54:06 | 000,048,640 | ---- | C] () -- C:\windows\fsViewer_acm.exe
[2011/01/28 13:53:52 | 000,051,200 | ---- | C] () -- C:\windows\fsViewer_h.dll
[2010/06/30 13:40:05 | 000,503,508 | ---- | C] () -- C:\Users\Tim\Grand 3+R+R Rasin(7#).jpg
[2010/06/30 13:40:05 | 000,173,335 | ---- | C] () -- C:\Users\Tim\Denning 3+R+R RAISN(#7).jpg

========== LOP Check ==========

[2011/12/26 16:40:24 | 000,000,000 | ---D | M] -- C:\Users\Amazon account\AppData\Roaming\Toshiba
[2012/08/07 19:44:25 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\AVG2012
[2012/03/28 15:12:33 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Azureus
[2012/06/28 14:01:45 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\PCCUStubInstaller
[2012/07/14 14:32:13 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\QuickScan
[2012/08/08 23:48:33 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\SoftGrid Client
[2012/08/08 23:51:09 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Spotify
[2011/11/30 22:02:09 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Tific
[2012/01/26 01:47:15 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Toshiba
[2011/12/06 12:35:53 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\TP
[2011/11/30 21:45:41 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\WinBatch
[2011/12/01 16:46:01 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Windows Live Writer
[2009/07/14 00:08:49 | 000,012,898 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2010/07/08 01:15:59 | 001,547,748 | ---- | M] ()(C:\Users\Tim\Documents\??1.jpg) -- C:\Users\Tim\Documents\图片1.jpg
[2010/07/08 01:14:44 | 001,547,748 | ---- | C] ()(C:\Users\Tim\Documents\??1.jpg) -- C:\Users\Tim\Documents\图片1.jpg
[2010/07/01 11:17:17 | 000,112,212 | ---- | M] ()(C:\Users\Tim\Documents\88???.jpg) -- C:\Users\Tim\Documents\88型三人.jpg
[2010/07/01 11:17:09 | 000,112,212 | ---- | C] ()(C:\Users\Tim\Documents\88???.jpg) -- C:\Users\Tim\Documents\88型三人.jpg
[2010/07/01 11:02:05 | 000,626,122 | ---- | M] ()(C:\Users\Tim\Documents\3R,??,???,w.jpg) -- C:\Users\Tim\Documents\3R,浅棕,带茶几,w.jpg
[2010/07/01 11:01:32 | 000,626,122 | ---- | C] ()(C:\Users\Tim\Documents\3R,??,???,w.jpg) -- C:\Users\Tim\Documents\3R,浅棕,带茶几,w.jpg
[2010/06/30 13:43:01 | 001,599,607 | ---- | M] ()(C:\Users\Tim\??3.jpg) -- C:\Users\Tim\图片3.jpg
[2010/06/30 13:43:01 | 001,483,342 | ---- | M] ()(C:\Users\Tim\??2.jpg) -- C:\Users\Tim\图片2.jpg
[2010/06/30 13:42:59 | 001,547,748 | ---- | M] ()(C:\Users\Tim\??1.jpg) -- C:\Users\Tim\图片1.jpg
[2010/06/30 13:42:58 | 001,447,531 | ---- | M] ()(C:\Users\Tim\??4.jpg) -- C:\Users\Tim\图片4.jpg
[2010/06/30 13:40:05 | 001,599,607 | ---- | C] ()(C:\Users\Tim\??3.jpg) -- C:\Users\Tim\图片3.jpg
[2010/06/30 13:40:05 | 001,547,748 | ---- | C] ()(C:\Users\Tim\??1.jpg) -- C:\Users\Tim\图片1.jpg
[2010/06/30 13:40:05 | 001,483,342 | ---- | C] ()(C:\Users\Tim\??2.jpg) -- C:\Users\Tim\图片2.jpg
[2010/06/30 13:40:05 | 001,447,531 | ---- | C] ()(C:\Users\Tim\??4.jpg) -- C:\Users\Tim\图片4.jpg
[2010/06/29 19:29:55 | 000,235,950 | ---- | M] ()(C:\Users\Tim\Documents\CX-943(3??).jpg) -- C:\Users\Tim\Documents\CX-943(3人位).jpg
[2010/06/29 19:29:46 | 000,219,237 | ---- | M] ()(C:\Users\Tim\Documents\CX-943(2??).jpg) -- C:\Users\Tim\Documents\CX-943(2人位).jpg
[2010/06/29 19:29:45 | 000,213,210 | ---- | M] ()(C:\Users\Tim\Documents\CX-943(1??).jpg) -- C:\Users\Tim\Documents\CX-943(1人位).jpg
[2010/06/29 19:26:59 | 000,219,237 | ---- | C] ()(C:\Users\Tim\Documents\CX-943(2??).jpg) -- C:\Users\Tim\Documents\CX-943(2人位).jpg
[2010/06/29 19:26:58 | 000,213,210 | ---- | C] ()(C:\Users\Tim\Documents\CX-943(1??).jpg) -- C:\Users\Tim\Documents\CX-943(1人位).jpg
[2010/06/29 19:26:54 | 000,235,950 | ---- | C] ()(C:\Users\Tim\Documents\CX-943(3??).jpg) -- C:\Users\Tim\Documents\CX-943(3人位).jpg
[2010/06/28 21:55:05 | 000,072,872 | ---- | M] ()(C:\Users\Tim\Documents\??.jpg) -- C:\Users\Tim\Documents\尺寸.jpg
[2010/06/28 21:54:58 | 000,072,872 | ---- | C] ()(C:\Users\Tim\Documents\??.jpg) -- C:\Users\Tim\Documents\尺寸.jpg
[2010/05/24 23:10:30 | 000,103,294 | ---- | M] ()(C:\Users\Tim\Documents\????.png) -- C:\Users\Tim\Documents\床垫图片.png
[2010/05/24 23:10:22 | 000,103,294 | ---- | C] ()(C:\Users\Tim\Documents\????.png) -- C:\Users\Tim\Documents\床垫图片.png
[2010/05/19 21:50:53 | 000,024,576 | ---- | M] ()(C:\Users\Tim\Documents\??.pdf.tpl) -- C:\Users\Tim\Documents\床架.pdf.tpl
[2010/05/19 21:49:26 | 000,024,576 | ---- | C] ()(C:\Users\Tim\Documents\??.pdf.tpl) -- C:\Users\Tim\Documents\床架.pdf.tpl
[2010/05/19 20:36:00 | 000,022,287 | ---- | M] ()(C:\Users\Tim\Documents\???8976?.jpg) -- C:\Users\Tim\Documents\未命名8976捎.jpg
[2010/05/19 20:35:55 | 000,022,287 | ---- | C] ()(C:\Users\Tim\Documents\???8976?.jpg) -- C:\Users\Tim\Documents\未命名8976捎.jpg
[2010/05/13 22:32:42 | 000,153,600 | ---- | M] ()(C:\Users\Tim\Documents\?? Microsoft Word ?? (4).doc) -- C:\Users\Tim\Documents\新建 Microsoft Word 文档 (4).doc
[2010/05/13 22:32:36 | 000,153,600 | ---- | C] ()(C:\Users\Tim\Documents\?? Microsoft Word ?? (4).doc) -- C:\Users\Tim\Documents\新建 Microsoft Word 文档 (4).doc
[2010/05/13 11:47:34 | 000,058,483 | ---- | M] ()(C:\Users\Tim\Documents\?? 177_nEO_IMG.jpg) -- C:\Users\Tim\Documents\照片 177_nEO_IMG.jpg
[2010/05/13 11:47:22 | 000,058,483 | ---- | C] ()(C:\Users\Tim\Documents\?? 177_nEO_IMG.jpg) -- C:\Users\Tim\Documents\照片 177_nEO_IMG.jpg

< End of report >
-----------------------------------------------------------
Pop ups and redirects are gone!
  • 0

#6
Nedklaw

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hi. :)


Step 1

You still have remnants of AVG and Avast on your system which need to be removed.

Please download and run the following tools in Safe Mode (keep pressing F8 as the computer boots up):

AVG Removal Tool
Avast Removal Tool



Step 2

If you have the paid version of Malwarebytes 1.6 or later installed, please disable it for the duration of this run.

To disable MBAM

Open the scanner and select the Protection tab.
Remove the tick from Start protection module with Windows.
Reboot and then run OTL.

Posted Image


Run OTL.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    :Commands 
    [CREATERESTOREPOINT] 
    
    :OTL 
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4:64bit: - HKLM..\Run: [] File not found
    [2012/03/28 15:12:33 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Azureus
    
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top.
  • Let the program run unhindered, reboot the PC when it is done.
  • Post the log that appears upon reboot in your next reply.
  • If no log appears upon reboot, the OTL Fix log should be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date and the time of the tool run.
  • Open OTL again and select the "Scan All Users" box.
  • Click the Quick Scan button. Post the log it produces in your next reply.

Things I want to see in your next reply

  • OTL Fix Log
  • OTL.txt

  • 0

#7
Nedklaw

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP