Please Help! Wish I'd Discovered You Earlier

kiwikay · Jun 28, 2012

Hi,

After years of using PortableApps, kids using USB sticks, and now their gaming activities, mixed with my lack of knowledge in keeping things running well, I've got 3 messed up computers. My husband had installed BitDefender on all three, but it's now clear some damaging things got in. They are all very slow, poor screen refresh, some crashes, and very slow internet access.

Before discovering SpyBot, (and thinking BitDefender was taking care of viruses) I purchased RegZooka (came with SpyZooka) and who knows what it did to things. SpyZooka kept finding viruses (some the same ones) even after repeat consecutive runs. One was a trojan in the BitDefender folder and I followed some web process for manually removing it (took a SafeMode scan to find it), but still had the same performance problems.

In my effort to run my software and get my late taxes done (still not done), and during 2 weeks of horrible "support" from BitDefender, I repeatedly ran the RegZooka and opened up my Task Manager and randomly removed processes (mostly Chrome) that seemed to be eating up my memory. It helped, but after about an hour of leaving the computer on (computer #2) everything's hosed again.

So, I'm able to run Firefox on computer #1 (where I am now), and have some stability, so I removed BitDefender, RegZooka & SpyZooka, and installed Malwarebytes. It didn't find anything! So, I've now followed your "BEFORE You Post" directions and run ERUNT, SpyBot, and dds.scr on computer #1 (first backed up data & set a system restore point). I have several questions.

1. SpyBot found & cleared 71 tracking cookies. Could this alone explain the slowdowns? After a reboot, my task manager showed PF Usage of 1.0 GB with no applications running. Is this normal? I'm running Windows XP Professional V. 2002 Service Pack 3. Intel Core 2 CPU, 6320 @ 1.86GHz, 1.98 GB of RAM.

2. My external drive was connected during the scan, but I couldn't find a way to include it in the settings. Would it have been scanned? If not, how do I do that (along with all our USB sticks)?

3. Is there a way to restore or recover from any damage I've done by messing with my registries? What other tools should I use to diagnose and in what order? Would it be worthwhile to run SpyBot again in safe mode?

4. I'm getting ready to follow your procedures on my 2nd computer, but it's too slow to easily do a backup (would likely take days). How important is this? Can you recommend a good application for incremental backups that work well with various external drives?

Please forgive my relative lack of technical knowledge. Reading through the various forum posts often sounds like Greek to me. I'm an educator and am needing to get everything in order technically so I can start a blog for homeschooled children, in part to help them navigate through this stuff so they don't fall prey to bad advice as I've had. I appreciate any advice or support you can offer me. I did keep some of the early logs that showed what trojans had been found, if that's useful.

Thank You,
KiwiKay

ken545 · Jun 30, 2012

:snwelcome:

Please read Before You Post
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.

Running programs with Vista or Windows 7 , you need to Right Click on the program and select RUN AS ADMINISTATOR

Registry cleaners are not recommended, remove the wrong entry or entries and you can make your computer unbootable. I have been into computing for many years and have never needed a registry cleaner, there is a way of removing entries for a program you just uninstalled but its not needed here at this point.
http://forums.cnet.com/7723-6122_102-541753/regzooka-fraud/

Let me explain the way the forum works, this forum is just for malware removal, if after running a few scans there is no malware than I can link you to a good windows support site that can help you

We can only work on one computer at a time in this thread or believe me it will get very complicated and confusing, so lets do this, pick you main computer your having the main issue with and lets work on that, when where done I will close this thread and you can start a new topic for the next one.

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

On completion of the scan click save log, save it to your desktop and post in your next reply

OTL by OldTimer

Download OTL to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the "Scan All Users" checkbox.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
  Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

kiwikay · Jul 1, 2012

Thank you and done as requested

Thank you very much Ken for your assistance. I've done my backups, tried to run ERDNT (but it was unable to create a file), and ran aswMBR (I assumed I was meant to agree to the popup box recommendation to download AVAST's latest virus definitions). Downloads are taking awhile (currently 7 KB/s).

My computer crashed while running the aswMBR. Do you want me to retry it?

Just to let you know what I'd done previously... I'm working on what I call Computer #2. This is my main computer (I don't have access right now to #1 and #3 has to be moved to be online). This one had been in the worst shape, and I'd done similar things as the one described previously (BitDefender, RegZooka, SpyZooka). After seeing no change after running SpyBot, I ran it again in SafeMode and it found/cleaned many "red level" viruses (they all said cookie trackers -- so I'm not sure if those are true viruses). It is running a bit more stable now, which allowed me to do backups.

This is a Windows7 Professional, Service Pack 1, 32-bit operating system with 2 GB RAM.

Thanks again,
KiwiKay

kiwikay · Jul 1, 2012

Update & Logs

Okay, so I reran aswMBR and it completed. Log below:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-01 20:28:27
-----------------------------
20:28:27.654 OS Version: Windows 6.1.7601 Service Pack 1
20:28:27.654 Number of processors: 4 586 0x2502
20:28:27.654 ComputerName: JENW-PC UserName:
20:28:36.437 Initialize success
20:28:42.314 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:28:42.314 Disk 0 Vendor: Hitachi_ PB2O Size: 238475MB BusType: 3
20:28:42.345 Disk 0 MBR read successfully
20:28:42.345 Disk 0 MBR scan
20:28:42.345 Disk 0 Windows VISTA default MBR code
20:28:42.361 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
20:28:42.408 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 227551 MB offset 3074048
20:28:42.439 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 9423 MB offset 469098496
20:28:42.454 Disk 0 scanning sectors +488396800
20:28:42.595 Disk 0 scanning C:\windows\system32\drivers
20:28:54.997 Service scanning
20:29:36.885 Modules scanning
20:30:02.563 Disk 0 trace - called modules:
20:30:02.594 ntkrnlpa.exe CLASSPNP.SYS disk.sys thpdrv.sys halmacpi.dll ACPI.sys iaStor.sys
20:30:03.109 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87d85ac8]
20:30:03.109 3 CLASSPNP.SYS[893d859e] -> nt!IofCallDriver -> \Device\THPDRV1[0x87d84030]
20:30:03.124 5 thpdrv.sys[895e299f] -> nt!IofCallDriver -> [0x8622d870]
20:30:03.140 7 ACPI.sys[88c933d4] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x862ba028]
20:30:03.140 Scan finished successfully
20:30:23.217 Disk 0 MBR has been saved successfully to "C:\Users\Jennifer\Desktop\MBR.dat"
20:30:23.217 The log file has been saved successfully to "C:\Users\Jennifer\Desktop\aswMBR.txt"

kiwikay · Jul 1, 2012

1st Log for OTL

The OTL.txt log is a bit too long to post, so I've split it. The rest follows with the Extras.txt log.
====================

OTL logfile created on: 7/1/2012 8:45:05 PM - Run 1
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Jennifer\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: New Zealand | Language: ENZ | Date Format: d/MM/yyyy

1.80 Gb Total Physical Memory | 0.26 Gb Available Physical Memory | 14.62% Memory free
3.59 Gb Paging File | 1.20 Gb Available in Paging File | 33.49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.22 Gb Total Space | 114.06 Gb Free Space | 51.33% Space Free | Partition Type: NTFS

Computer Name: JENW-PC | User Name: Jennifer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Jennifer\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
PRC - C:\Program Files\Evernote\Evernote\Evernote.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
PRC - C:\Program Files\Evernote\Evernote\EvernoteTray.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
PRC - C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
PRC - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
PRC - C:\Users\Jennifer\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Users\Jennifer\AppData\Local\Temp\Foxit Updater.exe (Foxit Corporation)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - c:\Program Files\The Monticello Corporation\MSSQL.3\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Fingerprint Sensor\AtService.exe (AuthenTec, Inc.)
PRC - C:\Program Files\TOSHIBA\TFPU\TFPUPWDBank.exe (TOSHIBA)
PRC - C:\Program Files\TOSHIBA\TFPU\TFPUTaskMonitor.exe (TOSHIBA)
PRC - C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
PRC - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe ()
PRC - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
PRC - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
PRC - C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
PRC - C:\Windows\System32\ThpSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files\TOSHIBA\TECO\TecoService.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION)
PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtHSP.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY)
PRC - C:\Program Files\LSI SoftModem\agrsmsvc.exe (LSI Corporation)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
PRC - C:\Program Files\Apoint2K\hidfind.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\TOSHIBA\TNROTATE\TNROTATE.exe (TOSHIBA Corporation)

========== Modules (No Company Name) ==========

MOD - C:\Users\Jennifer\AppData\Local\Google\Chrome\Application\20.0.1132.47\ppgooglenaclpluginchrome.dll ()
MOD - C:\Users\Jennifer\AppData\Local\Google\Chrome\Application\20.0.1132.47\pdf.dll ()
MOD - C:\Users\Jennifer\AppData\Local\Google\Chrome\Application\20.0.1132.47\libglesv2.dll ()
MOD - C:\Users\Jennifer\AppData\Local\Google\Chrome\Application\20.0.1132.47\libegl.dll ()
MOD - C:\Users\Jennifer\AppData\Local\Google\Chrome\Application\20.0.1132.47\avutil-51.dll ()
MOD - C:\Users\Jennifer\AppData\Local\Google\Chrome\Application\20.0.1132.47\avformat-54.dll ()
MOD - C:\Users\Jennifer\AppData\Local\Google\Chrome\Application\20.0.1132.47\avcodec-54.dll ()
MOD - C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd\1.2012.606.2_0\plugin\ace.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\69ca4a43ba14b66689715ad62aed70e6\System.ServiceProcess.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll ()
MOD - C:\Program Files\Evernote\Evernote\libcef.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - C:\Program Files\Evernote\Evernote\libtidy.dll ()
MOD - C:\Program Files\Evernote\Evernote\libxml2.dll ()
MOD - C:\Program Files\Evernote\Evernote\avformat-52.dll ()
MOD - C:\Program Files\Evernote\Evernote\avcodec-52.dll ()
MOD - C:\Program Files\Evernote\Evernote\avutil-50.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\TOSHIBA\TFPU\TFPUCommon.dll ()
MOD - C:\windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll ()
MOD - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll ()
MOD - C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll ()
MOD - C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll ()
MOD - C:\Program Files\TOSHIBA\TBS\NotifyTBS.dll ()
MOD - C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll ()
MOD - C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll ()
MOD - C:\Program Files\TOSHIBA\PCDiag\NotifyPCD.dll ()

========== Win32 Services (SafeList) ==========

SRV - (SBSDWSCService) -- C:\Program Files\Spybot File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (SeaPort) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (MSSQL$PTPROFESSIONAL41) SQL Server (PTPROFESSIONAL41) -- c:\Program Files\The Monticello Corporation\MSSQL.3\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (ATService) -- C:\Program Files\Fingerprint Sensor\AtService.exe (AuthenTec, Inc.)
SRV - (EvtEng) Intel(R) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe ()
SRV - (RegSrvc) Intel(R) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (TPCHSrv) -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe (TOSHIBA Corporation)
SRV - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV - (TOSHIBA HDD SSD Alert Service) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation)
SRV - (cfWiMAXService) -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe (TOSHIBA CORPORATION)
SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (Thpsrv) -- C:\Windows\System32\ThpSrv.exe (TOSHIBA Corporation)
SRV - (TMachInfo) -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)
SRV - (IAStorDataMgrSvc) Intel(R) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (UNS) Intel(R) -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel(R) -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (TOSHIBA eco Utility Service) -- C:\Program Files\TOSHIBA\TECO\TecoService.exe (TOSHIBA Corporation)
SRV - (EPSON_EB_RPCV4_04) EPSON V5 Service4(04) -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE (SEIKO EPSON CORPORATION)
SRV - (EPSON_PM_RPCV4_04) EPSON V3 Service4(04) -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE (SEIKO EPSON CORPORATION)
SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (RSELSVC) -- C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe (TOSHIBA Corporation)
SRV - (ABBYY.Licensing.FineReader.Sprint.9.0) -- C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY)
SRV - (AgereModemAudio) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe (LSI Corporation)
SRV - (ConfigFree Service) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (ZTEusbser6k) -- system32\DRIVERS\ZTEusbser6k.sys File not found
DRV - (ZTEusbnmea) -- system32\DRIVERS\ZTEusbnmea.sys File not found
DRV - (ZTEusbmdm6k) -- system32\DRIVERS\ZTEusbmdm6k.sys File not found
DRV - (massfilter) -- system32\drivers\massfilter.sys File not found
DRV - (aswMBR) -- C:\Users\Jennifer\AppData\Local\Temp\aswMBR.sys File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (netr73) -- C:\Windows\System32\drivers\netr73.sys (Ralink Technology, Corp.)
DRV - (Netaapl) -- C:\Windows\System32\drivers\netaapl.sys (Apple Inc.)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (NPF) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies, Inc.)
DRV - (ATSwpWDF) -- C:\Windows\System32\drivers\ATSwpWDF.sys (AuthenTec, Inc.)
DRV - (NETw5s32) Intel(R) -- C:\Windows\System32\drivers\netw5s32.sys (Intel Corporation)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (IntcDAud) Intel(R) -- C:\Windows\System32\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV - (Impcd) -- C:\Windows\System32\drivers\Impcd.sys (Intel Corporation)
DRV - (tosrfbd) -- C:\Windows\System32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (e1kexpress) Intel(R) -- C:\Windows\System32\drivers\e1k6232.sys (Intel Corporation)
DRV - (HECI) Intel(R) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation)
DRV - (Tosrfusb) -- C:\Windows\System32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (TosRfSnd) -- C:\Windows\System32\drivers\TosRfSnd.sys (TOSHIBA Corporation)
DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV - (Tosrfcom) -- C:\Windows\System32\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (risdpcie) -- C:\Windows\System32\drivers\risdpe86.sys (REDC)
DRV - (tos_sps32) -- C:\Windows\System32\drivers\tos_sps32.sys (TOSHIBA Corporation)
DRV - (tosrfnds) -- C:\Windows\System32\drivers\tosrfnds.sys (TOSHIBA Corporation.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (LSI Corporation)
DRV - (TVALZ) -- C:\Windows\System32\drivers\TVALZ.SYS (TOSHIBA Corporation)
DRV - (tosrfec) -- C:\Windows\System32\drivers\tosrfec.sys (TOSHIBA Corporation)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (rixdpcie) -- C:\Windows\System32\drivers\rixdpe86.sys (REDC)
DRV - (rimspci) -- C:\Windows\System32\drivers\rimspe86.sys (REDC)
DRV - (Thpevm) -- C:\Windows\System32\drivers\Thpevm.sys (TOSHIBA Corporation)
DRV - (Thpdrv) -- C:\Windows\System32\drivers\thpdrv.sys (TOSHIBA Corporation)
DRV - (PGEffect) -- C:\Windows\System32\drivers\PGEffect.sys (TOSHIBA Corporation)
DRV - (TVALZFL) -- C:\Windows\System32\drivers\TVALZFL.sys (TOSHIBA Corporation)
DRV - (Tosrfhid) -- C:\Windows\System32\drivers\Tosrfhid.sys (TOSHIBA Corporation.)
DRV - (tosrfbnp) -- C:\Windows\System32\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV - (tosporte) -- C:\Windows\System32\drivers\tosporte.sys (TOSHIBA Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSAU

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-985302526-3885216461-293028738-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-985302526-3885216461-293028738-1007\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-985302526-3885216461-293028738-1007\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-985302526-3885216461-293028738-1007\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-985302526-3885216461-293028738-1007\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSAU_enNZ398NZ398
IE - HKU\S-1-5-21-985302526-3885216461-293028738-1007\..\SearchScopes\{E9AFD23D-4238-4710-80B1-2FF0194B0726}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=FXTV5&o=101699&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=F4&apn_dtid=YYYYYYYYNZ&apn_uid=cea5bd86-fd5f-4843-a58f-d1161bc1a422&apn_sauid=8FC01926-31AC-48A2-BA80-D825FF7AAFA7
IE - HKU\S-1-5-21-985302526-3885216461-293028738-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-985302526-3885216461-293028738-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Jennifer\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Jennifer\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C1CA7765-44E4-452e-9D00-A04F3D434281}: C:\Program Files\TOSHIBA\TFPU\FirefoxAddin [2010/11/06 06:12:51 | 000,000,000 | ---D | M]

[2012/05/22 20:19:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jennifer\AppData\Roaming\Mozilla\Extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google

riginalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Jennifer\AppData\Local\Google\Chrome\Application\20.0.1132.47\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Jennifer\AppData\Local\Google\Chrome\Application\20.0.1132.47\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Jennifer\AppData\Local\Google\Chrome\Application\20.0.1132.47\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - Extension: Foxit Toolbar = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaoiagmlcohkmjodefppbmpjdiocmh\7.15.1.22688_0\
CHR - Extension: BIODIGITAL HUMAN = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\agoenciogemlojlhccbcpcfflicgnaak\0.9.5_0\
CHR - Extension: Task Timer = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aomfjmibjhhfdenfkpaodhnlhkolngif\3.7.3_0\
CHR - Extension: Google Drive = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6_0\
CHR - Extension: Turn Off the Lights = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn\2.0.0.106_0\
CHR - Extension: YouTube = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Adblock Plus (Beta) = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\
CHR - Extension: ScreenSh00ter = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjamodcfmindeooalnaodbgbckflcfgb\1.2.0.2_0\
CHR - Extension: Google Search = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Read Later Fast = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\decdfngdidijkdjgbknlnepdljfaepji\1.4.6_0\
CHR - Extension: Offline Google Mail = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk\1.18_0\
CHR - Extension: Google Calendar = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0\
CHR - Extension: Google Finance = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcgckldmmjdbpdejkclmfnnnehhocbfp\1.1_0\
CHR - Extension: AdBlock = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.37_0\
CHR - Extension: PDF Mergy = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgecghmkcdefnknohcimkoemhaofpoha\0.4.0_0\
CHR - Extension: Cloud Reader = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd\1.0.0.0_0\
CHR - Extension: BookedIN Appointment Scheduler = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\iheobladblmphoggmehhahdfikpbilnj\1.0.15_0\
CHR - Extension: Clearly = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\iooicodkiihhpojmmeghjclgihfjdjhj\6.3337.321.633_1\
CHR - Extension: Citable = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfiabcklnnhkmkcdjjpmgghiimjkaeio\1.5_0\
CHR - Extension: Zoho Sheet = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhegddohmncgelkehhnigphmloinkinj\1.2_0\
CHR - Extension: Calc-Sheet = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\jinolkpkhpfipbnbedghadcpndobgiba\1.2_0\
CHR - Extension: Universo = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\joamekpghmpmbpcjjfpmfjhenhpidmep\1.2_0\
CHR - Extension: OpenOffice Document Reader = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpcfmmdlhndnfpagbmhbbfehenapoich\3_0\
CHR - Extension: Wordmark.it = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbpdmjdjcgpciedkahfcidpojchnooij\1.12_0\
CHR - Extension: Autodesk Homestyler = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdmmkfaghgcicheaimnpffeeekheafkb\2.2_0\
CHR - Extension: Wave Accounting = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\knpkfcpnjfbniadmfchjpcigfhookhaa\1.9.1_0\
CHR - Extension: Skype Click to Call = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.0.0.10297_0\
CHR - Extension: Sketchpad = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkllajgbhondgjjnhmmgbjndmogapinp\1.0.0.1_0\
CHR - Extension: Chrome Reader = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\lojpenhmoajbiciapkjkiekmobleogjc\1.2_0\
CHR - Extension: MagicCube FeedStore for Google Reader = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\mafnkhhfaadhhhdcijjnajeceeppebdg\1.1_0\
CHR - Extension: Scraper = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbigbapnjcgaffohmbkdlecaccepngjd\1.6_0\
CHR - Extension: Chat for Google = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd\1.2012.606.2_0\
CHR - Extension: RSS Subscription Extension (by Google) = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbjncdgjeocebhnmkbbbdekmmmcbfjd\2.2.0_0\
CHR - Extension: Photo Collage = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiabhgfgfhoilflkoicbmnejgjjfmhcg\1_0\
CHR - Extension: Evernote Web Clipper = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc\5.5.1_0\
CHR - Extension: Google Reader = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjjhlfkghdhmijklfnahfkpgmhcmfgcm\4.3_0\
CHR - Extension: Gmail = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/06/29 03:58:13 | 000,442,922 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 www.123fporn.info
O1 - Hosts: 15215 more lines...
O2 - BHO: (TFPUPWDBankBHO Class) - {030AC7B6-E7EC-40F1-8FB2-C0FD344DE0B9} - C:\Program Files\TOSHIBA\TFPU\TFPUPWDBankBHO.dll (TODO: <Company name>)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - {381FFDE8-2394-4F90-B10D-FC6124A40F8C} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-985302526-3885216461-293028738-1007\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [KeePass 2 PreLoad] C:\Program Files\KeePass Password Safe 2\KeePass.exe (Dominik Reichl)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TFPUPWDBankService] C:\Program Files\TOSHIBA\TFPU\TFPUPWDBank.exe (TOSHIBA)
O4 - HKLM..\Run: [TFPUService] C:\Program Files\TOSHIBA\TFPU\TFPUTaskMonitor.exe (TOSHIBA)
O4 - HKLM..\Run: [TNRotate] C:\Program Files\TOSHIBA\TNROTATE\TNROTATE.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TOSDCR] C:\Program Files\TOSHIBA\PasswordUtility\TOSDCR.exe ()
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosVolRegulator] C:\Windows\TosVolRegulator.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TUSBSleepChargeSrv] C:\Program Files\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe (TOSHIBA)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKU\S-1-5-21-985302526-3885216461-293028738-1007..\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKU\S-1-5-21-985302526-3885216461-293028738-1007..\Run: [EPSON Artisan 720 Series] C:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIGYA.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-985302526-3885216461-293028738-1007..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKU\S-1-5-21-985302526-3885216461-293028738-1007..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKU\S-1-5-21-985302526-3885216461-293028738-1007..\Run: [RegZooka] "C:\Program Files\RegZooka\RegZooka.exe" File not found
O4 - HKU\S-1-5-21-985302526-3885216461-293028738-1007..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Andrew - School\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O4 - Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Jennifer\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O4 - Startup: C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PersonalBrain.lnk = File not found
O4 - Startup: C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\SteveW\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-985302526-3885216461-293028738-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-985302526-3885216461-293028738-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-985302526-3885216461-293028738-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 10.4.0)
O16 - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 1.7.0_04)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 1.7.0_04)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3F64F89A-84F1-47A2-AB63-080EDA8655A0}: DhcpNameServer = 203.97.78.43 203.97.78.44 203.97.78.44 203.97.78.43
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6DF5FB4E-1F23-4127-B7ED-8A15C224BF83}: NameServer = 0.0.0.0
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B1608E79-C941-4EC6-B359-B49DCD4347C7}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 09:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (MACHINE BootExecut)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/01 20:39:03 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Jennifer\Desktop\OTL.exe
[2012/07/01 20:24:28 | 000,607,260 | ---- | C] (Swearware) -- C:\Users\Jennifer\Desktop\dds.scr
[2012/07/01 20:08:13 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\Desktop\DeBugging Files
[2012/07/01 13:35:49 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Jennifer\Desktop\aswMBR.exe
[2012/06/29 03:21:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/06/29 03:21:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/06/29 03:21:38 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2012/06/29 03:15:27 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
[2012/06/29 03:15:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2012/06/29 03:15:00 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2012/06/28 01:41:46 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Roaming\Malwarebytes
[2012/06/28 01:41:41 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2012/06/28 01:41:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/06/28 01:41:41 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/06/28 01:41:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/06/26 23:51:55 | 000,000,000 | ---D | C] -- C:\ProgramData\BDLogging
[2012/06/26 23:43:35 | 000,000,000 | ---D | C] -- C:\Program Files\Bitdefender
[2012/06/26 23:19:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Dumps
[2012/06/26 21:37:55 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\Macromedia
[2012/06/23 14:38:12 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\Dropbox -- Not On (BACKUP)
[2012/06/23 13:40:40 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\MY BACKUPS
[2012/06/23 11:57:23 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\Desktop\Temp- to Upload to Evernote
[2012/06/22 12:38:23 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wups2.dll
[2012/06/22 12:38:22 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wucltux.dll
[2012/06/22 12:37:35 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wuapi.dll
[2012/06/22 12:37:35 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wudriver.dll
[2012/06/22 12:37:35 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wups.dll
[2012/06/22 12:35:46 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wuwebv.dll
[2012/06/22 12:35:45 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wuapp.exe
[2012/06/20 17:27:32 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\SpyZooka
[2012/06/16 23:26:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
[2012/06/16 23:05:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/06/16 22:59:55 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/06/16 22:58:16 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/06/14 00:30:01 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb
[2012/06/14 00:29:59 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll
[2012/06/14 00:29:59 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieUnatt.exe
[2012/06/14 00:29:59 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll
[2012/06/14 00:29:58 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jscript9.dll
[2012/06/14 00:29:58 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\url.dll
[2012/06/14 00:29:57 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inetcpl.cpl
[2012/06/13 13:34:43 | 002,343,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys
[2012/06/13 13:34:23 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rdpcorekmts.dll
[2012/06/13 13:34:21 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rdpwsx.dll
[2012/06/13 13:34:13 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rdrmemptylst.exe
[2012/06/12 21:42:18 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\Desktop\Backup to Evernote
[2012/06/12 21:31:10 | 000,000,000 | ---D | C] -- C:\Program Files\KeePass Password Safe 2
[2012/06/06 09:34:58 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Roaming\Spyzooka
[2012/06/06 01:45:19 | 000,000,000 | ---D | C] -- C:\Program Files\SpyZooka
[2012/06/06 00:24:41 | 000,000,000 | ---D | C] -- C:\Program Files\RegZooka
[2012/06/06 00:13:50 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Registry Cleaner
[2012/06/04 20:46:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime

========== Files - Modified Within 30 Days ==========

[2012/07/01 20:44:01 | 000,000,920 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-985302526-3885216461-293028738-1007UA.job
[2012/07/01 20:42:15 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Jennifer\Desktop\OTL.exe
[2012/07/01 20:30:23 | 000,000,512 | ---- | M] () -- C:\Users\Jennifer\Desktop\MBR.dat
[2012/07/01 20:29:08 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/07/01 20:24:28 | 000,607,260 | ---- | M] (Swearware) -- C:\Users\Jennifer\Desktop\dds.scr
[2012/07/01 20:19:00 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-985302526-3885216461-293028738-1004UA.job
[2012/07/01 20:11:29 | 000,017,504 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/01 20:11:29 | 000,017,504 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/01 19:59:01 | 000,000,886 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/01 19:58:43 | 000,000,882 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/01 19:58:03 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/07/01 19:58:00 | 262,186,676 | ---- | M] () -- C:\windows\MEMORY.DMP
[2012/07/01 19:57:54 | 1447,366,656 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/01 18:44:00 | 000,000,868 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-985302526-3885216461-293028738-1007Core.job
[2012/07/01 13:50:17 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Jennifer\Desktop\aswMBR.exe
[2012/07/01 13:25:35 | 000,000,000 | -H-- | M] () -- C:\Users\Jennifer\Documents\Default.rdp
[2012/06/30 22:19:00 | 000,000,860 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-985302526-3885216461-293028738-1004Core.job
[2012/06/30 20:55:45 | 000,002,423 | ---- | M] () -- C:\Users\Jennifer\Desktop\Google Chrome.lnk
[2012/06/29 03:58:13 | 000,442,922 | R--- | M] () -- C:\windows\System32\drivers\etc\hosts
[2012/06/29 03:21:43 | 000,001,211 | ---- | M] () -- C:\Users\Jennifer\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/06/29 03:21:43 | 000,001,187 | ---- | M] () -- C:\Users\Jennifer\Desktop\Spybot - Search & Destroy.lnk
[2012/06/29 03:15:07 | 000,001,045 | ---- | M] () -- C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/06/29 03:15:00 | 000,000,846 | ---- | M] () -- C:\Users\Jennifer\Desktop\ERUNT.lnk
[2012/06/28 01:41:42 | 000,001,038 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/28 01:23:26 | 000,204,187 | ---- | M] () -- C:\ProgramData\1340803125.bdinstall.bin
[2012/06/27 07:41:12 | 000,773,830 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012/06/27 07:41:12 | 000,166,964 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012/06/27 02:34:35 | 000,001,064 | ---- | M] () -- C:\Users\Jennifer\Desktop\OpenOffice.org Writer.lnk
[2012/06/27 02:34:26 | 000,001,424 | ---- | M] () -- C:\Users\Jennifer\Desktop\Internet Explorer.lnk
[2012/06/27 02:33:56 | 000,000,972 | ---- | M] () -- C:\Users\Jennifer\Desktop\MediaMonkey.lnk
[2012/06/27 02:18:45 | 000,007,624 | -H-- | M] () -- C:\Users\Jennifer\AppData\Local\resmon.resmoncfg
[2012/06/27 01:44:35 | 000,000,385 | ---- | M] () -- C:\windows\System32\user_gensett.xml
[2012/06/27 00:59:09 | 000,249,786 | ---- | M] () -- C:\ProgramData\1340710945.bdinstall.bin
[2012/06/26 23:50:19 | 000,000,000 | -H-- | M] () -- C:\windows\System32\drivers\Msft_Kernel_avchv_01009.Wdf
[2012/06/26 21:45:30 | 000,001,256 | ---- | M] () -- C:\Users\Jennifer\Desktop\Paint.lnk
[2012/06/25 23:45:16 | 000,000,052 | ---- | M] () -- C:\windows\System32\ashttpstats.csv
[2012/06/25 23:43:57 | 000,000,121 | ---- | M] () -- C:\windows\bdagent.INI
[2012/06/25 23:19:08 | 000,000,139 | ---- | M] () -- C:\ProgramData\search_result.xml
[2012/06/25 19:29:34 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerApp.exe
[2012/06/25 19:29:34 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl
[2012/06/16 23:05:08 | 000,001,764 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/06/14 22:33:50 | 000,437,920 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2012/06/12 21:31:11 | 000,001,074 | ---- | M] () -- C:\Users\Jennifer\Desktop\KeePass 2.lnk
[2012/06/10 14:11:23 | 000,007,334 | ---- | M] () -- C:\Users\Jennifer\New OpenDocument Text.odt
[2012/06/06 11:19:40 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2012/06/06 11:19:40 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2012/06/04 20:46:12 | 000,001,826 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/06/03 10:19:33 | 000,045,080 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\wups2.dll
[2012/06/03 10:19:32 | 000,035,864 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\wups.dll
[2012/06/03 10:19:23 | 000,577,048 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\wuapi.dll
[2012/06/03 10:12:32 | 002,422,272 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\wucltux.dll
[2012/06/03 10:12:13 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\wudriver.dll
[2012/06/02 15:19:42 | 000,171,904 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\wuwebv.dll
[2012/06/02 15:12:20 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\wuapp.exe

========== Files Created - No Company Name ==========

[2012/07/01 20:30:23 | 000,000,512 | ---- | C] () -- C:\Users\Jennifer\Desktop\MBR.dat
[2012/07/01 13:25:35 | 000,000,000 | -H-- | C] () -- C:\Users\Jennifer\Documents\Default.rdp
[2012/06/29 03:21:43 | 000,001,211 | ---- | C] () -- C:\Users\Jennifer\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/06/29 03:21:43 | 000,001,187 | ---- | C] () -- C:\Users\Jennifer\Desktop\Spybot - Search & Destroy.lnk
[2012/06/29 03:15:07 | 000,001,045 | ---- | C] () -- C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/06/29 03:15:00 | 000,000,846 | ---- | C] () -- C:\Users\Jennifer\Desktop\ERUNT.lnk
[2012/06/28 01:41:42 | 000,001,038 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/28 01:23:26 | 000,204,187 | ---- | C] () -- C:\ProgramData\1340803125.bdinstall.bin
[2012/06/27 02:34:35 | 000,001,064 | ---- | C] () -- C:\Users\Jennifer\Desktop\OpenOffice.org Writer.lnk
[2012/06/27 02:34:26 | 000,001,424 | ---- | C] () -- C:\Users\Jennifer\Desktop\Internet Explorer.lnk
[2012/06/27 02:33:56 | 000,000,972 | ---- | C] () -- C:\Users\Jennifer\Desktop\MediaMonkey.lnk
[2012/06/27 01:44:35 | 000,000,385 | ---- | C] () -- C:\windows\System32\user_gensett.xml
[2012/06/27 00:59:09 | 000,249,786 | ---- | C] () -- C:\ProgramData\1340710945.bdinstall.bin
[2012/06/26 23:50:19 | 000,000,000 | -H-- | C] () -- C:\windows\System32\drivers\Msft_Kernel_avchv_01009.Wdf
[2012/06/26 21:45:30 | 000,001,256 | ---- | C] () -- C:\Users\Jennifer\Desktop\Paint.lnk
[2012/06/25 23:43:22 | 000,000,121 | ---- | C] () -- C:\windows\bdagent.INI
[2012/06/16 23:05:08 | 000,001,764 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/06/12 21:31:11 | 000,001,086 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeePass 2.lnk
[2012/06/12 21:31:11 | 000,001,074 | ---- | C] () -- C:\Users\Jennifer\Desktop\KeePass 2.lnk
[2012/06/10 14:11:22 | 000,007,334 | ---- | C] () -- C:\Users\Jennifer\New OpenDocument Text.odt
[2012/06/06 11:19:40 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2012/06/06 11:19:40 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2012/06/04 20:46:12 | 000,001,826 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/04/12 08:42:24 | 000,007,624 | -H-- | C] () -- C:\Users\Jennifer\AppData\Local\resmon.resmoncfg
[2012/04/07 01:28:49 | 000,000,139 | ---- | C] () -- C:\ProgramData\search_result.xml
[2012/03/17 21:57:18 | 000,000,872 | -H-- | C] () -- C:\Users\Jennifer\.recently-used.xbel
[2012/03/17 16:48:33 | 000,000,051 | ---- | C] () -- C:\windows\EPART725.ini
[2012/02/20 15:05:55 | 000,066,048 | ---- | C] () -- C:\windows\System32\PrintBrmUi.exe
[2011/10/04 14:18:18 | 000,000,632 | RHS- | C] () -- C:\Users\Jennifer\ntuser.pol
[2011/09/30 20:40:10 | 000,000,129 | -H-- | C] () -- C:\Users\Jennifer\jagex_runescape_preferences2.dat
[2011/09/30 20:36:55 | 000,000,035 | -H-- | C] () -- C:\Users\Jennifer\jagex_runescape_preferences.dat
[2011/07/28 12:59:29 | 000,000,000 | -H-- | C] () -- C:\Users\Jennifer\AppData\Local\{53E59F28-031B-428E-8EB9-86DD78071963}
[2011/06/04 22:57:42 | 000,000,000 | ---- | C] () -- C:\windows\System32\imwords.dat
[2011/06/04 22:57:42 | 000,000,000 | ---- | C] () -- C:\windows\System32\im_markovian.dat
[2011/04/06 16:39:35 | 000,193,536 | -H-- | C] () -- C:\Users\Jennifer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/05 09:28:41 | 000,000,000 | ---- | C] () -- C:\windows\System32\imblacklist.dat
[2011/04/04 11:17:09 | 000,000,000 | ---- | C] () -- C:\windows\System32\pcwords2.dat
[2011/04/04 11:17:09 | 000,000,000 | ---- | C] () -- C:\windows\System32\pcwords.dat
[2011/04/04 11:17:09 | 000,000,000 | ---- | C] () -- C:\windows\System32\pc_webproxy.dat
[2011/04/04 11:17:09 | 000,000,000 | ---- | C] () -- C:\windows\System32\pc_video.dat
[2011/04/04 11:17:09 | 000,000,000 | ---- | C] () -- C:\windows\System32\pc_tabloids.dat
[2011/04/04 11:17:09 | 000,000,000 | ---- | C] () -- C:\windows\System32\pc_socialnetworks.dat
[2011/04/04 11:17:09 | 000,000,000 | ---- | C] () -- C:\windows\System32\pc_searchengines.dat
[2011/04/04 11:17:09 | 000,000,000 | ---- | C] () -- C:\windows\System32\pc_regionaltlds.dat
[2011/04/04 11:17:09 | 000,000,000 | ---- | C] () -- C:\windows\System32\pc_pornography.dat
[2011/04/04 11:17:09 | 000,000,000 | ---- | C] () -- C:\windows\System32\pc_onlineshop.dat
[2011/04/04 11:17:09 | 000,000,000 | ---- | C] () -- C:\windows\System32\pc_onlinepay.dat
[2011/04/04 11:17:09 | 000,000,000 | ---- | C] () -- C:\windows\System32\pc_onlinedating.dat
[2011/04/04 11:17:09 | 000,000,000 | ---- | C] () -- C:\windows\System32\pc_news.dat
[2011/04/04 11:17:09 | 000,000,000 | ---- | C] () -- C:\windows\System32\pc_im.dat
[2011/04/04 11:17:09 | 000,000,000 | ---- | C] () -- C:\windows\System32\pc_illegal.dat
[2011/04/04 11:17:09 | 000,000,000 | ---- | C] () -- C:\windows\System32\pc_hate.dat
[2011/04/04 11:17:09 | 000,000,000 | ---- | C] () -- C:\windows\System32\pc_games.dat
[2011/04/04 11:17:09 | 000,000,000 | ---- | C] () -- C:\windows\System32\pc_gambling.dat
[2011/04/04 11:17:09 | 000,000,000 | ---- | C] () -- C:\windows\System32\pc_drugs.dat
[2011/03/24 18:39:13 | 000,087,552 | ---- | C] () -- C:\windows\System32\cpwmon2k.dll
[2010/07/28 21:01:14 | 000,127,868 | ---- | C] () -- C:\windows\System32\igcompkrng575.bin
[2010/07/28 21:01:12 | 000,104,796 | ---- | C] () -- C:\windows\System32\igfcg575m.bin
[2010/07/28 21:01:10 | 000,870,560 | ---- | C] () -- C:\windows\System32\igkrng575.bin
[2010/07/28 20:20:56 | 000,004,096 | ---- | C] ( ) -- C:\windows\System32\IGFXDEVLib.dll
[2010/03/29 18:40:20 | 000,100,256 | ---- | C] () -- C:\Program Files\Common Files\LinkInstaller.exe

========== LOP Check ==========

kiwikay · Jul 1, 2012

More OTL Logs

Continued from the previous post...
==================================

[2012/05/06 15:02:26 | 000,000,000 | ---D | M] -- C:\Users\Andrew - School\AppData\Roaming\BitDefender
[2012/05/06 15:04:18 | 000,000,000 | ---D | M] -- C:\Users\Andrew - School\AppData\Roaming\Epson
[2012/05/06 15:33:21 | 000,000,000 | ---D | M] -- C:\Users\Andrew - School\AppData\Roaming\TFPU
[2011/04/25 17:37:16 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\BitDefender
[2011/04/25 17:38:19 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Hyperionics
[2011/03/01 15:54:26 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\OpenOffice.org
[2011/03/01 15:54:36 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\TFPU
[2011/06/21 09:54:43 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Thunderbird
[2011/05/14 18:13:27 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\WildTangent
[2011/06/21 09:52:16 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Workrave
[2011/12/02 12:28:32 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\.minecraft
[2012/05/23 02:40:45 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\ACD Systems
[2012/04/14 02:24:39 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\AnvSoft
[2012/07/01 20:44:09 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\Dropbox
[2011/12/07 07:40:48 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\EPSON
[2012/05/30 20:15:39 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\Foxit Software
[2012/04/13 22:56:00 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\HandBrake
[2011/04/16 22:20:38 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\Hyperionics
[2012/07/01 20:43:08 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\KeePass
[2011/10/10 20:38:03 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\Leadertech
[2012/04/14 01:36:47 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\OpenCandy
[2011/03/01 13:08:09 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\OpenOffice.org
[2011/03/10 12:49:13 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\PaperTigerApplicationData
[2012/03/22 23:37:18 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\PDF Pro 10
[2012/04/27 18:44:54 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\PersonalBrain
[2011/04/04 11:04:53 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\QuickScan
[2012/06/21 23:13:00 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\Spyzooka
[2011/02/11 19:40:03 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\TFPU
[2012/06/27 00:53:29 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\Thunderbird
[2012/04/12 08:41:34 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\toshiba
[2012/04/10 09:20:44 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\uTorrent
[2011/10/26 19:08:56 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\BitDefender
[2011/12/04 17:48:08 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\Hyperionics
[2011/12/04 17:48:37 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\OpenOffice.org
[2011/10/26 19:11:59 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\TFPU
[2011/12/30 09:03:38 | 000,000,000 | ---D | M] -- C:\Users\SteveW\AppData\Roaming\.minecraft
[2011/10/26 19:26:39 | 000,000,000 | ---D | M] -- C:\Users\SteveW\AppData\Roaming\ACD Systems
[2011/05/05 20:13:06 | 000,000,000 | ---D | M] -- C:\Users\SteveW\AppData\Roaming\BitDefender
[2010/11/01 19:02:49 | 000,000,000 | ---D | M] -- C:\Users\SteveW\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/12/08 19:18:02 | 000,000,000 | ---D | M] -- C:\Users\SteveW\AppData\Roaming\Epson
[2011/05/05 20:14:26 | 000,000,000 | ---D | M] -- C:\Users\SteveW\AppData\Roaming\Hyperionics
[2010/11/01 19:03:55 | 000,000,000 | ---D | M] -- C:\Users\SteveW\AppData\Roaming\OpenOffice.org
[2010/09/25 17:55:53 | 000,000,000 | ---D | M] -- C:\Users\SteveW\AppData\Roaming\TFPU
[2010/12/01 23:34:24 | 000,000,000 | ---D | M] -- C:\Users\SteveW\AppData\Roaming\Tific
[2011/12/27 19:46:52 | 000,000,000 | ---D | M] -- C:\Users\SteveW\AppData\Roaming\TOSHIBA
[2011/08/31 23:18:54 | 000,000,000 | ---D | M] -- C:\Users\SteveW\AppData\Roaming\uTorrent
[2010/09/29 19:23:38 | 000,000,000 | ---D | M] -- C:\Users\SteveW\AppData\Roaming\WildTangent
[2010/11/06 06:11:51 | 000,000,000 | ---D | M] -- C:\Users\SteveW\AppData\Roaming\WinBatch
[2010/09/26 20:31:19 | 000,000,000 | ---D | M] -- C:\Users\SteveW\AppData\Roaming\Wireshark
[2012/05/12 10:14:04 | 000,032,630 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

Logs from Extras.txt...
=========================

OTL Extras logfile created on: 7/1/2012 8:45:05 PM - Run 1
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Jennifer\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: New Zealand | Language: ENZ | Date Format: d/MM/yyyy

1.80 Gb Total Physical Memory | 0.26 Gb Available Physical Memory | 14.62% Memory free
3.59 Gb Paging File | 1.20 Gb Available in Paging File | 33.49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.22 Gb Total Space | 114.06 Gb Free Space | 51.33% Space Free | Partition Type: NTFS

Computer Name: JENW-PC | User Name: Jennifer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee Pro 2.5.Browse] -- "C:\Program Files\ACD Systems\ACDSee Pro\2.5\ACDSeeQVPro25.exe" "%1" (ACD Systems)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0BA6076C-82C0-4581-8E15-8078F9A19477}" = lport=10243 | protocol=6 | dir=in | app=system |
"{1256C8B1-FC6C-4405-9DA1-6D580AD3327B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{19F6F46A-5FD1-4686-A5B7-43D453B49CFB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=c:\windows\system32\svchost.exe |
"{1A3AC770-F4F3-44A4-AE9D-18E2DC0EC459}" = rport=10243 | protocol=6 | dir=out | app=system |
"{1B58F9B0-AAF4-4FE9-81FC-F630E03203C9}" = lport=139 | protocol=6 | dir=in | app=system |
"{240A36E3-B90F-497C-9187-338652EA5CFB}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{277C6065-C923-45C5-8183-6304720C63F4}" = lport=138 | protocol=17 | dir=in | app=system |
"{39A4198F-3D5C-4670-A18C-EC3A059A1AD8}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3DE820A7-D95A-4C3B-9E8E-946B025C6FD2}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{435BA9DA-F4A5-4458-9196-95CE1668B29D}" = rport=445 | protocol=6 | dir=out | app=system |
"{50088C42-01D2-44DE-AE4A-89C0622D4A0B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{50817744-7AFB-4F4C-AA37-0E814A14E426}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=c:\windows\system32\svchost.exe |
"{5FE50D78-47FC-4292-B7A4-8F148E8D3892}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{793C6114-A49A-44DD-BEE1-DE631037A7D4}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{89637DF4-CEFD-4535-94D2-4283F1EC6778}" = lport=445 | protocol=6 | dir=in | app=system |
"{A3FADE10-FFEE-4E29-8566-10190F1789FB}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A50269D8-71E9-4725-AD31-EA47DD894A50}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B695222C-CA02-4505-874E-D5AAD9D3A512}" = rport=139 | protocol=6 | dir=out | app=system |
"{D0BD91EF-9D76-451B-B271-31D28E53695A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D55AE5ED-8047-428C-AC72-04082B94ED26}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{DF38C0F4-9088-40E5-87DB-669112588F0F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E15FE230-4692-49D5-A909-D82A0770B013}" = lport=137 | protocol=17 | dir=in | app=system |
"{EAD365B9-2FF0-44D2-B645-345C2F06777E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F34E5123-B583-43CF-8A0B-4263D6FB853C}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{FA374B03-8D23-45B1-84D8-3BE58B64D7EF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FBC70F81-F2AC-4260-B3EC-D82181A057EE}" = rport=138 | protocol=17 | dir=out | app=system |
"{FC7C3E0A-6A3F-4BA3-95E6-A51BB303DD50}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{FD4417AF-8EBB-4AFE-9529-423BEA81A400}" = rport=137 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0129D4B7-6616-4A71-8E07-4FB15B1C5DCD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{03E13F30-718D-4DB3-A041-B10461EAA93A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{16339BCF-868B-4B01-8C8A-352FF5F7BC4B}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{1B8B07FC-C6DC-4DB6-9478-CAF7700FCC36}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{214E7E5B-160F-44B1-B555-8944CD13B559}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{220CA804-86E7-4C70-BB00-FDAE42A25754}" = protocol=6 | dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{2D8D7192-38CA-4FB6-8291-336997FC1202}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{317137E4-BBA4-4365-9E51-B478B816221D}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{3BB04375-E2D7-4927-ADA1-FAAF7E3B6886}" = protocol=17 | dir=in | app=c:\program files\bitdefender\bitdefender 2011\seccenter.exe |
"{3F51D0C3-E0D0-4E2C-A36F-1B0E55F39C90}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{411D074E-3BE6-4B72-922A-ADC4786EDE2B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{41DE9FC1-0DD3-4334-A640-1DB4BD0EB13D}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{4DDBA853-10CC-4225-8263-51F891FE7DB2}" = protocol=6 | dir=out | app=system |
"{6DC5347E-DA6D-4364-BE2C-A3AF5F31DB12}" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"{6F1DFB33-529D-4B07-B96A-6D62AE56815F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{78F1F5D7-564E-40F3-83B7-1CB2499DF108}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{7C6E4407-2FFC-4AEF-A386-9384EC9221CF}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{84939FD4-CEDD-468E-807F-A7ACEABE9684}" = protocol=6 | dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{884DE649-FA86-4D1D-A4E3-64C23132F7C4}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9D09FA55-46E0-408B-A459-105F3B1523B0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9FCBF449-A2EE-4087-9845-27B706C63803}" = protocol=6 | dir=in | app=c:\program files\bitdefender\bitdefender 2011\seccenter.exe |
"{A497A108-5191-4DEA-AA60-4398A52388A5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A8D12086-19BC-4645-922F-B72DC220E8A7}" = protocol=17 | dir=in | app=c:\users\jennifer\appdata\roaming\dropbox\bin\dropbox.exe |
"{B287DCAE-40D5-464A-ACE8-E84558CDC908}" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"{BF885250-A5D6-445D-AAFF-B391B32978D3}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{C0F896CE-5E52-4ACF-ABB8-1D01CDCA5481}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CAC12D19-F525-4B94-8C58-3460C7AC5069}" = protocol=17 | dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{CD32E5F2-E193-4E29-9DD2-A0E2EBE9D152}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{D7804B5B-40F5-47AD-A493-B86F410DE205}" = protocol=6 | dir=in | app=c:\users\jennifer\appdata\roaming\dropbox\bin\dropbox.exe |
"{D842900D-1C6D-46B6-ABE8-0D2DDCC08F70}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{E23C7322-7138-43DB-BE3F-D8E70B69074B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E69E125F-AF34-4DBC-BF2D-2E2EEE646464}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{EB7364E2-4E0B-429C-9EDC-200A91DEA3CB}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EE75CEC9-D766-49F1-ACEE-9836D49650BD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F4C3D845-9223-4458-865E-BADC318B425D}" = protocol=17 | dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{F859C60B-BE84-4DB0-8C8E-0D4FA8ACD413}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{FF74FBA9-AEF2-415A-96A6-C777A7E1CD0E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"TCP Query User{07A252E7-0822-49A1-A5D3-10BBF7521DE1}E:\portableapps\skypeportable\app\skype\phone\skype.exe" = protocol=6 | dir=in | app=e:\portableapps\skypeportable\app\skype\phone\skype.exe |
"TCP Query User{404196BB-E5EF-4908-9E0B-E30872F120E3}F:\portableapps\operaportable\app\opera\opera.exe" = protocol=6 | dir=in | app=f:\portableapps\operaportable\app\opera\opera.exe |
"TCP Query User{688C04DD-F2D5-4606-A238-6A577C220AE9}F:\portableapps\skypeportable\app\skype\phone\skype.exe" = protocol=6 | dir=in | app=f:\portableapps\skypeportable\app\skype\phone\skype.exe |
"TCP Query User{891E2508-6575-4B1A-9254-1152310FD047}C:\users\jennifer\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\jennifer\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{96AA3ACA-484C-496E-8FF7-BF89EBD8C053}C:\users\jennifer\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\jennifer\appdata\local\google\chrome\application\chrome.exe |
"TCP Query User{9B8F2036-CF99-4687-88C5-9071F7862E63}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"TCP Query User{CE65EC55-D0B2-44AB-80B4-A1DBD04CC0B2}E:\portableapps\operaportable\app\opera\opera.exe" = protocol=6 | dir=in | app=e:\portableapps\operaportable\app\opera\opera.exe |
"TCP Query User{D71C97FF-03BF-41D0-83C0-EC93C398CF44}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{E6CCC26A-8CE3-45E2-977D-22F47C7C5907}F:\portableapps\skypeportable\app\skype\phone\skype.exe" = protocol=6 | dir=in | app=f:\portableapps\skypeportable\app\skype\phone\skype.exe |
"TCP Query User{EFA7820F-C7AA-487C-B752-4E1B41EF35E9}E:\portableapps\skypeportable\app\skype\phone\skype.exe" = protocol=6 | dir=in | app=e:\portableapps\skypeportable\app\skype\phone\skype.exe |
"UDP Query User{0D0A88F1-575A-4BE9-AE76-9B7EEDCAD807}E:\portableapps\skypeportable\app\skype\phone\skype.exe" = protocol=17 | dir=in | app=e:\portableapps\skypeportable\app\skype\phone\skype.exe |
"UDP Query User{323171BB-7C47-44F9-A355-3786AB00121A}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{340BEA51-0868-4CD1-9DD7-8E42A8234E2F}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"UDP Query User{39ACB6EF-4657-4716-AC54-7F2A542813AB}C:\users\jennifer\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\jennifer\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{441F93C6-5EEE-4A88-B86E-BD2786D473E4}F:\portableapps\skypeportable\app\skype\phone\skype.exe" = protocol=17 | dir=in | app=f:\portableapps\skypeportable\app\skype\phone\skype.exe |
"UDP Query User{BDBA6AE0-E919-4230-B64E-275587F4EFCD}F:\portableapps\operaportable\app\opera\opera.exe" = protocol=17 | dir=in | app=f:\portableapps\operaportable\app\opera\opera.exe |
"UDP Query User{C9DADB4C-5F3A-4991-AD2F-B10434CC8C02}E:\portableapps\skypeportable\app\skype\phone\skype.exe" = protocol=17 | dir=in | app=e:\portableapps\skypeportable\app\skype\phone\skype.exe |
"UDP Query User{EDC13D8F-707A-4A14-A8C7-58064C51CE59}F:\portableapps\skypeportable\app\skype\phone\skype.exe" = protocol=17 | dir=in | app=f:\portableapps\skypeportable\app\skype\phone\skype.exe |
"UDP Query User{F49B6777-D9BD-45CD-952D-11AB7C4C278B}C:\users\jennifer\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\jennifer\appdata\local\google\chrome\application\chrome.exe |
"UDP Query User{FD16960B-34B5-4D29-A737-DD6F32500420}E:\portableapps\operaportable\app\opera\opera.exe" = protocol=17 | dir=in | app=e:\portableapps\operaportable\app\opera\opera.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{022CBB38-CEF0-42BA-906A-A49BEFAE0BEE}" = RICOH R5U230 Media Driver ver.2.07.03.02
"{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}" = Epson Event Manager
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0BE73D3C-B5AF-11E1-933A-984BE15F174E}" = Evernote v. 4.5.7
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1E63ACB5-D45E-4856-8FC9-78F4B0D7BB80}" = TOSHIBA Security Assist
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23236FC2-648D-4ACF-AD16-68492D0F0AC9}" = FileBox eXtender
"{247C5DDA-FFD7-44E0-8BF7-79BC80A0BF87}" = Windows Live Family Safety
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 4
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{2D6E3D97-1FDF-4993-AC75-72F59EC445C5}" = Windows Live Family Safety
"{2D95950E-6D76-43E7-94A5-D9DBA2FD29E4}" = ACDSee Pro 2.5
"{2E54DAC2-BDF7-49EC-87AF-B38E3B096BC6}" = TOSHIBA 180 Degrees Rotation Utility
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{449CE12D-E2C7-4B97-B19E-55D163EA9435}" = Bing Bar
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{53536479-DFB0-47ED-9D10-43F3708C222D}" = TOSHIBA eco Utility
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A13987D-55F4-4271-A40E-76AC9B1B38FD}" = OpenOffice.org 3.2
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
"{5F1DFCC1-595D-4235-A044-E05B706D800A}" = AuthenTec Fingerprint Software
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{628C2C7D-8AD1-E614-E8E2-6EEAD8D5F2D0}" = Acrobat.com
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6DEF11C0-35FF-4160-A543-FDD336C4DAE5}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{77980040-86C1-456B-845B-DDD66A0ADCA3}" = Foxit PhantomPDF
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7C05EEDD-E565-4E2B-ADE4-0C784C17311C}" = Crystal Reports for .NET Framework 2.0 (x86)
"{7E8A5518-814D-49F3-AF14-8FA43C08F6CF}" = LiveUpload to Mediashare
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Foxit PDF Creator Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{89F7D66C-777D-473B-AA11-319C0F190EAC}" = TOSHIBA Internal Modem Region Select Utility
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{94A90C69-71C1-470A-88F5-AA47ECC96B40}" = TOSHIBA HDD Protection
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C5C9BAE-A4B1-4A40-AC43-2C1967C39D37}" = The Paper Tiger Professional 4.1
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7760E07-4C23-4766-A99E-F715F298E99C}" = TFPU
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB756389-9A03-44f3-ABAF-3699C01B4868}-Navman-7.30" = NavDesk 7.30
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B90E5EBE-DF18-44D5-9D18-689ADEE9DA6C}" = Intel(R) PROSet/Wireless WiFi Software
"{BAAB98AF-E4B6-4A2F-A3D7-296BADB7FE2E}" = Microsoft SQL Server 2005 Express Edition (PTPROFESSIONAL41)
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{C9D8A041-2963-4B31-8FFC-1500F3DB9293}" = EpsonNet Setup 3.3
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA7DF8E2-4B8F-4286-97FE-DE3FFFE9B728}" = iCloud
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E487EE7D-EAAA-4E2A-9116-E3B477D8A74F}" = TOSHIBA USB Sleep and Charge Utility
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3529665-D75E-4D6D-98F0-745C78C68E9B}" = TOSHIBA ConfigFree
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Any Video Converter_is1" = Any Video Converter 3.3.5
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"CutePDF Writer Installation" = CutePDF Writer 2.8
"EPSON Artisan 720 Series" = EPSON Artisan 720 Series Printer Uninstall
"EPSON Scanner" = EPSON Scan
"EPSON TX720 Artisan720 Series" = EPSON TX720 Artisan720 Series Printer Uninstall
"ERUNT_is1" = ERUNT 1.1j
"FileBox eXtender" = FileBox eXtender
"Foxit Reader_is1" = Foxit Reader
"HandBrake" = HandBrake 0.9.6
"InstallShield_{2E54DAC2-BDF7-49EC-87AF-B38E3B096BC6}" = TOSHIBA 180 Degrees Rotation Utility
"InstallShield_{53536479-DFB0-47ED-9D10-43F3708C222D}" = TOSHIBA eco Utility
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{89F7D66C-777D-473B-AA11-319C0F190EAC}" = TOSHIBA Internal Modem Region Select Utility
"InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"KeePassPasswordSafe2_is1" = KeePass Password Safe 2.19
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"LTMOH" = LSI V92 MOH Application
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"MediaMonkey_is1" = MediaMonkey 3.2
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"PROHYBRIDR" = 2007 Microsoft Office system
"PROSet" = Intel(R) Network Connections Drivers
"TFPU{A7760E07-4C23-4766-A99E-F715F298E99C}" = TOSHIBA Fingerprint Utility
"Ultimate Reference Suite" = Ultimate Reference Suite
"uTorrent" = µTorrent
"VLC media player" = VLC media player 2.0.1
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.2
"Wireshark" = Wireshark 1.4.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-985302526-3885216461-293028738-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Foxit PDF Creator Toolbar Updater
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 6/30/2012 4:24:42 AM | Computer Name = JenW-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
of attribute "version" in element "assemblyIdentity" is invalid.

Error - 6/30/2012 4:25:52 AM | Computer Name = JenW-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\TOSHIBA\toshiba
usb sleep and charge utility\SetupProp64.exe". Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 6/30/2012 4:28:45 AM | Computer Name = JenW-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program files\spybot
- search & destroy\DelZip179.dll" on line 8. The value "*" of attribute "language"
in element "assemblyIdentity" is invalid.

Error - 6/30/2012 4:28:52 AM | Computer Name = JenW-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program files\spybot
- search & destroy\DelZip179.dll" on line 8. The value "*" of attribute "language"
in element "assemblyIdentity" is invalid.

Error - 6/30/2012 4:28:55 AM | Computer Name = JenW-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program files\spybot
- search & destroy\DelZip179.dll" on line 8. The value "*" of attribute "language"
in element "assemblyIdentity" is invalid.

Error - 6/30/2012 4:29:07 AM | Computer Name = JenW-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program files\spybot
- search & destroy\DelZip179.dll" on line 8. The value "*" of attribute "language"
in element "assemblyIdentity" is invalid.

Error - 6/30/2012 8:33:10 AM | Computer Name = JenW-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Fingerprint
Sensor\Drivers\DPInst64.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 6/30/2012 8:37:02 AM | Computer Name = JenW-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
of attribute "version" in element "assemblyIdentity" is invalid.

Error - 6/30/2012 8:37:37 AM | Computer Name = JenW-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\TOSHIBA\toshiba
usb sleep and charge utility\SetupProp64.exe". Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 7/1/2012 3:00:09 AM | Computer Name = JenW-PC | Source = Windows Backup | ID = 4103
Description =

[ System Events ]
Error - 6/30/2012 3:11:20 PM | Computer Name = JenW-PC | Source = bowser | ID = 8003
Description =

Error - 6/30/2012 9:07:49 PM | Computer Name = JenW-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 6/30/2012 9:07:49 PM | Computer Name = JenW-PC | Source = volsnap | ID = 393245
Description = The shadow copies of volume F: were aborted during detection.

Error - 6/30/2012 9:07:49 PM | Computer Name = JenW-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 6/30/2012 9:07:50 PM | Computer Name = JenW-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 6/30/2012 9:07:50 PM | Computer Name = JenW-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 6/30/2012 9:07:51 PM | Computer Name = JenW-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 7/1/2012 1:07:44 AM | Computer Name = JenW-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 7/1/2012 3:58:03 AM | Computer Name = JenW-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 7:56:55 p.m. on ?1/?07/?2012 was unexpected.

Error - 7/1/2012 3:58:18 AM | Computer Name = JenW-PC | Source = BugCheck | ID = 1001
Description =

< End of report >

ken545 · Jul 1, 2012

Good Morning,

The only thing is see iffy on your OTL log is ASK and its not malicious but does alter your browser setting, I also see uTorrent, file sharing of any kind is not recommend, your downloading that file from and unknown source and not all but most contain malware, its kind of like playing Russian Roulette malwarewise.

aswMBR checks for rootkits especially ones that may effect your hard drive and your log looks fine.

Open OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

Code:

:processes
killallprocesses

:OTL
PRC - C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
IE - HKU\S-1-5-21-985302526-3885216461-293028738-1007\..\SearchScopes\{E9AFD23D-4238-4710-80B1-2FF0194B0726}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=FXTV5&o=101699&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=F4&apn_dtid=YYYYYYYYNZ&apn_uid=cea5bd86-fd5f-4843-a58f-d1161bc1a422&apn_sauid=8FC01926-31AC-48A2-BA80-D825FF7AAFA7
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-985302526-3885216461-293028738-1007\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
[2012/04/10 09:20:44 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\uTorrent
[2011/08/31 23:18:54 | 000,000,000 | ---D | M] -- C:\Users\SteveW\AppData\Roaming\uTorrent


:Services

:Reg

:Files
ipconfig /flushdns /c


:Commands
[purity]
[resethosts]
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces

kiwikay · Jul 1, 2012

Latest OTL Log

Here is the OTL Log file as requested. Thank you again for your time and prompt assistance. We're on very different time zones. As you say "Good Morning", I'm heading off to bed.

I don't use, or like, the ASK toolbar, and have asked kids not to install it, and I've never used uTorrent, but someone else may have once or twice. I'd just as soon get rid of anything that potentially causes trouble. At some point, I'd like to ask you questions about safety precautions with other networked computers (saw that my attempt to get access to an old printer connected to my husband's laptop networked us via the wifi) and Evernote/DropBox. But, of course it can wait until later.

Thank you

=============================

All processes killed
========== PROCESSES ==========
========== OTL ==========
No active process named Updater.exe was found!
Registry key HKEY_USERS\S-1-5-21-985302526-3885216461-293028738-1007\Software\Microsoft\Internet Explorer\SearchScopes\{E9AFD23D-4238-4710-80B1-2FF0194B0726}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E9AFD23D-4238-4710-80B1-2FF0194B0726}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
C:\Program Files\Ask.com\GenericAskToolbar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-985302526-3885216461-293028738-1007\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater deleted successfully.
C:\Program Files\Ask.com\Updater\Updater.exe moved successfully.
C:\Users\Jennifer\AppData\Roaming\uTorrent\ie folder moved successfully.
C:\Users\Jennifer\AppData\Roaming\uTorrent\dlimagecache folder moved successfully.
C:\Users\Jennifer\AppData\Roaming\uTorrent\apps folder moved successfully.
C:\Users\Jennifer\AppData\Roaming\uTorrent folder moved successfully.
C:\Users\SteveW\AppData\Roaming\uTorrent\ie folder moved successfully.
C:\Users\SteveW\AppData\Roaming\uTorrent\dlimagecache folder moved successfully.
C:\Users\SteveW\AppData\Roaming\uTorrent\apps folder moved successfully.
C:\Users\SteveW\AppData\Roaming\uTorrent folder moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Jennifer\Desktop\cmd.bat deleted successfully.
C:\Users\Jennifer\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Andrew - School
->Temp folder emptied: 547238 bytes
->Temporary Internet Files folder emptied: 409116 bytes
->Flash cache emptied: 41620 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 14546791 bytes
->Temporary Internet Files folder emptied: 104029322 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 42745 bytes

User: Jennifer
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 299027092 bytes
->Java cache emptied: 1300610 bytes
->Google Chrome cache emptied: 6496666 bytes
->Apple Safari cache emptied: 68302848 bytes
->Flash cache emptied: 65898 bytes

User: Public

User: Ryan
->Temp folder emptied: 2013136 bytes
->Temporary Internet Files folder emptied: 145798082 bytes
->Java cache emptied: 67232 bytes
->Flash cache emptied: 42575 bytes

User: SteveW
->Temp folder emptied: 189215282 bytes
->Temporary Internet Files folder emptied: 159781018 bytes
->Java cache emptied: 4059868 bytes
->Google Chrome cache emptied: 224797166 bytes
->Flash cache emptied: 42344 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2809046 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,167.00 mb

OTL by OldTimer - Version 3.2.53.0 log created on 07012012_234330

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

ken545 · Jul 1, 2012

Great,

Lets check a bit further

First run a new scan with OTL ( not the fix ) and let me see a new log please

Please download Malwarebytes from Here or Here

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.

Post the report please

Please run this free online virus scanner from ESET

Note: You will need to use Internet explorer for this scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is NOT TICKED, and the option Scan unwanted applications is checked
Click Scan
Wait for the scan to finish
Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic

kiwikay · Jul 1, 2012

Malwarebytes

Morning Ken,

I'd previously downloaded Malwarebytes from CNet and it cleaned several things up (red level). I had also run it in safe mode and it identified quite a few items (green level), but I didn't act on it since I wasn't sure about running things in safe mode. Is it safe to download and use software from CNet? Anyway, that's the one I used to run the test you requested (updated viruses first).

===========================

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.07.01.08

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Jennifer :: JENW-PC [administrator]

Protection: Enabled

2/07/2012 8:58:49 a.m.
mbam-log-2012-07-02 (08-58-49).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 297885
Time elapsed: 13 minute(s), 59 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

=======================
I was unable to run ESET from my IE browser, as the ActiveX Control didn't appear (and I couldn't figure out how to turn it on manually), so I tried to run it from Chrome, which required I download it to run. It gave me a message that another antivirus software was detected (Windows Defender which I don't use) that may affect the performance of the scan.

I'm still waiting for the virus signature database to download, this is taking a while and I have to leave soon.
=======================

ken545 · Jul 2, 2012

Yes, Cnet is a reliable site

Try this one

Running TrendMicro HouseCall:

Click Download HouseCall to begin. Please note that HouseCall requires a small download before it can scan your computer.
Download it to your desktop
Double click HousecallLauncher.exe
Select the Full Scan option.
Let the scan run then post the results to this thread.

kiwikay · Jul 2, 2012

Whoops

Sorry, I overlooked the request for me to re-run OTL. I had started the ESET virus signature download before your last post, but it was taking a long time and I had to leave. When I came home, it had automatically run and cleaned the RegZooka file it found. Sorry to get things mixed up. Here's the record....

=================================

C:\Users\Jennifer\Downloads\Installed or Processed\RegZooka_99791572834471917421.exe a variant of Win32/Adware.RegGenie application cleaned by deleting - quarantined

==================================

I'll run OTL now, then HouseCall and post the results below.

kiwikay · Jul 2, 2012

OTL Logs

OTL logfile created on: 7/2/2012 6:20:59 PM - Run 2
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Jennifer\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: New Zealand | Language: ENZ | Date Format: d/MM/yyyy

1.80 Gb Total Physical Memory | 0.59 Gb Available Physical Memory | 32.64% Memory free
3.59 Gb Paging File | 1.53 Gb Available in Paging File | 42.51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.22 Gb Total Space | 113.97 Gb Free Space | 51.29% Space Free | Partition Type: NTFS

Computer Name: JENW-PC | User Name: Jennifer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Jennifer\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
PRC - C:\Program Files\Evernote\Evernote\Evernote.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
PRC - C:\Program Files\Evernote\Evernote\EvernoteTray.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
PRC - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
PRC - C:\Users\Jennifer\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - c:\Program Files\The Monticello Corporation\MSSQL.3\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Fingerprint Sensor\AtService.exe (AuthenTec, Inc.)
PRC - C:\Program Files\TOSHIBA\TFPU\TFPUPWDBank.exe (TOSHIBA)
PRC - C:\Program Files\TOSHIBA\TFPU\TFPUTaskMonitor.exe (TOSHIBA)
PRC - C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
PRC - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe ()
PRC - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
PRC - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
PRC - C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
PRC - C:\Windows\System32\ThpSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files\TOSHIBA\TECO\TecoService.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION)
PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtHSP.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY)
PRC - C:\Program Files\LSI SoftModem\agrsmsvc.exe (LSI Corporation)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
PRC - C:\Program Files\Apoint2K\hidfind.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\TOSHIBA\TNROTATE\TNROTATE.exe (TOSHIBA Corporation)

========== Modules (No Company Name) ==========

MOD - C:\Users\Jennifer\AppData\Local\Google\Chrome\Application\20.0.1132.47\ppgooglenaclpluginchrome.dll ()
MOD - C:\Users\Jennifer\AppData\Local\Google\Chrome\Application\20.0.1132.47\pdf.dll ()
MOD - C:\Users\Jennifer\AppData\Local\Google\Chrome\Application\20.0.1132.47\libglesv2.dll ()
MOD - C:\Users\Jennifer\AppData\Local\Google\Chrome\Application\20.0.1132.47\libegl.dll ()
MOD - C:\Users\Jennifer\AppData\Local\Google\Chrome\Application\20.0.1132.47\avutil-51.dll ()
MOD - C:\Users\Jennifer\AppData\Local\Google\Chrome\Application\20.0.1132.47\avformat-54.dll ()
MOD - C:\Users\Jennifer\AppData\Local\Google\Chrome\Application\20.0.1132.47\avcodec-54.dll ()
MOD - C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd\1.2012.606.2_0\plugin\ace.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\69ca4a43ba14b66689715ad62aed70e6\System.ServiceProcess.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll ()
MOD - C:\Program Files\Evernote\Evernote\libcef.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - C:\Program Files\Evernote\Evernote\libtidy.dll ()
MOD - C:\Program Files\Evernote\Evernote\libxml2.dll ()
MOD - C:\Program Files\Evernote\Evernote\avformat-52.dll ()
MOD - C:\Program Files\Evernote\Evernote\avcodec-52.dll ()
MOD - C:\Program Files\Evernote\Evernote\avutil-50.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\TOSHIBA\TFPU\TFPUCommon.dll ()
MOD - C:\windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll ()
MOD - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll ()
MOD - C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll ()
MOD - C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll ()
MOD - C:\Program Files\TOSHIBA\TBS\NotifyTBS.dll ()
MOD - C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll ()
MOD - C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll ()
MOD - C:\Program Files\TOSHIBA\PCDiag\NotifyPCD.dll ()

========== Win32 Services (SafeList) ==========

SRV - (SBSDWSCService) -- C:\Program Files\Spybot File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (SeaPort) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (MSSQL$PTPROFESSIONAL41) SQL Server (PTPROFESSIONAL41) -- c:\Program Files\The Monticello Corporation\MSSQL.3\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (ATService) -- C:\Program Files\Fingerprint Sensor\AtService.exe (AuthenTec, Inc.)
SRV - (EvtEng) Intel(R) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe ()
SRV - (RegSrvc) Intel(R) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (TPCHSrv) -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe (TOSHIBA Corporation)
SRV - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV - (TOSHIBA HDD SSD Alert Service) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation)
SRV - (cfWiMAXService) -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe (TOSHIBA CORPORATION)
SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (Thpsrv) -- C:\Windows\System32\ThpSrv.exe (TOSHIBA Corporation)
SRV - (TMachInfo) -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)
SRV - (IAStorDataMgrSvc) Intel(R) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (UNS) Intel(R) -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel(R) -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (TOSHIBA eco Utility Service) -- C:\Program Files\TOSHIBA\TECO\TecoService.exe (TOSHIBA Corporation)
SRV - (EPSON_EB_RPCV4_04) EPSON V5 Service4(04) -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE (SEIKO EPSON CORPORATION)
SRV - (EPSON_PM_RPCV4_04) EPSON V3 Service4(04) -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE (SEIKO EPSON CORPORATION)
SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (RSELSVC) -- C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe (TOSHIBA Corporation)
SRV - (ABBYY.Licensing.FineReader.Sprint.9.0) -- C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY)
SRV - (AgereModemAudio) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe (LSI Corporation)
SRV - (ConfigFree Service) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (ZTEusbser6k) -- system32\DRIVERS\ZTEusbser6k.sys File not found
DRV - (ZTEusbnmea) -- system32\DRIVERS\ZTEusbnmea.sys File not found
DRV - (ZTEusbmdm6k) -- system32\DRIVERS\ZTEusbmdm6k.sys File not found
DRV - (massfilter) -- system32\drivers\massfilter.sys File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (netr73) -- C:\Windows\System32\drivers\netr73.sys (Ralink Technology, Corp.)
DRV - (Netaapl) -- C:\Windows\System32\drivers\netaapl.sys (Apple Inc.)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (NPF) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies, Inc.)
DRV - (ATSwpWDF) -- C:\Windows\System32\drivers\ATSwpWDF.sys (AuthenTec, Inc.)
DRV - (NETw5s32) Intel(R) -- C:\Windows\System32\drivers\netw5s32.sys (Intel Corporation)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (IntcDAud) Intel(R) -- C:\Windows\System32\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV - (Impcd) -- C:\Windows\System32\drivers\Impcd.sys (Intel Corporation)
DRV - (tosrfbd) -- C:\Windows\System32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (e1kexpress) Intel(R) -- C:\Windows\System32\drivers\e1k6232.sys (Intel Corporation)
DRV - (HECI) Intel(R) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation)
DRV - (Tosrfusb) -- C:\Windows\System32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (TosRfSnd) -- C:\Windows\System32\drivers\TosRfSnd.sys (TOSHIBA Corporation)
DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV - (Tosrfcom) -- C:\Windows\System32\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (risdpcie) -- C:\Windows\System32\drivers\risdpe86.sys (REDC)
DRV - (tos_sps32) -- C:\Windows\System32\drivers\tos_sps32.sys (TOSHIBA Corporation)
DRV - (tosrfnds) -- C:\Windows\System32\drivers\tosrfnds.sys (TOSHIBA Corporation.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (LSI Corporation)
DRV - (TVALZ) -- C:\Windows\System32\drivers\TVALZ.SYS (TOSHIBA Corporation)
DRV - (tosrfec) -- C:\Windows\System32\drivers\tosrfec.sys (TOSHIBA Corporation)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (rixdpcie) -- C:\Windows\System32\drivers\rixdpe86.sys (REDC)
DRV - (rimspci) -- C:\Windows\System32\drivers\rimspe86.sys (REDC)
DRV - (Thpevm) -- C:\Windows\System32\drivers\Thpevm.sys (TOSHIBA Corporation)
DRV - (Thpdrv) -- C:\Windows\System32\drivers\thpdrv.sys (TOSHIBA Corporation)
DRV - (PGEffect) -- C:\Windows\System32\drivers\PGEffect.sys (TOSHIBA Corporation)
DRV - (TVALZFL) -- C:\Windows\System32\drivers\TVALZFL.sys (TOSHIBA Corporation)
DRV - (Tosrfhid) -- C:\Windows\System32\drivers\Tosrfhid.sys (TOSHIBA Corporation.)
DRV - (tosrfbnp) -- C:\Windows\System32\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV - (tosporte) -- C:\Windows\System32\drivers\tosporte.sys (TOSHIBA Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSAU

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-985302526-3885216461-293028738-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-985302526-3885216461-293028738-1007\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\InprocServer32 File not found
IE - HKU\S-1-5-21-985302526-3885216461-293028738-1007\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-985302526-3885216461-293028738-1007\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-985302526-3885216461-293028738-1007\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSAU_enNZ398NZ398
IE - HKU\S-1-5-21-985302526-3885216461-293028738-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-985302526-3885216461-293028738-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Jennifer\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Jennifer\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C1CA7765-44E4-452e-9D00-A04F3D434281}: C:\Program Files\TOSHIBA\TFPU\FirefoxAddin [2010/11/06 06:12:51 | 000,000,000 | ---D | M]

[2012/05/22 20:19:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jennifer\AppData\Roaming\Mozilla\Extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google

riginalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Jennifer\AppData\Local\Google\Chrome\Application\20.0.1132.47\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Jennifer\AppData\Local\Google\Chrome\Application\20.0.1132.47\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Jennifer\AppData\Local\Google\Chrome\Application\20.0.1132.47\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - Extension: Foxit Toolbar = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaoiagmlcohkmjodefppbmpjdiocmh\7.15.1.22688_0\
CHR - Extension: BIODIGITAL HUMAN = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\agoenciogemlojlhccbcpcfflicgnaak\0.9.5_0\
CHR - Extension: Task Timer = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aomfjmibjhhfdenfkpaodhnlhkolngif\3.7.3_0\
CHR - Extension: Google Drive = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6_0\
CHR - Extension: Turn Off the Lights = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn\2.0.0.106_0\
CHR - Extension: YouTube = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Adblock Plus (Beta) = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\
CHR - Extension: ScreenSh00ter = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjamodcfmindeooalnaodbgbckflcfgb\1.2.0.2_0\
CHR - Extension: Google Search = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Read Later Fast = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\decdfngdidijkdjgbknlnepdljfaepji\1.4.6_0\
CHR - Extension: Offline Google Mail = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk\1.18_0\
CHR - Extension: Google Calendar = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0\
CHR - Extension: Google Finance = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcgckldmmjdbpdejkclmfnnnehhocbfp\1.1_0\
CHR - Extension: AdBlock = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.37_0\
CHR - Extension: PDF Mergy = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgecghmkcdefnknohcimkoemhaofpoha\0.4.0_0\
CHR - Extension: Cloud Reader = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd\1.0.0.0_0\
CHR - Extension: BookedIN Appointment Scheduler = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\iheobladblmphoggmehhahdfikpbilnj\1.0.15_0\
CHR - Extension: Clearly = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\iooicodkiihhpojmmeghjclgihfjdjhj\6.3337.321.633_1\
CHR - Extension: Citable = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfiabcklnnhkmkcdjjpmgghiimjkaeio\1.5_0\
CHR - Extension: Zoho Sheet = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhegddohmncgelkehhnigphmloinkinj\1.2_0\
CHR - Extension: Calc-Sheet = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\jinolkpkhpfipbnbedghadcpndobgiba\1.2_0\
CHR - Extension: Universo = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\joamekpghmpmbpcjjfpmfjhenhpidmep\1.2_0\
CHR - Extension: OpenOffice Document Reader = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpcfmmdlhndnfpagbmhbbfehenapoich\3_0\
CHR - Extension: Wordmark.it = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbpdmjdjcgpciedkahfcidpojchnooij\1.12_0\
CHR - Extension: Autodesk Homestyler = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdmmkfaghgcicheaimnpffeeekheafkb\2.2_0\
CHR - Extension: Wave Accounting = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\knpkfcpnjfbniadmfchjpcigfhookhaa\1.9.1_0\
CHR - Extension: Skype Click to Call = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.0.0.10297_0\
CHR - Extension: Sketchpad = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkllajgbhondgjjnhmmgbjndmogapinp\1.0.0.1_0\
CHR - Extension: Chrome Reader = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\lojpenhmoajbiciapkjkiekmobleogjc\1.2_0\
CHR - Extension: MagicCube FeedStore for Google Reader = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\mafnkhhfaadhhhdcijjnajeceeppebdg\1.1_0\
CHR - Extension: Scraper = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbigbapnjcgaffohmbkdlecaccepngjd\1.6_0\
CHR - Extension: Chat for Google = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd\1.2012.606.2_0\
CHR - Extension: RSS Subscription Extension (by Google) = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbjncdgjeocebhnmkbbbdekmmmcbfjd\2.2.0_0\
CHR - Extension: Photo Collage = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiabhgfgfhoilflkoicbmnejgjjfmhcg\1_0\
CHR - Extension: Evernote Web Clipper = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc\5.5.1_0\
CHR - Extension: Google Reader = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjjhlfkghdhmijklfnahfkpgmhcmfgcm\4.3_0\
CHR - Extension: Gmail = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/07/01 23:43:36 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (TFPUPWDBankBHO Class) - {030AC7B6-E7EC-40F1-8FB2-C0FD344DE0B9} - C:\Program Files\TOSHIBA\TFPU\TFPUPWDBankBHO.dll (TODO: <Company name>)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - {381FFDE8-2394-4F90-B10D-FC6124A40F8C} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [KeePass 2 PreLoad] C:\Program Files\KeePass Password Safe 2\KeePass.exe (Dominik Reichl)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TFPUPWDBankService] C:\Program Files\TOSHIBA\TFPU\TFPUPWDBank.exe (TOSHIBA)
O4 - HKLM..\Run: [TFPUService] C:\Program Files\TOSHIBA\TFPU\TFPUTaskMonitor.exe (TOSHIBA)
O4 - HKLM..\Run: [TNRotate] C:\Program Files\TOSHIBA\TNROTATE\TNROTATE.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TOSDCR] C:\Program Files\TOSHIBA\PasswordUtility\TOSDCR.exe ()
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosVolRegulator] C:\Windows\TosVolRegulator.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TUSBSleepChargeSrv] C:\Program Files\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe (TOSHIBA)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKU\S-1-5-21-985302526-3885216461-293028738-1007..\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKU\S-1-5-21-985302526-3885216461-293028738-1007..\Run: [EPSON Artisan 720 Series] C:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIGYA.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-985302526-3885216461-293028738-1007..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKU\S-1-5-21-985302526-3885216461-293028738-1007..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKU\S-1-5-21-985302526-3885216461-293028738-1007..\Run: [RegZooka] "C:\Program Files\RegZooka\RegZooka.exe" File not found
O4 - HKU\S-1-5-21-985302526-3885216461-293028738-1007..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Andrew - School\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O4 - Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Jennifer\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O4 - Startup: C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PersonalBrain.lnk = File not found
O4 - Startup: C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\SteveW\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-985302526-3885216461-293028738-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-985302526-3885216461-293028738-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-985302526-3885216461-293028738-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 10.4.0)
O16 - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 1.7.0_04)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 1.7.0_04)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3F64F89A-84F1-47A2-AB63-080EDA8655A0}: DhcpNameServer = 203.97.78.43 203.97.78.44 203.97.78.44 203.97.78.43
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6DF5FB4E-1F23-4127-B7ED-8A15C224BF83}: NameServer = 0.0.0.0
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B1608E79-C941-4EC6-B359-B49DCD4347C7}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 09:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (MACHINE BootExecut)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/02 10:04:20 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/07/02 09:52:41 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Jennifer\Desktop\esetsmartinstaller_enu.exe
[2012/07/01 23:43:30 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/07/01 20:39:03 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Jennifer\Desktop\OTL.exe
[2012/07/01 20:24:28 | 000,607,260 | ---- | C] (Swearware) -- C:\Users\Jennifer\Desktop\dds.scr
[2012/07/01 20:08:13 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\Desktop\DeBugging Files
[2012/07/01 13:35:49 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Jennifer\Desktop\aswMBR.exe
[2012/06/29 03:21:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/06/29 03:21:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/06/29 03:21:38 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2012/06/29 03:15:27 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
[2012/06/29 03:15:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2012/06/29 03:15:00 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2012/06/28 01:41:46 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Roaming\Malwarebytes
[2012/06/28 01:41:41 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2012/06/28 01:41:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/06/28 01:41:41 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/06/28 01:41:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/06/26 23:51:55 | 000,000,000 | ---D | C] -- C:\ProgramData\BDLogging
[2012/06/26 23:43:35 | 000,000,000 | ---D | C] -- C:\Program Files\Bitdefender
[2012/06/26 23:19:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Dumps
[2012/06/26 21:37:55 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\Macromedia
[2012/06/23 14:38:12 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\Dropbox -- Not On (BACKUP)
[2012/06/23 13:40:40 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\MY BACKUPS
[2012/06/23 11:57:23 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\Desktop\Temp- to Upload to Evernote
[2012/06/22 12:38:23 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wups2.dll
[2012/06/22 12:38:22 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wucltux.dll
[2012/06/22 12:37:35 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wuapi.dll
[2012/06/22 12:37:35 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wudriver.dll
[2012/06/22 12:37:35 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wups.dll
[2012/06/22 12:35:46 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wuwebv.dll
[2012/06/22 12:35:45 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wuapp.exe
[2012/06/20 17:27:32 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\SpyZooka
[2012/06/16 23:26:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
[2012/06/16 23:05:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/06/16 22:59:55 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/06/16 22:58:16 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/06/14 00:30:01 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb
[2012/06/14 00:29:59 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll
[2012/06/14 00:29:59 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieUnatt.exe
[2012/06/14 00:29:59 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll
[2012/06/14 00:29:58 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jscript9.dll
[2012/06/14 00:29:58 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\url.dll
[2012/06/14 00:29:57 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inetcpl.cpl
[2012/06/13 13:34:43 | 002,343,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys
[2012/06/13 13:34:23 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rdpcorekmts.dll
[2012/06/13 13:34:21 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rdpwsx.dll
[2012/06/13 13:34:13 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rdrmemptylst.exe
[2012/06/12 21:42:18 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\Desktop\Backup to Evernote
[2012/06/12 21:31:10 | 000,000,000 | ---D | C] -- C:\Program Files\KeePass Password Safe 2
[2012/06/06 09:34:58 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Roaming\Spyzooka
[2012/06/06 01:45:19 | 000,000,000 | ---D | C] -- C:\Program Files\SpyZooka
[2012/06/06 00:24:41 | 000,000,000 | ---D | C] -- C:\Program Files\RegZooka
[2012/06/06 00:13:50 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Registry Cleaner
[2012/06/04 20:46:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime

========== Files - Modified Within 30 Days ==========

[2012/07/02 18:19:00 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-985302526-3885216461-293028738-1004UA.job
[2012/07/02 17:59:00 | 000,000,886 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/02 17:44:00 | 000,000,920 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-985302526-3885216461-293028738-1007UA.job
[2012/07/02 17:29:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/07/02 10:59:05 | 000,000,882 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/02 09:58:23 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Jennifer\Desktop\esetsmartinstaller_enu.exe
[2012/07/02 08:56:07 | 000,017,504 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/02 08:56:07 | 000,017,504 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/02 08:46:09 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/07/02 08:46:00 | 1447,366,656 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/02 00:06:21 | 000,000,883 | ---- | M] () -- C:\Users\Jennifer\Desktop\NTREGOPT.lnk
[2012/07/01 23:43:36 | 000,000,098 | ---- | M] () -- C:\windows\System32\drivers\etc\Hosts
[2012/07/01 22:19:00 | 000,000,860 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-985302526-3885216461-293028738-1004Core.job
[2012/07/01 20:42:15 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Jennifer\Desktop\OTL.exe
[2012/07/01 20:24:28 | 000,607,260 | ---- | M] (Swearware) -- C:\Users\Jennifer\Desktop\dds.scr
[2012/07/01 19:58:00 | 262,186,676 | ---- | M] () -- C:\windows\MEMORY.DMP
[2012/07/01 18:44:00 | 000,000,868 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-985302526-3885216461-293028738-1007Core.job
[2012/07/01 13:50:17 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Jennifer\Desktop\aswMBR.exe
[2012/07/01 13:25:35 | 000,000,000 | -H-- | M] () -- C:\Users\Jennifer\Documents\Default.rdp
[2012/06/30 20:55:45 | 000,002,423 | ---- | M] () -- C:\Users\Jennifer\Desktop\Google Chrome.lnk
[2012/06/29 03:21:43 | 000,001,211 | ---- | M] () -- C:\Users\Jennifer\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/06/29 03:21:43 | 000,001,187 | ---- | M] () -- C:\Users\Jennifer\Desktop\Spybot - Search & Destroy.lnk
[2012/06/29 03:15:07 | 000,001,045 | ---- | M] () -- C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/06/29 03:15:00 | 000,000,846 | ---- | M] () -- C:\Users\Jennifer\Desktop\ERUNT.lnk
[2012/06/28 01:41:42 | 000,001,038 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/28 01:23:26 | 000,204,187 | ---- | M] () -- C:\ProgramData\1340803125.bdinstall.bin
[2012/06/27 07:41:12 | 000,773,830 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012/06/27 07:41:12 | 000,166,964 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012/06/27 02:34:35 | 000,001,064 | ---- | M] () -- C:\Users\Jennifer\Desktop\OpenOffice.org Writer.lnk
[2012/06/27 02:34:26 | 000,001,424 | ---- | M] () -- C:\Users\Jennifer\Desktop\Internet Explorer.lnk
[2012/06/27 02:33:56 | 000,000,972 | ---- | M] () -- C:\Users\Jennifer\Desktop\MediaMonkey.lnk
[2012/06/27 02:18:45 | 000,007,624 | -H-- | M] () -- C:\Users\Jennifer\AppData\Local\resmon.resmoncfg
[2012/06/27 01:44:35 | 000,000,385 | ---- | M] () -- C:\windows\System32\user_gensett.xml
[2012/06/27 00:59:09 | 000,249,786 | ---- | M] () -- C:\ProgramData\1340710945.bdinstall.bin
[2012/06/26 23:50:19 | 000,000,000 | -H-- | M] () -- C:\windows\System32\drivers\Msft_Kernel_avchv_01009.Wdf
[2012/06/26 21:45:30 | 000,001,256 | ---- | M] () -- C:\Users\Jennifer\Desktop\Paint.lnk
[2012/06/25 23:45:16 | 000,000,052 | ---- | M] () -- C:\windows\System32\ashttpstats.csv
[2012/06/25 23:43:57 | 000,000,121 | ---- | M] () -- C:\windows\bdagent.INI
[2012/06/25 23:19:08 | 000,000,139 | ---- | M] () -- C:\ProgramData\search_result.xml
[2012/06/25 19:29:34 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerApp.exe
[2012/06/25 19:29:34 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl
[2012/06/16 23:05:08 | 000,001,764 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/06/14 22:33:50 | 000,437,920 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2012/06/12 21:31:11 | 000,001,074 | ---- | M] () -- C:\Users\Jennifer\Desktop\KeePass 2.lnk
[2012/06/10 14:11:23 | 000,007,334 | ---- | M] () -- C:\Users\Jennifer\New OpenDocument Text.odt
[2012/06/06 11:19:40 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2012/06/06 11:19:40 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2012/06/04 20:46:12 | 000,001,826 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/06/03 10:19:33 | 000,045,080 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\wups2.dll
[2012/06/03 10:19:32 | 000,035,864 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\wups.dll
[2012/06/03 10:19:23 | 000,577,048 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\wuapi.dll
[2012/06/03 10:12:32 | 002,422,272 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\wucltux.dll
[2012/06/03 10:12:13 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\wudriver.dll

========== Files Created - No Company Name ==========

[2012/07/02 00:06:21 | 000,000,883 | ---- | C] () -- C:\Users\Jennifer\Desktop\NTREGOPT.lnk
[2012/07/01 13:25:35 | 000,000,000 | -H-- | C] () -- C:\Users\Jennifer\Documents\Default.rdp
[2012/06/29 03:21:43 | 000,001,211 | ---- | C] () -- C:\Users\Jennifer\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/06/29 03:21:43 | 000,001,187 | ---- | C] () -- C:\Users\Jennifer\Desktop\Spybot - Search & Destroy.lnk
[2012/06/29 03:15:07 | 000,001,045 | ---- | C] () -- C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/06/29 03:15:00 | 000,000,846 | ---- | C] () -- C:\Users\Jennifer\Desktop\ERUNT.lnk
[2012/06/28 01:41:42 | 000,001,038 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/28 01:23:26 | 000,204,187 | ---- | C] () -- C:\ProgramData\1340803125.bdinstall.bin
[2012/06/27 02:34:35 | 000,001,064 | ---- | C] () -- C:\Users\Jennifer\Desktop\OpenOffice.org Writer.lnk
[2012/06/27 02:34:26 | 000,001,424 | ---- | C] () -- C:\Users\Jennifer\Desktop\Internet Explorer.lnk
[2012/06/27 02:33:56 | 000,000,972 | ---- | C] () -- C:\Users\Jennifer\Desktop\MediaMonkey.lnk
[2012/06/27 01:44:35 | 000,000,385 | ---- | C] () -- C:\windows\System32\user_gensett.xml
[2012/06/27 00:59:09 | 000,249,786 | ---- | C] () -- C:\ProgramData\1340710945.bdinstall.bin
[2012/06/26 23:50:19 | 000,000,000 | -H-- | C] () -- C:\windows\System32\drivers\Msft_Kernel_avchv_01009.Wdf
[2012/06/26 21:45:30 | 000,001,256 | ---- | C] () -- C:\Users\Jennifer\Desktop\Paint.lnk
[2012/06/25 23:43:22 | 000,000,121 | ---- | C] () -- C:\windows\bdagent.INI
[2012/06/16 23:05:08 | 000,001,764 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/06/12 21:31:11 | 000,001,086 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeePass 2.lnk
[2012/06/12 21:31:11 | 000,001,074 | ---- | C] () -- C:\Users\Jennifer\Desktop\KeePass 2.lnk
[2012/06/10 14:11:22 | 000,007,334 | ---- | C] () -- C:\Users\Jennifer\New OpenDocument Text.odt
[2012/06/06 11:19:40 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2012/06/06 11:19:40 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2012/06/04 20:46:12 | 000,001,826 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/04/12 08:42:24 | 000,007,624 | -H-- | C] () -- C:\Users\Jennifer\AppData\Local\resmon.resmoncfg
[2012/04/07 01:28:49 | 000,000,139 | ---- | C] () -- C:\ProgramData\search_result.xml
[2012/03/17 21:57:18 | 000,000,872 | -H-- | C] () -- C:\Users\Jennifer\.recently-used.xbel
[2012/03/17 16:48:33 | 000,000,051 | ---- | C] () -- C:\windows\EPART725.ini
[2012/02/20 15:05:55 | 000,066,048 | ---- | C] () -- C:\windows\System32\PrintBrmUi.exe
[2011/10/04 14:18:18 | 000,000,632 | RHS- | C] () -- C:\Users\Jennifer\ntuser.pol
[2011/09/30 20:40:10 | 000,000,129 | -H-- | C] () -- C:\Users\Jennifer\jagex_runescape_preferences2.dat
[2011/09/30 20:36:55 | 000,000,035 | -H-- | C] () -- C:\Users\Jennifer\jagex_runescape_preferences.dat
[2011/07/28 12:59:29 | 000,000,000 | -H-- | C] () -- C:\Users\Jennifer\AppData\Local\{53E59F28-031B-428E-8EB9-86DD78071963}
[2011/06/04 22:57:42 | 000,000,000 | ---- | C] () -- C:\windows\System32\imwords.dat
[2011/06/04 22:57:42 | 000,000,000 | ---- | C] () -- C:\windows\System32\im_markovian.dat
[2011/04/06 16:39:35 | 000,193,536 | -H-- | C] () -- C:\Users\Jennifer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/05 09:28:41 | 000,000,000 | ---- | C] () -- C:\windows\System32\imblacklist.dat
[2011/04/04 11:17:09 | 000,000,000 | ---- | C] () -- C:\windows\System32\pcwords2.dat
[2011/04/04 11:17:09 | 000,000,000 | ---- | C] () -- C:\windows\System32\pcwords.dat
[2011/04/04 11:17:09 | 000,000,000 | ---- | C] () -- C:\windows\System32\pc_webproxy.dat
[2011/04/04 11:17:09 | 000,000,000 | ---- | C] () -- C:\windows\System32\pc_video.dat
[2011/04/04 11:17:09 | 000,000,000 | ---- | C] () -- C:\windows\System32\pc_tabloids.dat
[2011/04/04 11:17:09 | 000,000,000 | ---- | C] () -- C:\windows\System32\pc_socialnetworks.dat
[2011/04/04 11:17:09 | 000,000,000 | ---- | C] () -- C:\windows\System32\pc_searchengines.dat
[2011/04/04 11:17:09 | 000,000,000 | ---- | C] () -- C:\windows\System32\pc_regionaltlds.dat
[2011/04/04 11:17:09 | 000,000,000 | ---- | C] () -- C:\windows\System32\pc_pornography.dat
[2011/04/04 11:17:09 | 000,000,000 | ---- | C] () -- C:\windows\System32\pc_onlineshop.dat
[2011/04/04 11:17:09 | 000,000,000 | ---- | C] () -- C:\windows\System32\pc_onlinepay.dat
[2011/04/04 11:17:09 | 000,000,000 | ---- | C] () -- C:\windows\System32\pc_onlinedating.dat
[2011/04/04 11:17:09 | 000,000,000 | ---- | C] () -- C:\windows\System32\pc_news.dat
[2011/04/04 11:17:09 | 000,000,000 | ---- | C] () -- C:\windows\System32\pc_im.dat
[2011/04/04 11:17:09 | 000,000,000 | ---- | C] () -- C:\windows\System32\pc_illegal.dat
[2011/04/04 11:17:09 | 000,000,000 | ---- | C] () -- C:\windows\System32\pc_hate.dat
[2011/04/04 11:17:09 | 000,000,000 | ---- | C] () -- C:\windows\System32\pc_games.dat
[2011/04/04 11:17:09 | 000,000,000 | ---- | C] () -- C:\windows\System32\pc_gambling.dat
[2011/04/04 11:17:09 | 000,000,000 | ---- | C] () -- C:\windows\System32\pc_drugs.dat
[2011/03/24 18:39:13 | 000,087,552 | ---- | C] () -- C:\windows\System32\cpwmon2k.dll
[2010/07/28 21:01:14 | 000,127,868 | ---- | C] () -- C:\windows\System32\igcompkrng575.bin
[2010/07/28 21:01:12 | 000,104,796 | ---- | C] () -- C:\windows\System32\igfcg575m.bin
[2010/07/28 21:01:10 | 000,870,560 | ---- | C] () -- C:\windows\System32\igkrng575.bin
[2010/07/28 20:20:56 | 000,004,096 | ---- | C] ( ) -- C:\windows\System32\IGFXDEVLib.dll
[2010/03/29 18:40:20 | 000,100,256 | ---- | C] () -- C:\Program Files\Common Files\LinkInstaller.exe

========== LOP Check ==========

[2012/05/06 15:02:26 | 000,000,000 | ---D | M] -- C:\Users\Andrew - School\AppData\Roaming\BitDefender
[2012/05/06 15:04:18 | 000,000,000 | ---D | M] -- C:\Users\Andrew - School\AppData\Roaming\Epson
[2012/05/06 15:33:21 | 000,000,000 | ---D | M] -- C:\Users\Andrew - School\AppData\Roaming\TFPU
[2011/04/25 17:37:16 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\BitDefender
[2011/04/25 17:38:19 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Hyperionics
[2011/03/01 15:54:26 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\OpenOffice.org
[2011/03/01 15:54:36 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\TFPU
[2011/06/21 09:54:43 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Thunderbird
[2011/05/14 18:13:27 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\WildTangent
[2011/06/21 09:52:16 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Workrave
[2011/12/02 12:28:32 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\.minecraft
[2012/05/23 02:40:45 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\ACD Systems
[2012/04/14 02:24:39 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\AnvSoft
[2012/07/02 08:48:37 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\Dropbox
[2011/12/07 07:40:48 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\EPSON
[2012/05/30 20:15:39 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\Foxit Software
[2012/04/13 22:56:00 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\HandBrake
[2011/04/16 22:20:38 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\Hyperionics
[2012/07/01 23:23:26 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\KeePass
[2011/10/10 20:38:03 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\Leadertech
[2012/04/14 01:36:47 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\OpenCandy
[2011/03/01 13:08:09 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\OpenOffice.org
[2011/03/10 12:49:13 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\PaperTigerApplicationData
[2012/03/22 23:37:18 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\PDF Pro 10
[2012/04/27 18:44:54 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\PersonalBrain
[2011/04/04 11:04:53 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\QuickScan
[2012/06/21 23:13:00 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\Spyzooka
[2011/02/11 19:40:03 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\TFPU
[2012/06/27 00:53:29 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\Thunderbird
[2012/04/12 08:41:34 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\toshiba
[2011/10/26 19:08:56 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\BitDefender
[2011/12/04 17:48:08 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\Hyperionics
[2011/12/04 17:48:37 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\OpenOffice.org
[2011/10/26 19:11:59 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\TFPU
[2011/12/30 09:03:38 | 000,000,000 | ---D | M] -- C:\Users\SteveW\AppData\Roaming\.minecraft
[2011/10/26 19:26:39 | 000,000,000 | ---D | M] -- C:\Users\SteveW\AppData\Roaming\ACD Systems
[2011/05/05 20:13:06 | 000,000,000 | ---D | M] -- C:\Users\SteveW\AppData\Roaming\BitDefender
[2010/11/01 19:02:49 | 000,000,000 | ---D | M] -- C:\Users\SteveW\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/12/08 19:18:02 | 000,000,000 | ---D | M] -- C:\Users\SteveW\AppData\Roaming\Epson
[2011/05/05 20:14:26 | 000,000,000 | ---D | M] -- C:\Users\SteveW\AppData\Roaming\Hyperionics
[2010/11/01 19:03:55 | 000,000,000 | ---D | M] -- C:\Users\SteveW\AppData\Roaming\OpenOffice.org
[2010/09/25 17:55:53 | 000,000,000 | ---D | M] -- C:\Users\SteveW\AppData\Roaming\TFPU
[2010/12/01 23:34:24 | 000,000,000 | ---D | M] -- C:\Users\SteveW\AppData\Roaming\Tific
[2011/12/27 19:46:52 | 000,000,000 | ---D | M] -- C:\Users\SteveW\AppData\Roaming\TOSHIBA
[2010/09/29 19:23:38 | 000,000,000 | ---D | M] -- C:\Users\SteveW\AppData\Roaming\WildTangent
[2010/11/06 06:11:51 | 000,000,000 | ---D | M] -- C:\Users\SteveW\AppData\Roaming\WinBatch
[2010/09/26 20:31:19 | 000,000,000 | ---D | M] -- C:\Users\SteveW\AppData\Roaming\Wireshark
[2012/05/12 10:14:04 | 000,032,630 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

ken545 · Jul 2, 2012

We just missed one entry by ASK and I am also including entries for BitDefender, SpyZooka and RegZooka as you stated you uninstalled them

Also, tracking cookies would not slow your system down but running a system cleaner to clean out all the temp files and Temporary Internet files will help. When we ran OTL last time it did clean all those out and will do so again this time. I am going to include a nice system cleaner for you , maybe run it twice a month or so , but after running the OTL fix there is no need to run it now

As long as you got ESET to run there really is no need to run Housecall

Open OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

Code:

:processes
killallprocesses


:OTL
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKU\S-1-5-21-985302526-3885216461-293028738-1007..\Run: [RegZooka] "C:\Program Files\RegZooka\RegZooka.exe" File not found

:Services

:Reg

:Files
C:\Program Files\Bitdefender
C:\Users\Jennifer\AppData\Local\SpyZooka
C:\Users\Jennifer\AppData\Roaming\Spyzooka
C:\Program Files\SpyZooka
C:\Program Files\RegZooka


:Commands
[CLEARALLRESTOREPOINTS]
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces.

This cleaner is by the same author as OTL, he is a malware fighter and logs on as OldTimer, this is free and yours to keep

Download TFC to your desktop

Close any open windows.
Double click the TFC icon to run the program
TFC will close all open programs itself in order to run,
Click the Start button to begin the process.
Allow TFC to run uninterrupted.
The program should not take long to finish it's job
Once its finished it should automatically reboot your machine,
if it doesn't, manually reboot to ensure a complete clean

How are things running now, any better ?

kiwikay · Jul 2, 2012

HouseCall

Since it'd taken so long to download HouseCall, I went ahead and ran it anyway. It came back with no threats found (was the Quick scan). It had a little red checkbox next to conficker at the bottom, which I just read an unsettling 4 pg article about. Does that mean HouseCall (and other programs) are able to confidently scan for this?

Okay, on to your fixes. By the way, I'd like to uninstall the uTorrent and NTREGOPT which accidently got installed. Is it fine to do this after I finish with your fix?

Thanks

kiwikay · Jul 2, 2012

OTE Fix Log

TrendMicro is wanting to run on startup. Should I uninstall this?
Here's the OTE Fix Log...
================================

All processes killed
========== PROCESSES ==========
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_USERS\S-1-5-21-985302526-3885216461-293028738-1007\Software\Microsoft\Windows\CurrentVersion\Run\\RegZooka deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\Program Files\Bitdefender folder moved successfully.
C:\Users\Jennifer\AppData\Local\SpyZooka\Reports folder moved successfully.
C:\Users\Jennifer\AppData\Local\SpyZooka folder moved successfully.
C:\Users\Jennifer\AppData\Roaming\Spyzooka\Q6620121118270 folder moved successfully.
C:\Users\Jennifer\AppData\Roaming\Spyzooka\Q6620121117440 folder moved successfully.
C:\Users\Jennifer\AppData\Roaming\Spyzooka\Q62120121113000 folder moved successfully.
C:\Users\Jennifer\AppData\Roaming\Spyzooka\Q6202012825310 folder moved successfully.
C:\Users\Jennifer\AppData\Roaming\Spyzooka\Q6202012527490 folder moved successfully.
C:\Users\Jennifer\AppData\Roaming\Spyzooka\Q6062012934580 folder moved successfully.
C:\Users\Jennifer\AppData\Roaming\Spyzooka folder moved successfully.
C:\Program Files\SpyZooka folder moved successfully.
C:\Program Files\RegZooka\Backups folder moved successfully.
C:\Program Files\RegZooka folder moved successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point

[EMPTYTEMP]

User: All Users

User: Andrew - School
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Jennifer
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 6294580 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 6322851 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: Ryan
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: SteveW
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 533246 bytes
RecycleBin emptied: 2067639 bytes

Total Files Cleaned = 15.00 mb

OTL by OldTimer - Version 3.2.53.0 log created on 07022012_222402

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

ken545 · Jul 2, 2012

Yes, you can uninstall them both, also ESET

Housecall came back ok so looks like your on your way

kiwikay · Jul 2, 2012

All Done, But...

Morning to You,

Maybe this isn't a malware issue, but something with my system. Restarts seem slow to me, but it's been so long since I've had a good system, I'm not sure what it should be. As soon as I restarted, I opened up my Task Manager and looked at my performance. This computer only has 1.8 GB RAM and before I opened any programs, my Physical Memory was at 78% (now about 85% with Chrome running). I don't know what info to give you, but here's what I see:

Physical Memory
Total 1840
Cached 308
Available 345
Free 39

So, what's happened in the past is that once I get several tabs opened and a few applications running (which is how I work best), things start to deteriorate. On a positive note, through this process, I've had my computer running for extended periods of time (downloading & scanning) with only a few hangs, which is an enormous improvement. I've not yet seen the funny black screen which erases to reveal my desktop when I roll my mouse around. But, I'm heading to bed now, so it won't get much of a test until tomorrow.

Thank you so much for your help so far. Oh, my Windows message center continues to tell me I don't have virus protection. Is there a recommended program for real-time malware protection, or should I just run SpyBot and Malwarebytes daily? I suppose I could buy something if it's needed.

Where should I go to get GOOD advice (have had plenty of inconsistent advice) on safe computing habits (especially in regards to browsers, shared devices over our wifi, scanning of external drives, flexible incremental backup software that can back external to external, etc)?

I don't want to use this forum inappropriately, I just know that an ounce of prevention's worth a pound of cure, and there's SO MUCH misinformation out there.

Thanks,
Kiwikay

ken545 · Jul 2, 2012

Hi,

I am tied up at work at the moment but late afternoon I will be back online and we can go through some security information

ken545 · Jul 2, 2012

Hi,

Long day, sorry for the late reply

1. Dont ever ever use any form of File Sharing, you can infect your computer big time, the programs themselves are safe it just the files your downloading, you never know where they are coming from and some can be infected.

2. Just delete any spam email, dont even open them as some are coded and the author will know your email is valid and you will get more spam, almost 99.9 % of the links in Spam email will take you to a bogus site that can infect you.

3. Keep your Java up to date, outdated Java can let the bad guys in. Go to Start > Control Panel > Java then go to the General Tab > About and your should have Version 7 Update 5 ( which you dont ) so then go to the Update Tab and let it update, then you can go back into the Control Panel > Add Remove Programs and uninstall all older Java updates except Version 7 Update 5.

4. Malwarebytes, you have the free version which is fine but if you updated to the Pro version, it has a protection Moduale that will block bad websites from loading, the cost is minimal, a one time small fee and the program is yours, if you got rid of this computer, you could uninstall Malwarebytes and then reinstall it on your new one and use the same key code for the protection moduale, but this of course is your decision.

5. To put your mind at ease over Conflicker, you can take this quick test. Your not infected with it so not to worry
http://www.confickerworkinggroup.org/infection_test/cfeyechart.html

6. You can keep Spybot Search and Destroy but if you update Malwarebytes than disable the Teatimer or they will conflict

Run Spybot-S&D in Advanced Mode.
If it is not already set to do this Go to the Mode menu select "Advanced Mode"
On the left hand side, Click on Tools
Then click on the Resident Icon in the List
Uncheck "Resident TeaTimer" and OK any prompts.
Restart your computer.<--You need to do this for it to take effect

7. Antivirus software, you only need one, more than one is overkill and can severely hamper system performance, just keep it updated and run weekly scans.
My choice would be Norton Internet Security, it contains Anti Virus, anti Malware and a Firewall

http://buy-static.norton.com/norton...:ggl:en:e|kw0000002402|10912430356&country=US

Or you can install the free one by Microsoft.....Microsoft Security Essentials.

http://www.microsoft.com/en-us/download/details.aspx?id=5201

8. I dont know how old your system is but your lacking adequate memory, adding more memory is the best way to update your system, this is the site I use, you can have them scan your system and it will tell you what you have and what you can upgrade to, its a simple upgrade, if you have never been inside your computer case I am sure you can find a local high school kid to do it for you, use the Crucial memory advisor, its safe to download and run

http://www.crucial.com/?gclid=CM_fy...le_us&ef_id=G9VN6WgX@zgAAADB:20120702210839:s

9. On my system, I have Norton Internet Security, Malwarebytes Pro Version, Spybot Search and Destroy ( TeaTimer disasbled ) This is all I really need, dont listen to friends that tell you need to install this or that, you can really bog down your system if you install to much

10. Stay away from Registry cleaners, if you run it and it removes unwanted entries you will see no difference in system performance, if it removes the wrong entry of entries it can leave your system unbootable

How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
Tutorial for System Restore <-- Do this first to prevent yourself from being reinfected.
WhattheTech
Grinler BleepingComputer
GeeksTo Go
Dslreports

Safe Surfn
Ken

Please Help! Wish I'd Discovered You Earlier

New member

Emeritus-Security Expert

New member

New member

New member

New member

Emeritus-Security Expert

New member

Emeritus-Security Expert

New member

Emeritus-Security Expert

New member

New member

Emeritus-Security Expert

New member

New member

Emeritus-Security Expert

New member

Emeritus-Security Expert

Emeritus-Security Expert