Page 1 of 3 123 LastLast
Results 1 to 10 of 25

Thread: Please Help! Wish I'd Discovered You Earlier

  1. #1
    Junior Member
    Join Date
    Jun 2012
    Location
    New Zealand
    Posts
    24

    Unhappy Please Help! Wish I'd Discovered You Earlier

    Hi,

    After years of using PortableApps, kids using USB sticks, and now their gaming activities, mixed with my lack of knowledge in keeping things running well, I've got 3 messed up computers. My husband had installed BitDefender on all three, but it's now clear some damaging things got in. They are all very slow, poor screen refresh, some crashes, and very slow internet access.

    Before discovering SpyBot, (and thinking BitDefender was taking care of viruses) I purchased RegZooka (came with SpyZooka) and who knows what it did to things. SpyZooka kept finding viruses (some the same ones) even after repeat consecutive runs. One was a trojan in the BitDefender folder and I followed some web process for manually removing it (took a SafeMode scan to find it), but still had the same performance problems.

    In my effort to run my software and get my late taxes done (still not done), and during 2 weeks of horrible "support" from BitDefender, I repeatedly ran the RegZooka and opened up my Task Manager and randomly removed processes (mostly Chrome) that seemed to be eating up my memory. It helped, but after about an hour of leaving the computer on (computer #2) everything's hosed again.

    So, I'm able to run Firefox on computer #1 (where I am now), and have some stability, so I removed BitDefender, RegZooka & SpyZooka, and installed Malwarebytes. It didn't find anything! So, I've now followed your "BEFORE You Post" directions and run ERUNT, SpyBot, and dds.scr on computer #1 (first backed up data & set a system restore point). I have several questions.

    1. SpyBot found & cleared 71 tracking cookies. Could this alone explain the slowdowns? After a reboot, my task manager showed PF Usage of 1.0 GB with no applications running. Is this normal? I'm running Windows XP Professional V. 2002 Service Pack 3. Intel Core 2 CPU, 6320 @ 1.86GHz, 1.98 GB of RAM.

    2. My external drive was connected during the scan, but I couldn't find a way to include it in the settings. Would it have been scanned? If not, how do I do that (along with all our USB sticks)?

    3. Is there a way to restore or recover from any damage I've done by messing with my registries? What other tools should I use to diagnose and in what order? Would it be worthwhile to run SpyBot again in safe mode?

    4. I'm getting ready to follow your procedures on my 2nd computer, but it's too slow to easily do a backup (would likely take days). How important is this? Can you recommend a good application for incremental backups that work well with various external drives?

    Please forgive my relative lack of technical knowledge. Reading through the various forum posts often sounds like Greek to me. I'm an educator and am needing to get everything in order technically so I can start a blog for homeschooled children, in part to help them navigate through this stuff so they don't fall prey to bad advice as I've had. I appreciate any advice or support you can offer me. I did keep some of the early logs that showed what trojans had been found, if that's useful.

    Thank You,
    KiwiKay

  2. #2
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default




    Please read Before You Post
    While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

    Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.

    Running programs with Vista or Windows 7 , you need to Right Click on the program and select RUN AS ADMINISTATOR


    Registry cleaners are not recommended, remove the wrong entry or entries and you can make your computer unbootable. I have been into computing for many years and have never needed a registry cleaner, there is a way of removing entries for a program you just uninstalled but its not needed here at this point.
    http://forums.cnet.com/7723-6122_102...egzooka-fraud/


    Let me explain the way the forum works, this forum is just for malware removal, if after running a few scans there is no malware than I can link you to a good windows support site that can help you


    We can only work on one computer at a time in this thread or believe me it will get very complicated and confusing, so lets do this, pick you main computer your having the main issue with and lets work on that, when where done I will close this thread and you can start a new topic for the next one.




    Download aswMBR.exe ( 511KB ) to your desktop.

    Double click the aswMBR.exe to run it

    Click the "Scan" button to start scan


    On completion of the scan click save log, save it to your desktop and post in your next reply






    OTL by OldTimer
    • Download OTL to your desktop.
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • When the window appears, underneath Output at the top change it to Minimal Output.
    • Click the "Scan All Users" checkbox.
    • Check the boxes beside LOP Check and Purity Check.
    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
        Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
      • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  3. #3
    Junior Member
    Join Date
    Jun 2012
    Location
    New Zealand
    Posts
    24

    Default Thank you and done as requested

    Thank you very much Ken for your assistance. I've done my backups, tried to run ERDNT (but it was unable to create a file), and ran aswMBR (I assumed I was meant to agree to the popup box recommendation to download AVAST's latest virus definitions). Downloads are taking awhile (currently 7 KB/s).

    My computer crashed while running the aswMBR. Do you want me to retry it?

    Just to let you know what I'd done previously... I'm working on what I call Computer #2. This is my main computer (I don't have access right now to #1 and #3 has to be moved to be online). This one had been in the worst shape, and I'd done similar things as the one described previously (BitDefender, RegZooka, SpyZooka). After seeing no change after running SpyBot, I ran it again in SafeMode and it found/cleaned many "red level" viruses (they all said cookie trackers -- so I'm not sure if those are true viruses). It is running a bit more stable now, which allowed me to do backups.

    This is a Windows7 Professional, Service Pack 1, 32-bit operating system with 2 GB RAM.

    Thanks again,
    KiwiKay

  4. #4
    Junior Member
    Join Date
    Jun 2012
    Location
    New Zealand
    Posts
    24

    Default Update & Logs

    Okay, so I reran aswMBR and it completed. Log below:


    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-07-01 20:28:27
    -----------------------------
    20:28:27.654 OS Version: Windows 6.1.7601 Service Pack 1
    20:28:27.654 Number of processors: 4 586 0x2502
    20:28:27.654 ComputerName: JENW-PC UserName:
    20:28:36.437 Initialize success
    20:28:42.314 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    20:28:42.314 Disk 0 Vendor: Hitachi_ PB2O Size: 238475MB BusType: 3
    20:28:42.345 Disk 0 MBR read successfully
    20:28:42.345 Disk 0 MBR scan
    20:28:42.345 Disk 0 Windows VISTA default MBR code
    20:28:42.361 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
    20:28:42.408 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 227551 MB offset 3074048
    20:28:42.439 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 9423 MB offset 469098496
    20:28:42.454 Disk 0 scanning sectors +488396800
    20:28:42.595 Disk 0 scanning C:\windows\system32\drivers
    20:28:54.997 Service scanning
    20:29:36.885 Modules scanning
    20:30:02.563 Disk 0 trace - called modules:
    20:30:02.594 ntkrnlpa.exe CLASSPNP.SYS disk.sys thpdrv.sys halmacpi.dll ACPI.sys iaStor.sys
    20:30:03.109 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87d85ac8]
    20:30:03.109 3 CLASSPNP.SYS[893d859e] -> nt!IofCallDriver -> \Device\THPDRV1[0x87d84030]
    20:30:03.124 5 thpdrv.sys[895e299f] -> nt!IofCallDriver -> [0x8622d870]
    20:30:03.140 7 ACPI.sys[88c933d4] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x862ba028]
    20:30:03.140 Scan finished successfully
    20:30:23.217 Disk 0 MBR has been saved successfully to "C:\Users\Jennifer\Desktop\MBR.dat"
    20:30:23.217 The log file has been saved successfully to "C:\Users\Jennifer\Desktop\aswMBR.txt"

  5. #5
    Junior Member
    Join Date
    Jun 2012
    Location
    New Zealand
    Posts
    24

    Default 1st Log for OTL

    The OTL.txt log is a bit too long to post, so I've split it. The rest follows with the Extras.txt log.
    ====================

    OTL logfile created on: 7/1/2012 8:45:05 PM - Run 1
    OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Jennifer\Desktop
    Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: New Zealand | Language: ENZ | Date Format: d/MM/yyyy

    1.80 Gb Total Physical Memory | 0.26 Gb Available Physical Memory | 14.62% Memory free
    3.59 Gb Paging File | 1.20 Gb Available in Paging File | 33.49% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
    Drive C: | 222.22 Gb Total Space | 114.06 Gb Free Space | 51.33% Space Free | Partition Type: NTFS

    Computer Name: JENW-PC | User Name: Jennifer | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Users\Jennifer\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
    PRC - C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
    PRC - C:\Program Files\Evernote\Evernote\Evernote.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
    PRC - C:\Program Files\Evernote\Evernote\EvernoteTray.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
    PRC - C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
    PRC - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    PRC - C:\Users\Jennifer\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    PRC - C:\Users\Jennifer\AppData\Local\Temp\Foxit Updater.exe (Foxit Corporation)
    PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
    PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
    PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    PRC - C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
    PRC - C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
    PRC - C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
    PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
    PRC - C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
    PRC - C:\Windows\explorer.exe (Microsoft Corporation)
    PRC - c:\Program Files\The Monticello Corporation\MSSQL.3\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
    PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
    PRC - C:\Program Files\Fingerprint Sensor\AtService.exe (AuthenTec, Inc.)
    PRC - C:\Program Files\TOSHIBA\TFPU\TFPUPWDBank.exe (TOSHIBA)
    PRC - C:\Program Files\TOSHIBA\TFPU\TFPUTaskMonitor.exe (TOSHIBA)
    PRC - C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
    PRC - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe ()
    PRC - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
    PRC - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
    PRC - C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
    PRC - C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe (TOSHIBA Corporation)
    PRC - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe (TOSHIBA Corporation)
    PRC - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
    PRC - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
    PRC - C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
    PRC - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation)
    PRC - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe (TOSHIBA Corporation)
    PRC - C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
    PRC - C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe (TOSHIBA CORPORATION)
    PRC - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
    PRC - C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
    PRC - C:\Windows\System32\ThpSrv.exe (TOSHIBA Corporation)
    PRC - C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
    PRC - C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)
    PRC - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
    PRC - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
    PRC - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
    PRC - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
    PRC - C:\Program Files\TOSHIBA\TECO\TecoService.exe (TOSHIBA Corporation)
    PRC - C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
    PRC - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE (SEIKO EPSON CORPORATION)
    PRC - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE (SEIKO EPSON CORPORATION)
    PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION)
    PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
    PRC - C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
    PRC - C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe (TOSHIBA Corporation)
    PRC - C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.)
    PRC - C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtHSP.exe (TOSHIBA CORPORATION.)
    PRC - C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY)
    PRC - C:\Program Files\LSI SoftModem\agrsmsvc.exe (LSI Corporation)
    PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
    PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
    PRC - C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
    PRC - C:\Program Files\Apoint2K\hidfind.exe (Alps Electric Co., Ltd.)
    PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
    PRC - C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.)
    PRC - C:\Program Files\TOSHIBA\TNROTATE\TNROTATE.exe (TOSHIBA Corporation)


    ========== Modules (No Company Name) ==========

    MOD - C:\Users\Jennifer\AppData\Local\Google\Chrome\Application\20.0.1132.47\ppgooglenaclpluginchrome.dll ()
    MOD - C:\Users\Jennifer\AppData\Local\Google\Chrome\Application\20.0.1132.47\pdf.dll ()
    MOD - C:\Users\Jennifer\AppData\Local\Google\Chrome\Application\20.0.1132.47\libglesv2.dll ()
    MOD - C:\Users\Jennifer\AppData\Local\Google\Chrome\Application\20.0.1132.47\libegl.dll ()
    MOD - C:\Users\Jennifer\AppData\Local\Google\Chrome\Application\20.0.1132.47\avutil-51.dll ()
    MOD - C:\Users\Jennifer\AppData\Local\Google\Chrome\Application\20.0.1132.47\avformat-54.dll ()
    MOD - C:\Users\Jennifer\AppData\Local\Google\Chrome\Application\20.0.1132.47\avcodec-54.dll ()
    MOD - C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd\1.2012.606.2_0\plugin\ace.dll ()
    MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\69ca4a43ba14b66689715ad62aed70e6\System.ServiceProcess.ni.dll ()
    MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll ()
    MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll ()
    MOD - C:\Program Files\Evernote\Evernote\libcef.dll ()
    MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll ()
    MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll ()
    MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()
    MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()
    MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
    MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
    MOD - C:\Program Files\Evernote\Evernote\libtidy.dll ()
    MOD - C:\Program Files\Evernote\Evernote\libxml2.dll ()
    MOD - C:\Program Files\Evernote\Evernote\avformat-52.dll ()
    MOD - C:\Program Files\Evernote\Evernote\avcodec-52.dll ()
    MOD - C:\Program Files\Evernote\Evernote\avutil-50.dll ()
    MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
    MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
    MOD - C:\Program Files\TOSHIBA\TFPU\TFPUCommon.dll ()
    MOD - C:\windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll ()
    MOD - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll ()
    MOD - C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll ()
    MOD - C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll ()
    MOD - C:\Program Files\TOSHIBA\TBS\NotifyTBS.dll ()
    MOD - C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll ()
    MOD - C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll ()
    MOD - C:\Program Files\TOSHIBA\PCDiag\NotifyPCD.dll ()


    ========== Win32 Services (SafeList) ==========

    SRV - (SBSDWSCService) -- C:\Program Files\Spybot File not found
    SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
    SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
    SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
    SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
    SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
    SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
    SRV - (SeaPort) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
    SRV - (MSSQL$PTPROFESSIONAL41) SQL Server (PTPROFESSIONAL41) -- c:\Program Files\The Monticello Corporation\MSSQL.3\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
    SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
    SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
    SRV - (ATService) -- C:\Program Files\Fingerprint Sensor\AtService.exe (AuthenTec, Inc.)
    SRV - (EvtEng) Intel(R) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
    SRV - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe ()
    SRV - (RegSrvc) Intel(R) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
    SRV - (TPCHSrv) -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe (TOSHIBA Corporation)
    SRV - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
    SRV - (TOSHIBA HDD SSD Alert Service) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation)
    SRV - (cfWiMAXService) -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe (TOSHIBA CORPORATION)
    SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
    SRV - (Thpsrv) -- C:\Windows\System32\ThpSrv.exe (TOSHIBA Corporation)
    SRV - (TMachInfo) -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)
    SRV - (IAStorDataMgrSvc) Intel(R) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
    SRV - (UNS) Intel(R) -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
    SRV - (LMS) Intel(R) -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
    SRV - (TOSHIBA eco Utility Service) -- C:\Program Files\TOSHIBA\TECO\TecoService.exe (TOSHIBA Corporation)
    SRV - (EPSON_EB_RPCV4_04) EPSON V5 Service4(04) -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE (SEIKO EPSON CORPORATION)
    SRV - (EPSON_PM_RPCV4_04) EPSON V3 Service4(04) -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE (SEIKO EPSON CORPORATION)
    SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
    SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
    SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
    SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
    SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SRV - (RSELSVC) -- C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe (TOSHIBA Corporation)
    SRV - (ABBYY.Licensing.FineReader.Sprint.9.0) -- C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY)
    SRV - (AgereModemAudio) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe (LSI Corporation)
    SRV - (ConfigFree Service) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
    SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)


    ========== Driver Services (SafeList) ==========

    DRV - (ZTEusbser6k) -- system32\DRIVERS\ZTEusbser6k.sys File not found
    DRV - (ZTEusbnmea) -- system32\DRIVERS\ZTEusbnmea.sys File not found
    DRV - (ZTEusbmdm6k) -- system32\DRIVERS\ZTEusbmdm6k.sys File not found
    DRV - (massfilter) -- system32\drivers\massfilter.sys File not found
    DRV - (aswMBR) -- C:\Users\Jennifer\AppData\Local\Temp\aswMBR.sys File not found
    DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
    DRV - (netr73) -- C:\Windows\System32\drivers\netr73.sys (Ralink Technology, Corp.)
    DRV - (Netaapl) -- C:\Windows\System32\drivers\netaapl.sys (Apple Inc.)
    DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
    DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
    DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
    DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
    DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
    DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
    DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
    DRV - (NPF) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies, Inc.)
    DRV - (ATSwpWDF) -- C:\Windows\System32\drivers\ATSwpWDF.sys (AuthenTec, Inc.)
    DRV - (NETw5s32) Intel(R) -- C:\Windows\System32\drivers\netw5s32.sys (Intel Corporation)
    DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
    DRV - (IntcDAud) Intel(R) -- C:\Windows\System32\drivers\IntcDAud.sys (Intel(R) Corporation)
    DRV - (Impcd) -- C:\Windows\System32\drivers\Impcd.sys (Intel Corporation)
    DRV - (tosrfbd) -- C:\Windows\System32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
    DRV - (e1kexpress) Intel(R) -- C:\Windows\System32\drivers\e1k6232.sys (Intel Corporation)
    DRV - (HECI) Intel(R) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation)
    DRV - (Tosrfusb) -- C:\Windows\System32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
    DRV - (TosRfSnd) -- C:\Windows\System32\drivers\TosRfSnd.sys (TOSHIBA Corporation)
    DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
    DRV - (Tosrfcom) -- C:\Windows\System32\drivers\tosrfcom.sys (TOSHIBA Corporation)
    DRV - (risdpcie) -- C:\Windows\System32\drivers\risdpe86.sys (REDC)
    DRV - (tos_sps32) -- C:\Windows\System32\drivers\tos_sps32.sys (TOSHIBA Corporation)
    DRV - (tosrfnds) -- C:\Windows\System32\drivers\tosrfnds.sys (TOSHIBA Corporation.)
    DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (LSI Corporation)
    DRV - (TVALZ) -- C:\Windows\System32\drivers\TVALZ.SYS (TOSHIBA Corporation)
    DRV - (tosrfec) -- C:\Windows\System32\drivers\tosrfec.sys (TOSHIBA Corporation)
    DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
    DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
    DRV - (rixdpcie) -- C:\Windows\System32\drivers\rixdpe86.sys (REDC)
    DRV - (rimspci) -- C:\Windows\System32\drivers\rimspe86.sys (REDC)
    DRV - (Thpevm) -- C:\Windows\System32\drivers\Thpevm.sys (TOSHIBA Corporation)
    DRV - (Thpdrv) -- C:\Windows\System32\drivers\thpdrv.sys (TOSHIBA Corporation)
    DRV - (PGEffect) -- C:\Windows\System32\drivers\PGEffect.sys (TOSHIBA Corporation)
    DRV - (TVALZFL) -- C:\Windows\System32\drivers\TVALZFL.sys (TOSHIBA Corporation)
    DRV - (Tosrfhid) -- C:\Windows\System32\drivers\Tosrfhid.sys (TOSHIBA Corporation.)
    DRV - (tosrfbnp) -- C:\Windows\System32\drivers\tosrfbnp.sys (TOSHIBA Corporation)
    DRV - (tosporte) -- C:\Windows\System32\drivers\tosporte.sys (TOSHIBA Corporation)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSAU


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-985302526-3885216461-293028738-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE - HKU\S-1-5-21-985302526-3885216461-293028738-1007\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    IE - HKU\S-1-5-21-985302526-3885216461-293028738-1007\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
    IE - HKU\S-1-5-21-985302526-3885216461-293028738-1007\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-985302526-3885216461-293028738-1007\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSAU_enNZ398NZ398
    IE - HKU\S-1-5-21-985302526-3885216461-293028738-1007\..\SearchScopes\{E9AFD23D-4238-4710-80B1-2FF0194B0726}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=FXTV5&o=101699&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=F4&apn_dtid=YYYYYYYYNZ&apn_uid=cea5bd86-fd5f-4843-a58f-d1161bc1a422&apn_sauid=8FC01926-31AC-48A2-BA80-D825FF7AAFA7
    IE - HKU\S-1-5-21-985302526-3885216461-293028738-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-985302526-3885216461-293028738-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll (Foxit Corporation)
    FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll File not found
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Jennifer\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Jennifer\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C1CA7765-44E4-452e-9D00-A04F3D434281}: C:\Program Files\TOSHIBA\TFPU\FirefoxAddin [2010/11/06 06:12:51 | 000,000,000 | ---D | M]

    [2012/05/22 20:19:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jennifer\AppData\Roaming\Mozilla\Extensions

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Users\Jennifer\AppData\Local\Google\Chrome\Application\20.0.1132.47\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Jennifer\AppData\Local\Google\Chrome\Application\20.0.1132.47\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Jennifer\AppData\Local\Google\Chrome\Application\20.0.1132.47\gcswf32.dll
    CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
    CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
    CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
    CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
    CHR - Extension: Foxit Toolbar = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaoiagmlcohkmjodefppbmpjdiocmh\7.15.1.22688_0\
    CHR - Extension: BIODIGITAL HUMAN = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\agoenciogemlojlhccbcpcfflicgnaak\0.9.5_0\
    CHR - Extension: Task Timer = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aomfjmibjhhfdenfkpaodhnlhkolngif\3.7.3_0\
    CHR - Extension: Google Drive = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6_0\
    CHR - Extension: Turn Off the Lights = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn\2.0.0.106_0\
    CHR - Extension: YouTube = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: Adblock Plus (Beta) = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\
    CHR - Extension: ScreenSh00ter = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjamodcfmindeooalnaodbgbckflcfgb\1.2.0.2_0\
    CHR - Extension: Google Search = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: Read Later Fast = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\decdfngdidijkdjgbknlnepdljfaepji\1.4.6_0\
    CHR - Extension: Offline Google Mail = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk\1.18_0\
    CHR - Extension: Google Calendar = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0\
    CHR - Extension: Google Finance = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcgckldmmjdbpdejkclmfnnnehhocbfp\1.1_0\
    CHR - Extension: AdBlock = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.37_0\
    CHR - Extension: PDF Mergy = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgecghmkcdefnknohcimkoemhaofpoha\0.4.0_0\
    CHR - Extension: Cloud Reader = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd\1.0.0.0_0\
    CHR - Extension: BookedIN Appointment Scheduler = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\iheobladblmphoggmehhahdfikpbilnj\1.0.15_0\
    CHR - Extension: Clearly = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\iooicodkiihhpojmmeghjclgihfjdjhj\6.3337.321.633_1\
    CHR - Extension: Citable = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfiabcklnnhkmkcdjjpmgghiimjkaeio\1.5_0\
    CHR - Extension: Zoho Sheet = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhegddohmncgelkehhnigphmloinkinj\1.2_0\
    CHR - Extension: Calc-Sheet = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\jinolkpkhpfipbnbedghadcpndobgiba\1.2_0\
    CHR - Extension: Universo = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\joamekpghmpmbpcjjfpmfjhenhpidmep\1.2_0\
    CHR - Extension: OpenOffice Document Reader = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpcfmmdlhndnfpagbmhbbfehenapoich\3_0\
    CHR - Extension: Wordmark.it = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbpdmjdjcgpciedkahfcidpojchnooij\1.12_0\
    CHR - Extension: Autodesk Homestyler = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdmmkfaghgcicheaimnpffeeekheafkb\2.2_0\
    CHR - Extension: Wave Accounting = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\knpkfcpnjfbniadmfchjpcigfhookhaa\1.9.1_0\
    CHR - Extension: Skype Click to Call = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.0.0.10297_0\
    CHR - Extension: Sketchpad = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkllajgbhondgjjnhmmgbjndmogapinp\1.0.0.1_0\
    CHR - Extension: Chrome Reader = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\lojpenhmoajbiciapkjkiekmobleogjc\1.2_0\
    CHR - Extension: MagicCube FeedStore for Google Reader = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\mafnkhhfaadhhhdcijjnajeceeppebdg\1.1_0\
    CHR - Extension: Scraper = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbigbapnjcgaffohmbkdlecaccepngjd\1.6_0\
    CHR - Extension: Chat for Google = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd\1.2012.606.2_0\
    CHR - Extension: RSS Subscription Extension (by Google) = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbjncdgjeocebhnmkbbbdekmmmcbfjd\2.2.0_0\
    CHR - Extension: Photo Collage = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiabhgfgfhoilflkoicbmnejgjjfmhcg\1_0\
    CHR - Extension: Evernote Web Clipper = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc\5.5.1_0\
    CHR - Extension: Google Reader = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjjhlfkghdhmijklfnahfkpgmhcmfgcm\4.3_0\
    CHR - Extension: Gmail = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2012/06/29 03:58:13 | 000,442,922 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 www.007guard.com
    O1 - Hosts: 127.0.0.1 007guard.com
    O1 - Hosts: 127.0.0.1 008i.com
    O1 - Hosts: 127.0.0.1 www.008k.com
    O1 - Hosts: 127.0.0.1 008k.com
    O1 - Hosts: 127.0.0.1 www.00hq.com
    O1 - Hosts: 127.0.0.1 00hq.com
    O1 - Hosts: 127.0.0.1 010402.com
    O1 - Hosts: 127.0.0.1 www.032439.com
    O1 - Hosts: 127.0.0.1 032439.com
    O1 - Hosts: 127.0.0.1 www.0scan.com
    O1 - Hosts: 127.0.0.1 0scan.com
    O1 - Hosts: 127.0.0.1 1000gratisproben.com
    O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
    O1 - Hosts: 127.0.0.1 1001namen.com
    O1 - Hosts: 127.0.0.1 www.1001namen.com
    O1 - Hosts: 127.0.0.1 www.100888290cs.com
    O1 - Hosts: 127.0.0.1 100888290cs.com
    O1 - Hosts: 127.0.0.1 100sexlinks.com
    O1 - Hosts: 127.0.0.1 www.100sexlinks.com
    O1 - Hosts: 127.0.0.1 www.10sek.com
    O1 - Hosts: 127.0.0.1 10sek.com
    O1 - Hosts: 127.0.0.1 1-2005-search.com
    O1 - Hosts: 127.0.0.1 www.1-2005-search.com
    O1 - Hosts: 127.0.0.1 www.123fporn.info
    O1 - Hosts: 15215 more lines...
    O2 - BHO: (TFPUPWDBankBHO Class) - {030AC7B6-E7EC-40F1-8FB2-C0FD344DE0B9} - C:\Program Files\TOSHIBA\TFPU\TFPUPWDBankBHO.dll (TODO: <Company name>)
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O3 - HKLM\..\Toolbar: (no name) - {381FFDE8-2394-4F90-B10D-FC6124A40F8C} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKU\S-1-5-21-985302526-3885216461-293028738-1007\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
    O4 - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
    O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
    O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
    O4 - HKLM..\Run: [KeePass 2 PreLoad] C:\Program Files\KeePass Password Safe 2\KeePass.exe (Dominik Reichl)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [TFPUPWDBankService] C:\Program Files\TOSHIBA\TFPU\TFPUPWDBank.exe (TOSHIBA)
    O4 - HKLM..\Run: [TFPUService] C:\Program Files\TOSHIBA\TFPU\TFPUTaskMonitor.exe (TOSHIBA)
    O4 - HKLM..\Run: [TNRotate] C:\Program Files\TOSHIBA\TNROTATE\TNROTATE.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [TOSDCR] C:\Program Files\TOSHIBA\PasswordUtility\TOSDCR.exe ()
    O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [TosVolRegulator] C:\Windows\TosVolRegulator.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [TUSBSleepChargeSrv] C:\Program Files\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe (TOSHIBA)
    O4 - HKLM..\Run: [TWebCamera] C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
    O4 - HKU\S-1-5-21-985302526-3885216461-293028738-1007..\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
    O4 - HKU\S-1-5-21-985302526-3885216461-293028738-1007..\Run: [EPSON Artisan 720 Series] C:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIGYA.EXE (SEIKO EPSON CORPORATION)
    O4 - HKU\S-1-5-21-985302526-3885216461-293028738-1007..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
    O4 - HKU\S-1-5-21-985302526-3885216461-293028738-1007..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
    O4 - HKU\S-1-5-21-985302526-3885216461-293028738-1007..\Run: [RegZooka] "C:\Program Files\RegZooka\RegZooka.exe" File not found
    O4 - HKU\S-1-5-21-985302526-3885216461-293028738-1007..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
    O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
    O4 - Startup: C:\Users\Andrew - School\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
    O4 - Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
    O4 - Startup: C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Jennifer\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    O4 - Startup: C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
    O4 - Startup: C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
    O4 - Startup: C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PersonalBrain.lnk = File not found
    O4 - Startup: C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
    O4 - Startup: C:\Users\SteveW\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKU\S-1-5-21-985302526-3885216461-293028738-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-985302526-3885216461-293028738-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
    O7 - HKU\S-1-5-21-985302526-3885216461-293028738-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
    O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
    O9 - Extra 'Tools' menuitem : @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab (Java Plug-in 10.4.0)
    O16 - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab (Java Plug-in 1.7.0_04)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab (Java Plug-in 1.7.0_04)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3F64F89A-84F1-47A2-AB63-080EDA8655A0}: DhcpNameServer = 203.97.78.43 203.97.78.44 203.97.78.44 203.97.78.43
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6DF5FB4E-1F23-4127-B7ED-8A15C224BF83}: NameServer = 0.0.0.0
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B1608E79-C941-4EC6-B359-B49DCD4347C7}: DhcpNameServer = 192.168.1.1
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/06/11 09:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O34 - HKLM BootExecute: (MACHINE BootExecut)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/07/01 20:39:03 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Jennifer\Desktop\OTL.exe
    [2012/07/01 20:24:28 | 000,607,260 | ---- | C] (Swearware) -- C:\Users\Jennifer\Desktop\dds.scr
    [2012/07/01 20:08:13 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\Desktop\DeBugging Files
    [2012/07/01 13:35:49 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Jennifer\Desktop\aswMBR.exe
    [2012/06/29 03:21:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
    [2012/06/29 03:21:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
    [2012/06/29 03:21:38 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
    [2012/06/29 03:15:27 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
    [2012/06/29 03:15:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
    [2012/06/29 03:15:00 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
    [2012/06/28 01:41:46 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Roaming\Malwarebytes
    [2012/06/28 01:41:41 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
    [2012/06/28 01:41:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/06/28 01:41:41 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2012/06/28 01:41:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/06/26 23:51:55 | 000,000,000 | ---D | C] -- C:\ProgramData\BDLogging
    [2012/06/26 23:43:35 | 000,000,000 | ---D | C] -- C:\Program Files\Bitdefender
    [2012/06/26 23:19:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Dumps
    [2012/06/26 21:37:55 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\Macromedia
    [2012/06/23 14:38:12 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\Dropbox -- Not On (BACKUP)
    [2012/06/23 13:40:40 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\MY BACKUPS
    [2012/06/23 11:57:23 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\Desktop\Temp- to Upload to Evernote
    [2012/06/22 12:38:23 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wups2.dll
    [2012/06/22 12:38:22 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wucltux.dll
    [2012/06/22 12:37:35 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wuapi.dll
    [2012/06/22 12:37:35 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wudriver.dll
    [2012/06/22 12:37:35 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wups.dll
    [2012/06/22 12:35:46 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wuwebv.dll
    [2012/06/22 12:35:45 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wuapp.exe
    [2012/06/20 17:27:32 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\SpyZooka
    [2012/06/16 23:26:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
    [2012/06/16 23:05:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    [2012/06/16 22:59:55 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2012/06/16 22:58:16 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2012/06/14 00:30:01 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb
    [2012/06/14 00:29:59 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll
    [2012/06/14 00:29:59 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieUnatt.exe
    [2012/06/14 00:29:59 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll
    [2012/06/14 00:29:58 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jscript9.dll
    [2012/06/14 00:29:58 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\url.dll
    [2012/06/14 00:29:57 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inetcpl.cpl
    [2012/06/13 13:34:43 | 002,343,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys
    [2012/06/13 13:34:23 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rdpcorekmts.dll
    [2012/06/13 13:34:21 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rdpwsx.dll
    [2012/06/13 13:34:13 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rdrmemptylst.exe
    [2012/06/12 21:42:18 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\Desktop\Backup to Evernote
    [2012/06/12 21:31:10 | 000,000,000 | ---D | C] -- C:\Program Files\KeePass Password Safe 2
    [2012/06/06 09:34:58 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Roaming\Spyzooka
    [2012/06/06 01:45:19 | 000,000,000 | ---D | C] -- C:\Program Files\SpyZooka
    [2012/06/06 00:24:41 | 000,000,000 | ---D | C] -- C:\Program Files\RegZooka
    [2012/06/06 00:13:50 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Registry Cleaner
    [2012/06/04 20:46:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime

    ========== Files - Modified Within 30 Days ==========

    [2012/07/01 20:44:01 | 000,000,920 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-985302526-3885216461-293028738-1007UA.job
    [2012/07/01 20:42:15 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Jennifer\Desktop\OTL.exe
    [2012/07/01 20:30:23 | 000,000,512 | ---- | M] () -- C:\Users\Jennifer\Desktop\MBR.dat
    [2012/07/01 20:29:08 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
    [2012/07/01 20:24:28 | 000,607,260 | ---- | M] (Swearware) -- C:\Users\Jennifer\Desktop\dds.scr
    [2012/07/01 20:19:00 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-985302526-3885216461-293028738-1004UA.job
    [2012/07/01 20:11:29 | 000,017,504 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/07/01 20:11:29 | 000,017,504 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/07/01 19:59:01 | 000,000,886 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/07/01 19:58:43 | 000,000,882 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/07/01 19:58:03 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
    [2012/07/01 19:58:00 | 262,186,676 | ---- | M] () -- C:\windows\MEMORY.DMP
    [2012/07/01 19:57:54 | 1447,366,656 | -HS- | M] () -- C:\hiberfil.sys
    [2012/07/01 18:44:00 | 000,000,868 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-985302526-3885216461-293028738-1007Core.job
    [2012/07/01 13:50:17 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Jennifer\Desktop\aswMBR.exe
    [2012/07/01 13:25:35 | 000,000,000 | -H-- | M] () -- C:\Users\Jennifer\Documents\Default.rdp
    [2012/06/30 22:19:00 | 000,000,860 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-985302526-3885216461-293028738-1004Core.job
    [2012/06/30 20:55:45 | 000,002,423 | ---- | M] () -- C:\Users\Jennifer\Desktop\Google Chrome.lnk
    [2012/06/29 03:58:13 | 000,442,922 | R--- | M] () -- C:\windows\System32\drivers\etc\hosts
    [2012/06/29 03:21:43 | 000,001,211 | ---- | M] () -- C:\Users\Jennifer\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
    [2012/06/29 03:21:43 | 000,001,187 | ---- | M] () -- C:\Users\Jennifer\Desktop\Spybot - Search & Destroy.lnk
    [2012/06/29 03:15:07 | 000,001,045 | ---- | M] () -- C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
    [2012/06/29 03:15:00 | 000,000,846 | ---- | M] () -- C:\Users\Jennifer\Desktop\ERUNT.lnk
    [2012/06/28 01:41:42 | 000,001,038 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/06/28 01:23:26 | 000,204,187 | ---- | M] () -- C:\ProgramData\1340803125.bdinstall.bin
    [2012/06/27 07:41:12 | 000,773,830 | ---- | M] () -- C:\windows\System32\perfh009.dat
    [2012/06/27 07:41:12 | 000,166,964 | ---- | M] () -- C:\windows\System32\perfc009.dat
    [2012/06/27 02:34:35 | 000,001,064 | ---- | M] () -- C:\Users\Jennifer\Desktop\OpenOffice.org Writer.lnk
    [2012/06/27 02:34:26 | 000,001,424 | ---- | M] () -- C:\Users\Jennifer\Desktop\Internet Explorer.lnk
    [2012/06/27 02:33:56 | 000,000,972 | ---- | M] () -- C:\Users\Jennifer\Desktop\MediaMonkey.lnk
    [2012/06/27 02:18:45 | 000,007,624 | -H-- | M] () -- C:\Users\Jennifer\AppData\Local\resmon.resmoncfg
    [2012/06/27 01:44:35 | 000,000,385 | ---- | M] () -- C:\windows\System32\user_gensett.xml
    [2012/06/27 00:59:09 | 000,249,786 | ---- | M] () -- C:\ProgramData\1340710945.bdinstall.bin
    [2012/06/26 23:50:19 | 000,000,000 | -H-- | M] () -- C:\windows\System32\drivers\Msft_Kernel_avchv_01009.Wdf
    [2012/06/26 21:45:30 | 000,001,256 | ---- | M] () -- C:\Users\Jennifer\Desktop\Paint.lnk
    [2012/06/25 23:45:16 | 000,000,052 | ---- | M] () -- C:\windows\System32\ashttpstats.csv
    [2012/06/25 23:43:57 | 000,000,121 | ---- | M] () -- C:\windows\bdagent.INI
    [2012/06/25 23:19:08 | 000,000,139 | ---- | M] () -- C:\ProgramData\search_result.xml
    [2012/06/25 19:29:34 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerApp.exe
    [2012/06/25 19:29:34 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl
    [2012/06/16 23:05:08 | 000,001,764 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2012/06/14 22:33:50 | 000,437,920 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
    [2012/06/12 21:31:11 | 000,001,074 | ---- | M] () -- C:\Users\Jennifer\Desktop\KeePass 2.lnk
    [2012/06/10 14:11:23 | 000,007,334 | ---- | M] () -- C:\Users\Jennifer\New OpenDocument Text.odt
    [2012/06/06 11:19:40 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2012/06/06 11:19:40 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2012/06/04 20:46:12 | 000,001,826 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
    [2012/06/03 10:19:33 | 000,045,080 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\wups2.dll
    [2012/06/03 10:19:32 | 000,035,864 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\wups.dll
    [2012/06/03 10:19:23 | 000,577,048 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\wuapi.dll
    [2012/06/03 10:12:32 | 002,422,272 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\wucltux.dll
    [2012/06/03 10:12:13 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\wudriver.dll
    [2012/06/02 15:19:42 | 000,171,904 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\wuwebv.dll
    [2012/06/02 15:12:20 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\wuapp.exe

    ========== Files Created - No Company Name ==========

    [2012/07/01 20:30:23 | 000,000,512 | ---- | C] () -- C:\Users\Jennifer\Desktop\MBR.dat
    [2012/07/01 13:25:35 | 000,000,000 | -H-- | C] () -- C:\Users\Jennifer\Documents\Default.rdp
    [2012/06/29 03:21:43 | 000,001,211 | ---- | C] () -- C:\Users\Jennifer\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
    [2012/06/29 03:21:43 | 000,001,187 | ---- | C] () -- C:\Users\Jennifer\Desktop\Spybot - Search & Destroy.lnk
    [2012/06/29 03:15:07 | 000,001,045 | ---- | C] () -- C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
    [2012/06/29 03:15:00 | 000,000,846 | ---- | C] () -- C:\Users\Jennifer\Desktop\ERUNT.lnk
    [2012/06/28 01:41:42 | 000,001,038 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/06/28 01:23:26 | 000,204,187 | ---- | C] () -- C:\ProgramData\1340803125.bdinstall.bin
    [2012/06/27 02:34:35 | 000,001,064 | ---- | C] () -- C:\Users\Jennifer\Desktop\OpenOffice.org Writer.lnk
    [2012/06/27 02:34:26 | 000,001,424 | ---- | C] () -- C:\Users\Jennifer\Desktop\Internet Explorer.lnk
    [2012/06/27 02:33:56 | 000,000,972 | ---- | C] () -- C:\Users\Jennifer\Desktop\MediaMonkey.lnk
    [2012/06/27 01:44:35 | 000,000,385 | ---- | C] () -- C:\windows\System32\user_gensett.xml
    [2012/06/27 00:59:09 | 000,249,786 | ---- | C] () -- C:\ProgramData\1340710945.bdinstall.bin
    [2012/06/26 23:50:19 | 000,000,000 | -H-- | C] () -- C:\windows\System32\drivers\Msft_Kernel_avchv_01009.Wdf
    [2012/06/26 21:45:30 | 000,001,256 | ---- | C] () -- C:\Users\Jennifer\Desktop\Paint.lnk
    [2012/06/25 23:43:22 | 000,000,121 | ---- | C] () -- C:\windows\bdagent.INI
    [2012/06/16 23:05:08 | 000,001,764 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2012/06/12 21:31:11 | 000,001,086 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeePass 2.lnk
    [2012/06/12 21:31:11 | 000,001,074 | ---- | C] () -- C:\Users\Jennifer\Desktop\KeePass 2.lnk
    [2012/06/10 14:11:22 | 000,007,334 | ---- | C] () -- C:\Users\Jennifer\New OpenDocument Text.odt
    [2012/06/06 11:19:40 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
    [2012/06/06 11:19:40 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
    [2012/06/04 20:46:12 | 000,001,826 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
    [2012/04/12 08:42:24 | 000,007,624 | -H-- | C] () -- C:\Users\Jennifer\AppData\Local\resmon.resmoncfg
    [2012/04/07 01:28:49 | 000,000,139 | ---- | C] () -- C:\ProgramData\search_result.xml
    [2012/03/17 21:57:18 | 000,000,872 | -H-- | C] () -- C:\Users\Jennifer\.recently-used.xbel
    [2012/03/17 16:48:33 | 000,000,051 | ---- | C] () -- C:\windows\EPART725.ini
    [2012/02/20 15:05:55 | 000,066,048 | ---- | C] () -- C:\windows\System32\PrintBrmUi.exe
    [2011/10/04 14:18:18 | 000,000,632 | RHS- | C] () -- C:\Users\Jennifer\ntuser.pol
    [2011/09/30 20:40:10 | 000,000,129 | -H-- | C] () -- C:\Users\Jennifer\jagex_runescape_preferences2.dat
    [2011/09/30 20:36:55 | 000,000,035 | -H-- | C] () -- C:\Users\Jennifer\jagex_runescape_preferences.dat
    [2011/07/28 12:59:29 | 000,000,000 | -H-- | C] () -- C:\Users\Jennifer\AppData\Local\{53E59F28-031B-428E-8EB9-86DD78071963}
    [2011/06/04 22:57:42 | 000,000,000 | ---- | C] () -- C:\windows\System32\imwords.dat
    [2011/06/04 22:57:42 | 000,000,000 | ---- | C] () -- C:\windows\System32\im_markovian.dat
    [2011/04/06 16:39:35 | 000,193,536 | -H-- | C] () -- C:\Users\Jennifer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/04/05 09:28:41 | 000,000,000 | ---- | C] () -- C:\windows\System32\imblacklist.dat
    [2011/04/04 11:17:09 | 000,000,000 | ---- | C] () -- C:\windows\System32\pcwords2.dat
    [2011/04/04 11:17:09 | 000,000,000 | ---- | C] () -- C:\windows\System32\pcwords.dat
    [2011/04/04 11:17:09 | 000,000,000 | ---- | C] () -- C:\windows\System32\pc_webproxy.dat
    [2011/04/04 11:17:09 | 000,000,000 | ---- | C] () -- C:\windows\System32\pc_video.dat
    [2011/04/04 11:17:09 | 000,000,000 | ---- | C] () -- C:\windows\System32\pc_tabloids.dat
    [2011/04/04 11:17:09 | 000,000,000 | ---- | C] () -- C:\windows\System32\pc_socialnetworks.dat
    [2011/04/04 11:17:09 | 000,000,000 | ---- | C] () -- C:\windows\System32\pc_searchengines.dat
    [2011/04/04 11:17:09 | 000,000,000 | ---- | C] () -- C:\windows\System32\pc_regionaltlds.dat
    [2011/04/04 11:17:09 | 000,000,000 | ---- | C] () -- C:\windows\System32\pc_pornography.dat
    [2011/04/04 11:17:09 | 000,000,000 | ---- | C] () -- C:\windows\System32\pc_onlineshop.dat
    [2011/04/04 11:17:09 | 000,000,000 | ---- | C] () -- C:\windows\System32\pc_onlinepay.dat
    [2011/04/04 11:17:09 | 000,000,000 | ---- | C] () -- C:\windows\System32\pc_onlinedating.dat
    [2011/04/04 11:17:09 | 000,000,000 | ---- | C] () -- C:\windows\System32\pc_news.dat
    [2011/04/04 11:17:09 | 000,000,000 | ---- | C] () -- C:\windows\System32\pc_im.dat
    [2011/04/04 11:17:09 | 000,000,000 | ---- | C] () -- C:\windows\System32\pc_illegal.dat
    [2011/04/04 11:17:09 | 000,000,000 | ---- | C] () -- C:\windows\System32\pc_hate.dat
    [2011/04/04 11:17:09 | 000,000,000 | ---- | C] () -- C:\windows\System32\pc_games.dat
    [2011/04/04 11:17:09 | 000,000,000 | ---- | C] () -- C:\windows\System32\pc_gambling.dat
    [2011/04/04 11:17:09 | 000,000,000 | ---- | C] () -- C:\windows\System32\pc_drugs.dat
    [2011/03/24 18:39:13 | 000,087,552 | ---- | C] () -- C:\windows\System32\cpwmon2k.dll
    [2010/07/28 21:01:14 | 000,127,868 | ---- | C] () -- C:\windows\System32\igcompkrng575.bin
    [2010/07/28 21:01:12 | 000,104,796 | ---- | C] () -- C:\windows\System32\igfcg575m.bin
    [2010/07/28 21:01:10 | 000,870,560 | ---- | C] () -- C:\windows\System32\igkrng575.bin
    [2010/07/28 20:20:56 | 000,004,096 | ---- | C] ( ) -- C:\windows\System32\IGFXDEVLib.dll
    [2010/03/29 18:40:20 | 000,100,256 | ---- | C] () -- C:\Program Files\Common Files\LinkInstaller.exe

    ========== LOP Check ==========

  6. #6
    Junior Member
    Join Date
    Jun 2012
    Location
    New Zealand
    Posts
    24

    Default More OTL Logs

    Continued from the previous post...
    ==================================

    [2012/05/06 15:02:26 | 000,000,000 | ---D | M] -- C:\Users\Andrew - School\AppData\Roaming\BitDefender
    [2012/05/06 15:04:18 | 000,000,000 | ---D | M] -- C:\Users\Andrew - School\AppData\Roaming\Epson
    [2012/05/06 15:33:21 | 000,000,000 | ---D | M] -- C:\Users\Andrew - School\AppData\Roaming\TFPU
    [2011/04/25 17:37:16 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\BitDefender
    [2011/04/25 17:38:19 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Hyperionics
    [2011/03/01 15:54:26 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\OpenOffice.org
    [2011/03/01 15:54:36 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\TFPU
    [2011/06/21 09:54:43 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Thunderbird
    [2011/05/14 18:13:27 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\WildTangent
    [2011/06/21 09:52:16 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Workrave
    [2011/12/02 12:28:32 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\.minecraft
    [2012/05/23 02:40:45 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\ACD Systems
    [2012/04/14 02:24:39 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\AnvSoft
    [2012/07/01 20:44:09 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\Dropbox
    [2011/12/07 07:40:48 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\EPSON
    [2012/05/30 20:15:39 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\Foxit Software
    [2012/04/13 22:56:00 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\HandBrake
    [2011/04/16 22:20:38 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\Hyperionics
    [2012/07/01 20:43:08 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\KeePass
    [2011/10/10 20:38:03 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\Leadertech
    [2012/04/14 01:36:47 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\OpenCandy
    [2011/03/01 13:08:09 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\OpenOffice.org
    [2011/03/10 12:49:13 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\PaperTigerApplicationData
    [2012/03/22 23:37:18 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\PDF Pro 10
    [2012/04/27 18:44:54 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\PersonalBrain
    [2011/04/04 11:04:53 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\QuickScan
    [2012/06/21 23:13:00 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\Spyzooka
    [2011/02/11 19:40:03 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\TFPU
    [2012/06/27 00:53:29 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\Thunderbird
    [2012/04/12 08:41:34 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\toshiba
    [2012/04/10 09:20:44 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\uTorrent
    [2011/10/26 19:08:56 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\BitDefender
    [2011/12/04 17:48:08 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\Hyperionics
    [2011/12/04 17:48:37 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\OpenOffice.org
    [2011/10/26 19:11:59 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\TFPU
    [2011/12/30 09:03:38 | 000,000,000 | ---D | M] -- C:\Users\SteveW\AppData\Roaming\.minecraft
    [2011/10/26 19:26:39 | 000,000,000 | ---D | M] -- C:\Users\SteveW\AppData\Roaming\ACD Systems
    [2011/05/05 20:13:06 | 000,000,000 | ---D | M] -- C:\Users\SteveW\AppData\Roaming\BitDefender
    [2010/11/01 19:02:49 | 000,000,000 | ---D | M] -- C:\Users\SteveW\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2011/12/08 19:18:02 | 000,000,000 | ---D | M] -- C:\Users\SteveW\AppData\Roaming\Epson
    [2011/05/05 20:14:26 | 000,000,000 | ---D | M] -- C:\Users\SteveW\AppData\Roaming\Hyperionics
    [2010/11/01 19:03:55 | 000,000,000 | ---D | M] -- C:\Users\SteveW\AppData\Roaming\OpenOffice.org
    [2010/09/25 17:55:53 | 000,000,000 | ---D | M] -- C:\Users\SteveW\AppData\Roaming\TFPU
    [2010/12/01 23:34:24 | 000,000,000 | ---D | M] -- C:\Users\SteveW\AppData\Roaming\Tific
    [2011/12/27 19:46:52 | 000,000,000 | ---D | M] -- C:\Users\SteveW\AppData\Roaming\TOSHIBA
    [2011/08/31 23:18:54 | 000,000,000 | ---D | M] -- C:\Users\SteveW\AppData\Roaming\uTorrent
    [2010/09/29 19:23:38 | 000,000,000 | ---D | M] -- C:\Users\SteveW\AppData\Roaming\WildTangent
    [2010/11/06 06:11:51 | 000,000,000 | ---D | M] -- C:\Users\SteveW\AppData\Roaming\WinBatch
    [2010/09/26 20:31:19 | 000,000,000 | ---D | M] -- C:\Users\SteveW\AppData\Roaming\Wireshark
    [2012/05/12 10:14:04 | 000,032,630 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    < End of report >

    Logs from Extras.txt...
    =========================


    OTL Extras logfile created on: 7/1/2012 8:45:05 PM - Run 1
    OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Jennifer\Desktop
    Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: New Zealand | Language: ENZ | Date Format: d/MM/yyyy

    1.80 Gb Total Physical Memory | 0.26 Gb Available Physical Memory | 14.62% Memory free
    3.59 Gb Paging File | 1.20 Gb Available in Paging File | 33.49% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
    Drive C: | 222.22 Gb Total Space | 114.06 Gb Free Space | 51.33% Space Free | Partition Type: NTFS

    Computer Name: JENW-PC | User Name: Jennifer | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [ACDSee Pro 2.5.Browse] -- "C:\Program Files\ACD Systems\ACDSee Pro\2.5\ACDSeeQVPro25.exe" "%1" (ACD Systems)
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [MediaMonkey.1Play] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
    Directory [MediaMonkey.2PlayNext] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
    Directory [MediaMonkey.3Enqueue] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0BA6076C-82C0-4581-8E15-8078F9A19477}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{1256C8B1-FC6C-4405-9DA1-6D580AD3327B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{19F6F46A-5FD1-4686-A5B7-43D453B49CFB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=c:\windows\system32\svchost.exe |
    "{1A3AC770-F4F3-44A4-AE9D-18E2DC0EC459}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{1B58F9B0-AAF4-4FE9-81FC-F630E03203C9}" = lport=139 | protocol=6 | dir=in | app=system |
    "{240A36E3-B90F-497C-9187-338652EA5CFB}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{277C6065-C923-45C5-8183-6304720C63F4}" = lport=138 | protocol=17 | dir=in | app=system |
    "{39A4198F-3D5C-4670-A18C-EC3A059A1AD8}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{3DE820A7-D95A-4C3B-9E8E-946B025C6FD2}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
    "{435BA9DA-F4A5-4458-9196-95CE1668B29D}" = rport=445 | protocol=6 | dir=out | app=system |
    "{50088C42-01D2-44DE-AE4A-89C0622D4A0B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{50817744-7AFB-4F4C-AA37-0E814A14E426}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=c:\windows\system32\svchost.exe |
    "{5FE50D78-47FC-4292-B7A4-8F148E8D3892}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{793C6114-A49A-44DD-BEE1-DE631037A7D4}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{89637DF4-CEFD-4535-94D2-4283F1EC6778}" = lport=445 | protocol=6 | dir=in | app=system |
    "{A3FADE10-FFEE-4E29-8566-10190F1789FB}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{A50269D8-71E9-4725-AD31-EA47DD894A50}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{B695222C-CA02-4505-874E-D5AAD9D3A512}" = rport=139 | protocol=6 | dir=out | app=system |
    "{D0BD91EF-9D76-451B-B271-31D28E53695A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{D55AE5ED-8047-428C-AC72-04082B94ED26}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
    "{DF38C0F4-9088-40E5-87DB-669112588F0F}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{E15FE230-4692-49D5-A909-D82A0770B013}" = lport=137 | protocol=17 | dir=in | app=system |
    "{EAD365B9-2FF0-44D2-B645-345C2F06777E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{F34E5123-B583-43CF-8A0B-4263D6FB853C}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{FA374B03-8D23-45B1-84D8-3BE58B64D7EF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{FBC70F81-F2AC-4260-B3EC-D82181A057EE}" = rport=138 | protocol=17 | dir=out | app=system |
    "{FC7C3E0A-6A3F-4BA3-95E6-A51BB303DD50}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
    "{FD4417AF-8EBB-4AFE-9529-423BEA81A400}" = rport=137 | protocol=17 | dir=out | app=system |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0129D4B7-6616-4A71-8E07-4FB15B1C5DCD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{03E13F30-718D-4DB3-A041-B10461EAA93A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{16339BCF-868B-4B01-8C8A-352FF5F7BC4B}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
    "{1B8B07FC-C6DC-4DB6-9478-CAF7700FCC36}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{214E7E5B-160F-44B1-B555-8944CD13B559}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{220CA804-86E7-4C70-BB00-FDAE42A25754}" = protocol=6 | dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
    "{2D8D7192-38CA-4FB6-8291-336997FC1202}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{317137E4-BBA4-4365-9E51-B478B816221D}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
    "{3BB04375-E2D7-4927-ADA1-FAAF7E3B6886}" = protocol=17 | dir=in | app=c:\program files\bitdefender\bitdefender 2011\seccenter.exe |
    "{3F51D0C3-E0D0-4E2C-A36F-1B0E55F39C90}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{411D074E-3BE6-4B72-922A-ADC4786EDE2B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{41DE9FC1-0DD3-4334-A640-1DB4BD0EB13D}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
    "{4DDBA853-10CC-4225-8263-51F891FE7DB2}" = protocol=6 | dir=out | app=system |
    "{6DC5347E-DA6D-4364-BE2C-A3AF5F31DB12}" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
    "{6F1DFB33-529D-4B07-B96A-6D62AE56815F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{78F1F5D7-564E-40F3-83B7-1CB2499DF108}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
    "{7C6E4407-2FFC-4AEF-A386-9384EC9221CF}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
    "{84939FD4-CEDD-468E-807F-A7ACEABE9684}" = protocol=6 | dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
    "{884DE649-FA86-4D1D-A4E3-64C23132F7C4}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{9D09FA55-46E0-408B-A459-105F3B1523B0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{9FCBF449-A2EE-4087-9845-27B706C63803}" = protocol=6 | dir=in | app=c:\program files\bitdefender\bitdefender 2011\seccenter.exe |
    "{A497A108-5191-4DEA-AA60-4398A52388A5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{A8D12086-19BC-4645-922F-B72DC220E8A7}" = protocol=17 | dir=in | app=c:\users\jennifer\appdata\roaming\dropbox\bin\dropbox.exe |
    "{B287DCAE-40D5-464A-ACE8-E84558CDC908}" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
    "{BF885250-A5D6-445D-AAFF-B391B32978D3}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
    "{C0F896CE-5E52-4ACF-ABB8-1D01CDCA5481}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{CAC12D19-F525-4B94-8C58-3460C7AC5069}" = protocol=17 | dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
    "{CD32E5F2-E193-4E29-9DD2-A0E2EBE9D152}" = dir=in | app=c:\program files\itunes\itunes.exe |
    "{D7804B5B-40F5-47AD-A493-B86F410DE205}" = protocol=6 | dir=in | app=c:\users\jennifer\appdata\roaming\dropbox\bin\dropbox.exe |
    "{D842900D-1C6D-46B6-ABE8-0D2DDCC08F70}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{E23C7322-7138-43DB-BE3F-D8E70B69074B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{E69E125F-AF34-4DBC-BF2D-2E2EEE646464}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{EB7364E2-4E0B-429C-9EDC-200A91DEA3CB}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{EE75CEC9-D766-49F1-ACEE-9836D49650BD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{F4C3D845-9223-4458-865E-BADC318B425D}" = protocol=17 | dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
    "{F859C60B-BE84-4DB0-8C8E-0D4FA8ACD413}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
    "{FF74FBA9-AEF2-415A-96A6-C777A7E1CD0E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "TCP Query User{07A252E7-0822-49A1-A5D3-10BBF7521DE1}E:\portableapps\skypeportable\app\skype\phone\skype.exe" = protocol=6 | dir=in | app=e:\portableapps\skypeportable\app\skype\phone\skype.exe |
    "TCP Query User{404196BB-E5EF-4908-9E0B-E30872F120E3}F:\portableapps\operaportable\app\opera\opera.exe" = protocol=6 | dir=in | app=f:\portableapps\operaportable\app\opera\opera.exe |
    "TCP Query User{688C04DD-F2D5-4606-A238-6A577C220AE9}F:\portableapps\skypeportable\app\skype\phone\skype.exe" = protocol=6 | dir=in | app=f:\portableapps\skypeportable\app\skype\phone\skype.exe |
    "TCP Query User{891E2508-6575-4B1A-9254-1152310FD047}C:\users\jennifer\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\jennifer\appdata\roaming\dropbox\bin\dropbox.exe |
    "TCP Query User{96AA3ACA-484C-496E-8FF7-BF89EBD8C053}C:\users\jennifer\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\jennifer\appdata\local\google\chrome\application\chrome.exe |
    "TCP Query User{9B8F2036-CF99-4687-88C5-9071F7862E63}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
    "TCP Query User{CE65EC55-D0B2-44AB-80B4-A1DBD04CC0B2}E:\portableapps\operaportable\app\opera\opera.exe" = protocol=6 | dir=in | app=e:\portableapps\operaportable\app\opera\opera.exe |
    "TCP Query User{D71C97FF-03BF-41D0-83C0-EC93C398CF44}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
    "TCP Query User{E6CCC26A-8CE3-45E2-977D-22F47C7C5907}F:\portableapps\skypeportable\app\skype\phone\skype.exe" = protocol=6 | dir=in | app=f:\portableapps\skypeportable\app\skype\phone\skype.exe |
    "TCP Query User{EFA7820F-C7AA-487C-B752-4E1B41EF35E9}E:\portableapps\skypeportable\app\skype\phone\skype.exe" = protocol=6 | dir=in | app=e:\portableapps\skypeportable\app\skype\phone\skype.exe |
    "UDP Query User{0D0A88F1-575A-4BE9-AE76-9B7EEDCAD807}E:\portableapps\skypeportable\app\skype\phone\skype.exe" = protocol=17 | dir=in | app=e:\portableapps\skypeportable\app\skype\phone\skype.exe |
    "UDP Query User{323171BB-7C47-44F9-A355-3786AB00121A}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
    "UDP Query User{340BEA51-0868-4CD1-9DD7-8E42A8234E2F}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
    "UDP Query User{39ACB6EF-4657-4716-AC54-7F2A542813AB}C:\users\jennifer\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\jennifer\appdata\roaming\dropbox\bin\dropbox.exe |
    "UDP Query User{441F93C6-5EEE-4A88-B86E-BD2786D473E4}F:\portableapps\skypeportable\app\skype\phone\skype.exe" = protocol=17 | dir=in | app=f:\portableapps\skypeportable\app\skype\phone\skype.exe |
    "UDP Query User{BDBA6AE0-E919-4230-B64E-275587F4EFCD}F:\portableapps\operaportable\app\opera\opera.exe" = protocol=17 | dir=in | app=f:\portableapps\operaportable\app\opera\opera.exe |
    "UDP Query User{C9DADB4C-5F3A-4991-AD2F-B10434CC8C02}E:\portableapps\skypeportable\app\skype\phone\skype.exe" = protocol=17 | dir=in | app=e:\portableapps\skypeportable\app\skype\phone\skype.exe |
    "UDP Query User{EDC13D8F-707A-4A14-A8C7-58064C51CE59}F:\portableapps\skypeportable\app\skype\phone\skype.exe" = protocol=17 | dir=in | app=f:\portableapps\skypeportable\app\skype\phone\skype.exe |
    "UDP Query User{F49B6777-D9BD-45CD-952D-11AB7C4C278B}C:\users\jennifer\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\jennifer\appdata\local\google\chrome\application\chrome.exe |
    "UDP Query User{FD16960B-34B5-4D29-A737-DD6F32500420}E:\portableapps\operaportable\app\opera\opera.exe" = protocol=17 | dir=in | app=e:\portableapps\operaportable\app\opera\opera.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{022CBB38-CEF0-42BA-906A-A49BEFAE0BEE}" = RICOH R5U230 Media Driver ver.2.07.03.02
    "{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}" = Epson Event Manager
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0BE73D3C-B5AF-11E1-933A-984BE15F174E}" = Evernote v. 4.5.7
    "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
    "{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
    "{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
    "{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
    "{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1E63ACB5-D45E-4856-8FC9-78F4B0D7BB80}" = TOSHIBA Security Assist
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{23236FC2-648D-4ACF-AD16-68492D0F0AC9}" = FileBox eXtender
    "{247C5DDA-FFD7-44E0-8BF7-79BC80A0BF87}" = Windows Live Family Safety
    "{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 4
    "{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
    "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
    "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
    "{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
    "{2D6E3D97-1FDF-4993-AC75-72F59EC445C5}" = Windows Live Family Safety
    "{2D95950E-6D76-43E7-94A5-D9DBA2FD29E4}" = ACDSee Pro 2.5
    "{2E54DAC2-BDF7-49EC-87AF-B38E3B096BC6}" = TOSHIBA 180 Degrees Rotation Utility
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
    "{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
    "{449CE12D-E2C7-4B97-B19E-55D163EA9435}" = Bing Bar
    "{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
    "{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
    "{53536479-DFB0-47ED-9D10-43F3708C222D}" = TOSHIBA eco Utility
    "{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{5A13987D-55F4-4271-A40E-76AC9B1B38FD}" = OpenOffice.org 3.2
    "{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
    "{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
    "{5F1DFCC1-595D-4235-A044-E05B706D800A}" = AuthenTec Fingerprint Software
    "{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
    "{628C2C7D-8AD1-E614-E8E2-6EEAD8D5F2D0}" = Acrobat.com
    "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
    "{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
    "{6DEF11C0-35FF-4160-A543-FDD336C4DAE5}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
    "{77980040-86C1-456B-845B-DDD66A0ADCA3}" = Foxit PhantomPDF
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
    "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
    "{7C05EEDD-E565-4E2B-ADE4-0C784C17311C}" = Crystal Reports for .NET Framework 2.0 (x86)
    "{7E8A5518-814D-49F3-AF14-8FA43C08F6CF}" = LiveUpload to Mediashare
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
    "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Foxit PDF Creator Toolbar
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{89F7D66C-777D-473B-AA11-319C0F190EAC}" = TOSHIBA Internal Modem Region Select Utility
    "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
    "{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
    "{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{94A90C69-71C1-470A-88F5-AA47ECC96B40}" = TOSHIBA HDD Protection
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9C5C9BAE-A4B1-4A40-AC43-2C1967C39D37}" = The Paper Tiger Professional 4.1
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
    "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
    "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A7760E07-4C23-4766-A99E-F715F298E99C}" = TFPU
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AB756389-9A03-44f3-ABAF-3699C01B4868}-Navman-7.30" = NavDesk 7.30
    "{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
    "{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
    "{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
    "{B90E5EBE-DF18-44D5-9D18-689ADEE9DA6C}" = Intel(R) PROSet/Wireless WiFi Software
    "{BAAB98AF-E4B6-4A2F-A3D7-296BADB7FE2E}" = Microsoft SQL Server 2005 Express Edition (PTPROFESSIONAL41)
    "{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
    "{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
    "{C9D8A041-2963-4B31-8FFC-1500F3DB9293}" = EpsonNet Setup 3.3
    "{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
    "{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{DA7DF8E2-4B8F-4286-97FE-DE3FFFE9B728}" = iCloud
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E487EE7D-EAAA-4E2A-9116-E3B477D8A74F}" = TOSHIBA USB Sleep and Charge Utility
    "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
    "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
    "{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
    "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F3529665-D75E-4D6D-98F0-745C78C68E9B}" = TOSHIBA ConfigFree
    "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
    "{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
    "ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Any Video Converter_is1" = Any Video Converter 3.3.5
    "Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "CutePDF Writer Installation" = CutePDF Writer 2.8
    "EPSON Artisan 720 Series" = EPSON Artisan 720 Series Printer Uninstall
    "EPSON Scanner" = EPSON Scan
    "EPSON TX720 Artisan720 Series" = EPSON TX720 Artisan720 Series Printer Uninstall
    "ERUNT_is1" = ERUNT 1.1j
    "FileBox eXtender" = FileBox eXtender
    "Foxit Reader_is1" = Foxit Reader
    "HandBrake" = HandBrake 0.9.6
    "InstallShield_{2E54DAC2-BDF7-49EC-87AF-B38E3B096BC6}" = TOSHIBA 180 Degrees Rotation Utility
    "InstallShield_{53536479-DFB0-47ED-9D10-43F3708C222D}" = TOSHIBA eco Utility
    "InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
    "InstallShield_{89F7D66C-777D-473B-AA11-319C0F190EAC}" = TOSHIBA Internal Modem Region Select Utility
    "InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
    "InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
    "InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
    "KeePassPasswordSafe2_is1" = KeePass Password Safe 2.19
    "LAME for Audacity_is1" = LAME v3.98.3 for Audacity
    "LTMOH" = LSI V92 MOH Application
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
    "MediaMonkey_is1" = MediaMonkey 3.2
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft SQL Server 2005" = Microsoft SQL Server 2005
    "PROHYBRIDR" = 2007 Microsoft Office system
    "PROSet" = Intel(R) Network Connections Drivers
    "TFPU{A7760E07-4C23-4766-A99E-F715F298E99C}" = TOSHIBA Fingerprint Utility
    "Ultimate Reference Suite" = Ultimate Reference Suite
    "uTorrent" = µTorrent
    "VLC media player" = VLC media player 2.0.1
    "WinLiveSuite" = Windows Live Essentials
    "WinPcapInst" = WinPcap 4.1.2
    "Wireshark" = Wireshark 1.4.0

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-985302526-3885216461-293028738-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{79A765E1-C399-405B-85AF-466F52E918B0}" = Foxit PDF Creator Toolbar Updater
    "Dropbox" = Dropbox
    "Google Chrome" = Google Chrome

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 6/30/2012 4:24:42 AM | Computer Name = JenW-PC | Source = SideBySide | ID = 16842815
    Description = Activation context generation failed for "C:\Program Files\Common
    Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
    Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
    of attribute "version" in element "assemblyIdentity" is invalid.

    Error - 6/30/2012 4:25:52 AM | Computer Name = JenW-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "c:\program files\TOSHIBA\toshiba
    usb sleep and charge utility\SetupProp64.exe". Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 6/30/2012 4:28:45 AM | Computer Name = JenW-PC | Source = SideBySide | ID = 16842815
    Description = Activation context generation failed for "c:\program files\spybot
    - search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program files\spybot
    - search & destroy\DelZip179.dll" on line 8. The value "*" of attribute "language"
    in element "assemblyIdentity" is invalid.

    Error - 6/30/2012 4:28:52 AM | Computer Name = JenW-PC | Source = SideBySide | ID = 16842815
    Description = Activation context generation failed for "c:\program files\spybot
    - search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program files\spybot
    - search & destroy\DelZip179.dll" on line 8. The value "*" of attribute "language"
    in element "assemblyIdentity" is invalid.

    Error - 6/30/2012 4:28:55 AM | Computer Name = JenW-PC | Source = SideBySide | ID = 16842815
    Description = Activation context generation failed for "c:\program files\spybot
    - search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program files\spybot
    - search & destroy\DelZip179.dll" on line 8. The value "*" of attribute "language"
    in element "assemblyIdentity" is invalid.

    Error - 6/30/2012 4:29:07 AM | Computer Name = JenW-PC | Source = SideBySide | ID = 16842815
    Description = Activation context generation failed for "c:\program files\spybot
    - search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program files\spybot
    - search & destroy\DelZip179.dll" on line 8. The value "*" of attribute "language"
    in element "assemblyIdentity" is invalid.

    Error - 6/30/2012 8:33:10 AM | Computer Name = JenW-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Program Files\Fingerprint
    Sensor\Drivers\DPInst64.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 6/30/2012 8:37:02 AM | Computer Name = JenW-PC | Source = SideBySide | ID = 16842815
    Description = Activation context generation failed for "C:\Program Files\Common
    Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
    Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
    of attribute "version" in element "assemblyIdentity" is invalid.

    Error - 6/30/2012 8:37:37 AM | Computer Name = JenW-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "c:\program files\TOSHIBA\toshiba
    usb sleep and charge utility\SetupProp64.exe". Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 7/1/2012 3:00:09 AM | Computer Name = JenW-PC | Source = Windows Backup | ID = 4103
    Description =

    [ System Events ]
    Error - 6/30/2012 3:11:20 PM | Computer Name = JenW-PC | Source = bowser | ID = 8003
    Description =

    Error - 6/30/2012 9:07:49 PM | Computer Name = JenW-PC | Source = Disk | ID = 262155
    Description = The driver detected a controller error on \Device\Harddisk1\DR1.

    Error - 6/30/2012 9:07:49 PM | Computer Name = JenW-PC | Source = volsnap | ID = 393245
    Description = The shadow copies of volume F: were aborted during detection.

    Error - 6/30/2012 9:07:49 PM | Computer Name = JenW-PC | Source = Disk | ID = 262155
    Description = The driver detected a controller error on \Device\Harddisk1\DR1.

    Error - 6/30/2012 9:07:50 PM | Computer Name = JenW-PC | Source = Disk | ID = 262155
    Description = The driver detected a controller error on \Device\Harddisk1\DR1.

    Error - 6/30/2012 9:07:50 PM | Computer Name = JenW-PC | Source = Disk | ID = 262155
    Description = The driver detected a controller error on \Device\Harddisk1\DR1.

    Error - 6/30/2012 9:07:51 PM | Computer Name = JenW-PC | Source = Disk | ID = 262155
    Description = The driver detected a controller error on \Device\Harddisk1\DR1.

    Error - 7/1/2012 1:07:44 AM | Computer Name = JenW-PC | Source = Disk | ID = 262155
    Description = The driver detected a controller error on \Device\Harddisk1\DR1.

    Error - 7/1/2012 3:58:03 AM | Computer Name = JenW-PC | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 7:56:55 p.m. on ?1/?07/?2012 was unexpected.

    Error - 7/1/2012 3:58:18 AM | Computer Name = JenW-PC | Source = BugCheck | ID = 1001
    Description =


    < End of report >

  7. #7
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Good Morning,

    The only thing is see iffy on your OTL log is ASK and its not malicious but does alter your browser setting, I also see uTorrent, file sharing of any kind is not recommend, your downloading that file from and unknown source and not all but most contain malware, its kind of like playing Russian Roulette malwarewise.

    aswMBR checks for rootkits especially ones that may effect your hard drive and your log looks fine.




    Open OTL.exe
    • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

      Code:
      :processes
      killallprocesses
      
      :OTL
      PRC - C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
      IE - HKU\S-1-5-21-985302526-3885216461-293028738-1007\..\SearchScopes\{E9AFD23D-4238-4710-80B1-2FF0194B0726}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=FXTV5&o=101699&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=F4&apn_dtid=YYYYYYYYNZ&apn_uid=cea5bd86-fd5f-4843-a58f-d1161bc1a422&apn_sauid=8FC01926-31AC-48A2-BA80-D825FF7AAFA7
      O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
      O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
      O3 - HKU\S-1-5-21-985302526-3885216461-293028738-1007\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
      O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
      [2012/04/10 09:20:44 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\uTorrent
      [2011/08/31 23:18:54 | 000,000,000 | ---D | M] -- C:\Users\SteveW\AppData\Roaming\uTorrent
      
      
      :Services
      
      :Reg
      
      :Files
      ipconfig /flushdns /c
      
      
      :Commands
      [purity]
      [resethosts]
      [emptytemp]
      [start explorer]
      [Reboot]
    • Then click the Run Fix button at the top. <--Not run Scan
    • Let the program run unhindered, reboot when it is done
    • Then post the results of the log it produces
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  8. #8
    Junior Member
    Join Date
    Jun 2012
    Location
    New Zealand
    Posts
    24

    Default Latest OTL Log

    Here is the OTL Log file as requested. Thank you again for your time and prompt assistance. We're on very different time zones. As you say "Good Morning", I'm heading off to bed.

    I don't use, or like, the ASK toolbar, and have asked kids not to install it, and I've never used uTorrent, but someone else may have once or twice. I'd just as soon get rid of anything that potentially causes trouble. At some point, I'd like to ask you questions about safety precautions with other networked computers (saw that my attempt to get access to an old printer connected to my husband's laptop networked us via the wifi) and Evernote/DropBox. But, of course it can wait until later.

    Thank you

    =============================


    All processes killed
    ========== PROCESSES ==========
    ========== OTL ==========
    No active process named Updater.exe was found!
    Registry key HKEY_USERS\S-1-5-21-985302526-3885216461-293028738-1007\Software\Microsoft\Internet Explorer\SearchScopes\{E9AFD23D-4238-4710-80B1-2FF0194B0726}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E9AFD23D-4238-4710-80B1-2FF0194B0726}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
    C:\Program Files\Ask.com\GenericAskToolbar.dll moved successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
    Registry value HKEY_USERS\S-1-5-21-985302526-3885216461-293028738-1007\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
    File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater deleted successfully.
    C:\Program Files\Ask.com\Updater\Updater.exe moved successfully.
    C:\Users\Jennifer\AppData\Roaming\uTorrent\ie folder moved successfully.
    C:\Users\Jennifer\AppData\Roaming\uTorrent\dlimagecache folder moved successfully.
    C:\Users\Jennifer\AppData\Roaming\uTorrent\apps folder moved successfully.
    C:\Users\Jennifer\AppData\Roaming\uTorrent folder moved successfully.
    C:\Users\SteveW\AppData\Roaming\uTorrent\ie folder moved successfully.
    C:\Users\SteveW\AppData\Roaming\uTorrent\dlimagecache folder moved successfully.
    C:\Users\SteveW\AppData\Roaming\uTorrent\apps folder moved successfully.
    C:\Users\SteveW\AppData\Roaming\uTorrent folder moved successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\Users\Jennifer\Desktop\cmd.bat deleted successfully.
    C:\Users\Jennifer\Desktop\cmd.txt deleted successfully.
    ========== COMMANDS ==========
    C:\windows\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully

    [EMPTYTEMP]

    User: All Users

    User: Andrew - School
    ->Temp folder emptied: 547238 bytes
    ->Temporary Internet Files folder emptied: 409116 bytes
    ->Flash cache emptied: 41620 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Flash cache emptied: 41620 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Guest
    ->Temp folder emptied: 14546791 bytes
    ->Temporary Internet Files folder emptied: 104029322 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 42745 bytes

    User: Jennifer
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 299027092 bytes
    ->Java cache emptied: 1300610 bytes
    ->Google Chrome cache emptied: 6496666 bytes
    ->Apple Safari cache emptied: 68302848 bytes
    ->Flash cache emptied: 65898 bytes

    User: Public

    User: Ryan
    ->Temp folder emptied: 2013136 bytes
    ->Temporary Internet Files folder emptied: 145798082 bytes
    ->Java cache emptied: 67232 bytes
    ->Flash cache emptied: 42575 bytes

    User: SteveW
    ->Temp folder emptied: 189215282 bytes
    ->Temporary Internet Files folder emptied: 159781018 bytes
    ->Java cache emptied: 4059868 bytes
    ->Google Chrome cache emptied: 224797166 bytes
    ->Flash cache emptied: 42344 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 2809046 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 1,167.00 mb


    OTL by OldTimer - Version 3.2.53.0 log created on 07012012_234330

    Files\Folders moved on Reboot...

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...

  9. #9
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Great,

    Lets check a bit further

    First run a new scan with OTL ( not the fix ) and let me see a new log please


    Please download Malwarebytes from Here or Here

    • Double-click mbam-setup.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform quick scan, then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected .
    • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
    • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
    Post the report please






    Please run this free online virus scanner from ESET


    • Note: You will need to use Internet explorer for this scan
    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the activex control to install
    • Click Start
    • Make sure that the option Remove found threats is NOT TICKED, and the option Scan unwanted applications is checked
    • Click Scan
    • Wait for the scan to finish
    • Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
    • Copy and paste that log as a reply to this topic
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  10. #10
    Junior Member
    Join Date
    Jun 2012
    Location
    New Zealand
    Posts
    24

    Default Malwarebytes

    Morning Ken,

    I'd previously downloaded Malwarebytes from CNet and it cleaned several things up (red level). I had also run it in safe mode and it identified quite a few items (green level), but I didn't act on it since I wasn't sure about running things in safe mode. Is it safe to download and use software from CNet? Anyway, that's the one I used to run the test you requested (updated viruses first).

    ===========================

    Malwarebytes Anti-Malware (Trial) 1.61.0.1400
    www.malwarebytes.org

    Database version: v2012.07.01.08

    Windows 7 Service Pack 1 x86 NTFS
    Internet Explorer 9.0.8112.16421
    Jennifer :: JENW-PC [administrator]

    Protection: Enabled

    2/07/2012 8:58:49 a.m.
    mbam-log-2012-07-02 (08-58-49).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 297885
    Time elapsed: 13 minute(s), 59 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)

    =======================
    I was unable to run ESET from my IE browser, as the ActiveX Control didn't appear (and I couldn't figure out how to turn it on manually), so I tried to run it from Chrome, which required I download it to run. It gave me a message that another antivirus software was detected (Windows Defender which I don't use) that may affect the performance of the scan.

    I'm still waiting for the virus signature database to download, this is taking a while and I have to leave soon.
    =======================

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •