Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Infection - Need Help Cleaning


  • Please log in to reply

#1
FireFighter254

FireFighter254

    Member

  • Member
  • PipPip
  • 81 posts

Hello,

 

After a wonderful job by SleepyDude, helping me on my machine, I am having to use my wife's laptop until my OS is repaired by Dell. So, I decided to run some scans on her machine, logs posted below after screen shots.

 

First some screen shots of a font issue probably caused my malware. Inset windows, buttons, etc her font is so small it's barely readable. He Chrome font is ok, her IE font is huge and bold. Attempting to correct through settings did not work.Screenshots posted.

 

smallfont1_zpscae38281.jpg

 

SmallFont2_zpscf7d158e.jpg

 

IEFont_zps40d3108f.jpg

 

 

 

 

I have run MBAM, Adware Cleaner, RKill, JRT and OTL. The logs are posted below in that order for you. Some Conduit, etc was found but I need experts to help me clean everything and spot anything else.Thank you for your help!

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.04.29.02
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16659
Administrator :: LBUDJR-PC [administrator]
 
4/29/2014 3:59:54 AM
mbam-log-2014-04-29 (03-59-54).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 285635
Time elapsed: 5 minute(s), 57 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 2
C:\Users\Administrator.LBUDJR-PC\Downloads\kindle-for-pc (1).exe (PUP.Optional.PreDownload.A) -> Quarantined and deleted successfully.
C:\Users\LBUDJR\Downloads\ShopAtHome_App_C52667087_D1_R92237.exe (PUP.Optional.ShopAtHome.A) -> Quarantined and deleted successfully.
 
(end)
 
***********************************
 

# AdwCleaner v3.205 - Report created 29/04/2014 at 13:23:36
# Updated 28/04/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Administrator - LBUDJR-PC
# Running from : C:\Users\Administrator.LBUDJR-PC\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\Common Files\Software Update Utility
File Deleted : C:\windows\System32\roboot64.exe
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16521
 
 
-\\ Google Chrome v34.0.1847.131
 
*************************
 
AdwCleaner[R0].txt - [1405 octets] - [29/04/2014 13:19:40]
AdwCleaner[S0].txt - [1225 octets] - [29/04/2014 13:23:36]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1285 octets] ##########
 
***********************************************
 
 

Rkill 2.6.5 by Lawrence Abrams (Grinler)
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 04/29/2014 01:28:42 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * No issues found.
 
Checking Windows Service Integrity: 
 
 * No issues found.
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * No issues found.
 
Program finished at: 04/29/2014 01:32:37 PM
Execution time: 0 hours(s), 3 minute(s), and 55 seconds(s)
 
 
********************************************
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Administrator on Tue 04/29/2014 at 13:51:44.47
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\ProgramData\partner"
Successfully deleted: [Folder] "C:\Users\Administrator.LBUDJR-PC\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\dll-files.com fixer"
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 04/29/2014 at 13:59:54.58
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
************************************************
 

OTL logfile created on: 4/29/2014 2:27:56 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Administrator.LBUDJR-PC\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16521)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.80 Gb Total Physical Memory | 2.39 Gb Available Physical Memory | 62.95% Memory free
4.08 Gb Paging File | 2.43 Gb Available in Paging File | 59.44% Paging File free
Paging file location(s): C:\pagefile.sys 288 2048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 221.10 Gb Total Space | 135.00 Gb Free Space | 61.06% Space Free | Partition Type: NTFS
 
Computer Name: LBUDJR-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - File not found -- 
PRC - [2014/04/29 13:50:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator.LBUDJR-PC\Desktop\OTL.exe
PRC - [2013/12/21 02:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/11/20 16:43:14 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
PRC - [2013/05/21 00:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360 Premier Edition\Engine\20.4.0.40\ccsvchst.exe
PRC - [2012/12/04 21:40:03 | 000,143,928 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\ccsvchst.exe
PRC - [2012/06/26 12:17:26 | 000,108,032 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\KODAK Share Button App\Listener.exe
PRC - [2012/01/02 12:14:02 | 000,325,728 | ---- | M] (BillP Studios) -- C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2010/10/12 13:56:40 | 000,979,328 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
PRC - [2010/03/18 15:57:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/03/18 15:56:56 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/02/12 21:58:32 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/02/12 21:58:10 | 001,044,808 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2013/09/14 01:51:02 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
MOD - [2013/09/14 01:50:36 | 001,242,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
MOD - [2012/05/30 10:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files (x86)\Norton 360 Premier Edition\Engine\20.4.0.40\wincfi39.dll
MOD - [2012/01/08 15:50:36 | 000,573,100 | ---- | M] () -- C:\Program Files (x86)\BillP Studios\WinPatrol\sqlite3.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/03/01 00:33:34 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/10/07 13:21:02 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2012/08/09 14:25:50 | 000,207,872 | ---- | M] () [Auto | Running] -- C:\Program Files\Serviio\bin\ServiioService.exe -- (Serviio)
SRV:64bit: - [2011/06/09 13:01:00 | 000,555,392 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe -- (EpsonCustomerParticipation)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/02/25 22:00:32 | 000,252,928 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2010/02/23 20:57:42 | 000,835,952 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2010/02/05 20:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/12/16 16:44:44 | 003,750,400 | ---- | M] (SafeNet Inc.) [Auto | Running] -- C:\Windows\SysNative\hasplms.exe -- (hasplms)
SRV:64bit: - [2009/11/06 01:05:28 | 000,489,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2009/07/28 18:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV - [2014/04/28 18:21:05 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/12/21 02:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/10/23 09:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/05/21 00:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360 Premier Edition\Engine\20.4.0.40\ccSvcHst.exe -- (N360)
SRV - [2012/12/04 21:40:03 | 000,143,928 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\ccSvcHst.exe -- (MCLIENT)
SRV - [2010/11/29 15:58:30 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010/10/12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/03/18 15:57:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/03/18 15:56:56 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013/07/14 01:29:33 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2013/05/23 01:25:28 | 001,139,800 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\symefa64.sys -- (SymEFA)
DRV:64bit: - [2013/05/21 01:02:00 | 000,493,656 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\symds64.sys -- (SymDS)
DRV:64bit: - [2013/05/16 01:02:14 | 000,796,760 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2013/04/24 20:43:56 | 000,433,752 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\symnets.sys -- (SymNetS)
DRV:64bit: - [2013/04/15 22:41:14 | 000,169,048 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\ccsetx64.sys -- (ccSet_N360)
DRV:64bit: - [2013/03/04 22:14:18 | 000,043,680 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SymIMV.sys -- (SymIM)
DRV:64bit: - [2013/03/04 21:40:08 | 000,224,416 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\ironx64.sys -- (SymIRON)
DRV:64bit: - [2013/03/04 21:21:35 | 000,036,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/10/03 13:19:14 | 000,168,096 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\MCLIENTx64\0302020.00C\ccsetx64.sys -- (ccSet_MCLIENT)
DRV:64bit: - [2012/08/23 10:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 10:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/09/22 19:40:48 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2011/08/07 08:35:24 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS -- (SASDIFSV)
DRV:64bit: - [2011/08/07 08:35:24 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS -- (SASKUTIL)
DRV:64bit: - [2011/04/20 09:24:56 | 000,169,584 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/07/21 17:59:28 | 000,045,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2010/07/21 17:59:28 | 000,023,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2010/07/01 18:52:18 | 000,051,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2010/04/28 04:32:20 | 000,932,384 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192Ce.sys -- (rtl8192Ce)
DRV:64bit: - [2010/03/31 02:50:16 | 000,724,536 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2010/03/24 16:55:56 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/03/10 21:51:32 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/02/20 11:24:34 | 010,300,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/02/10 18:01:58 | 000,158,720 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/09 00:57:22 | 000,239,136 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/09/21 08:07:26 | 000,071,040 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aksdf.sys -- (aksdf)
DRV:64bit: - [2009/09/17 16:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/08/20 07:02:06 | 000,130,816 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aksfridge.sys -- (aksfridge)
DRV:64bit: - [2009/07/30 23:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 18:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/22 20:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2009/06/19 22:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009/06/15 16:58:50 | 000,012,800 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\QIOMem.sys -- (QIOMem)
DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/13 10:55:38 | 000,318,464 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hardlock.sys -- (hardlock)
DRV:64bit: - [2009/03/13 10:55:38 | 000,053,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\akshasp.sys -- (akshasp)
DRV:64bit: - [2009/03/13 10:55:38 | 000,025,344 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\aksusb.sys -- (aksusb)
DRV:64bit: - [2007/07/23 14:13:06 | 000,056,960 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\akshhl.sys -- (akshhl)
DRV - [2014/04/15 05:26:51 | 002,099,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\VirusDefs\20140429.001\ex64.sys -- (NAVEX15)
DRV - [2014/04/15 05:26:51 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\VirusDefs\20140429.001\eng64.sys -- (NAVENG)
DRV - [2014/04/14 16:27:54 | 000,525,016 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\IPSDefs\20140428.001\IDSviA64.sys -- (IDSVia64)
DRV - [2014/04/09 16:21:08 | 001,525,976 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\BASHDefs\20140409.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2013/12/27 13:11:28 | 000,484,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2013/11/23 06:22:16 | 000,137,648 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {15F600CD-3047-41B0-8BA9-D764A0BB2F1E}
IE:64bit: - HKLM\..\SearchScopes\{15F600CD-3047-41B0-8BA9-D764A0BB2F1E}: "URL" = http://www.google.co...ng}&rlz=1I7TSND
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{C2AC48DE-1BBB-4E22-824E-8CD59219393F}: "URL" = http://www.google.co...ng}&rlz=1I7TSND
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-827703943-2968070239-1256373671-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=TSND&bmod=TSND
IE - HKU\S-1-5-21-827703943-2968070239-1256373671-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://start.toshiba.com/g/ [binary data]
IE - HKU\S-1-5-21-827703943-2968070239-1256373671-500\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-827703943-2968070239-1256373671-500\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://start.toshiba.com/g/ [binary data]
IE - HKU\S-1-5-21-827703943-2968070239-1256373671-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=TSND&bmod=TSND
IE - HKU\S-1-5-21-827703943-2968070239-1256373671-500\..\SearchScopes,DefaultScope = {908FC05D-1370-4322-860D-2AC539B6CC2A}
IE - HKU\S-1-5-21-827703943-2968070239-1256373671-500\..\SearchScopes\{908FC05D-1370-4322-860D-2AC539B6CC2A}: "URL" = http://www.google.co...ND_enUS413US413
IE - HKU\S-1-5-21-827703943-2968070239-1256373671-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-827703943-2968070239-1256373671-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\coFFPlgn\ [2014/04/29 13:26:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\IPSFF [2013/10/21 22:59:51 | 000,000,000 | ---D | M]
 
[2011/07/12 23:05:34 | 000,002,242 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\AOL Search.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\pdf.dll
CHR - plugin: Java Deployment Toolkit 6.0.170.4 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java™ Platform SE 6 U17 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Windows Live™ Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll
CHR - Extension: Google Drive = C:\Users\Administrator.LBUDJR-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Administrator.LBUDJR-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Administrator.LBUDJR-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Norton Identity Protection = C:\Users\Administrator.LBUDJR-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.4.8.1_0\
CHR - Extension: Google Wallet = C:\Users\Administrator.LBUDJR-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\Administrator.LBUDJR-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll ()
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-827703943-2968070239-1256373671-500\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-827703943-2968070239-1256373671-500\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll ()
O3 - HKU\S-1-5-21-827703943-2968070239-1256373671-500\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: []  File not found
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\LBUDJR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk =  File not found
O4 - Startup: C:\Users\LBUDJR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Serviio.lnk = C:\Program Files\Serviio\bin\ServiioConsole.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-827703943-2968070239-1256373671-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 216.170.153.146
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E70AB049-CEBE-4ECD-94F6-AE893E199148}: DhcpNameServer = 192.168.0.1 216.165.129.157
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F5C61FBD-F554-4AFE-8E5E-0F372CB72B2C}: DhcpNameServer = 192.168.0.1 216.170.153.146
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F5C61FBD-F554-4AFE-8E5E-0F372CB72B2C}: NameServer = 156.154.70.22,156.154.71.22
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18:64bit: - Protocol\Handler\wot - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/04/29 14:09:07 | 000,000,000 | ---D | C] -- C:\Users\Administrator.LBUDJR-PC\Desktop\Paint.NET.3.5.11.Install
[2014/04/29 13:51:41 | 000,000,000 | ---D | C] -- C:\windows\ERUNT
[2014/04/29 13:50:13 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator.LBUDJR-PC\Desktop\OTL.exe
[2014/04/29 13:34:14 | 000,000,000 | ---D | C] -- C:\Users\Administrator.LBUDJR-PC\AppData\Roaming\WinPatrol
[2014/04/29 13:19:36 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/04/29 13:18:50 | 001,933,048 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Administrator.LBUDJR-PC\Desktop\rkill.exe
[2014/04/29 13:17:43 | 001,016,261 | ---- | C] (Thisisu) -- C:\Users\Administrator.LBUDJR-PC\Desktop\JRT.exe
[2014/04/29 04:21:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2014/04/29 04:19:32 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbamchameleon.sys
[2014/04/29 04:19:29 | 000,000,000 | ---D | C] -- C:\Users\Administrator.LBUDJR-PC\Desktop\mbar
[2014/04/29 04:15:14 | 012,589,848 | ---- | C] (Malwarebytes Corp.) -- C:\Users\Administrator.LBUDJR-PC\Desktop\mbar-1.07.0.1009.exe
[2014/04/29 04:08:58 | 000,000,000 | ---D | C] -- C:\Users\Administrator.LBUDJR-PC\AppData\Roaming\SUPERAntiSpyware.com
[2014/04/29 03:59:27 | 000,000,000 | ---D | C] -- C:\Users\Administrator.LBUDJR-PC\AppData\Roaming\Malwarebytes
[2014/04/29 02:23:29 | 000,000,000 | ---D | C] -- C:\Users\Administrator.LBUDJR-PC\AppData\Local\CrashDumps
[2014/04/29 02:17:07 | 000,000,000 | ---D | C] -- C:\Users\Administrator.LBUDJR-PC\Desktop\HH
[2014/04/29 02:16:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CarbonPoker Odds Calculator
[2014/04/29 02:16:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CarbonPoker Odds Calculator
[2014/04/28 22:06:13 | 000,000,000 | ---D | C] -- C:\Users\Administrator.LBUDJR-PC\AppData\Local\eclipse
[2014/04/28 22:05:02 | 000,000,000 | ---D | C] -- C:\Users\Administrator.LBUDJR-PC\AppData\Roaming\Mozilla
[2014/04/28 22:04:59 | 000,000,000 | ---D | C] -- C:\Users\Administrator.LBUDJR-PC\AppData\Local\CarbonPoker
[2014/04/28 22:04:30 | 000,000,000 | ---D | C] -- C:\Users\Administrator.LBUDJR-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CarbonPoker
[2014/04/28 22:04:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CarbonPoker
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/04/29 14:26:44 | 000,000,110 | ---- | M] () -- C:\.dir
[2014/04/29 14:24:40 | 000,215,970 | ---- | M] () -- C:\Users\Administrator.LBUDJR-PC\Desktop\IE Font.jpg
[2014/04/29 14:22:29 | 000,001,897 | ---- | M] () -- C:\Users\Public\Desktop\SAS.lnk
[2014/04/29 14:22:19 | 000,052,813 | ---- | M] () -- C:\Users\Administrator.LBUDJR-PC\Desktop\Small Font 2.jpg
[2014/04/29 14:21:10 | 000,013,718 | ---- | M] () -- C:\Users\Administrator.LBUDJR-PC\Desktop\smallfont1.jpg
[2014/04/29 14:20:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2014/04/29 14:19:17 | 000,122,523 | ---- | M] () -- C:\Users\Administrator.LBUDJR-PC\Desktop\MBAM SC.jpg
[2014/04/29 14:08:47 | 003,739,157 | ---- | M] () -- C:\Users\Administrator.LBUDJR-PC\Desktop\Paint.NET.3.5.11.Install.zip
[2014/04/29 13:50:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator.LBUDJR-PC\Desktop\OTL.exe
[2014/04/29 13:34:00 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/04/29 13:33:11 | 000,015,792 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/04/29 13:33:11 | 000,015,792 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/04/29 13:31:57 | 000,671,750 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2014/04/29 13:31:57 | 000,124,968 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2014/04/29 13:31:56 | 000,793,458 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2014/04/29 13:26:25 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/04/29 13:25:21 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2014/04/29 13:24:49 | 3062,255,616 | -HS- | M] () -- C:\hiberfil.sys
[2014/04/29 13:18:54 | 001,933,048 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Administrator.LBUDJR-PC\Desktop\rkill.exe
[2014/04/29 13:17:48 | 001,016,261 | ---- | M] (Thisisu) -- C:\Users\Administrator.LBUDJR-PC\Desktop\JRT.exe
[2014/04/29 13:17:02 | 001,310,621 | ---- | M] () -- C:\Users\Administrator.LBUDJR-PC\Desktop\AdwCleaner.exe
[2014/04/29 04:19:32 | 000,091,352 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbamchameleon.sys
[2014/04/29 04:15:14 | 012,589,848 | ---- | M] (Malwarebytes Corp.) -- C:\Users\Administrator.LBUDJR-PC\Desktop\mbar-1.07.0.1009.exe
[2014/04/29 02:16:23 | 000,001,121 | ---- | M] () -- C:\Users\Administrator.LBUDJR-PC\Desktop\CarbonPoker Odds Calculator.lnk
[2014/04/28 22:04:46 | 000,001,911 | ---- | M] () -- C:\Users\Administrator.LBUDJR-PC\Desktop\CarbonPoker.lnk
[2014/04/28 18:00:39 | 000,000,000 | ---- | M] () -- C:\windows\ToDisc.INI
[2014/04/28 17:15:38 | 000,283,672 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/04/29 14:24:40 | 000,215,970 | ---- | C] () -- C:\Users\Administrator.LBUDJR-PC\Desktop\IE Font.jpg
[2014/04/29 14:22:19 | 000,052,813 | ---- | C] () -- C:\Users\Administrator.LBUDJR-PC\Desktop\Small Font 2.jpg
[2014/04/29 14:21:10 | 000,013,718 | ---- | C] () -- C:\Users\Administrator.LBUDJR-PC\Desktop\smallfont1.jpg
[2014/04/29 14:19:17 | 000,122,523 | ---- | C] () -- C:\Users\Administrator.LBUDJR-PC\Desktop\MBAM SC.jpg
[2014/04/29 14:08:34 | 003,739,157 | ---- | C] () -- C:\Users\Administrator.LBUDJR-PC\Desktop\Paint.NET.3.5.11.Install.zip
[2014/04/29 13:16:56 | 001,310,621 | ---- | C] () -- C:\Users\Administrator.LBUDJR-PC\Desktop\AdwCleaner.exe
[2014/04/29 02:16:23 | 000,001,121 | ---- | C] () -- C:\Users\Administrator.LBUDJR-PC\Desktop\CarbonPoker Odds Calculator.lnk
[2014/04/28 22:04:46 | 000,001,911 | ---- | C] () -- C:\Users\Administrator.LBUDJR-PC\Desktop\CarbonPoker.lnk
[2014/04/28 18:00:39 | 000,000,000 | ---- | C] () -- C:\windows\ToDisc.INI
[2013/09/20 13:48:10 | 000,000,000 | ---- | C] () -- C:\windows\EEventManager.INI
[2013/09/19 18:24:11 | 000,000,111 | ---- | C] () -- C:\windows\SKCO.INI
[2012/05/17 18:56:51 | 000,000,117 | ---- | C] () -- C:\windows\ODBC.INI
[2012/05/17 18:51:21 | 000,744,030 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012/05/14 20:52:12 | 000,000,077 | ---- | C] () -- C:\windows\EART730.ini
[2011/02/06 01:26:32 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
 
========== ZeroAccess Check ==========
 
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 22:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 21:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2011/09/05 01:49:42 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Book Place
[2013/09/20 13:11:47 | 000,000,000 | ---D | M] -- C:\Users\Administrator.LBUDJR-PC\AppData\Roaming\Epson
[2013/09/20 13:26:48 | 000,000,000 | ---D | M] -- C:\Users\Administrator.LBUDJR-PC\AppData\Roaming\Toshiba
[2014/04/29 13:34:14 | 000,000,000 | ---D | M] -- C:\Users\Administrator.LBUDJR-PC\AppData\Roaming\WinPatrol
[2011/09/05 02:13:19 | 000,000,000 | ---D | M] -- C:\Users\LBUDJR\AppData\Roaming\Book Place
[2012/03/19 11:37:27 | 000,000,000 | ---D | M] -- C:\Users\LBUDJR\AppData\Roaming\Canon
[2014/03/08 23:04:06 | 000,000,000 | ---D | M] -- C:\Users\LBUDJR\AppData\Roaming\Dropbox
[2013/02/16 01:23:41 | 000,000,000 | ---D | M] -- C:\Users\LBUDJR\AppData\Roaming\Epson
[2013/05/18 22:01:46 | 000,000,000 | ---D | M] -- C:\Users\LBUDJR\AppData\Roaming\Marine Aquarium Lite
[2012/02/04 23:22:55 | 000,000,000 | ---D | M] -- C:\Users\LBUDJR\AppData\Roaming\Rovio
[2011/01/11 19:36:34 | 000,000,000 | ---D | M] -- C:\Users\LBUDJR\AppData\Roaming\Skinux
[2011/01/03 18:35:33 | 000,000,000 | ---D | M] -- C:\Users\LBUDJR\AppData\Roaming\Tific
[2012/10/16 00:39:20 | 000,000,000 | ---D | M] -- C:\Users\LBUDJR\AppData\Roaming\Toshiba
[2013/02/16 01:26:21 | 000,000,000 | ---D | M] -- C:\Users\LBUDJR\AppData\Roaming\WildTangent
[2011/01/03 17:37:45 | 000,000,000 | ---D | M] -- C:\Users\LBUDJR\AppData\Roaming\WinBatch
[2012/01/17 18:52:37 | 000,000,000 | ---D | M] -- C:\Users\LBUDJR\AppData\Roaming\WinPatrol
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:07BF512B
 
< End of report >
 
 
**************************************************************
 
 

OTL Extras logfile created on: 4/29/2014 2:27:56 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Administrator.LBUDJR-PC\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16521)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.80 Gb Total Physical Memory | 2.39 Gb Available Physical Memory | 62.95% Memory free
4.08 Gb Paging File | 2.43 Gb Available in Paging File | 59.44% Paging File free
Paging file location(s): C:\pagefile.sys 288 2048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 221.10 Gb Total Space | 135.00 Gb Free Space | 61.06% Space Free | Partition Type: NTFS
 
Computer Name: LBUDJR-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-827703943-2968070239-1256373671-500\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B13CEC5-BB89-453F-AE40-40CC162C734D}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 | 
"{37E70049-B931-40D8-AF57-AFA2A0810A8A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{442B26BC-A777-4BD1-9749-6B30789ECF6D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{5A706FE4-FB0B-454A-844E-C21E034423E7}" = lport=10255 | protocol=6 | dir=in | name=tmc_plugin_port | 
"{65907FA4-4CAE-4F2C-8FDF-A9F2558ADECA}" = lport=138 | protocol=17 | dir=in | app=system | 
"{739162CD-D233-4542-9D6E-3CFE1B01CBBD}" = rport=138 | protocol=17 | dir=out | app=system | 
"{77F27BAE-9950-4B84-8CFF-B24B8253CDD7}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{7EE1378D-B644-4CE0-AAE3-72A4D40DD7DD}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{88BE4A79-B345-42EC-B314-4362437CE1D2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{89E86B8B-38C1-4C08-B90B-69669B0714FF}" = rport=139 | protocol=6 | dir=out | app=system | 
"{8B1BCF1A-DAFF-457C-8BAF-32410334396D}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{8C6926C4-DBC4-4F3D-B6D7-99E4688469E2}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{8D5738F7-34F4-4686-9FF3-D4EFEE069B72}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{94D61A04-9FA9-474C-ADD5-3D02EB81D384}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{973027FC-C265-4A36-AE04-2B2401655A45}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{9B8AE087-A660-4310-813B-C410ECC496AA}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{9D32538E-BC05-4A4B-861A-263CD2F131FA}" = lport=137 | protocol=17 | dir=in | app=system | 
"{9D4E4382-443A-4CBB-A6CF-F16519582BAE}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{A1EB7AED-19C6-4414-914B-59C0E2588547}" = lport=445 | protocol=6 | dir=in | app=system | 
"{A3871152-BDD9-4951-8833-BA4F7DDD27B2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A9119CA5-37DD-4DCB-AAD6-6D67776432C8}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{A9887A9B-E8B8-4FEB-BE1C-A0F6AE21D991}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B1A2A566-618A-47D6-B2F8-BA681B80AB94}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B2D74D8B-C7B6-4DD8-A7AD-828E1D7E1A5C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{B2E468C0-DCE7-4A54-AB72-87C5CC8E35F8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{B5E74E10-203E-4CB4-BA31-B7049E0763A8}" = lport=139 | protocol=6 | dir=in | app=system | 
"{D54D55DA-7CCB-4802-ABC9-C10A9D76726E}" = rport=445 | protocol=6 | dir=out | app=system | 
"{D9E8C374-5A83-4416-9AF8-41F66AAF914D}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
"{DB7ADC12-FBE6-44BB-A533-8E453FB024DB}" = rport=137 | protocol=17 | dir=out | app=system | 
"{E69CAF8B-5098-43BD-836E-D5AF01BA094F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{EA757C13-7D8D-4BBF-9B05-86CEDB4F8F77}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{F918C615-7F4D-422B-9FA9-4153AF2FBAFC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08E06467-5679-429F-984A-2677D1CF05C6}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\comodo\tvnserver.exe | 
"{12AE2B8E-FF84-4EB9-A3A8-4428689D7F76}" = protocol=17 | dir=in | app=c:\users\lbudjr\appdata\roaming\dropbox\bin\dropbox.exe | 
"{253D7D2A-C126-4034-B52F-6048175465FC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{302D4FC8-3F8E-4446-8A7E-AF9DD41E414E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{3FC7DF59-621E-4DDD-BF5F-A8FCECC66D97}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{41090592-EA90-4D59-8FD9-DA442EDC08B3}" = protocol=6 | dir=out | app=system | 
"{434B51AB-AB9D-4485-BA68-4A7E8B46464F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{438A4A07-CF0D-4D7B-99E9-8A97AA4B83EE}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{4E724230-9B66-4348-8695-07E6C2FF5AB6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{5705ED53-0D47-48CE-809F-7EE4774E3C56}" = protocol=6 | dir=in | app=c:\program files\serviio\bin\serviioconsole.exe | 
"{64B9D8E8-6D5D-4B23-9CDE-C5848869441E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{6973F8A0-DD41-411E-AC6F-0F30C085D60A}" = protocol=58 | dir=out | [email protected],-28546 | 
"{6A7A8D3A-40F2-4E06-A6CC-0AF1CBB9B7D5}" = protocol=17 | dir=in | app=d:\common\epsonnet setup\eneasyapp.exe | 
"{6AA8C707-50B3-4E2D-8DE2-73096A2B9251}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\comodo\geekbuddyrsp.exe | 
"{6C968F7D-7AF2-4B57-A303-514D2432B589}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{770434C1-ACCD-4EB7-8B3A-41CE83927934}" = protocol=17 | dir=in | app=c:\program files\serviio\bin\serviioservice.exe | 
"{7BC23697-F487-4F73-9F37-68A17D733E93}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{8675C39D-9947-4FD8-A18A-3FD68AD9F4A7}" = protocol=6 | dir=in | app=d:\common\epsonnet setup\eneasyapp.exe | 
"{8AF53815-9A1C-41FC-9BCA-A01A983143CF}" = protocol=17 | dir=in | app=c:\program files (x86)\aim\aim.exe | 
"{977B3E6A-9269-4A57-83E0-80BE6586EA5D}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{9BB938E8-EAA1-4BF2-AEE7-15728F8889CE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{A76F1424-063F-42E5-BFDF-F5B7375B9EBF}" = protocol=6 | dir=in | app=c:\windows\system32\hasplms.exe | 
"{AA1A449E-51CE-4EB2-965A-F0F6E823DC14}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{AC59D5D3-A26E-49C7-8D21-3D092C616BD7}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{B2D52407-390B-495F-8D7B-518DE5C00D23}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{BC5313AE-E138-4351-82A1-BA3FA9187BEF}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\comodo\geekbuddyrsp.exe | 
"{BDDF8AA5-A1ED-4D0E-8181-9517B4A1EC9E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{C3604C07-066F-4C68-998E-CFD3360E918F}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{C46E5300-444C-49BD-BEAE-C4DA089D4B46}" = protocol=6 | dir=in | app=c:\users\lbudjr\appdata\roaming\dropbox\bin\dropbox.exe | 
"{C54C4202-DCB6-4E20-AAE8-FFD41D066DFF}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{C6E5E53E-684E-45FC-B5D5-8488E44E2DC9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D1D88F53-D0F8-4F3E-B148-68C82804D6F8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{DCDC53E8-95B7-40A8-B6FC-4034FA2E40D4}" = protocol=6 | dir=in | app=c:\program files (x86)\aim\aim.exe | 
"{E0192AE9-8BB5-4C8A-B1D0-AD69C1547BD6}" = protocol=6 | dir=in | app=c:\program files\serviio\bin\serviioservice.exe | 
"{E090C2EA-5128-4E28-9F16-B9C4479E32CD}" = protocol=1 | dir=in | [email protected],-28543 | 
"{E0C2C1C6-8446-4A60-90AC-4A3C5C5892A9}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{E203CEEC-45C1-40ED-9CF9-161B85C2A75F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E5D5C84F-C155-45F0-B3CA-A1EB28ED0910}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{E735B173-915F-4575-9B1A-A3EA9FEAF7DB}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\comodo\tvnserver.exe | 
"{E8692BFD-E117-421E-82DC-164813CAF289}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{ECF48B60-3E87-4E99-BFC2-8AEB7CB84400}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{F0F82E5F-DAF4-480B-8FBC-397B935AC60A}" = protocol=58 | dir=in | [email protected],-28545 | 
"{F249460D-87ED-4386-929B-4091C030113F}" = protocol=17 | dir=in | app=c:\windows\system32\hasplms.exe | 
"{FCE893E6-4CC5-4D01-96F0-A8C3F3B5746E}" = protocol=1 | dir=out | [email protected],-28544 | 
"TCP Query User{C882B088-CE2D-4F39-B690-DE96CF2869CB}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | 
"TCP Query User{FC8D9752-618B-44CE-9383-814461283D5D}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | 
"UDP Query User{AD408237-4CB8-45A1-8421-183451641C9E}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | 
"UDP Query User{B6B1DD17-B784-4064-9DE3-946885B0BD17}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{007811BF-E310-4285-BFC6-55DB29B3EDDE}" = WinPatrol
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86417005FF}" = Java™ 7 Update 5 (64-bit)
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{563F041C-DFDB-437B-A1E8-E141E0906076}" = Microsoft IntelliPoint 8.0
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{787136D2-F0F8-4625-AA3F-72D7795AC842}" = Apple Mobile Device Support
"{814FA673-A085-403C-9545-747FC1495069}" = Epson Customer Participation
"{81E20D41-C277-4526-934D-F2380AF91B78}" = iCloud
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}" = Microsoft SQL Server Native Client
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{A0E99122-25C1-4CA4-9063-499A2A814EB6}" = TOSHIBA ReelTime
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B636C9B9-A3F2-4DCE-ADCC-72E095018385}" = Microsoft SQL Server VSS Writer
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{B8BA155B-1E75-405F-9CB4-8A99615D09DC}" = iTunes
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
"{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}" = TOSHIBA Hardware Setup
"{CBD6B23D-41D5-4A46-8019-6208516C9712}" = TOSHIBA Supervisor Password
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CF23AFD7-3078-4134-8823-EBF6D1FE6FAD}" = Canon MP450
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"3D970B9F930E7AAE23C06D39A1AC98548C90B442" = Windows Driver Package - Eastman Kodak KODAK Digital Camera (01/29/2010 1.4.1.0)
"CNXT_AUDIO_HDA" = Conexant HD Audio
"EPSON Artisan 730 Series" = EPSON Artisan 730 Series Printer Uninstall
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Serviio" = Serviio
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{007B37D9-0C45-4202-834B-DD5FAAE99D63}" = ArcSoft Print Creations - Slimline Card
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D795777-9D60-4692-8386-F2B3F2B5E5BF}" = [email protected] 1.0
"{0FB630AB-7BD8-40AE-B223-60397D57C3C9}" = Realtek WLAN Driver
"{10F63395-157F-4B93-AB4D-702A2FF11942}" = Epson Download Navigator
"{111EE7DF-FC45-40C7-98A7-753AC46B12FB}" = QuickTime 7
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = TOSHIBA Assist
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 17
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (COMPASS20)
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3B843B38-04B1-4CE6-8888-586273E0F289}" = Quickbooks Financial Center
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{553C904F-57A2-4113-888E-BA0C3D1C69C0}" = Microsoft VC9 runtime libraries
"{56589DFE-0C29-4DFE-8E42-887B771ECD23}" = ArcSoft Print Creations - Photo Book
"{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = ToshibaRegistration
"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{64BA551C-9AF6-495C-93F3-D1270E0045FC}" = Epson Connect
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA VIDEO PLAYER
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-toshiba" = WildTangent Games App (Toshiba Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7C05EEDD-E565-4E2B-ADE4-0C784C17311C}" = Crystal Reports for .NET Framework 2.0 (x86)
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{8ED43F7E-A8F6-4898-AF11-B6158F2EDF94}" = Epson Event Manager
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_STANDARDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_STANDARDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_STANDARDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_STANDARDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_STANDARDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_STANDARDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_STANDARDR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_STANDARDR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_STANDARDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_STANDARDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_STANDARDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_STANDARDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9092875A-D6E1-4B76-84F5-F9C0C6E14D10}" = ArcSoft PhotoImpression 6
"{91120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{9240D97C-D575-465E-A681-21C0979EE5DF}" = Angry Birds Seasons
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9591C049-5CAE-4E89-A8D9-191F1899628B}" = ArcSoft Print Creations - Funhouse
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = TOSHIBA Application Installer
"{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}" = TOSHIBA Media Controller
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}" = Apple Application Support
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.06)
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B0D83FCD-9D42-43ED-8315-250326AADA02}" = ArcSoft Print Creations - Scrapbook
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{BB51B753-9A0C-4D1D-B3EF-A1B936F55796}" = Toshiba Book Place
"{C3F0CF4C-0A8C-42F1-A585-2EF7886D6039}" = KODAK Share Button App
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Toshiba Online Backup
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar
"{CAE8A0F1-B498-4C23-95FA-55047E730C8F}" = ArcSoft Print Creations
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D23111E1-FF38-44A5-BA9B-05C1FD38F883}" = Compass 2.0
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA84ECBF-4B79-47F2-B34C-95C38484C058}" = Skype Launcher
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E69992ED-A7F6-406C-9280-1C156417BC49}" = TOSHIBA Quality Application
"{E6B4117F-AC59-4B13-9274-EB136E8897EE}" = ArcSoft Print Creations - Album Page
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}" = Toshiba App Place
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F04F9557-81A9-4293-BC49-2C216FA325A7}" = ArcSoft Print Creations - Greeting Card
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{F99520C7-7EE6-472E-8DD8-E60003A9292F}" = WOT for Internet Explorer
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 13 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 13 Plugin
"CanonMyPrinter" = Canon My Printer
"CarbonPoker Odds Calculator_is1" = CarbonPoker Odds Calculator 1.0.8
"EPSON Scanner" = EPSON Scan
"Google Chrome" = Google Chrome
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{A0E99122-25C1-4CA4-9063-499A2A814EB6}" = TOSHIBA ReelTime
"InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
"InstallShield_{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}" = TOSHIBA Hardware Setup
"InstallShield_{CBD6B23D-41D5-4A46-8019-6208516C9712}" = TOSHIBA Supervisor Password
"InstallShield_{D23111E1-FF38-44A5-BA9B-05C1FD38F883}" = Compass 2.0
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"MCLIENT" = Norton Management
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"MP Navigator 2.0" = Canon MP Navigator 2.0
"N360" = Norton 360 Premier Edition
"SKSS-2" = SKSS-2
"STANDARDR" = Microsoft Office Standard 2007
"WildTangent toshiba Master Uninstall" = WildTangent Games
"WinLiveSuite" = Windows Live Essentials
"WT088682" = Bejeweled 2 Deluxe
"WT088696" = Chuzzle Deluxe
"WT088702" = Plants vs. Zombies
"WT088703" = Build-a-lot 2
"WT088710" = Zuma's Revenge
"WT088739" = FATE
"WT088750" = Jewel Quest - Heritage
"WT088759" = Polar Bowler
"WT088760" = Virtual Villagers 4 - The Tree of Life
"WT088761" = Wheel of Fortune 2
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-827703943-2968070239-1256373671-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CarbonPoker" = CarbonPoker
 
< End of report >
 

 

 

 

 


  • 0

Advertisements


#2
SleepyDude

SleepyDude

    Trusted Helper

  • Malware Removal
  • 4,400 posts

Hello again,

 

These logs are looking good let's take care of the rest...

 

Step 1 - Uninstall Programs

You have some programs installed that are outdated, running old versions make the computer vulnerable to infections.

Please open Start > Control Panel > Uninstall a program or Programs and Features if in Classic View, locate these programs on the list and uninstall them:

  •   Java™ 6 Update 17

Note: After the programs have been uninstalled Restart the computer. If requested by the uninstallers restart the computer between uninstalls;


Step 2 - Scan with ESET On-line Scanner

Download Eset On-line Scanner, run the tool and follow the prompts to install the program.
ESET_Scan.png


  • UNCHECK the box's Remove found threats and Scan Archives.
  • Click on Advanced Settings, an check the options:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Disable your AntiVirus and AntiSpyware applications to speedup the scan
    (If you have difficulty properly disabling your security programs, refer to this link)
  • Click Start and then wait for the scan to finish (it will take some time).
    The virus signature database will begin to download and the Scan will start automatically. Be patient this make take some time depending on the speed of your Internet Connection.
  • Once the scan is completed, close the program
  • Use Notepad to open the log file located at C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt
  • Copy and paste the log contents to your reply
  • Enable your AntiVirus and AntiSpyware applications


Step 3 - Security Check

Download Security Check by screen317 from here or here.

  • Save it to the Desktop.
  • Double click the icon SecurityCheckIcon2.png to execute the program.
    SecurityCheck.png
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the full contents of that document.


 

Things I would like to see in your next reply:

  • The ESET log
  • The checkup.txt log

 

 


  • 0

#3
FireFighter254

FireFighter254

    Member

  • Topic Starter
  • Member
  • PipPip
  • 81 posts

Sleepy!! Ok, I will be back home in about an hour and will do so right away. Long time no see!  :spoton:


  • 0

#4
SleepyDude

SleepyDude

    Trusted Helper

  • Malware Removal
  • 4,400 posts

Sleepy!! Ok, I will be back home in about an hour and will do so right away. Long time no see!  :spoton:

 

Yep, almost a day :)


  • 0

#5
FireFighter254

FireFighter254

    Member

  • Topic Starter
  • Member
  • PipPip
  • 81 posts

Ok, ran both and uninstalled the old Java, one step I missed inadvertently was the restart. Let me know if I need to re-do anything since I missed that.

 

The Security Check came back with this: (also the 2nd link posted in your instructions is bad for security check) fyi

 

 UNSUPPORTED OPERATING SYSTEM! ABORTED!
 

 

ESET Log:

 

[email protected] as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=88d833128dee804b89485c59926fb0a2
# engine=18081
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-04-29 11:36:20
# local_time=2014-04-29 07:36:20 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3074 16777214 0 7 44889588 83211592 0 0
# compatibility_mode=3592 16777213 100 91 0 149390676 0 0
# compatibility_mode=5893 16776573 100 94 0 150358030 0 0
# scanned=167503
# found=5
# cleaned=0
# scan_time=3509
sh=97BCCD25561F44E9B13F05F6EEF083C9CE9BA529 ft=1 fh=641f1fb3d2e699c4 vn="Win32/Toolbar.Conduit.Y potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir"
sh=C346676F110C7D86DE2202382AAC5E80BA01C93E ft=1 fh=ad8ff5457260bdd0 vn="a variant of Win32/Packed.Themida potentially unwanted application" ac=I fn="C:\Program Files (x86)\CarbonPoker Odds Calculator\CPOC.exe"
sh=E10546FC8B6BC9C6F131FC5AA5927ABFCBEB5A0B ft=1 fh=547f591de080b43c vn="a variant of MSIL/Adware.Colooader.A application" ac=I fn="C:\Users\Administrator.LBUDJR-PC\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00037c"
sh=C2C7BD3BD6C75D5DBCCA298C785C208AB6C73CF0 ft=1 fh=154117e7567d41ef vn="a variant of Win32/Toolbar.Conduit.P potentially unwanted application" ac=I fn="C:\Users\LBUDJR\AppData\LocalLow\TV_Bar_2_B\ldrtbTV_B.dll"
sh=5C684D51F07A183EEA13D66F5C7E9630C48D93B5 ft=1 fh=53be76e80c29ad73 vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application" ac=I fn="C:\Users\LBUDJR\AppData\LocalLow\TV_Bar_2_B\tbTV_B.dll"

Edited by FireFighter254, 29 April 2014 - 05:50 PM.

  • 0

#6
SleepyDude

SleepyDude

    Trusted Helper

  • Malware Removal
  • 4,400 posts

Hi,

 

Somehow I missed your post!

 

Thanks for the heads up about the SecurityCheck link. Can you try running the application again with the Security programs disabled? I suspect Norton could be blocking the script...

 

Before preparing a fix for you to remove what ESET found I would like to confirm if you installed CarbonPoker Odds Calculator or not.

I notice this type of programs also in your other machine.


  • 0

#7
FireFighter254

FireFighter254

    Member

  • Topic Starter
  • Member
  • PipPip
  • 81 posts

Perfectly alright Sleepy.  Good call! Nortons blocked it I guess. Yes, on the Carbon. Have used them for years and reputable. The PUP the software is picking up is a false positive, many people complain about it (regarding scanner programs) picking it up. I have read. Supposedly, it's a common file packaged with software. So, I wouldn't worry about that one.

 

Below is the log from Security Check:

 

 Results of screen317's Security Check version 0.99.82  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Norton 360 Premier Edition   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Adobe Flash Player 13.0.0.206  
 Adobe Reader XI  
 Google Chrome 34.0.1847.116  
 Google Chrome 34.0.1847.131  
````````Process Check: objlist.exe by Laurent````````  
 Norton ccSvcHst.exe 
 WinPatrol winpatrol.exe 
 BillP Studios WinPatrol WinPatrol.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 2% 
````````````````````End of Log`````````````````````` 

  • 0

#8
SleepyDude

SleepyDude

    Trusted Helper

  • Malware Removal
  • 4,400 posts

Hi,

 

Let's tidy up with an OTL script...

 

Step 1 - Run OTL Fix

ATTENTION: Before running this fix please disable Norton because the program is know for blocking some changes to the system and will attempt to undo any fixes we run.
In order to safeguard your system from problems that can be brought on by a half finished fix, we need to disable both programs by following the directions on this link.

 

  • Right click on the icon OTL.gif and choose Run as Administrator to execute the tool. Make sure all other windows are closed.
    Do not change any other settings unless otherwise told to do so.
  • Under the CustomScanBox.png box at the bottom, paste in the following (excluding the Quote line):

    :Commands
    [CreateRestorePoint]

    :OTL

    :Files
    C:\Users\Administrator.LBUDJR-PC\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00037c
    C:\Users\LBUDJR\AppData\LocalLow\TV_Bar_2_B

    :Commands
    [EmptyTemp]

  • click the RunFixButton.png button at the top. Let the program run uninterrupted.
  • click OK

Notes:

  • When OTL executes the Fix it can shutdown all running processes and you may lose the Desktop and icons, but they will return on reboot
  • OTL may ask to reboot the machine. Please accept right away.
  • The report should appear in Notepad after the reboot. Copy & Paste that report in your next reply and not as attachment.
  • The OTL fix log will be saved in the following location: C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log - where mmddyyy _hhmmss is the date and time when the fix run.


Step 2 - Check Windows System files integrity

  • open the Command Prompt as Administrator (Tutorial)
  • type the following command and press Enter:
    sfc /scannow
    Note: This may take some time to finish.

    If it doesn't say "No integrity violations found" them execute this:
  • In the elevated command prompt, type:
    findstr /c:"[SR]" %windir%\logs\cbs\cbs.log >"%userprofile%\Desktop\sfcdetails.txt"
  • Close the elevated command prompt.
  • Attach to your post the sfcdetails.txt file that was just placed on your Desktop
  • You can safely delete the sfcdetails.txt file afterwards if you like


Things I would like to see in your next reply:

  • The OTL Fix log
  • The sfcdetails.txt in case of errors

  • 0

#9
FireFighter254

FireFighter254

    Member

  • Topic Starter
  • Member
  • PipPip
  • 81 posts

Sleepy,

 

Here is the OTL log, so you can take a peek while I am doing the SFC Scan:

 

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
========== FILES ==========
C:\Users\Administrator.LBUDJR-PC\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00037c moved successfully.
C:\Users\LBUDJR\AppData\LocalLow\TV_Bar_2_B\SearchInNewTab folder moved successfully.
C:\Users\LBUDJR\AppData\LocalLow\TV_Bar_2_B\Repository\conduit_CT3282132_en\ToolbarTranslation folder moved successfully.
C:\Users\LBUDJR\AppData\LocalLow\TV_Bar_2_B\Repository\conduit_CT3282132_en folder moved successfully.
C:\Users\LBUDJR\AppData\LocalLow\TV_Bar_2_B\Repository\conduit_CT3282132_CT3282132\ToolbarSettings folder moved successfully.
C:\Users\LBUDJR\AppData\LocalLow\TV_Bar_2_B\Repository\conduit_CT3282132_CT3282132\ToolbarLogin folder moved successfully.
C:\Users\LBUDJR\AppData\LocalLow\TV_Bar_2_B\Repository\conduit_CT3282132_CT3282132\ToolbarHiddenLogin folder moved successfully.
C:\Users\LBUDJR\AppData\LocalLow\TV_Bar_2_B\Repository\conduit_CT3282132_CT3282132\DynamicDialogs folder moved successfully.
C:\Users\LBUDJR\AppData\LocalLow\TV_Bar_2_B\Repository\conduit_CT3282132_CT3282132\AppsMetaData folder moved successfully.
C:\Users\LBUDJR\AppData\LocalLow\TV_Bar_2_B\Repository\conduit_CT3282132_CT3282132 folder moved successfully.
C:\Users\LBUDJR\AppData\LocalLow\TV_Bar_2_B\Repository folder moved successfully.
C:\Users\LBUDJR\AppData\LocalLow\TV_Bar_2_B\RadioPlayer folder moved successfully.
C:\Users\LBUDJR\AppData\LocalLow\TV_Bar_2_B\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.5.3\bin folder moved successfully.
C:\Users\LBUDJR\AppData\LocalLow\TV_Bar_2_B\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.5.3 folder moved successfully.
C:\Users\LBUDJR\AppData\LocalLow\TV_Bar_2_B\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B} folder moved successfully.
C:\Users\LBUDJR\AppData\LocalLow\TV_Bar_2_B\plugins folder moved successfully.
C:\Users\LBUDJR\AppData\LocalLow\TV_Bar_2_B\MyStuffApps folder moved successfully.
C:\Users\LBUDJR\AppData\LocalLow\TV_Bar_2_B\Logs folder moved successfully.
C:\Users\LBUDJR\AppData\LocalLow\TV_Bar_2_B\ExternalComponent folder moved successfully.
C:\Users\LBUDJR\AppData\LocalLow\TV_Bar_2_B\EmailNotifier folder moved successfully.
C:\Users\LBUDJR\AppData\LocalLow\TV_Bar_2_B\Dialogs\UntrustedAppPendingDialog folder moved successfully.
C:\Users\LBUDJR\AppData\LocalLow\TV_Bar_2_B\Dialogs\UntrustedAppApprovalDialog folder moved successfully.
C:\Users\LBUDJR\AppData\LocalLow\TV_Bar_2_B\Dialogs\UntrustedAddedAppDialog folder moved successfully.
C:\Users\LBUDJR\AppData\LocalLow\TV_Bar_2_B\Dialogs\UninstallDialog folder moved successfully.
C:\Users\LBUDJR\AppData\LocalLow\TV_Bar_2_B\Dialogs\ToolbarUntrustedAppsApprovalDialog folder moved successfully.
C:\Users\LBUDJR\AppData\LocalLow\TV_Bar_2_B\Dialogs\ToolbarFirstTimeDialog\images folder moved successfully.
C:\Users\LBUDJR\AppData\LocalLow\TV_Bar_2_B\Dialogs\ToolbarFirstTimeDialog folder moved successfully.
C:\Users\LBUDJR\AppData\LocalLow\TV_Bar_2_B\Dialogs\SearchProtectorRetakeoverDialog\Images folder moved successfully.
C:\Users\LBUDJR\AppData\LocalLow\TV_Bar_2_B\Dialogs\SearchProtectorRetakeoverDialog folder moved successfully.
C:\Users\LBUDJR\AppData\LocalLow\TV_Bar_2_B\Dialogs\SearchProtectorDialog\Images folder moved successfully.
C:\Users\LBUDJR\AppData\LocalLow\TV_Bar_2_B\Dialogs\SearchProtectorDialog folder moved successfully.
C:\Users\LBUDJR\AppData\LocalLow\TV_Bar_2_B\Dialogs\SearchProtectorBubbleDialog\images folder moved successfully.
C:\Users\LBUDJR\AppData\LocalLow\TV_Bar_2_B\Dialogs\SearchProtectorBubbleDialog folder moved successfully.
C:\Users\LBUDJR\AppData\LocalLow\TV_Bar_2_B\Dialogs\NewSearchProtectorDialog\images folder moved successfully.
C:\Users\LBUDJR\AppData\LocalLow\TV_Bar_2_B\Dialogs\NewSearchProtectorDialog folder moved successfully.
C:\Users\LBUDJR\AppData\LocalLow\TV_Bar_2_B\Dialogs\EngineFirstTimeDialog folder moved successfully.
C:\Users\LBUDJR\AppData\LocalLow\TV_Bar_2_B\Dialogs\DetectedAppDialog folder moved successfully.
C:\Users\LBUDJR\AppData\LocalLow\TV_Bar_2_B\Dialogs\DefualtImages folder moved successfully.
C:\Users\LBUDJR\AppData\LocalLow\TV_Bar_2_B\Dialogs\AddedAppDialog folder moved successfully.
C:\Users\LBUDJR\AppData\LocalLow\TV_Bar_2_B\Dialogs folder moved successfully.
C:\Users\LBUDJR\AppData\LocalLow\TV_Bar_2_B\CacheIcons folder moved successfully.
C:\Users\LBUDJR\AppData\LocalLow\TV_Bar_2_B folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
 
User: Administrator.LBUDJR-PC
->Temp folder emptied: 4562331 bytes
->Temporary Internet Files folder emptied: 61629260 bytes
->Google Chrome cache emptied: 226864966 bytes
->Flash cache emptied: 3959 bytes
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: LBUDJR
->Temp folder emptied: 1507 bytes
->Temporary Internet Files folder emptied: 1675 bytes
->Java cache emptied: 731 bytes
->FireFox cache emptied: 117060990 bytes
->Google Chrome cache emptied: 439958198 bytes
->Flash cache emptied: 7785 bytes
 
User: postgres
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 42371476 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 51442594 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 900.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 05012014_160834
 
Files\Folders moved on Reboot...
C:\Users\Administrator.LBUDJR-PC\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Administrator.LBUDJR-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File\Folder C:\windows\temp\hsperfdata_LBUDJR-PC$\2560 not found!
C:\windows\temp\e4jCFBC.tmp_dir1398815712\exe4jlib.jar moved successfully.
File move failed. C:\windows\temp\TmpFile1 scheduled to be moved on reboot.
 
PendingFileRenameOperations files...
 
Registry entries deleted on Reboot...

  • 0

#10
FireFighter254

FireFighter254

    Member

  • Topic Starter
  • Member
  • PipPip
  • 81 posts

Upon completion of the SFC Scan, it reported within the cmd prompt : 

 

Windows Resource Protection did not find any integrity violations


  • 0

Advertisements


#11
SleepyDude

SleepyDude

    Trusted Helper

  • Malware Removal
  • 4,400 posts

Hi,

 

Log's are ok. So the remaining issue is the font problem?

 

Can you create a new user account just for checking if the problem is system wide or only some settings in your wife user account?


  • 0

#12
FireFighter254

FireFighter254

    Member

  • Topic Starter
  • Member
  • PipPip
  • 81 posts

Ok, great. Yes, it seems to be system wide. For example, running the OTL, the font was so small I could hardly read it.


  • 0

#13
SleepyDude

SleepyDude

    Trusted Helper

  • Malware Removal
  • 4,400 posts

Open the Control Panel, Appearance and Personalization, under Display there is an option to "Make text and other items larger or smaller"

 

MakeItEasierToReadWhatsOnYourScreen.png

 

Is this option set to 100%? Also tell me what is the current screen resolution.


  • 0

#14
SleepyDude

SleepyDude

    Trusted Helper

  • Malware Removal
  • 4,400 posts

Another thing to try:

  1. Open Fonts by clicking the Start button, clicking Control Panel, clicking Appearance and Personalization, and then clicking Fonts.
  2. In the left pane, click Font settings.
  3. Click Restore default font settings.

  • 0

#15
FireFighter254

FireFighter254

    Member

  • Topic Starter
  • Member
  • PipPip
  • 81 posts

The Screen Res is where it always has been at the recommended 1366 x 768.

 

Font Size at the Default, tried medium, problem still remains.

 

Restored font, problem still remains.

 

It's baffling me


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP