Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Word file duplication with spaces and .exe extension [Solved]


  • This topic is locked This topic is locked

#1
Home Bass

Home Bass

    Member

  • Member
  • PipPip
  • 45 posts
Greetings. Thanks for being here!
My wife complained that her computer was duplicating Word files. The duplicate file would have the same name as the original, including the extension, but careful examination revealed that there were actually a series of spaces after the .doc or .docx extension followed by the real (malicious) extension, which was an .exe. The .exe would be so far over after the spaces that it was easily missed so it appeared that the file was a simple Word file and not an .exe at all.
I ran AVG, Malwarebytes, SuperAntispyware, SpywareBlaster and SpywareGuard and dispensed with many problems and thought I'd resolved the issue but this morning my wife said there was another duplicate file. Unfortunately she deleted it so I could not have a look at it.
My wife is a teacher and indicates that there was a virus that was causing this on the network at her school. She believes she brought it home on a USB key. The school has been unable to eradicate it because of the sheer number of computers on the network in which it seems to be able to hide but with just the one computer at home there shouldn't be any difficulty in getting rid of it.
Thanks,
Carl

OTL logfile created on: 2/27/2014 8:31:06 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\tmauch\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.96 Gb Total Physical Memory | 1.50 Gb Available Physical Memory | 37.82% Memory free
11.69 Gb Paging File | 8.72 Gb Available in Paging File | 74.59% Paging File free
Paging file location(s): c:\pagefile.sys 8000 10000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 349.79 Gb Total Space | 141.47 Gb Free Space | 40.45% Space Free | Partition Type: NTFS
Drive E: | 9.95 Gb Total Space | 9.86 Gb Free Space | 99.09% Space Free | Partition Type: NTFS

Computer Name: TMAUCH-PC | User Name: tmauch | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\tmauch\Desktop\OTL.exe (OldTimer Tools)


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (NitroReaderDriverReadSpool) -- C:\Program Files\Common Files\Nitro PDF\Reader\1.0\NitroPDFReaderDriverServicex64.exe (Nitro PDF Software)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (TOSHIBA eco Utility Service) -- C:\Program Files\TOSHIBA\TECO\TecoService.exe (TOSHIBA Corporation)
SRV:64bit: - (TPCHSrv) -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TOSHIBA HDD SSD Alert Service) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (RSELSVC) -- C:\Program Files\TOSHIBA\rselect\RSelSvc.exe (TOSHIBA Corporation)
SRV:64bit: - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)
SRV:64bit: - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)
SRV:64bit: - (Thpsrv) -- C:\Windows\SysNative\ThpSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (AgereModemAudio) -- C:\Windows\SysNative\agr64svc.exe (Agere Systems)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (TODDSrv) -- C:\Windows\SysNative\TODDSrv.exe (TOSHIBA Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (GamesAppIntegrationService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe (WildTangent)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (camsvc) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe (TOSHIBA)
SRV - (TMachInfo) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)
SRV - (TNaviSrv) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ConfigFree Service) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (ConfigFree Gadget Service) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe (TOSHIBA CORPORATION)


========== Driver Services (SafeList) ==========

DRV:64bit: - (Avgdiska) -- C:\Windows\SysNative\DRIVERS\avgdiska.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\DRIVERS\avgidsdrivera.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\DRIVERS\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgloga) -- C:\Windows\SysNative\DRIVERS\avgloga.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\DRIVERS\avgidsha.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\DRIVERS\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\DRIVERS\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\DRIVERS\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\DRIVERS\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (libusb0) -- C:\Windows\SysNative\drivers\libusb0.sys (http://libusb-win32.sourceforge.net)
DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek )
DRV:64bit: - (JMCR) -- C:\Windows\SysNative\DRIVERS\jmcr.sys (JMicron Technology Corporation)
DRV:64bit: - (Thpdrv) -- C:\Windows\SysNative\DRIVERS\thpdrv.sys (TOSHIBA Corporation)
DRV:64bit: - (TVALZFL) -- C:\Windows\SysNative\DRIVERS\TVALZFL.sys (TOSHIBA Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\DRIVERS\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (PGEffect) -- C:\Windows\SysNative\DRIVERS\pgeffect.sys (TOSHIBA Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\DRIVERS\iaStor.sys (Intel Corporation)
DRV:64bit: - (tos_sps64) -- C:\Windows\SysNative\DRIVERS\tos_sps64.sys (TOSHIBA Corporation)
DRV:64bit: - (enecir) -- C:\Windows\SysNative\DRIVERS\enecir.sys (ENE TECHNOLOGY INC.)
DRV:64bit: - (NETw5v64) -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys (Intel Corporation)
DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (LPCFilter) -- C:\Windows\SysNative\DRIVERS\LPCFilter.sys (COMPAL ELECTRONIC INC.)
DRV:64bit: - (enecirhid) -- C:\Windows\SysNative\DRIVERS\enecirhid.sys (ENE TECHNOLOGY INC.)
DRV:64bit: - (enecirhidma) -- C:\Windows\SysNative\DRIVERS\enecirhidma.sys (ENE TECHNOLOGY INC.)
DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\Drivers\RimUsb_AMD64.sys (Research In Motion Limited)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\DRIVERS\agrsm64.sys (Agere Systems)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\DRIVERS\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (tdcmdpst) -- C:\Windows\SysNative\DRIVERS\tdcmdpst.sys (TOSHIBA Corporation.)
DRV:64bit: - (TVALZ) -- C:\Windows\SysNative\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation)
DRV:64bit: - (Thpevm) -- C:\Windows\SysNative\DRIVERS\Thpevm.SYS (TOSHIBA Corporation)
DRV - (libusb0) -- C:\Windows\SysWOW64\drivers\libusb0.sys (http://libusb-win32.sourceforge.net)
DRV - (LPCFilter) -- C:\Windows\SysWOW64\drivers\LPCFilter.sys (COMPAL ELECTRONIC INC.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{87394793-8317-426A-A380-443282519A7D}: "URL" = http://www.google.ca...ie7&rlz=1I7TSHC
IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.ca/welcome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshiba.ca/welcome
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{87394793-8317-426A-A380-443282519A7D}: "URL" = http://www.google.ca...ie7&rlz=1I7TSHC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://meditateinbarrie.org/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\SearchScopes,DefaultScope = {87394793-8317-426A-A380-443282519A7D}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@ei.TelevisionFanatic.com/Plugin: C:\Program Files (x86)\TelevisionFanaticEI\Installr\1.bin\NP64EISB.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files (x86)\Picasa2\npPicasa2.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)


[2009/09/07 18:14:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tmauch\AppData\Roaming\Mozilla\Extensions
[2009/09/07 18:14:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tmauch\AppData\Roaming\Mozilla\Extensions\[email protected]
[2013/04/20 20:37:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tmauch\AppData\Roaming\Mozilla\Firefox\extensions
[2013/04/20 20:38:00 | 000,000,000 | ---D | M] (uTorrentControl_v6) -- C:\Users\tmauch\AppData\Roaming\Mozilla\Firefox\extensions\{96f454ea-9d38-474f-b504-56193e00c1a5}
[2013/04/27 06:56:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tmauch\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.meditateinbarrie.org/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U17 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Picasa2\npPicasa2.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: WildTangent Games App V2 Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
CHR - plugin: Windows Live™ Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Java Deployment Toolkit 7.0.170.2 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Google Docs = C:\Users\tmauch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\tmauch\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\tmauch\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\tmauch\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Skype Click to Call = C:\Users\tmauch\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.0.14735.1561_0\
CHR - Extension: Google Wallet = C:\Users\tmauch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\tmauch\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/04/29 22:43:42 | 000,000,855 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files (x86)\SpywareGuard\dlprotect.dll ()
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [HDMICtrlMan] C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe (TOSHIBA Corporation.)
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [ThpSrv] C:\Windows\SysNative\thpsrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPCHWMsg] C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TRCMan] C:\Program Files (x86)\TOSHIBA\TRCMan\TRCMan.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TWebCamera] "%ProgramFiles(x86)%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun File not found
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: netflix.com ([signup] * in Trusted sites)
O15 - HKCU\..Trusted Domains: netflix.com ([www] * in Trusted sites)
O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} http://kitchenplanne..._IKEA_Win32.cab (20-20 3D Viewer for IKEA)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.45.2)
O16 - DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.45.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9B045392-23DF-4A8E-AFEB-935BC70F4794}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EFB5769F-D45C-4DA8-B7B9-3ACF0EE08961}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\tmauch\Pictures\Sophie grown.jpg
O24 - Desktop BackupWallPaper: C:\Users\tmauch\Pictures\Sophie grown.jpg
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files (x86)\SpywareGuard\spywareguard.dll ()
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2014/02/27 08:29:35 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\tmauch\Desktop\OTL.exe
[2014/02/25 03:05:13 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[2014/02/13 19:14:53 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\SearchProtect
[2014/02/04 20:22:41 | 000,000,000 | ---D | C] -- C:\Users\tmauch\Documents\MkBk_Backup_2014-02-04
[2014/02/03 18:34:15 | 000,000,000 | ---D | C] -- C:\Users\tmauch\Documents\HFC3E
[2014/02/03 17:57:07 | 000,000,000 | ---D | C] -- C:\Users\tmauch\AppData\Local\SearchProtect
[2014/02/03 17:56:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InstallConverter
[2014/02/03 17:56:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\InstallConverter
[2014/01/31 19:41:30 | 000,000,000 | ---D | C] -- C:\Users\tmauch\AppData\Local\ElevatedDiagnostics
[2014/01/31 19:40:28 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution

========== Files - Modified Within 30 Days ==========

[2014/02/27 08:29:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\tmauch\Desktop\OTL.exe
[2014/02/27 08:19:21 | 000,003,616 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/02/27 08:19:20 | 000,003,616 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/02/27 08:13:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/02/27 07:59:59 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/02/27 06:25:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/02/27 05:25:49 | 000,873,229 | ---- | M] () -- C:\Users\tmauch\Desktop\crepe recipe
[2014/02/26 23:13:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/02/26 11:22:01 | 000,000,680 | ---- | M] () -- C:\Users\tmauch\AppData\Local\d3d9caps.dat
[2014/02/26 03:14:45 | 000,744,780 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/02/26 03:14:45 | 000,634,484 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/02/26 03:14:45 | 000,120,050 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/02/26 03:14:39 | 000,744,780 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/02/26 03:04:22 | 4258,127,872 | -HS- | M] () -- C:\hiberfil.sys
[2014/02/23 19:48:30 | 002,536,375 | ---- | M] () -- C:\Users\tmauch\Desktop\IDEAS+-+Issue+10+-+Nov+Dec+2013.pdf
[2014/02/23 19:24:11 | 000,042,543 | ---- | M] () -- C:\Users\tmauch\Desktop\OFSHEEA pdf_invoice.pdf
[2014/02/23 16:08:35 | 000,131,044 | ---- | M] () -- C:\Users\tmauch\Documents\Milestones.pdf
[2014/02/03 17:56:40 | 000,001,774 | ---- | M] () -- C:\Users\Public\Desktop\InstallConverter.lnk

========== Files Created - No Company Name ==========

[2014/02/27 05:25:44 | 000,873,229 | ---- | C] () -- C:\Users\tmauch\Desktop\crepe recipe
[2014/02/25 03:09:06 | 000,744,780 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/02/23 19:48:30 | 002,536,375 | ---- | C] () -- C:\Users\tmauch\Desktop\IDEAS+-+Issue+10+-+Nov+Dec+2013.pdf
[2014/02/23 19:24:11 | 000,042,543 | ---- | C] () -- C:\Users\tmauch\Desktop\OFSHEEA pdf_invoice.pdf
[2014/02/23 16:08:34 | 000,131,044 | ---- | C] () -- C:\Users\tmauch\Documents\Milestones.pdf
[2014/02/03 17:56:40 | 000,001,774 | ---- | C] () -- C:\Users\Public\Desktop\InstallConverter.lnk
[2013/04/29 22:14:32 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-TMAUCH-PC-Microsoft®-Windows-Vista™-Home-Premium-(64-bit).dat
[2013/04/24 12:31:58 | 000,000,000 | ---- | C] () -- C:\Users\tmauch\defogger_reenable
[2012/08/15 12:03:06 | 000,000,000 | ---- | C] () -- C:\Windows\iPlayer.INI
[2010/10/07 07:04:47 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/04/10 22:20:23 | 000,000,680 | ---- | C] () -- C:\Users\tmauch\AppData\Local\d3d9caps.dat
[2010/01/28 14:54:37 | 000,000,092 | ---- | C] () -- C:\Users\tmauch\AppData\Roaming\wklnhst.dat
[2009/12/01 20:55:02 | 000,000,732 | ---- | C] () -- C:\Users\tmauch\AppData\Local\d3d9caps64.dat
[2009/09/07 14:13:02 | 000,046,080 | ---- | C] () -- C:\Users\tmauch\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2006/11/02 10:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 12:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/11 02:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/20 21:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\wbemess.dll

========== LOP Check ==========

[2010/02/08 20:18:34 | 000,000,000 | ---D | M] -- C:\Users\tmauch\AppData\Roaming\Aura4You
[2013/11/03 22:28:07 | 000,000,000 | ---D | M] -- C:\Users\tmauch\AppData\Roaming\AVAST Software
[2013/12/06 16:29:54 | 000,000,000 | ---D | M] -- C:\Users\tmauch\AppData\Roaming\AVG2014
[2013/05/30 11:18:12 | 000,000,000 | ---D | M] -- C:\Users\tmauch\AppData\Roaming\Dropbox
[2013/03/19 15:51:45 | 000,000,000 | ---D | M] -- C:\Users\tmauch\AppData\Roaming\ExpressFiles
[2011/04/16 08:48:16 | 000,000,000 | ---D | M] -- C:\Users\tmauch\AppData\Roaming\LimeWire
[2013/03/14 19:21:40 | 000,000,000 | ---D | M] -- C:\Users\tmauch\AppData\Roaming\MusicNet
[2014/02/27 05:25:07 | 000,000,000 | ---D | M] -- C:\Users\tmauch\AppData\Roaming\Nitro PDF
[2014/02/23 16:08:52 | 000,000,000 | ---D | M] -- C:\Users\tmauch\AppData\Roaming\PrimoPDF
[2010/03/02 08:03:02 | 000,000,000 | ---D | M] -- C:\Users\tmauch\AppData\Roaming\Rogers Online Protection
[2013/04/20 20:42:33 | 000,000,000 | ---D | M] -- C:\Users\tmauch\AppData\Roaming\SearchProtect
[2010/01/28 14:54:39 | 000,000,000 | ---D | M] -- C:\Users\tmauch\AppData\Roaming\Template
[2012/08/15 12:23:33 | 000,000,000 | ---D | M] -- C:\Users\tmauch\AppData\Roaming\TOSHIBA
[2013/12/06 16:28:48 | 000,000,000 | ---D | M] -- C:\Users\tmauch\AppData\Roaming\TuneUp Software
[2014/01/25 21:35:23 | 000,000,000 | ---D | M] -- C:\Users\tmauch\AppData\Roaming\uTorrent
[2013/12/07 21:08:43 | 000,000,000 | ---D | M] -- C:\Users\tmauch\AppData\Roaming\WildTangent
[2013/03/20 19:40:27 | 000,000,000 | ---D | M] -- C:\Users\tmauch\AppData\Roaming\Yontoo

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2009/08/16 20:52:33 | 000,000,036 | ---- | M] ()(C:\Windows\SysWow64\????????????????????????????????????????????????????) -- C:\Windows\SysWow64\㩃停潲牧浡䘠汩獥⠠㡸⤶剜杯牥⁳湏楬敮倠潲整瑣潩屮潒敧獲传汮湩⁥牐瑯捥楴湯卜晡䍥湯敮瑣䍜湯楦屧噘敩⹷潣普杩
[2009/08/16 20:52:33 | 000,000,036 | ---- | C] ()(C:\Windows\SysWow64\????????????????????????????????????????????????????) -- C:\Windows\SysWow64\㩃停潲牧浡䘠汩獥⠠㡸⤶剜杯牥⁳湏楬敮倠潲整瑣潩屮潒敧獲传汮湩⁥牐瑯捥楴湯卜晡䍥湯敮瑣䍜湯楦屧噘敩⹷潣普杩

========== Alternate Data Streams ==========

@Alternate Data Stream - 980 bytes -> C:\Users\tmauch\Documents\Re_ Wow2.eml:OECustomProperty
@Alternate Data Stream - 680 bytes -> C:\Users\tmauch\Documents\jan email.eml:OECustomProperty
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >
  • 0

Advertisements


#2
Pyxis

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts
Greetings,

Welcome to Geeks to Go--the friendliest online community dedicated to the sole goal of helping people from all around the world! :)

I am Pyxis and I will be assisting you with the problem at hand. Whilst I am taking the time to analyse your set of provided logs, I would like to stress the following reminders:

  • I am a student that is currently undergoing training. As such, my responses have to be checked by a professional before I present them to you to ensure you get the best quality help. If you deem I have overlooked your thread, which is in a matter of more than 24 hours, please send me a PM and I will get back to you shortly.
  • It is important that you do not install anything unless asked while the process is ongoing. Doing so may hinder or even complicate the cleaning of your system. You will get the chance to install things as you would like after the process has been completed.
  • Ensure you take extra caution to precisely follow my instructions. It is important that you only use the tools I have asked you to. The instructions for your computer are unique and should therefore only apply to your system.
I hope you keep in mind these reminders. I will be right back with a full response! :thumbsup:

Thank you.
  • 0

#3
Home Bass

Home Bass

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
Sounds alright with me. I await your reply. Thanks!
Carl
  • 0

#4
Pyxis

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts
  • Step 1

    After examining your logs, I have seen that you currently have one or more P2P Programs installed. I would recommend their removal as the networks these programs are involved in are breeding places for malware. The things you are downloading are not one hundred percent safe as they can be uploaded by anyone on the Internet, some possibly aiding in the propagation of malware.

    More can be read from the following sources:

  • The Dangers of P2P File Sharing
  • The Dangers of P2P Networks
You are advised to remove the following programs by uninstalling them:

µTorrent
LimeWire
Note: This step is optional. You may or may not remove the programs, however I strongly suggest getting rid or disabling them before we continue with the process.
  • Step 2

    Certain programs will hinder the cleaning process. As such, I ask that you uninstall all the below programs to ensure no such conflict arises. Note that you may choose to disable these instead. However, for a more hassle-free solution in the long run, I recommend removing them now and later re-installing them once I declare you clean.

    I advise you to uninstall all of following programs through Control Panel > Add or Remove Programs (Windows XP) or Control Panel > Programs and Features > Uninstall a Program (Windows Vista & Windows 7):

    SpywareGuard
    SUPERAntiSpyware
If you are having difficulties, please tell me.
  • Step 3

    Locate your copy of 'OTL by OldTimer'.

  • Simply double-click the program icon to run it. It will ask for administrator privileges.

    Posted Image

  • Copy and paste the following into the Custom Scans/Fixes box:

    :OTL
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
    IE:64bit: - HKLM\..\SearchScopes\{87394793-8317-426A-A380-443282519A7D}: "URL" = http://www.google.ca...ie7&rlz=1I7TSHC
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{87394793-8317-426A-A380-443282519A7D}: "URL" = http://www.google.ca...ie7&rlz=1I7TSHC
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://meditateinbarrie.org/
    IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
    IE - HKCU\..\SearchScopes,DefaultScope = {87394793-8317-426A-A380-443282519A7D}
    O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
    [2014/02/13 19:14:53 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\SearchProtect
    [2014/02/03 17:57:07 | 000,000,000 | ---D | C] -- C:\Users\tmauch\AppData\Local\SearchProtect
    [2014/02/03 17:56:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InstallConverter
    [2014/02/03 17:56:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\InstallConverter
    [2010/10/07 07:04:47 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
    [2013/03/20 19:40:27 | 000,000,000 | ---D | M] -- C:\Users\tmauch\AppData\Roaming\Yontoo
    [2013/04/20 20:42:33 | 000,000,000 | ---D | M] -- C:\Users\tmauch\AppData\Roaming\SearchProtect
    [2013/03/19 15:51:45 | 000,000,000 | ---D | M] -- C:\Users\tmauch\AppData\Roaming\ExpressFiles
    @Alternate Data Stream - 980 bytes -> C:\Users\tmauch\Documents\Re_ Wow2.eml:OECustomProperty
    @Alternate Data Stream - 680 bytes -> C:\Users\tmauch\Documents\jan email.eml:OECustomProperty
    @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5C321E34
    O13 - gopher Prefix: missing
    O15 - HKCU\..Trusted Domains: netflix.com ([signup] * in Trusted sites)
    O15 - HKCU\..Trusted Domains: netflix.com ([www] * in Trusted sites)
    
    :Files
    C:\Windows\SysWow64\㩃停潲牧浡䘠汩獥⠠㡸⤶剜杯牥⁳湏楬敮倠潲整瑣潩屮潒敧獲传汮湩⁥牐瑯捥楴湯卜晡䍥湯敮瑣䍜湯楦屧噘敩⹷潣普杩
    C:\Windows\SysWow64\㩃停潲牧浡䘠汩獥⠠㡸⤶剜杯牥⁳湏楬敮倠潲整瑣潩屮潒敧獲传汮湩⁥牐瑯捥楴湯卜晡䍥湯敮瑣䍜湯楦屧噘敩⹷潣普杩
    
    :Commands
    [emptytemp]
    [resethosts]
    
  • Click Run Fix.
  • OTL will reboot your system. Allow it by clicking OK.
  • After the reboot, a Notepad window will appear, named MMDDYYYY_HHMMSS.log. Alternatively, you can find that log at C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log.
  • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
  • Step 4

    Download 'Junkware Removal Tool by thisisu' and save it to your desktop.

  • Ensure all programs and windows are closed before proceeding.
  • Simply double-click the program icon to run it. It will ask for administrator privileges.
  • A black window will appear. Press any key to continue.
  • Wait for it to finish. It won't take long.
  • A log will automatically pop-up once done. Alternatively, you can find JRT.txt at your desktop.
  • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
  • Step 5

    Locate your copy of 'OTL by OldTimer'.

  • Simply double-click the program icon to run it. It will ask for administrator privileges.
  • Ensure that the following settings are followed. Make sure all other windows are closed and let it run uninterrupted.

    Posted Image

  • Click Run Scan.
  • After a short while, two Notepad windows will appear, named OTL.txt and Extras.txt. Alternatively, you can also find these at your desktop.
  • Copy and paste (CTRL + A and CTRL + C) the content of these logs in your next reply.
  • Logs to Post
In summary of the above, I will need you to post the following log(s):
  • Extras.txt (OTL)
  • OTL.txt (OTL)
  • MMDDYYYY_HHMMSS.log (OTL)
  • JRT.txt (Junkware Removal Tool)

  • 0

#5
Home Bass

Home Bass

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
I uninstalled Limewire but not uTorrent. It is not, however, running. I uninstalled SpywareGuard and SuperAntiSpyware. The logs follow. There sure is a lot to go through. I really appreciate it!
Carl


OTL Extras logfile created on: 2/28/2014 4:48:01 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\tmauch\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.96 Gb Total Physical Memory | 2.21 Gb Available Physical Memory | 55.63% Memory free
11.67 Gb Paging File | 9.55 Gb Available in Paging File | 81.78% Paging File free
Paging file location(s): c:\pagefile.sys 8000 10000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 349.79 Gb Total Space | 141.99 Gb Free Space | 40.59% Space Free | Partition Type: NTFS
Drive E: | 9.95 Gb Total Space | 9.86 Gb Free Space | 99.09% Space Free | Partition Type: NTFS

Computer Name: TMAUCH-PC | User Name: tmauch | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-2099778896-3320057001-4104064969-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = E8 C4 B6 96 0D BA CA 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2099778896-3320057001-4104064969-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{048EC4B1-7B9B-437D-ACD9-6F0C3128D682}" = rport=138 | protocol=17 | dir=out | app=system |
"{1A4A0A24-32CC-4D08-A83B-A3713F9E7810}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{2B213D14-A65C-46B6-B066-6C1B7843C635}" = lport=138 | protocol=17 | dir=in | app=system |
"{2E02E9DA-D954-4502-8331-E95B17684843}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{496CF423-FB8D-46B0-A63C-7B49312EC362}" = lport=137 | protocol=17 | dir=in | app=system |
"{69FA9359-4FD6-4D79-94A4-4114EDA3DB7D}" = lport=139 | protocol=6 | dir=in | app=system |
"{70CF4561-E1B3-4FBA-B14C-90523A30E461}" = rport=445 | protocol=6 | dir=out | app=system |
"{86BB86C6-9C5A-40F9-82B2-55DB7FDD4455}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{AE1EBFCD-3117-4EB4-BDCE-313F967BFDDE}" = rport=137 | protocol=17 | dir=out | app=system |
"{BDF430FD-B21A-4D1C-885C-5555463D2AED}" = lport=445 | protocol=6 | dir=in | app=system |
"{DA546AB9-3098-4805-A138-E77E85AD1612}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{EF865607-324A-4F83-A40E-B1FA6DB570CE}" = rport=139 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{13352222-CB9A-4F74-B0B2-1ED6BD48139B}" = protocol=58 | dir=out | [email protected],-28546 |
"{1B58940D-62A7-4B0F-B3ED-2EE7B2FCE57F}" = protocol=17 | dir=in | app=c:\users\tmauch\appdata\roaming\dropbox\bin\dropbox.exe |
"{1CD884FF-B179-455B-B368-8DC673EA0A40}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{24002E74-A126-478C-945C-2AEFD613F09B}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{488A3CAF-AB93-4BD4-877D-0D5664A43CEF}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{5968B38C-B674-4D96-B5E5-0A413847D720}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgnsa.exe |
"{5D59CA9C-401C-4119-87ED-59B5C596C15C}" = protocol=6 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"{6FFD73E5-A029-4EC2-AD3C-B7A38BF62F27}" = protocol=1 | dir=out | [email protected],-28544 |
"{70491AEB-64B7-410E-95CB-95FE28A9F9D3}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{84A6B385-7143-42FC-8CE0-893372F40F71}" = protocol=58 | dir=in | [email protected],-28545 |
"{8BE206D6-E52E-4423-8565-3871B539B9B7}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{944812D3-FAF1-4E7C-926F-1CCD170AF877}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{97CCA642-746F-434D-B263-AD3A602041E3}" = protocol=17 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"{994BB9AE-481E-488C-82BB-FC1922AA50A2}" = protocol=6 | dir=in | app=c:\users\tmauch\appdata\roaming\dropbox\bin\dropbox.exe |
"{A38FCC9D-AA3A-4254-8C71-1C670CC1B02E}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgdiagex.exe |
"{AB9C304A-4EE7-4EE4-B6E4-50C4BA4A22BA}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{ADE8CBA7-4951-4C07-AAC3-99F5F4D17621}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgemca.exe |
"{B371D389-1320-492E-8A28-93C1D7119921}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B854D8B8-B9C2-4628-BCF0-8E1E01183684}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B89236B4-D9C9-4771-A48B-86355385FF3C}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{BEF9C2F7-4C3E-40CA-9AA5-D3ECE4C820FF}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{C96073FE-F0B9-4FB4-817D-C0A3A9F785FD}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{CCAB6179-3514-42E2-ADA9-6BEE35634F72}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgdiagex.exe |
"{D5D2C593-7C37-4852-8635-C9460666493D}" = protocol=1 | dir=in | [email protected],-28543 |
"{D811250B-4EB1-413B-B835-76707626A395}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{DF7732C1-E122-4F9C-80B7-E733A681F799}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgnsa.exe |
"{E35E71A6-20EC-4E35-8AE3-742A910D7CFE}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe |
"{EF036EFF-4FB8-48C2-BF0F-2BFD20B5FE5F}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgemca.exe |
"{F9778B10-1D2B-4777-B978-6A41292B7934}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe |
"TCP Query User{0831D0E4-F8A5-46ED-9802-DC3284AEF477}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{0E972098-A620-4E99-BA43-FE1D3FE24F43}C:\users\tmauch\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\tmauch\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{7D7A4F2D-9E6E-4E99-8082-57D5A6DD91D0}C:\users\tmauch\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\tmauch\appdata\local\akamai\netsession_win.exe |
"TCP Query User{E32A6A44-9285-498E-8286-EFD5C0CED7FE}C:\users\tmauch\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe" = protocol=6 | dir=in | app=c:\users\tmauch\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe |
"TCP Query User{F3592F99-D463-4EE5-8EB4-CB145F1C18C3}C:\users\tmauch\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\tmauch\appdata\local\akamai\netsession_win.exe |
"UDP Query User{07286EDA-4EC9-4DB2-B198-F8E58466FBBD}C:\users\tmauch\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\tmauch\appdata\local\akamai\netsession_win.exe |
"UDP Query User{1C37B0D7-A8F1-499C-BD5F-9CBB2F23AECE}C:\users\tmauch\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\tmauch\appdata\local\akamai\netsession_win.exe |
"UDP Query User{446D55D3-A37B-4E92-A052-728CE976FAD4}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{9FFA80A1-FE50-47ED-A291-DB8AD7B6EDF6}C:\users\tmauch\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\tmauch\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{C7927CE9-8383-4A25-883C-F5B3D58E2144}C:\users\tmauch\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe" = protocol=17 | dir=in | app=c:\users\tmauch\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{20387B45-18A4-4D48-ABD9-A23D2CBE42B3}" = Dolby Control Center
"{20F2AD58-CE1D-4994-9945-B1B3F2600254}" = Nitro PDF Reader
"{34883B9C-CDFE-46F0-9C5B-935484C218C3}" = AVG 2014
"{35C0A1E4-D02A-412C-841F-266DBB116ABB}" = Intel® PROSet/Wireless WiFi Software
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{63DA1F6A-2E65-4367-99B9-9E39FADEC446}" = HDMI Control Manager
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{704ABF63-B0B1-446B-9D92-C5D06AFCE7B6}" = PlayReady PC runtime
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F7D66C-777D-473B-AA11-319C0F190EAC}" = TOSHIBA Internal Modem Region Select Utility
"{8C775E70-A791-4DA8-BCC3-6AB7136F4484}" = Visual Studio 2012 x64 Redistributables
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{94A90C69-71C1-470A-88F5-AA47ECC96B40}" = TOSHIBA HDD Protection
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{AB58402A-43DE-551C-2B40-DD1CF0E21240}" = ccc-utility64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE470020-CCCF-4C09-9AB9-B710A4FBE2C8}" = AVG 2014
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"{FAF03106-1653-15E1-3C0C-E7AE4FAE6EBF}" = AMD Catalyst Install Manager
"703AB19C282B6ED3F1D3CE92F8DAA864B68A7C91" = ENE CIR Receiver Driver
"AVG" = AVG 2014
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{0B03071A-C96E-34CA-E5A3-4D8DA8ACCB3D}" = CCC Help Polish
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{1472627A-6E9F-DCB1-8894-E2BD249FD5E4}" = CCC Help Thai
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A2C316B-F842-6FB3-3C87-6FE02861F396}" = Catalyst Control Center
"{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = TOSHIBA Assist
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{218BE476-B206-2879-B912-971E6E89E44D}" = CCC Help Finnish
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 45
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2DFFE333-1B60-4CAA-F836-3CF0C99777CA}" = CCC Help Norwegian
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{364374D2-FE10-2170-2397-5B01F9D00093}" = CCC Help Spanish
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{40786C7F-7078-5147-444E-D45DE808B684}" = CCC Help Portuguese
"{43D3EA3E-2B72-57F3-40E0-318A614D0FDD}" = CCC Help Czech
"{45633D5F-76CE-B1D7-325B-A3F329AA99DB}" = Catalyst Control Center InstallProxy
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}" = Google Earth
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.5
"{4F7823C4-BB28-A63E-CE08-1B463D4682DE}" = CCC Help Dutch
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{50F68032-B5B7-4513-9116-C978DBD8F27A}" = DVD MovieFactory for TOSHIBA
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{63DA1F6A-2E65-4367-99B9-9E39FADEC446}" = HDMI Control Manager
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6D7B8E2C-4356-619D-134F-FB36B0809958}" = CCC Help German
"{6F173E00-2766-E174-C2E0-AD88F24685BD}" = CCC Help Swedish
"{6F9301C3-F016-450D-97A1-B376DB98E967}" = RPS CRT
"{6FAEC41D-0654-12C1-0068-770D19FC2446}" = CCC Help Italian
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-toshiba" = WildTangent Games App (Toshiba Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73D239CC-D6B1-ADEC-A7BE-E100C7112004}" = CCC Help Korean
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7FAE73A4-F0BC-4B65-81CF-52C417383407}" = Prezi Desktop
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8D3D92F0-852F-D832-FD8B-029C8C231C13}" = CCC Help Russian
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{963FFEAB-16E5-EB69-4E64-338B3D319FB4}" = CCC Help Chinese Standard
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9F7E9D7B-3291-96CE-A27F-DD4F6EB230EA}" = CCC Help Chinese Traditional
"{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A11E24AD-A7EB-78C9-F792-AD9CDDB8B651}" = Catalyst Control Center InstallProxy
"{A634D1FC-6F59-4FBD-AC61-0A44BB8D2A12}" = MarkBook 2010
"{A6FDE264-C48D-36CE-CFA7-ABBEB861AC10}" = Catalyst Control Center Localization All
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.5
"{AE8FFD41-8BFC-47D3-829E-77D23BFF09FF}" = My TOSHIBA
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B31A9284-632D-683E-3BD0-F6926D445A7B}" = CCC Help Danish
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7A75523-3D7F-CF23-12F7-999EAF6C7167}" = CCC Help Japanese
"{C12F8611-6962-457A-BC55-32E02BCEF360}" = MarkBook 2013
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C821D689-95BE-0D60-255E-D9B89CB3019F}" = Catalyst Control Center Graphics Previews Common
"{CE1458AA-23A7-332D-68D9-86B799898DA6}" = CCC Help Greek
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA54D3F7-4915-1A37-7EA8-2741F05B77AC}" = HydraVision
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DEABB6F4-B05A-45C7-B626-C381ED1771A9}" = MarkBook 2012
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E0655E94-1D4D-8484-64C6-E6F847B7BE92}" = CCC Help Turkish
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E487EE7D-EAAA-4E2A-9116-E3B477D8A74F}" = TOSHIBA USB Sleep and Charge Utility
"{E555950B-1496-C37C-CA2C-2DF8745A5BE9}" = CCC Help English
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{EE229D0E-3D9E-636C-6E75-9436A87C7E49}" = CCC Help French
"{F0A386D2-6E15-4A8F-A04E-87CE9BED0D48}" = TOSHIBA ConfigFree
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
"{F536CCF1-C4C1-5FB9-6B17-F883DFFAE569}" = CCC Help Hungarian
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FEB650EB-7639-444E-9FC2-C33EE6ED1A37}" = TOSHIBA Remote Control Manager
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 12 ActiveX
"Aura Video Converter_is1" = Aura Video Converter 1.2.2
"Connect" = Connect
"Flash2X Flash Player_is1" = Flash2X Flash Player version 3.0.2
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Install Converter" = Install Converter
"InstallConverter" = InstallConverter
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}" = DVD MovieFactory for TOSHIBA
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{63DA1F6A-2E65-4367-99B9-9E39FADEC446}" = HDMI Control Manager
"InstallShield_{89F7D66C-777D-473B-AA11-319C0F190EAC}" = TOSHIBA Internal Modem Region Select Utility
"InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"InterActual Player" = InterActual Player
"Kobo" = Kobo
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Mouse Setting Software_is1" = Mouse Setting Software 4.0
"Picasa2" = Picasa 2
"PrimoPDF" = PrimoPDF -- brought to you by Nitro PDF Software
"PRO100 Demo_is1" = PRO100 version 4.62i Demo
"SpywareBlaster_is1" = SpywareBlaster 5.0
"uTorrent" = µTorrent
"VLC media player" = VLC media player 2.0.5
"WildTangent toshiba Master Uninstall" = WildTangent Games
"WinLiveSuite" = Windows Live Essentials
"Xvid Video Codec 1.3.2" = Xvid Video Codec

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2099778896-3320057001-4104064969-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Amazon Kindle" = Amazon Kindle
"Dropbox" = Dropbox

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 2/28/2014 5:54:55 PM | Computer Name = tmauch-PC | Source = MsiInstaller | ID = 1013
Description = Product: Skype Click to Call -- Installation cannot proceed on this
operating system.

Error - 2/28/2014 5:55:15 PM | Computer Name = tmauch-PC | Source = MsiInstaller | ID = 1013
Description = Product: Skype Click to Call -- Installation cannot proceed on this
operating system.

Error - 2/28/2014 5:55:48 PM | Computer Name = tmauch-PC | Source = MsiInstaller | ID = 1013
Description = Product: Skype Click to Call -- Installation cannot proceed on this
operating system.

Error - 2/28/2014 5:56:19 PM | Computer Name = tmauch-PC | Source = MsiInstaller | ID = 1013
Description = Product: Skype Click to Call -- Installation cannot proceed on this
operating system.

Error - 2/28/2014 5:56:44 PM | Computer Name = tmauch-PC | Source = MsiInstaller | ID = 1013
Description = Product: Skype Click to Call -- Installation cannot proceed on this
operating system.

Error - 2/28/2014 5:57:05 PM | Computer Name = tmauch-PC | Source = MsiInstaller | ID = 1013
Description = Product: Skype Click to Call -- Installation cannot proceed on this
operating system.

Error - 2/28/2014 5:57:35 PM | Computer Name = tmauch-PC | Source = MsiInstaller | ID = 1013
Description = Product: Skype Click to Call -- Installation cannot proceed on this
operating system.

Error - 2/28/2014 5:58:03 PM | Computer Name = tmauch-PC | Source = MsiInstaller | ID = 1013
Description = Product: Skype Click to Call -- Installation cannot proceed on this
operating system.

Error - 2/28/2014 5:58:26 PM | Computer Name = tmauch-PC | Source = MsiInstaller | ID = 1013
Description = Product: Skype Click to Call -- Installation cannot proceed on this
operating system.

Error - 2/28/2014 5:58:51 PM | Computer Name = tmauch-PC | Source = MsiInstaller | ID = 1013
Description = Product: Skype Click to Call -- Installation cannot proceed on this
operating system.

[ ODiag Events ]
Error - 4/29/2013 1:18:59 PM | Computer Name = tmauch-PC | Source = Microsoft Office 12 Diagnostics | ID = 320
Description = An unexpected error occurred. Tag: 2t2i. Error code: N/A


< End of report >

OTL logfile created on: 2/28/2014 4:48:01 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\tmauch\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.96 Gb Total Physical Memory | 2.21 Gb Available Physical Memory | 55.63% Memory free
11.67 Gb Paging File | 9.55 Gb Available in Paging File | 81.78% Paging File free
Paging file location(s): c:\pagefile.sys 8000 10000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 349.79 Gb Total Space | 141.99 Gb Free Space | 40.59% Space Free | Partition Type: NTFS
Drive E: | 9.95 Gb Total Space | 9.86 Gb Free Space | 99.09% Space Free | Partition Type: NTFS

Computer Name: TMAUCH-PC | User Name: tmauch | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/02/27 08:29:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\tmauch\Desktop\OTL.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV:64bit: - [2012/11/16 15:44:58 | 000,238,080 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/01/14 12:35:58 | 000,341,296 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Common Files\Nitro PDF\Reader\1.0\NitroPDFReaderDriverServicex64.exe -- (NitroReaderDriverReadSpool)
SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/04/14 19:57:28 | 000,251,392 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2009/04/09 21:03:58 | 000,803,696 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2009/03/17 13:48:54 | 000,084,480 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/03/06 20:30:32 | 000,488,288 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2009/02/19 16:53:28 | 000,055,808 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\rselect\RSelSvc.exe -- (RSELSVC)
SRV:64bit: - [2008/10/16 20:05:00 | 001,449,984 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2008/10/16 19:27:20 | 000,826,368 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2008/08/22 12:26:52 | 000,535,608 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\ThpSrv.exe -- (Thpsrv)
SRV:64bit: - [2008/03/18 14:26:56 | 000,015,872 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\SysNative\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/11/21 18:53:16 | 000,135,168 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV - [2014/02/22 13:00:37 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/11/11 22:02:14 | 003,478,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/11/08 19:08:52 | 000,227,936 | ---- | M] (WildTangent) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe -- (GamesAppIntegrationService)
SRV - [2013/10/09 09:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/09/24 01:33:08 | 000,348,008 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe -- (avgwd)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/06/03 15:21:54 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2009/04/16 20:42:58 | 000,020,544 | ---- | M] (TOSHIBA) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe -- (camsvc)
SRV - [2009/04/01 20:10:58 | 000,062,776 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009/03/30 18:57:22 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2009/03/29 23:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/10 20:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2009/03/06 19:27:10 | 000,036,864 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe -- (ConfigFree Gadget Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/11/05 21:55:48 | 000,150,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\DRIVERS\avgdiska.sys -- (Avgdiska)
DRV:64bit: - [2013/11/04 21:52:42 | 000,240,920 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\DRIVERS\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2013/10/31 23:00:18 | 000,212,280 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\DRIVERS\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2013/10/31 22:49:46 | 000,294,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avgloga.sys -- (Avgloga)
DRV:64bit: - [2013/10/24 22:25:58 | 000,194,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2013/10/01 00:52:08 | 000,123,704 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2013/09/10 00:43:02 | 000,031,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2013/08/01 16:07:06 | 000,251,192 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/11/16 16:08:32 | 011,922,944 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2012/11/16 16:08:32 | 011,922,944 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/11/16 14:39:12 | 000,359,936 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/02/29 08:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/11/23 12:37:48 | 000,029,184 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\libusb0.sys -- (libusb0)
DRV:64bit: - [2009/04/24 16:29:40 | 000,206,336 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2009/04/08 18:36:40 | 000,138,592 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\jmcr.sys -- (JMCR)
DRV:64bit: - [2009/03/25 19:23:26 | 000,035,392 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\thpdrv.sys -- (Thpdrv)
DRV:64bit: - [2009/03/23 18:48:20 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009/03/20 18:37:40 | 000,266,288 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/03/18 13:46:44 | 000,032,832 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\pgeffect.sys -- (PGEffect)
DRV:64bit: - [2009/02/11 19:26:18 | 000,407,576 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/01/27 21:12:14 | 000,504,912 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2008/12/30 14:18:40 | 000,068,608 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\enecir.sys -- (enecir)
DRV:64bit: - [2008/11/17 09:50:30 | 004,751,360 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64)
DRV:64bit: - [2008/11/11 20:30:12 | 000,189,088 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2008/05/07 13:30:14 | 000,032,040 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\LPCFilter.sys -- (LPCFilter)
DRV:64bit: - [2008/04/29 03:56:00 | 000,014,336 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\enecirhid.sys -- (enecirhid)
DRV:64bit: - [2008/04/25 11:16:00 | 000,006,656 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\enecirhidma.sys -- (enecirhidma)
DRV:64bit: - [2008/04/16 13:49:34 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2008/03/21 14:47:14 | 001,253,376 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2008/01/20 21:46:55 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2007/12/11 16:03:36 | 000,027,272 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2007/11/09 16:00:30 | 000,026,968 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2007/09/04 12:29:04 | 000,014,872 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\Thpevm.SYS -- (Thpevm)
DRV - [2011/11/23 12:37:48 | 000,021,504 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\libusb0.sys -- (libusb0)
DRV - [2008/05/07 13:30:14 | 000,032,040 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\drivers\LPCFilter.sys -- (LPCFilter)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.ca/welcome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshiba.ca/welcome
IE - HKLM\..\SearchScopes,DefaultScope =


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-2099778896-3320057001-4104064969-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-2099778896-3320057001-4104064969-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\S-1-5-21-2099778896-3320057001-4104064969-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-2099778896-3320057001-4104064969-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2099778896-3320057001-4104064969-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2099778896-3320057001-4104064969-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@ei.TelevisionFanatic.com/Plugin: C:\Program Files (x86)\TelevisionFanaticEI\Installr\1.bin\NP64EISB.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files (x86)\Picasa2\npPicasa2.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)


[2009/09/07 18:14:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tmauch\AppData\Roaming\Mozilla\Extensions
[2009/09/07 18:14:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tmauch\AppData\Roaming\Mozilla\Extensions\[email protected]
[2013/04/20 20:37:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tmauch\AppData\Roaming\Mozilla\Firefox\extensions
[2013/04/20 20:38:00 | 000,000,000 | ---D | M] (uTorrentControl_v6) -- C:\Users\tmauch\AppData\Roaming\Mozilla\Firefox\extensions\{96f454ea-9d38-474f-b504-56193e00c1a5}
[2013/04/27 06:56:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tmauch\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.meditateinbarrie.org/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U17 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Picasa2\npPicasa2.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: WildTangent Games App V2 Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
CHR - plugin: Windows Live™ Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Java Deployment Toolkit 7.0.170.2 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Google Docs = C:\Users\tmauch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\tmauch\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\tmauch\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\tmauch\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Skype Click to Call = C:\Users\tmauch\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.0.14735.1561_0\
CHR - Extension: Google Wallet = C:\Users\tmauch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\tmauch\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2014/02/28 16:20:50 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [HDMICtrlMan] C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe (TOSHIBA Corporation.)
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [ThpSrv] C:\Windows\SysNative\thpsrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPCHWMsg] C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TRCMan] C:\Program Files (x86)\TOSHIBA\TRCMan\TRCMan.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TWebCamera] "%ProgramFiles(x86)%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun File not found
O4 - HKU\S-1-5-21-2099778896-3320057001-4104064969-1000..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-2099778896-3320057001-4104064969-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2099778896-3320057001-4104064969-1000\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-2099778896-3320057001-4104064969-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} http://kitchenplanne..._IKEA_Win32.cab (20-20 3D Viewer for IKEA)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.45.2)
O16 - DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.45.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9B045392-23DF-4A8E-AFEB-935BC70F4794}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EFB5769F-D45C-4DA8-B7B9-3ACF0EE08961}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\tmauch\Pictures\Sophie grown.jpg
O24 - Desktop BackupWallPaper: C:\Users\tmauch\Pictures\Sophie grown.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2014/02/28 16:31:12 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/02/28 16:29:40 | 001,037,734 | ---- | C] (Thisisu) -- C:\Users\tmauch\Desktop\JRT.exe
[2014/02/27 08:29:35 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\tmauch\Desktop\OTL.exe
[2014/02/25 03:05:13 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[2014/02/14 03:05:33 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/02/14 03:05:32 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/02/14 03:05:30 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/02/14 03:05:30 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/02/14 03:05:29 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2014/02/14 03:05:29 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2014/02/14 03:05:29 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/02/14 03:05:29 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/02/14 03:05:27 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/02/14 03:05:27 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/02/14 03:05:27 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/02/14 03:05:26 | 002,334,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/02/14 03:05:26 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2014/02/14 03:05:26 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2014/02/14 03:05:26 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/02/04 20:22:41 | 000,000,000 | ---D | C] -- C:\Users\tmauch\Documents\MkBk_Backup_2014-02-04
[2014/02/03 18:34:15 | 000,000,000 | ---D | C] -- C:\Users\tmauch\Documents\HFC3E
[2014/01/31 19:41:30 | 000,000,000 | ---D | C] -- C:\Users\tmauch\AppData\Local\ElevatedDiagnostics
[2014/01/31 19:40:28 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution

========== Files - Modified Within 30 Days ==========

[2014/02/28 16:29:40 | 001,037,734 | ---- | M] (Thisisu) -- C:\Users\tmauch\Desktop\JRT.exe
[2014/02/28 16:23:42 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/02/28 16:23:07 | 000,003,616 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/02/28 16:23:07 | 000,003,616 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/02/28 16:22:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/02/28 16:22:56 | 4258,127,872 | -HS- | M] () -- C:\hiberfil.sys
[2014/02/28 16:18:13 | 000,004,458 | ---- | M] () -- C:\Users\tmauch\Documents\jan email.eml
[2014/02/28 16:18:08 | 000,037,212 | ---- | M] () -- C:\Users\tmauch\Documents\Re_ Wow2.eml
[2014/02/28 16:13:28 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/02/28 16:00:15 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/02/27 08:29:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\tmauch\Desktop\OTL.exe
[2014/02/27 05:25:49 | 000,873,229 | ---- | M] () -- C:\Users\tmauch\Desktop\crepe recipe
[2014/02/26 11:22:01 | 000,000,680 | ---- | M] () -- C:\Users\tmauch\AppData\Local\d3d9caps.dat
[2014/02/26 03:14:45 | 000,744,780 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/02/26 03:14:45 | 000,634,484 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/02/26 03:14:45 | 000,120,050 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/02/26 03:14:39 | 000,744,780 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/02/23 19:48:30 | 002,536,375 | ---- | M] () -- C:\Users\tmauch\Desktop\IDEAS+-+Issue+10+-+Nov+Dec+2013.pdf
[2014/02/23 19:24:11 | 000,042,543 | ---- | M] () -- C:\Users\tmauch\Desktop\OFSHEEA pdf_invoice.pdf
[2014/02/23 16:08:35 | 000,131,044 | ---- | M] () -- C:\Users\tmauch\Documents\Milestones.pdf
[2014/02/22 13:00:34 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/02/22 13:00:34 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/02/05 05:00:21 | 002,334,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/02/05 04:52:51 | 001,494,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/02/05 04:52:37 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2014/02/05 04:51:59 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/02/05 04:51:52 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/02/05 04:51:43 | 000,816,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2014/02/05 04:51:34 | 000,729,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/02/05 04:50:50 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/02/05 04:50:05 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/02/05 03:49:56 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/02/05 03:49:14 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2014/02/05 03:48:40 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/02/05 03:48:08 | 000,717,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2014/02/05 03:47:22 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/02/05 03:46:50 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/02/03 17:56:40 | 000,001,774 | ---- | M] () -- C:\Users\Public\Desktop\InstallConverter.lnk

========== Files Created - No Company Name ==========

[2014/02/27 05:25:44 | 000,873,229 | ---- | C] () -- C:\Users\tmauch\Desktop\crepe recipe
[2014/02/25 03:09:06 | 000,744,780 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/02/23 19:48:30 | 002,536,375 | ---- | C] () -- C:\Users\tmauch\Desktop\IDEAS+-+Issue+10+-+Nov+Dec+2013.pdf
[2014/02/23 19:24:11 | 000,042,543 | ---- | C] () -- C:\Users\tmauch\Desktop\OFSHEEA pdf_invoice.pdf
[2014/02/23 16:08:34 | 000,131,044 | ---- | C] () -- C:\Users\tmauch\Documents\Milestones.pdf
[2014/02/03 17:56:40 | 000,001,774 | ---- | C] () -- C:\Users\Public\Desktop\InstallConverter.lnk
[2013/04/29 22:14:32 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-TMAUCH-PC-Microsoft®-Windows-Vista™-Home-Premium-(64-bit).dat
[2013/04/24 12:31:58 | 000,000,000 | ---- | C] () -- C:\Users\tmauch\defogger_reenable
[2012/08/15 12:03:06 | 000,000,000 | ---- | C] () -- C:\Windows\iPlayer.INI
[2010/04/10 22:20:23 | 000,000,680 | ---- | C] () -- C:\Users\tmauch\AppData\Local\d3d9caps.dat
[2010/01/28 14:54:37 | 000,000,092 | ---- | C] () -- C:\Users\tmauch\AppData\Roaming\wklnhst.dat
[2009/12/01 20:55:02 | 000,000,732 | ---- | C] () -- C:\Users\tmauch\AppData\Local\d3d9caps64.dat
[2009/09/07 14:13:02 | 000,046,080 | ---- | C] () -- C:\Users\tmauch\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2006/11/02 10:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 12:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/11 02:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/20 21:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\wbemess.dll

========== LOP Check ==========

[2010/02/08 20:18:34 | 000,000,000 | ---D | M] -- C:\Users\tmauch\AppData\Roaming\Aura4You
[2013/11/03 22:28:07 | 000,000,000 | ---D | M] -- C:\Users\tmauch\AppData\Roaming\AVAST Software
[2013/12/06 16:29:54 | 000,000,000 | ---D | M] -- C:\Users\tmauch\AppData\Roaming\AVG2014
[2013/05/30 11:18:12 | 000,000,000 | ---D | M] -- C:\Users\tmauch\AppData\Roaming\Dropbox
[2013/03/14 19:21:40 | 000,000,000 | ---D | M] -- C:\Users\tmauch\AppData\Roaming\MusicNet
[2014/02/27 05:25:07 | 000,000,000 | ---D | M] -- C:\Users\tmauch\AppData\Roaming\Nitro PDF
[2014/02/23 16:08:52 | 000,000,000 | ---D | M] -- C:\Users\tmauch\AppData\Roaming\PrimoPDF
[2010/03/02 08:03:02 | 000,000,000 | ---D | M] -- C:\Users\tmauch\AppData\Roaming\Rogers Online Protection
[2010/01/28 14:54:39 | 000,000,000 | ---D | M] -- C:\Users\tmauch\AppData\Roaming\Template
[2012/08/15 12:23:33 | 000,000,000 | ---D | M] -- C:\Users\tmauch\AppData\Roaming\TOSHIBA
[2013/12/06 16:28:48 | 000,000,000 | ---D | M] -- C:\Users\tmauch\AppData\Roaming\TuneUp Software
[2014/01/25 21:35:23 | 000,000,000 | ---D | M] -- C:\Users\tmauch\AppData\Roaming\uTorrent
[2013/12/07 21:08:43 | 000,000,000 | ---D | M] -- C:\Users\tmauch\AppData\Roaming\WildTangent

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 980 bytes -> C:\Users\tmauch\Documents\Re_ Wow2.eml:OECustomProperty
@Alternate Data Stream - 680 bytes -> C:\Users\tmauch\Documents\jan email.eml:OECustomProperty

< End of report >


All processes killed
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{87394793-8317-426A-A380-443282519A7D}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{87394793-8317-426A-A380-443282519A7D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{87394793-8317-426A-A380-443282519A7D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{87394793-8317-426A-A380-443282519A7D}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\ deleted successfully.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
C:\Windows\SysWow64\SearchProtect\Logs folder moved successfully.
C:\Windows\SysWow64\SearchProtect folder moved successfully.
C:\Users\tmauch\AppData\Local\SearchProtect\SearchProtect\rep folder moved successfully.
C:\Users\tmauch\AppData\Local\SearchProtect\SearchProtect\Logs folder moved successfully.
C:\Users\tmauch\AppData\Local\SearchProtect\SearchProtect folder moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InstallConverter folder moved successfully.
C:\Program Files (x86)\InstallConverter folder moved successfully.
C:\ProgramData\ezsidmv.dat moved successfully.
C:\Users\tmauch\AppData\Roaming\Yontoo\dat\update folder moved successfully.
C:\Users\tmauch\AppData\Roaming\Yontoo\dat folder moved successfully.
C:\Users\tmauch\AppData\Roaming\Yontoo folder moved successfully.
C:\Users\tmauch\AppData\Roaming\SearchProtect\ffprotect\SProtectorRepository folder moved successfully.
C:\Users\tmauch\AppData\Roaming\SearchProtect\ffprotect folder moved successfully.
C:\Users\tmauch\AppData\Roaming\SearchProtect\Dialogs\spsd\images folder moved successfully.
C:\Users\tmauch\AppData\Roaming\SearchProtect\Dialogs\spsd folder moved successfully.
C:\Users\tmauch\AppData\Roaming\SearchProtect\Dialogs\spbd\images folder moved successfully.
C:\Users\tmauch\AppData\Roaming\SearchProtect\Dialogs\spbd folder moved successfully.
C:\Users\tmauch\AppData\Roaming\SearchProtect\Dialogs folder moved successfully.
C:\Users\tmauch\AppData\Roaming\SearchProtect\bin folder moved successfully.
C:\Users\tmauch\AppData\Roaming\SearchProtect folder moved successfully.
C:\Users\tmauch\AppData\Roaming\ExpressFiles folder moved successfully.
ADS C:\Users\tmauch\Documents\Re_ Wow2.eml:OECustomProperty deleted successfully.
ADS C:\Users\tmauch\Documents\jan email.eml:OECustomProperty deleted successfully.
ADS C:\ProgramData\TEMP:5C321E34 deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\netflix.com\signup\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\netflix.com\www\ deleted successfully.
========== FILES ==========
C:\Windows\SysWow64\㩃停潲牧浡䘠汩獥⠠㡸⤶剜杯牥⁳湏楬敮倠潲整瑣潩屮潒敧獲传汮湩⁥牐瑯捥楴湯卜晡䍥湯敮瑣䍜湯楦屧噘敩⹷潣普杩 moved successfully.
File\Folder C:\Windows\SysWow64\㩃停潲牧浡䘠汩獥⠠㡸⤶剜杯牥⁳湏楬敮倠潲整瑣潩屮潒敧獲传汮湩⁥牐瑯捥楴湯卜晡䍥湯敮瑣䍜湯楦屧噘敩⹷潣普杩 not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: AppData
->Temp folder emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 57472 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: tmauch
->Temp folder emptied: 5740341 bytes
->Temporary Internet Files folder emptied: 441753283 bytes
->Java cache emptied: 7296427 bytes
->Google Chrome cache emptied: 237825089 bytes
->Flash cache emptied: 21068 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 101809120 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 26797423 bytes

Total Files Cleaned = 783.00 mb

File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.69.0 log created on 02282014_161733

Files\Folders moved on Reboot...
C:\Users\tmauch\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\tmauch\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GG882B19\page__p__2378437__fromsearch__1[1].htm moved successfully.
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows ™ Vista Home Premium x64
Ran by tmauch on Fri 02/28/2014 at 16:31:25.48
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\genericasktoolbar.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\searchprotect
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\genericasktoolbar.toolbarwnd
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\genericasktoolbar.toolbarwnd.1
Successfully deleted: [Registry Key] "hkey_current_user\software\apn"
Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\low rights\elevationpolicy\{a5aa24ea-11b8-4113-95ae-9ed71deaf12a}"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\typelib\{2996f0e7-292b-4cae-893f-47b8b1c05b56}"



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\ProgramData\browser manager"
Successfully deleted: [Folder] "C:\ProgramData\tarma installer"
Successfully deleted: [Folder] "C:\Users\tmauch\appdata\local\apn"
Successfully deleted: [Folder] "C:\Users\tmauch\appdata\local\cre"
Successfully deleted: [Folder] "C:\Users\tmauch\appdata\local\ilivid player"
Successfully deleted: [Folder] "C:\Users\tmauch\appdata\local\opencandy"
Successfully deleted: [Folder] "C:\Users\tmauch\appdata\local\searchprotect"
Successfully deleted: [Folder] "C:\Users\tmauch\appdata\local\swvupdater"
Successfully deleted: [Folder] "C:\Users\tmauch\appdata\local\torch"
Successfully deleted: [Folder] "C:\Users\tmauch\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\tmauch\appdata\locallow\datamngr"
Successfully deleted: [Folder] "C:\Users\tmauch\appdata\locallow\pricegong"
Successfully deleted: [Folder] "C:\Program Files (x86)\ilivid"
Successfully deleted: [Folder] "C:\Program Files (x86)\torntv.com"
Successfully deleted: [Folder] "C:\Program Files (x86)\yontoo"
Successfully deleted: [Empty Folder] C:\Users\tmauch\appdata\local\{161237DC-8BE9-4B54-B180-F340E5475895}
Successfully deleted: [Empty Folder] C:\Users\tmauch\appdata\local\{2FEA19F7-1C81-4AFE-8876-553E7BD24461}
Successfully deleted: [Empty Folder] C:\Users\tmauch\appdata\local\{4626566B-10F9-4130-A71B-17857B631806}
Successfully deleted: [Empty Folder] C:\Users\tmauch\appdata\local\{CC239E44-6662-4C80-B91D-56933C2342C0}
Successfully deleted: [Folder] "C:\ProgramData\ask"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 02/28/2014 at 16:45:27.16
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • 0

#6
Pyxis

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts

I uninstalled Limewire but not uTorrent. It is not, however, running. I uninstalled SpywareGuard and SuperAntiSpyware. The logs follow. There sure is a lot to go through. I really appreciate it!
Carl

Don't worry--a responsive and cooperative user such as yourself makes up for it. :lol: I'm getting my fix approved. While we wait, could you check whether or not the problem still persists? Try reproducing the occurrence by creating a Word document or redoing whatever steps were undertaken.
  • 0

#7
Home Bass

Home Bass

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
I'm frankly unsure what causes the problem. I asked my wife to let me know the next time it happened and NOT to delete the file so I could look at it. Creating and saving a Word document right now does not seem to cause a problem that I can see. Perhaps the problem is solved, perhaps not? Notwithstanding that issue, have you found other things that warrant attention/action?
Carl

PS: I just noticed that every time I first open up IE the Manage Add-Ons window opens. It does not happen if I open up a second instance of the browser. Any idea what could be causing that?

Edited by Home Bass, 01 March 2014 - 11:47 AM.

  • 0

#8
Pyxis

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts

Notwithstanding that issue, have you found other things that warrant attention/action?

Yes, we are in a winning battle against adware. A few more steps would provide me with the confidence that no more of them remain.

PS: I just noticed that every time I first open up IE the Manage Add-Ons window opens. It does not happen if I open up a second instance of the browser. Any idea what could be causing that?

Do you mean this one?

Posted Image

If I am not mistaken, it is prompting you to choose a search provider. Let's humor it and do so. ;)

  • Navigate to the Search Providers tab.
  • Click Find more search providers....
  • A new window will open that will allow you to choose your search provider. I recommend Google Search.
  • Once you have decided, click the Add to Internet Explorer button.
Additionally, can you take a screenshot of the Search Providers and Toolbars and Extensions tab?

  • Step 1

    Your Google Chrome settings have been altered by malware. Please reset them by following 'this' guide.
  • Step 2

    Download 'AdwCleaner by Xplode' and save it to your desktop.

  • Simply double-click the program icon to run it. It will ask for administrator privileges.
  • Click Scan and choose Clean after.
  • Wait for it to finish. It won't take long.
  • Click OK for the next prompts. Your system will automatically reboot.
  • A log will automatically pop-up after rebooting. Alternatively, you can find it at C:\AdwCleaner[S*].txt.
  • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
  • Step 3

    Run a free 'ESET Online Scan by ESET' by firstly saving the file to your desktop.

  • Disable your current anti-virus for the duration of the entire scan.
  • Double-click esetsmartinstaller_enu.exe. Accept the Terms of Use then click on Start.
  • Ensure the following settings are followed before clicking Start (you may or may not see the software warning at the very bottom):

    Posted Image

  • The virus signature database will begin to download. Wait for the scan to end--it may take several hours.
  • Upon completion, use Notepad to open and save C:\Program Files\ESET\EsetOnlineScanner\log.txt or C:\Program Files (x86)\ESET\EsetOnlineScanner\log.txt to your desktop.
  • Select Uninstall application on close and click Finish.
  • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
  • Step 4

    Download 'SecurityCheck by screen317' and save it to your desktop.

  • Simply double-click the program icon to run it. It will ask for administrator privileges.
  • A black window will appear. Press any key to continue.
  • Wait for it to finish. It won't take long.
  • A log will automatically pop-up after once done.
  • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
  • Logs to Post
In summary of the above, I will need you to post the following log(s):
  • AdwCleaner[S*].txt (AdwCleaner)
  • checkup.txt (SecurityCheck)
  • log.txt (ESET Online Scan)

  • 0

#9
Home Bass

Home Bass

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
Hi Pyxis. Got interrupted this morning while in the middle of following your instructions by the need to go to work. All is done now and here are the results. I've attached the screen shots of the Manage Add-ons tabs. With the selection of the default search provider the window no longer opens, as you surmised.
Toolbars and Extensions.jpg

Results of screen317's Security Check version 0.99.79
Windows Vista Service Pack 2 x64 (UAC is disabled!)
Internet Explorer 9
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
AVG AntiVirus Free Edition 2014
Antivirus out of date!
`````````Anti-malware/Other Utilities Check:`````````
SpywareBlaster 5.0
Malwarebytes Anti-Malware version 1.75.0.1300
Java 7 Update 45
Java version out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Google Chrome 32.0.1700.107
Google Chrome 33.0.1750.117
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0 %
````````````````````End of Log``````````````````````


[email protected] as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=741b0200510d69418984c364cae21144
# engine=17286
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-03-02 05:49:16
# local_time=2014-03-02 12:49:16 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=5892 16776574 100 100 6543879 230381262 0 0
# scanned=198531
# found=0
# cleaned=0
# scan_time=8977


# AdwCleaner v3.020 - Report created 02/03/2014 at 09:49:26
# Updated 27/02/2014 by Xplode
# Operating System : Windows ™ Vista Home Premium Service Pack 2 (64 bits)
# Username : tmauch - TMAUCH-PC
# Running from : C:\Users\tmauch\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

[!] Folder Deleted : C:\ProgramData\iMesh
[!] Folder Deleted : C:\ProgramData\NCH Software
[!] Folder Deleted : C:\Program Files (x86)\iMesh Applications
[!] Folder Deleted : C:\Program Files (x86)\iMesh Applications\Mediabar
[!] Folder Deleted : C:\Users\tmauch\AppData\Local\iMesh
[!] Folder Deleted : C:\Users\tmauch\AppData\Local\PackageAware
[!] Folder Deleted : C:\Users\tmauch\AppData\Roaming\NCH Software

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@ei.TelevisionFanatic.com/Plugin
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4084D718-3644-4504-B828-BB054729E39C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\AVG SafeGuard toolbar
Key Deleted : HKCU\Software\NCH Software
Key Deleted : HKLM\Software\AVG SafeGuard toolbar
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\TelevisionFanaticEI
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16533


-\\ Mozilla Firefox v

-\\ Google Chrome v33.0.1750.117

[ File : C:\Users\tmauch\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [3011 octets] - [02/03/2014 09:45:35]
AdwCleaner[S0].txt - [2825 octets] - [02/03/2014 09:49:26]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2885 octets] ##########

Attached Thumbnails

  • Search Providers.jpg

  • 0

#10
Pyxis

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts
  • Step 1

    You currently have the following outdated program(s) installed. I highly recommend that you perform an update. You will find the download link(s) for the new version(s) below.

    Adobe Reader -- Update
    Java Runtime Environment -- Update

    Note: Please untick any optional offers Adobe products might come with.
Uninstall the previous version(s) before installing the updated one(s). If you run into any errors, let me know.
  • 0

Advertisements


#11
Home Bass

Home Bass

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
Hi Pyxis,
Acrobat Reader and Java were uninstalled and have been updated with no 3rd party add-ons installed. Java asked about enabling some kind of helper - I said no. I guess I'm ready for whatever comes next. Is there anything?
Carl

Also, I was just turning my wife's firewall and AV software back on and noticed that User Account Control is turned off. I read through what it does and it looks like it might be a useful thing to have on. What say you?

Edited by Home Bass, 03 March 2014 - 09:30 PM.

  • 0

#12
Pyxis

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts
I'm getting my final fix approved. :thumbsup:

Also, I was just turning my wife's firewall and AV software back on and noticed that User Account Control is turned off. I read through what it does and it looks like it might be a useful thing to have on. What say you?

Absolutely. It is a good security measure. You may follow this guide if you need assistance on how to do so. However, others find it annoying since it will prompt you for approval (albeit just a simple yes or no) every time you run a program that requires administrative privileges.
  • 0

#13
Pyxis

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts
Thank you for your cooperation. Your logs show no sign of infection. Congratulations, your system is now clean. :thumbsup: Below are a few more steps you have to complete to ensure the good working condition of your system.

Remove Special Tools with OTL by OldTimer

Using this tool will remove all temporary, and unnecessary files still in your computer after using the tools I asked you to run earlier.

  • Double-click OTL.exe to run it. For Windows Vista and Windows 7 users, please run it as an administrator.

  • As seen on the interface, click the CleanUp button.
  • You will be asked to reboot after. Please allow it to do so by clicking Yes on the next prompt.
Set a Clean Restore Point

Doing this will prevent you from a possible reinfection. You see, malicious files try to save a copy of themselves in the System Volume Information storage. The latter is a protected directory; the best way to get rid of these possible copies is to do the step below. Since your system is now clean, it is essential to set a clean and working backup.

  • Navigate to Start, right-click Computer and click Properties.

    • On the left, click System protection.
    • Click Create.... Input any title and press Create.
    • Once done, press Close > OK.
    • Click Start > All Programs > Accessories > System Tools.
    • Right-click on Disk Cleanup. Run it as an administrator.
    • If you have more than one drive, select your default one (C:). Otherwise, wait for its initialization to finish.
    • Check the following boxes (you may choose to add more):
    • Temporary Internet Files
    • Recycle Bin
    • Temporary Files
  • Navigate to the More Options tab.
  • Under System Restore and Shadow Copies, click Cleanup... > Delete > OK.
I will now proceed to giving to tips on how to maintain your system as it is. You can do the following as a routine to ensure that your system will work properly. Anytime you encounter an infection again, please do not hesitate to go back here at Geeks to Go. :)

Keep Your Computer Updated

Your current Windows operating system needs to install additional updates which are important, one of which is the Service Pack. The latter and other updates contain fixes and patches to prevent attackers from compromising your system. It is imperative that you keep your system up-to-date by obtaining free updates whenever they are available.

Install the latest Service Pack by going 'here'. If you already have, continually visit the official 'Microsoft Windows Update' site to keep your system up-to-date. Update Java

One of the programs you use every day unknowingly is Java. It is necessary for a lot of applications thus you should make sure it is always up-to-date. Older versions may be prone to exploits and vulnerabilities.

  • Download the latest 'Java' installation and save it to your desktop.
    • You need to uninstall any previous Java installations.
    • For Windows XP: Navigate to Start > Control Panel > Add or Remove Programs.
    • For Windows Vista: Navigate to Start > Control Panel > Programs and Features or Uninstall a Program.
    • For Windows 7: Navigate to Start > Control Panel > Programs and Features or Uninstall a Program.
  • Search the list for previous installations of Java such as all versions below:
    • Java™ 7 Update 51
  • Proceed to uninstalling the old versions and install the one you've just downloaded.
Update Your Anti-Virus Every Day

UpdatingEnsuring that you have one anti-virus installed in your system is a good way to prevent being infected. You must always make sure to update your anti-virus every day; anti-virus companies see to to it that the latest definition updates are distributed to be in par with the growing advancement and propagation of malware. Your anti-virus is useless if you do not update it.

ScanningSet a scanning routine. Ensure that you do a full scan with your anti-virus monthly. This is part of maintaining a clean system--a scanning routine proves to be effective. You can never be sure when your computer has caught an infection.

Surf Safe

Alongside your anti-virus and firewall, various programs such as SpywareBlaster can be obtained to help you avoid malicious sites. Don't worry as it poses no conflict to your current installation. Please find the download link in the program's name below.

SpywareBlasterSpywareBlaster can help keep your system secure, without interfering with the "good side" of the web. Unlike other programs, it does not have to remain running in the background. It works alongside the programs you have to ensure safe surfing.

  • Just like your regular security programs, SpywareBlaster needs to be updated every day.

  • Open the program by clicking the icon.
  • Click Updates > Check For Updates.
  • If there happens to be an update, a Enable All Protection button will appear. Please click that button.
If you have any unresolved issues with regard to this thread or you need more :help: please ask me. I would assist you further, should it be required. Otherwise, enjoy your clean system.

:cheers:

Thank you.
  • 0

#14
Home Bass

Home Bass

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
Hi Pyxis,
Thanks for all your help! It's good to know the system is clean at this point. I have a question with respecvt to your last instruction though.
While following the steps to create a restore point I find that the System Properties dialog shows three "Available disks" for which a restore point can be created. They are labelled, "TOSHIBA SYSTEM VOLUME", "S3A7737D004 (C:) (System)" and "Local Disk (E:)". Only C: shows a date for "Most recent restore point", the others show "None". Is it advisable to create restore points for all three disks or is it sufficient to create one only for C: as has been done in the past?
Thanks,
Carl
  • 0

#15
Pyxis

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts
You are welcome! :) It's fine to have it only on C: because that is where the system resides.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP