Solved Help removing Trojan Win64/Sirefef.Y

ComboFix 12-06-13.01 - McKamely 06/13/2012 8:01.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6051.4055 [GMT -5:00]
Running from: E:\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\programdata\xp
c:\programdata\xp\EBLib.dll
c:\programdata\xp\TPwSav.sys
c:\windows\system32\Thumbs.db
.
.
((((((((((((((((((((((((( Files Created from 2012-05-13 to 2012-06-13 )))))))))))))))))))))))))))))))
.
.
2012-06-13 13:07 . 2012-06-13 13:07 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{08ECE7A1-4285-4203-9EAB-F67DA283B269}\offreg.dll
2012-06-13 13:05 . 2012-06-13 13:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-13 04:38 . 2012-06-13 05:56 -------- d-----w- C:\FRST
2012-06-12 18:19 . 2012-06-12 18:18 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F492672D-D0BF-4209-BCFD-E73490BDCCC9}\gapaengine.dll
2012-06-12 18:19 . 2012-05-08 15:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{08ECE7A1-4285-4203-9EAB-F67DA283B269}\mpengine.dll
2012-06-12 18:17 . 2012-06-12 18:17 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-06-12 18:17 . 2012-06-12 18:17 -------- d-----w- c:\program files\Microsoft Security Client
2012-06-12 17:56 . 2012-06-12 17:56 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-06-12 17:53 . 2012-06-12 18:23 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-12 17:52 . 2012-06-12 17:52 -------- d-----w- c:\programdata\B7E858A70025358D012D4C0DB4EB2367
2012-06-09 18:56 . 2012-06-09 18:56 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-05-17 23:28 . 2012-06-02 00:57 -------- d-----w- c:\windows\system32\drivers\NISx64\1307010.005
2012-05-15 11:34 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AFBE59C3-C787-44B6-BC76-5C24DB8532FC}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-12 18:23 . 2011-07-27 07:11 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-18 20:05 . 2012-04-18 20:05 19304 ----a-w- c:\windows\system32\drivers\grmnusb.sys
2012-04-18 20:05 . 2012-04-18 20:05 30568 ----a-w- c:\windows\system32\drivers\grmngen.sys
2012-04-04 20:56 . 2012-01-04 18:45 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-31 06:05 . 2012-05-12 12:21 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-31 04:39 . 2012-05-12 12:21 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-31 04:39 . 2012-05-12 12:21 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-31 03:10 . 2012-05-12 12:21 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-03-30 11:35 . 2012-05-12 12:20 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-26 20:40 . 2011-11-21 21:25 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-03-21 01:44 . 2012-03-21 01:44 98688 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-21 01:44 . 2012-03-21 01:44 203888 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-03-17 07:58 . 2012-05-12 12:20 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-11-21 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2010-11-09 532480]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2011-03-10 423936]
"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2010-08-16 34160]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-07-12 1298816]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"CaddieSyncConduit"="c:\program files (x86)\SkyGolf\CaddieSync Express\CaddieSyncExpress.exe" [2012-02-08 2371960]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe" [2011-06-16 2922496]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2011-8-29 16032]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-21 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-12 257696]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-21 136176]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-06-01 340240]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver;c:\windows\system32\DRIVERS\silabenm.sys [x]
R3 silabser;Silicon Labs CP210x USB to UART Bridge Driver;c:\windows\system32\DRIVERS\silabser.sys [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-07-12 57216]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-06-10 138152]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2011-07-01 828856]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1307010.005\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1307010.005\SYMEFA64.SYS [x]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [x]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20111221.003\BHDrvx64.sys [2011-12-22 1156216]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1307010.005\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20120106.002\IDSvia64.sys [2011-12-29 488568]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1307010.005\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1307010.005\SYMNETS.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-09-05 64952]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-25 13672]
S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2011-12-19 394672]
S2 Kodak Cloud Software Connector;Kodak Cloud Software Connector;c:\program files (x86)\Kodak\CloudPrinting\KCPConnector.exe [2011-09-26 1526192]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe [2012-03-27 138232]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2011-05-24 294848]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
S3 CeKbFilter;CeKbFilter;c:\windows\system32\DRIVERS\CeKbFilter.sys [x]
S3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-12 18:23]
.
2012-06-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-21 21:25]
.
2012-06-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-21 21:25]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-07-02 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-07-02 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-07-02 416024]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-01-26 11775592]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-01-18 2188904]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-06-01 1935120]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2011-06-10 710560]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe" [2011-06-16 2922496]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 24.217.0.5 24.217.201.67 24.247.15.53
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-EA Core - c:\program files (x86)\Electronic Arts\EADM\Core.exe
Wow6432Node-HKLM-Run-TSleepSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
Wow6432Node-HKLM-Run-Conime - c:\windows\system32\conime.exe
Toolbar-Locked - (no file)
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe
HKLM-Run-TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.7.1.5\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\TOSHIBA\widimon\widimon.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-06-13 08:13:32 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-13 13:13
.
Pre-Run: 515,402,862,592 bytes free
Post-Run: 515,534,413,824 bytes free
.
- - End Of File - - EABC074FBF7220CE4E35D4A16C94ADD2
 
You're running two AV programs, MSE and Norton.
One of them has to go.
If Norton use this tool to uninstall it: http://majorgeeks.com/Norton_Removal_Tool_SymNRT_d4749.html

==========================================================

Combofix log looks good.

Any current issues?

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\tasks\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /I " " /c
dir /b "%systemroot%\*.exe" | find /I " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
Here is the OTL log broken up into a couple posts.

OTL logfile created on: 6/13/2012 12:46:27 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\McKamely\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 66.00% Memory free
12.00 Gb Paging File | 10.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 579.61 Gb Total Space | 481.88 Gb Free Space | 83.14% Space Free | Partition Type: NTFS
Drive D: | 702.31 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MCKAMELY-PC
Current User Name: McKamely
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2012/06/13 12:42:57 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\McKamely\Downloads\OTL.exe
PRC - [2012/02/24 06:13:25 | 000,307,824 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2012/02/08 17:23:28 | 002,371,960 | ---- | M] (SkyHawke) -- C:\Program Files (x86)\SkyGolf\CaddieSync Express\CaddieSyncExpress.exe
PRC - [2011/12/19 17:32:26 | 000,394,672 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
PRC - [2011/11/21 16:26:46 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2011/10/24 22:32:00 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2011/09/25 20:46:54 | 001,526,192 | ---- | M] () -- C:\Program Files (x86)\Kodak\CloudPrinting\KCPConnector.exe
PRC - [2011/09/05 11:04:54 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/08/25 18:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2011/02/01 16:24:42 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2011/02/01 16:24:40 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010/12/25 19:05:54 | 001,716,144 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\widimon\widimon.exe
PRC - [2010/08/16 13:54:50 | 000,034,160 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
PRC - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe


========== Modules (SafeList) ==========

MOD - [2012/06/13 12:42:57 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\McKamely\Downloads\OTL.exe
MOD - [2010/11/20 22:23:55 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
MOD - [2009/07/13 20:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011/07/01 14:46:14 | 000,828,856 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2011/06/10 00:10:00 | 000,138,152 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2011/06/01 15:38:30 | 001,517,328 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2011/06/01 15:23:40 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2011/06/01 15:19:58 | 000,844,560 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2011/05/24 12:58:12 | 000,294,848 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2011/05/17 17:34:18 | 000,574,896 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2011/04/20 18:16:04 | 000,558,592 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\ThpSrv.exe -- (Thpsrv)
SRV:64bit: - [2011/03/28 23:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV:64bit: - [2010/10/20 17:41:00 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/06/12 13:23:06 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/06/05 15:17:44 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/12/19 17:32:26 | 000,394,672 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe -- (Kodak AiO Network Discovery Service)
SRV - [2011/10/24 22:32:00 | 000,055,144 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2011/09/25 20:46:54 | 001,526,192 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Kodak\CloudPrinting\KCPConnector.exe -- (Kodak Cloud Software Connector)
SRV - [2011/09/05 11:04:54 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/08/25 18:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2011/07/11 20:16:06 | 000,057,216 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2011/02/01 16:24:42 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2011/02/01 16:24:40 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010/03/18 15:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/04/18 15:05:16 | 000,019,304 | ---- | M] (GARMIN Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\grmnusb.sys -- (grmnusb)
DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2011/11/21 16:05:36 | 000,020,592 | ---- | M] (Compal Electronics, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CeKbFilter.sys -- (CeKbFilter)
DRV:64bit: - [2011/08/02 18:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/08/01 16:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/08/01 16:59:06 | 000,023,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2011/06/27 12:55:50 | 012,231,584 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/06/21 18:19:14 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2011/06/21 18:19:12 | 000,034,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2011/06/10 07:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/06/09 22:28:22 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2011/05/18 09:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2011/05/01 17:33:06 | 008,593,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel(R)
DRV:64bit: - [2011/03/23 20:10:28 | 000,036,992 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\thpdrv.sys -- (Thpdrv)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/10 17:52:34 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011/02/10 17:52:34 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2011/02/08 22:07:00 | 000,038,096 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2011/02/08 14:13:42 | 000,069,120 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\silabser.sys -- (silabser)
DRV:64bit: - [2011/02/08 14:13:42 | 000,027,336 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\silabenm.sys -- (silabenm)
DRV:64bit: - [2011/02/03 22:59:06 | 001,413,680 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/01/31 19:04:42 | 000,174,168 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2011/01/12 20:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 22:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/19 19:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2010/10/15 19:28:18 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2010/03/22 13:55:20 | 000,046,192 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter)
DRV:64bit: - [2009/07/30 23:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 18:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/29 19:16:20 | 000,014,784 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Thpevm.sys -- (Thpevm)
DRV:64bit: - [2009/06/19 22:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-4257975150-2182168125-953510654-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-4257975150-2182168125-953510654-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-4257975150-2182168125-953510654-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4257975150-2182168125-953510654-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local



O1 HOSTS File: ([2012/06/13 08:08:06 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-4257975150-2182168125-953510654-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-4257975150-2182168125-953510654-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\SysNative\spool\drivers\x64\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [ThpSrv] C:\windows\SysNative\thpsrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CaddieSyncConduit] C:\Program Files (x86)\SkyGolf\CaddieSync Express\CaddieSyncExpress.exe (SkyHawke)
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\windows\SysWow64\spool\DRIVERS\x64\3\EKIJ5000MUI.exe File not found
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKU\S-1-5-21-4257975150-2182168125-953510654-1001..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4257975150-2182168125-953510654-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4257975150-2182168125-953510654-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-4257975150-2182168125-953510654-1001\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.217.0.5 24.217.201.67 24.247.15.53
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O30:64bit: - LSA: Security Packages - (livessp) - C:\windows\SysNative\livessp.dll (Microsoft Corp.)
O30 - LSA: Security Packages - (livessp) - C:\windows\SysWow64\livessp.dll (Microsoft Corp.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.VP60 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 90 Days ==========

[2012/06/13 08:08:08 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/06/13 08:05:45 | 000,000,000 | ---D | C] -- C:\windows\temp
[2012/06/13 07:59:59 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2012/06/13 07:59:59 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2012/06/13 07:59:59 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2012/06/13 07:59:55 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
[2012/06/13 07:53:49 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/06/12 23:38:32 | 000,000,000 | ---D | C] -- C:\FRST
[2012/06/12 13:17:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/06/12 13:17:35 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/06/12 12:56:38 | 000,000,000 | -HSD | C] -- C:\windows\SysNative\%APPDATA%
[2012/06/12 12:52:40 | 000,000,000 | ---D | C] -- C:\ProgramData\B7E858A70025358D012D4C0DB4EB2367
[2012/06/09 13:56:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012/04/23 12:22:41 | 000,000,000 | ---D | C] -- C:\Users\McKamely\AppData\Local\SkyHawke
[2012/04/23 12:22:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SkyGolf
[2012/04/18 15:05:16 | 000,019,304 | ---- | C] (GARMIN Corp.) -- C:\windows\SysNative\drivers\grmnusb.sys
[2012/04/18 15:05:06 | 000,030,568 | ---- | C] (GARMIN Corp.) -- C:\windows\SysNative\drivers\grmngen.sys
[2012/04/14 12:11:16 | 000,000,000 | ---D | C] -- C:\Users\McKamely\Documents\Outlook Files
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2012/06/13 12:48:07 | 003,670,016 | -HS- | M] () -- C:\Users\McKamely\NTUSER.DAT
[2012/06/13 12:46:28 | 000,025,120 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/13 12:46:28 | 000,025,120 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/13 12:45:00 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/13 12:43:11 | 000,729,864 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/06/13 12:43:11 | 000,626,534 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/06/13 12:43:11 | 000,107,778 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/06/13 12:39:55 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/13 12:38:35 | 000,000,006 | -H-- | M] () -- C:\windows\tasks\SA.DAT
[2012/06/13 12:38:29 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/06/13 12:38:25 | 463,486,975 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/13 12:28:17 | 000,424,656 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012/06/13 08:23:04 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/06/13 08:16:52 | 001,605,692 | ---- | M] () -- C:\windows\SysNative\drivers\NISx64\1307010.005\Cat.DB
[2012/06/13 08:15:34 | 001,031,038 | -H-- | M] () -- C:\Users\McKamely\AppData\Local\IconCache.db
[2012/06/13 08:08:11 | 000,000,215 | ---- | M] () -- C:\windows\system.ini
[2012/06/13 08:08:06 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2012/06/13 07:59:34 | 000,000,623 | ---- | M] () -- C:\Users\McKamely\Desktop\ComboFix - Shortcut.lnk
[2012/06/12 22:54:03 | 000,000,512 | ---- | M] () -- C:\Users\McKamely\Desktop\MBR.dat
[2012/06/12 13:17:51 | 000,001,945 | ---- | M] () -- C:\windows\epplauncher.mif
[2012/06/12 13:17:44 | 000,743,534 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012/06/11 19:30:20 | 000,153,624 | ---- | M] () -- C:\Users\McKamely\Documents\lady_gaga_makeover.jpg
[2012/06/09 13:56:54 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/06/01 19:57:25 | 000,004,782 | ---- | M] () -- C:\windows\SysNative\drivers\NISx64\1307010.005\VT20111023.022
[2012/05/23 05:05:08 | 000,899,188 | ---- | M] () -- C:\Users\McKamely\Documents\Disney 2012 582.JPG
[2012/05/23 04:25:53 | 002,210,851 | ---- | M] () -- C:\Users\McKamely\Documents\Disney 2012 581.JPG
[2012/05/23 04:24:07 | 001,508,423 | ---- | M] () -- C:\Users\McKamely\Documents\Disney 2012 580.JPG
[2012/05/23 04:24:00 | 001,653,716 | ---- | M] () -- C:\Users\McKamely\Documents\Disney 2012 579.JPG
[2012/05/23 04:23:02 | 001,146,384 | ---- | M] () -- C:\Users\McKamely\Documents\Disney 2012 577.JPG
[2012/05/21 08:06:49 | 000,988,081 | ---- | M] () -- C:\Users\McKamely\Documents\Disney 2012 576.JPG
[2012/05/21 08:06:35 | 001,107,882 | ---- | M] () -- C:\Users\McKamely\Documents\Disney 2012 575.JPG
[2012/05/21 08:06:20 | 000,990,874 | ---- | M] () -- C:\Users\McKamely\Documents\Disney 2012 574.JPG
[2012/05/19 01:56:20 | 000,956,432 | ---- | M] () -- C:\Users\McKamely\Documents\Disney 2012 572.JPG
[2012/05/19 01:55:58 | 001,031,934 | ---- | M] () -- C:\Users\McKamely\Documents\Disney 2012 571.JPG
[2012/05/19 01:55:19 | 001,126,747 | ---- | M] () -- C:\Users\McKamely\Documents\Disney 2012 570.JPG
[2012/05/19 01:54:30 | 000,985,816 | ---- | M] () -- C:\Users\McKamely\Documents\Disney 2012 569.JPG
[2012/05/19 00:21:07 | 001,169,584 | ---- | M] () -- C:\Users\McKamely\Documents\Disney 2012 567.JPG
[2012/05/19 00:20:58 | 001,277,225 | ---- | M] () -- C:\Users\McKamely\Documents\Disney 2012 566.JPG
[2012/05/19 00:20:50 | 001,375,331 | ---- | M] () -- C:\Users\McKamely\Documents\Disney 2012 565.JPG
[2012/05/19 00:20:38 | 001,264,461 | ---- | M] () -- C:\Users\McKamely\Documents\Disney 2012 564.JPG
[2012/05/18 19:35:02 | 001,065,592 | ---- | M] () -- C:\Users\McKamely\Documents\Disney 2012 562.JPG
[2012/05/17 18:35:55 | 000,945,272 | ---- | M] () -- C:\Users\McKamely\Documents\Disney 2012 561.JPG
[2012/05/17 18:35:48 | 000,984,136 | ---- | M] () -- C:\Users\McKamely\Documents\Disney 2012 560.JPG
[2012/05/09 09:18:29 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/08 12:51:52 | 000,139,813 | ---- | M] () -- C:\Users\McKamely\Documents\image.jpg
[2012/05/07 04:38:20 | 000,921,726 | ---- | M] () -- C:\Users\McKamely\Documents\Disney 2012 559.JPG
[2012/05/07 04:32:57 | 001,184,432 | ---- | M] () -- C:\Users\McKamely\Documents\Disney 2012 557.JPG
[2012/05/07 04:32:50 | 001,149,706 | ---- | M] () -- C:\Users\McKamely\Documents\Disney 2012 556.JPG
[2012/05/03 17:55:43 | 000,809,093 | ---- | M] () -- C:\Users\McKamely\Documents\Disney 2012 555.JPG
[2012/05/03 17:55:35 | 000,939,379 | ---- | M] () -- C:\Users\McKamely\Documents\Disney 2012 554.JPG
[2012/05/03 11:15:05 | 000,015,679 | ---- | M] () -- C:\Users\McKamely\Documents\Bank of America.docx
[2012/05/03 11:00:54 | 000,015,187 | ---- | M] () -- C:\Users\McKamely\Documents\Bank of America1.docx
[2012/05/03 08:56:05 | 000,012,686 | ---- | M] () -- C:\Users\McKamely\Documents\Doc2.docx
[2012/05/01 23:33:53 | 001,027,742 | ---- | M] () -- C:\Users\McKamely\Documents\Disney 2012 552.JPG
[2012/05/01 12:25:47 | 000,058,307 | ---- | M] () -- C:\Users\McKamely\Documents\pegassus_dressup.jpg
[2012/04/25 16:15:48 | 000,160,038 | ---- | M] () -- C:\Users\McKamely\Documents\AustinPoster.jpg
[2012/04/25 04:03:00 | 001,088,178 | ---- | M] () -- C:\Users\McKamely\Documents\Disney 2012 551.JPG
[2012/04/25 04:02:54 | 001,144,835 | ---- | M] () -- C:\Users\McKamely\Documents\Disney 2012 550.JPG
[2012/04/24 18:02:05 | 000,016,709 | ---- | M] () -- C:\Users\McKamely\Documents\Alex fav hair.docx
[2012/04/23 12:23:55 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_Kernel_silabser_01009.Wdf
[2012/04/18 15:05:16 | 000,019,304 | ---- | M] (GARMIN Corp.) -- C:\windows\SysNative\drivers\grmnusb.sys
[2012/04/18 15:05:06 | 000,030,568 | ---- | M] (GARMIN Corp.) -- C:\windows\SysNative\drivers\grmngen.sys
[2012/04/16 17:42:55 | 000,223,375 | ---- | M] () -- C:\Users\McKamely\Documents\Tor al.pptx
[2012/04/14 12:11:18 | 000,001,142 | ---- | M] () -- C:\Users\McKamely\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2012/04/14 12:07:06 | 000,074,640 | ---- | M] () -- C:\Users\McKamely\Documents\Presentation1.pptx
[2012/04/14 02:48:05 | 001,595,611 | ---- | M] () -- C:\Users\McKamely\Documents\Disney 2012 549.JPG
[2012/04/13 07:29:55 | 000,000,478 | ---- | M] () -- C:\windows\win.ini
[2012/04/08 17:22:03 | 000,014,200 | ---- | M] () -- C:\Users\McKamely\Documents\Donations 2012.docx
[2012/04/07 06:08:27 | 001,728,956 | ---- | M] () -- C:\Users\McKamely\Documents\Disney 2012 547.JPG
[2012/04/07 06:08:21 | 002,237,155 | ---- | M] () -- C:\Users\McKamely\Documents\Disney 2012 546.JPG
[2012/04/07 06:07:46 | 001,080,459 | ---- | M] () -- C:\Users\McKamely\Documents\Disney 2012 545.JPG
[2012/04/07 06:07:38 | 001,290,100 | ---- | M] () -- C:\Users\McKamely\Documents\Disney 2012 544.JPG
[2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2012/03/29 19:32:52 | 000,023,212 | ---- | M] () -- C:\Users\McKamely\Documents\FIFTH GRADE CONTRACT.docx
[2012/03/27 07:14:52 | 001,715,129 | ---- | M] () -- C:\Users\McKamely\Documents\Type the document title.docx
[2012/03/16 07:34:57 | 001,527,277 | ---- | M] () -- C:\Users\McKamely\Documents\Disney 2012 542.JPG
[2012/03/16 07:34:50 | 001,159,684 | ---- | M] () -- C:\Users\McKamely\Documents\Disney 2012 541.JPG
[2012/03/16 07:34:39 | 001,123,997 | ---- | M] () -- C:\Users\McKamely\Documents\Disney 2012 540.JPG
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/13 07:59:59 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2012/06/13 07:59:59 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2012/06/13 07:59:59 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2012/06/13 07:59:59 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2012/06/13 07:59:59 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2012/06/13 07:59:34 | 000,000,623 | ---- | C] () -- C:\Users\McKamely\Desktop\ComboFix - Shortcut.lnk
[2012/06/12 22:54:03 | 000,000,512 | ---- | C] () -- C:\Users\McKamely\Desktop\MBR.dat
[2012/06/12 12:53:05 | 000,000,830 | ---- | C] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/06/11 19:30:18 | 000,153,624 | ---- | C] () -- C:\Users\McKamely\Documents\lady_gaga_makeover.jpg
[2012/06/03 14:01:24 | 002,352,141 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 002.JPG
[2012/06/03 14:01:23 | 003,247,834 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 032.JPG
[2012/06/03 14:01:23 | 002,887,955 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 034.JPG
[2012/06/03 14:01:23 | 002,868,336 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 030.JPG
[2012/06/03 14:01:23 | 002,766,595 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 036.JPG
[2012/06/03 14:01:23 | 002,743,995 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 011.JPG
[2012/06/03 14:01:23 | 002,733,090 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 021.JPG
[2012/06/03 14:01:23 | 002,698,351 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 035.JPG
[2012/06/03 14:01:23 | 002,500,503 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 037.JPG
[2012/06/03 14:01:23 | 002,490,312 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 012.JPG
[2012/06/03 14:01:23 | 002,477,308 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 025.JPG
[2012/06/03 14:01:23 | 002,433,146 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 014.JPG
[2012/06/03 14:01:23 | 002,397,340 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 015.JPG
[2012/06/03 14:01:23 | 002,380,456 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 029.JPG
[2012/06/03 14:01:23 | 002,333,524 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 027.JPG
[2012/06/03 14:01:23 | 002,314,677 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 024.JPG
[2012/06/03 14:01:23 | 002,241,034 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 017.JPG
[2012/06/03 14:01:23 | 002,195,806 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 005.JPG
[2012/06/03 14:01:23 | 002,152,298 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 010.JPG
[2012/06/03 14:01:23 | 002,148,118 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 004.JPG
[2012/06/03 14:01:23 | 002,133,294 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 007.JPG
[2012/06/03 14:01:23 | 002,112,889 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 009.JPG
[2012/06/03 14:01:23 | 002,067,636 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 006.JPG
[2012/06/03 14:01:23 | 002,027,612 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 031.JPG
[2012/06/03 14:01:23 | 002,019,172 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 022.JPG
[2012/06/03 14:01:23 | 001,970,396 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 020.JPG
[2012/06/03 14:01:23 | 001,896,800 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 026.JPG
[2012/06/03 14:01:23 | 001,889,320 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 019.JPG
[2012/06/03 14:01:23 | 001,392,337 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 016.JPG
[2012/06/03 14:01:22 | 005,049,426 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 039.JPG
[2012/06/03 14:01:22 | 003,642,963 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 061.JPG
[2012/06/03 14:01:22 | 003,561,724 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 057.JPG
[2012/06/03 14:01:22 | 003,518,807 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 060.JPG
[2012/06/03 14:01:22 | 003,403,955 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 041.JPG
[2012/06/03 14:01:22 | 003,302,343 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 052.JPG
[2012/06/03 14:01:22 | 003,244,409 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 054.JPG
[2012/06/03 14:01:22 | 003,119,624 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 055.JPG
[2012/06/03 14:01:22 | 003,097,659 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 040.JPG
[2012/06/03 14:01:22 | 003,060,844 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 047.JPG
[2012/06/03 14:01:22 | 002,946,023 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 051.JPG
[2012/06/03 14:01:22 | 002,680,591 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 050.JPG
[2012/06/03 14:01:22 | 002,625,011 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 049.JPG
[2012/06/03 14:01:22 | 002,580,334 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 056.JPG
[2012/06/03 14:01:22 | 002,560,180 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 064.JPG
[2012/06/03 14:01:22 | 002,508,102 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 046.JPG
[2012/06/03 14:01:22 | 002,497,839 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 067.JPG
[2012/06/03 14:01:22 | 002,377,457 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 059.JPG
[2012/06/03 14:01:22 | 002,145,346 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 042.JPG
[2012/06/03 14:01:22 | 002,094,953 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 065.JPG
[2012/06/03 14:01:22 | 001,826,421 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 044.JPG
[2012/06/03 14:01:22 | 001,818,276 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 066.JPG
[2012/06/03 14:01:22 | 001,634,993 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 045.JPG
[2012/06/03 14:01:22 | 001,285,460 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 062.JPG
[2012/06/03 14:01:21 | 002,466,526 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 069.JPG
[2012/06/03 14:01:20 | 011,161,926 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 070.AVI
[2012/06/03 14:01:20 | 002,786,616 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 075.JPG
[2012/06/03 14:01:20 | 002,409,183 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 074.JPG
[2012/06/03 14:01:20 | 002,334,737 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 071.JPG
[2012/06/03 14:01:20 | 002,323,171 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 077.JPG
[2012/06/03 14:01:20 | 002,151,416 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 072.JPG
[2012/06/03 14:01:20 | 002,120,776 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 079.JPG
[2012/06/03 14:01:20 | 002,030,675 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 076.JPG
[2012/06/03 14:01:19 | 002,225,966 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 080.JPG
[2012/06/03 14:01:07 | 129,143,142 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 081.AVI
[2012/06/03 14:01:06 | 003,883,792 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 082.AVI
[2012/06/03 14:01:06 | 002,808,595 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 087.JPG
[2012/06/03 14:01:06 | 002,782,332 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 085.JPG
[2012/06/03 14:01:06 | 002,654,465 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 086.JPG
[2012/06/03 14:01:06 | 002,585,616 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 084.JPG
[2012/06/03 14:01:06 | 001,606,719 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 089.JPG
[2012/06/03 14:01:00 | 067,671,706 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 090.AVI
[2012/06/03 14:00:59 | 024,571,352 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 091.AVI
[2012/06/03 14:00:59 | 002,743,157 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 092.JPG
[2012/06/03 14:00:59 | 002,218,087 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 094.JPG
[2012/06/03 14:00:59 | 001,754,343 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 095.JPG
[2012/06/03 14:00:58 | 005,126,728 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 101.JPG
[2012/06/03 14:00:58 | 003,600,016 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 105.JPG
[2012/06/03 14:00:58 | 003,585,737 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 100.JPG
[2012/06/03 14:00:58 | 003,295,850 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 104.JPG
[2012/06/03 14:00:58 | 003,098,627 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 099.JPG
[2012/06/03 14:00:58 | 002,945,905 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 102.JPG
[2012/06/03 14:00:58 | 002,893,418 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 106.JPG
[2012/06/03 14:00:58 | 002,851,207 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 175.JPG
[2012/06/03 14:00:58 | 002,769,978 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 112.JPG
[2012/06/03 14:00:58 | 002,739,749 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 116.JPG
[2012/06/03 14:00:58 | 002,558,400 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 150.JPG
[2012/06/03 14:00:58 | 002,556,402 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 114.JPG
[2012/06/03 14:00:58 | 002,539,078 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 196.JPG
[2012/06/03 14:00:58 | 002,499,916 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 115.JPG
[2012/06/03 14:00:58 | 002,496,920 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 151.JPG
[2012/06/03 14:00:58 | 002,492,325 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 152.JPG
[2012/06/03 14:00:58 | 002,473,308 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 142.JPG
[2012/06/03 14:00:58 | 002,439,626 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 109.JPG
[2012/06/03 14:00:58 | 002,406,855 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 119.JPG
[2012/06/03 14:00:58 | 002,391,379 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 170.JPG
[2012/06/03 14:00:58 | 002,313,091 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 127.JPG
[2012/06/03 14:00:58 | 002,296,252 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 177.JPG
[2012/06/03 14:00:58 | 002,295,789 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 167.JPG
[2012/06/03 14:00:58 | 002,278,440 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 122.JPG
[2012/06/03 14:00:58 | 002,258,482 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 146.JPG
[2012/06/03 14:00:58 | 002,248,116 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 124.JPG
[2012/06/03 14:00:58 | 002,228,561 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 107.JPG
[2012/06/03 14:00:58 | 002,211,621 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 171.JPG
[2012/06/03 14:00:58 | 002,195,502 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 161.JPG
[2012/06/03 14:00:58 | 002,183,529 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 190.JPG
[2012/06/03 14:00:58 | 002,168,056 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 140.JPG
[2012/06/03 14:00:58 | 002,153,656 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 197.JPG
[2012/06/03 14:00:58 | 002,143,165 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 184.JPG
[2012/06/03 14:00:58 | 002,130,109 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 160.JPG
[2012/06/03 14:00:58 | 002,127,391 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 159.JPG
[2012/06/03 14:00:58 | 002,108,361 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 154.JPG
[2012/06/03 14:00:58 | 002,072,654 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 139.JPG
[2012/06/03 14:00:58 | 002,058,599 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 156.JPG
[2012/06/03 14:00:58 | 002,054,667 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 149.JPG
[2012/06/03 14:00:58 | 002,052,333 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 136.JPG
[2012/06/03 14:00:58 | 002,026,264 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 169.JPG
[2012/06/03 14:00:58 | 002,016,701 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 164.JPG
[2012/06/03 14:00:58 | 002,015,054 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 117.JPG
[2012/06/03 14:00:58 | 002,013,145 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 135.JPG
[2012/06/03 14:00:58 | 002,002,079 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 129.JPG
[2012/06/03 14:00:58 | 001,994,154 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 185.JPG
[2012/06/03 14:00:58 | 001,982,574 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 110.JPG
[2012/06/03 14:00:58 | 001,969,723 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 096.JPG
[2012/06/03 14:00:58 | 001,967,491 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 194.JPG
[2012/06/03 14:00:58 | 001,931,969 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 162.JPG
[2012/06/03 14:00:58 | 001,930,086 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 145.JPG
[2012/06/03 14:00:58 | 001,923,536 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 137.JPG
[2012/06/03 14:00:58 | 001,923,215 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 165.JPG
[2012/06/03 14:00:58 | 001,920,025 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 191.JPG
[2012/06/03 14:00:58 | 001,917,554 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 180.JPG
[2012/06/03 14:00:58 | 001,914,375 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 131.JPG
[2012/06/03 14:00:58 | 001,902,898 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 141.JPG
[2012/06/03 14:00:58 | 001,895,501 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 157.JPG
[2012/06/03 14:00:58 | 001,894,680 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 132.JPG
[2012/06/03 14:00:58 | 001,893,044 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 134.JPG
[2012/06/03 14:00:58 | 001,885,811 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 189.JPG
[2012/06/03 14:00:58 | 001,830,766 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 125.JPG
[2012/06/03 14:00:58 | 001,787,268 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 144.JPG
[2012/06/03 14:00:58 | 001,775,299 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 130.JPG
[2012/06/03 14:00:58 | 001,774,708 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 147.JPG
[2012/06/03 14:00:58 | 001,756,652 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 192.JPG
[2012/06/03 14:00:58 | 001,713,094 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 097.JPG
[2012/06/03 14:00:58 | 001,701,342 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 111.JPG
[2012/06/03 14:00:58 | 001,691,847 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 195.JPG
[2012/06/03 14:00:58 | 001,679,402 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 186.JPG
[2012/06/03 14:00:58 | 001,666,536 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 155.JPG
[2012/06/03 14:00:58 | 001,640,694 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 199.AVI
[2012/06/03 14:00:58 | 001,579,254 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 120.JPG
[2012/06/03 14:00:58 | 001,503,735 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 166.JPG
[2012/06/03 14:00:58 | 001,478,796 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 126.JPG
[2012/06/03 14:00:58 | 001,477,656 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 172.JPG
[2012/06/03 14:00:58 | 001,458,296 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 176.JPG
[2012/06/03 14:00:58 | 001,450,751 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 174.JPG
[2012/06/03 14:00:58 | 001,448,176 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 182.JPG
[2012/06/03 14:00:58 | 001,395,842 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 200.JPG
[2012/06/03 14:00:58 | 001,375,171 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 201.JPG
[2012/06/03 14:00:58 | 001,325,089 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 121.JPG
[2012/06/03 14:00:58 | 001,239,128 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 187.JPG
[2012/06/03 14:00:58 | 001,206,237 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 179.JPG
[2012/06/03 14:00:58 | 001,108,234 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 181.JPG
[2012/06/03 14:00:57 | 002,255,760 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 222.JPG
[2012/06/03 14:00:57 | 001,933,379 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 220.JPG
[2012/06/03 14:00:57 | 001,895,314 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 214.JPG
[2012/06/03 14:00:57 | 001,835,105 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 219.JPG
[2012/06/03 14:00:57 | 001,772,295 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 221.JPG
[2012/06/03 14:00:57 | 001,737,915 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 210.JPG
[2012/06/03 14:00:57 | 001,726,648 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 212.JPG
[2012/06/03 14:00:57 | 001,704,068 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 207.JPG
[2012/06/03 14:00:57 | 001,697,469 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 204.JPG
[2012/06/03 14:00:57 | 001,638,283 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 202.JPG
[2012/06/03 14:00:57 | 001,622,772 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 225.JPG
[2012/06/03 14:00:57 | 001,582,293 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 206.JPG
[2012/06/03 14:00:57 | 001,525,341 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 232.JPG
[2012/06/03 14:00:57 | 001,512,969 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 211.JPG
[2012/06/03 14:00:57 | 001,512,717 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 227.JPG
[2012/06/03 14:00:57 | 001,509,276 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 205.JPG
[2012/06/03 14:00:57 | 001,457,417 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 209.JPG
[2012/06/03 14:00:57 | 001,421,258 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 215.JPG
[2012/06/03 14:00:57 | 001,413,398 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 216.JPG
[2012/06/03 14:00:57 | 001,404,604 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 217.JPG
[2012/06/03 14:00:57 | 001,385,163 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 226.JPG
[2012/06/03 14:00:57 | 001,113,755 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 224.JPG
[2012/06/03 14:00:57 | 001,031,258 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 231.JPG
[2012/06/03 14:00:57 | 000,976,254 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 230.JPG
[2012/06/03 14:00:57 | 000,948,988 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 229.JPG
[2012/06/03 14:00:55 | 041,460,978 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 234.AVI
[2012/06/03 14:00:55 | 002,145,194 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 236.JPG
[2012/06/03 14:00:55 | 002,057,215 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 245.JPG
[2012/06/03 14:00:55 | 002,048,425 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 244.JPG
[2012/06/03 14:00:55 | 002,047,530 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 250.JPG
[2012/06/03 14:00:55 | 002,041,788 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 246.JPG
[2012/06/03 14:00:55 | 001,990,134 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 247.JPG
[2012/06/03 14:00:55 | 001,971,810 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 249.JPG
[2012/06/03 14:00:55 | 001,762,614 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 242.JPG
[2012/06/03 14:00:55 | 001,726,701 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 237.JPG
[2012/06/03 14:00:55 | 001,696,682 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 241.JPG
[2012/06/03 14:00:55 | 001,681,685 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 239.JPG
[2012/06/03 14:00:55 | 001,599,819 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 251.JPG
[2012/06/03 14:00:55 | 001,592,007 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 252.JPG
[2012/06/03 14:00:55 | 001,521,398 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 240.JPG
[2012/06/03 14:00:55 | 001,375,656 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 235.JPG
[2012/06/03 14:00:54 | 010,419,486 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 254.AVI
[2012/06/03 14:00:54 | 002,821,928 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 294.JPG
[2012/06/03 14:00:54 | 002,174,484 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 266.JPG
[2012/06/03 14:00:54 | 002,121,011 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 297.JPG
[2012/06/03 14:00:54 | 002,114,146 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 281.JPG
[2012/06/03 14:00:54 | 001,998,318 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 274.JPG
[2012/06/03 14:00:54 | 001,963,372 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 264.JPG
[2012/06/03 14:00:54 | 001,910,587 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 275.JPG
[2012/06/03 14:00:54 | 001,901,196 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 259.JPG
[2012/06/03 14:00:54 | 001,879,935 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 262.JPG
[2012/06/03 14:00:54 | 001,867,839 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 261.JPG
[2012/06/03 14:00:54 | 001,860,767 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 314.JPG
[2012/06/03 14:00:54 | 001,797,823 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 282.JPG
[2012/06/03 14:00:54 | 001,788,304 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 295.JPG
[2012/06/03 14:00:54 | 001,771,610 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 280.JPG
[2012/06/03 14:00:54 | 001,753,577 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 276.JPG
[2012/06/03 14:00:54 | 001,720,444 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 277.JPG
[2012/06/03 14:00:54 | 001,695,051 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 269.JPG
[2012/06/03 14:00:54 | 001,689,456 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 271.JPG
[2012/06/03 14:00:54 | 001,663,845 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 260.JPG
[2012/06/03 14:00:54 | 001,606,927 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 299.JPG
[2012/06/03 14:00:54 | 001,600,881 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 267.JPG
[2012/06/03 14:00:54 | 001,597,905 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 257.JPG
[2012/06/03 14:00:54 | 001,593,863 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 270.JPG
[2012/06/03 14:00:54 | 001,573,688 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 272.JPG
[2012/06/03 14:00:54 | 001,568,024 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 279.JPG
[2012/06/03 14:00:54 | 001,560,817 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 255.JPG
[2012/06/03 14:00:54 | 001,560,708 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 256.JPG
[2012/06/03 14:00:54 | 001,507,109 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 286.JPG
[2012/06/03 14:00:54 | 001,476,333 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 291.JPG
[2012/06/03 14:00:54 | 001,458,703 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 296.JPG
[2012/06/03 14:00:54 | 001,456,134 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 290.JPG
[2012/06/03 14:00:54 | 001,454,091 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 287.JPG
[2012/06/03 14:00:54 | 001,452,133 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 289.JPG
[2012/06/03 14:00:54 | 001,451,544 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 265.JPG
[2012/06/03 14:00:54 | 001,427,677 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 292.JPG
[2012/06/03 14:00:54 | 001,409,192 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 284.JPG
[2012/06/03 14:00:54 | 001,393,672 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 311.JPG
[2012/06/03 14:00:54 | 001,390,136 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 301.JPG
[2012/06/03 14:00:54 | 001,377,984 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 285.JPG
[2012/06/03 14:00:54 | 001,339,812 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 302.JPG
[2012/06/03 14:00:54 | 001,304,458 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 312.JPG
[2012/06/03 14:00:54 | 001,293,825 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 304.JPG
[2012/06/03 14:00:54 | 001,262,512 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 309.JPG
[2012/06/03 14:00:54 | 001,209,426 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 305.JPG
[2012/06/03 14:00:54 | 001,190,354 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 310.JPG
[2012/06/03 14:00:54 | 001,182,327 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 300.JPG
[2012/06/03 14:00:54 | 001,164,714 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 307.JPG
[2012/06/03 14:00:54 | 001,105,282 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 306.JPG
[2012/06/03 14:00:53 | 003,659,612 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 365.AVI
[2012/06/03 14:00:53 | 002,010,065 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 319.JPG
[2012/06/03 14:00:53 | 001,886,054 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 317.JPG
[2012/06/03 14:00:53 | 001,650,287 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 335.JPG
[2012/06/03 14:00:53 | 001,638,020 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 412.JPG
[2012/06/03 14:00:53 | 001,590,129 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 315.JPG
[2012/06/03 14:00:53 | 001,523,281 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 344.JPG
[2012/06/03 14:00:53 | 001,493,696 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 330.JPG
[2012/06/03 14:00:53 | 001,461,700 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 331.JPG
[2012/06/03 14:00:53 | 001,406,584 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 334.JPG
[2012/06/03 14:00:53 | 001,395,947 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 316.JPG
[2012/06/03 14:00:53 | 001,393,888 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 390.JPG
[2012/06/03 14:00:53 | 001,390,765 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 322.JPG
[2012/06/03 14:00:53 | 001,383,926 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 387.JPG
[2012/06/03 14:00:53 | 001,379,144 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 332.JPG
[2012/06/03 14:00:53 | 001,374,255 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 384.JPG
[2012/06/03 14:00:53 | 001,367,400 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 336.JPG
[2012/06/03 14:00:53 | 001,349,887 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 380.JPG
[2012/06/03 14:00:53 | 001,330,074 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 389.JPG
[2012/06/03 14:00:53 | 001,329,608 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 385.JPG
[2012/06/03 14:00:53 | 001,328,101 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 391.JPG
[2012/06/03 14:00:53 | 001,323,896 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 407.JPG
[2012/06/03 14:00:53 | 001,306,969 | ---- | C] () --
 
C:\Users\McKamely\Documents\Disney 2012 394.JPG
[2012/06/03 14:00:53 | 001,280,462 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 347.JPG
[2012/06/03 14:00:53 | 001,272,864 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 375.JPG
[2012/06/03 14:00:53 | 001,268,618 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 379.JPG
[2012/06/03 14:00:53 | 001,264,170 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 404.JPG
[2012/06/03 14:00:53 | 001,253,628 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 376.JPG
[2012/06/03 14:00:53 | 001,252,918 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 377.JPG
[2012/06/03 14:00:53 | 001,251,587 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 399.JPG
[2012/06/03 14:00:53 | 001,245,724 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 410.JPG
[2012/06/03 14:00:53 | 001,242,217 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 382.JPG
[2012/06/03 14:00:53 | 001,220,123 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 405.JPG
[2012/06/03 14:00:53 | 001,206,014 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 392.JPG
[2012/06/03 14:00:53 | 001,203,569 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 381.JPG
[2012/06/03 14:00:53 | 001,202,065 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 396.JPG
[2012/06/03 14:00:53 | 001,201,553 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 415.JPG
[2012/06/03 14:00:53 | 001,182,305 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 401.JPG
[2012/06/03 14:00:53 | 001,180,453 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 342.JPG
[2012/06/03 14:00:53 | 001,174,816 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 406.JPG
[2012/06/03 14:00:53 | 001,153,194 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 400.JPG
[2012/06/03 14:00:53 | 001,151,970 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 411.JPG
[2012/06/03 14:00:53 | 001,146,899 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 326.JPG
[2012/06/03 14:00:53 | 001,137,876 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 345.JPG
[2012/06/03 14:00:53 | 001,136,845 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 402.JPG
[2012/06/03 14:00:53 | 001,119,950 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 409.JPG
[2012/06/03 14:00:53 | 001,116,520 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 339.JPG
[2012/06/03 14:00:53 | 001,111,419 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 397.JPG
[2012/06/03 14:00:53 | 001,098,307 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 337.JPG
[2012/06/03 14:00:53 | 001,088,285 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 386.JPG
[2012/06/03 14:00:53 | 001,068,029 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 369.JPG
[2012/06/03 14:00:53 | 001,055,422 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 346.JPG
[2012/06/03 14:00:53 | 001,053,897 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 325.JPG
[2012/06/03 14:00:53 | 001,045,297 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 349.JPG
[2012/06/03 14:00:53 | 001,018,935 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 351.JPG
[2012/06/03 14:00:53 | 001,006,897 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 341.JPG
[2012/06/03 14:00:53 | 001,005,244 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 321.JPG
[2012/06/03 14:00:53 | 001,002,633 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 362.JPG
[2012/06/03 14:00:53 | 000,973,245 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 370.JPG
[2012/06/03 14:00:53 | 000,968,149 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 320.JPG
[2012/06/03 14:00:53 | 000,965,142 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 327.JPG
[2012/06/03 14:00:53 | 000,961,398 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 329.JPG
[2012/06/03 14:00:53 | 000,961,019 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 366.JPG
[2012/06/03 14:00:53 | 000,957,387 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 374.JPG
[2012/06/03 14:00:53 | 000,949,612 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 340.JPG
[2012/06/03 14:00:53 | 000,941,113 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 357.JPG
[2012/06/03 14:00:53 | 000,932,764 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 367.JPG
[2012/06/03 14:00:53 | 000,928,389 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 350.JPG
[2012/06/03 14:00:53 | 000,915,937 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 356.JPG
[2012/06/03 14:00:53 | 000,911,456 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 355.JPG
[2012/06/03 14:00:53 | 000,909,045 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 364.JPG
[2012/06/03 14:00:53 | 000,900,039 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 371.JPG
[2012/06/03 14:00:53 | 000,890,814 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 372.JPG
[2012/06/03 14:00:53 | 000,880,056 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 359.JPG
[2012/06/03 14:00:53 | 000,878,613 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 324.JPG
[2012/06/03 14:00:53 | 000,860,116 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 352.JPG
[2012/06/03 14:00:53 | 000,838,998 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 395.JPG
[2012/06/03 14:00:53 | 000,797,149 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 361.JPG
[2012/06/03 14:00:53 | 000,795,674 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 414.JPG
[2012/06/03 14:00:53 | 000,792,780 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 354.JPG
[2012/06/03 14:00:53 | 000,724,786 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 360.JPG
[2012/06/03 14:00:52 | 001,714,419 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 416.JPG
[2012/06/03 14:00:52 | 001,714,110 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 419.JPG
[2012/06/03 14:00:52 | 001,599,281 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 421.JPG
[2012/06/03 14:00:52 | 001,343,484 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 424.JPG
[2012/06/03 14:00:52 | 001,341,122 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 425.JPG
[2012/06/03 14:00:52 | 001,305,356 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 426.JPG
[2012/06/03 14:00:52 | 001,300,649 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 417.JPG
[2012/06/03 14:00:52 | 001,201,297 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 420.JPG
[2012/06/03 14:00:52 | 000,671,223 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 422.JPG
[2012/06/03 14:00:51 | 001,761,011 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 444.JPG
[2012/06/03 14:00:51 | 001,724,655 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 454.JPG
[2012/06/03 14:00:51 | 001,705,543 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 447.JPG
[2012/06/03 14:00:51 | 001,701,153 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 450.JPG
[2012/06/03 14:00:51 | 001,692,151 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 437.JPG
[2012/06/03 14:00:51 | 001,652,215 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 442.JPG
[2012/06/03 14:00:51 | 001,645,292 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 446.JPG
[2012/06/03 14:00:51 | 001,632,707 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 452.JPG
[2012/06/03 14:00:51 | 001,626,096 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 430.JPG
[2012/06/03 14:00:51 | 001,607,503 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 484.JPG
[2012/06/03 14:00:51 | 001,558,882 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 449.JPG
[2012/06/03 14:00:51 | 001,542,110 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 434.JPG
[2012/06/03 14:00:51 | 001,501,349 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 455.JPG
[2012/06/03 14:00:51 | 001,492,004 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 441.JPG
[2012/06/03 14:00:51 | 001,484,002 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 432.JPG
[2012/06/03 14:00:51 | 001,480,383 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 435.JPG
[2012/06/03 14:00:51 | 001,458,898 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 436.JPG
[2012/06/03 14:00:51 | 001,448,755 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 440.JPG
[2012/06/03 14:00:51 | 001,356,161 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 487.JPG
[2012/06/03 14:00:51 | 001,343,594 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 439.JPG
[2012/06/03 14:00:51 | 001,343,344 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 431.JPG
[2012/06/03 14:00:51 | 001,331,320 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 451.JPG
[2012/06/03 14:00:51 | 001,311,438 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 476.JPG
[2012/06/03 14:00:51 | 001,276,081 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 429.JPG
[2012/06/03 14:00:51 | 001,273,553 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 477.JPG
[2012/06/03 14:00:51 | 001,247,845 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 469.JPG
[2012/06/03 14:00:51 | 001,227,252 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 465.JPG
[2012/06/03 14:00:51 | 001,197,173 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 475.JPG
[2012/06/03 14:00:51 | 001,194,452 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 486.JPG
[2012/06/03 14:00:51 | 001,184,042 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 474.JPG
[2012/06/03 14:00:51 | 001,180,142 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 467.JPG
[2012/06/03 14:00:51 | 001,161,843 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 461.JPG
[2012/06/03 14:00:51 | 001,153,245 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 472.JPG
[2012/06/03 14:00:51 | 001,150,729 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 489.JPG
[2012/06/03 14:00:51 | 001,131,329 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 495.JPG
[2012/06/03 14:00:51 | 001,129,823 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 445.JPG
[2012/06/03 14:00:51 | 001,123,380 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 456.JPG
[2012/06/03 14:00:51 | 001,119,915 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 464.JPG
[2012/06/03 14:00:51 | 001,083,529 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 496.JPG
[2012/06/03 14:00:51 | 001,075,323 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 497.JPG
[2012/06/03 14:00:51 | 001,070,728 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 462.JPG
[2012/06/03 14:00:51 | 001,070,265 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 481.JPG
[2012/06/03 14:00:51 | 001,055,659 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 499.JPG
[2012/06/03 14:00:51 | 001,054,372 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 480.JPG
[2012/06/03 14:00:51 | 001,048,413 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 460.JPG
[2012/06/03 14:00:51 | 001,034,477 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 466.JPG
[2012/06/03 14:00:51 | 001,024,969 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 427.JPG
[2012/06/03 14:00:51 | 001,023,903 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 479.JPG
[2012/06/03 14:00:51 | 001,011,359 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 485.JPG
[2012/06/03 14:00:51 | 000,982,687 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 482.JPG
[2012/06/03 14:00:51 | 000,972,174 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 459.JPG
[2012/06/03 14:00:51 | 000,942,858 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 457.JPG
[2012/06/03 14:00:51 | 000,855,741 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 471.JPG
[2012/06/03 14:00:51 | 000,784,647 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 470.JPG
[2012/06/03 14:00:51 | 000,756,483 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 492.JPG
[2012/06/03 14:00:51 | 000,738,467 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 490.JPG
[2012/06/03 14:00:51 | 000,699,532 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 491.JPG
[2012/06/03 14:00:51 | 000,675,623 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 494.JPG
[2012/06/03 14:00:50 | 001,405,871 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 511.JPG
[2012/06/03 14:00:50 | 001,397,705 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 520.JPG
[2012/06/03 14:00:50 | 001,343,185 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 530.JPG
[2012/06/03 14:00:50 | 001,327,942 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 526.JPG
[2012/06/03 14:00:50 | 001,292,628 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 531.JPG
[2012/06/03 14:00:50 | 001,262,690 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 524.JPG
[2012/06/03 14:00:50 | 001,254,877 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 505.JPG
[2012/06/03 14:00:50 | 001,209,429 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 529.JPG
[2012/06/03 14:00:50 | 001,189,383 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 515.JPG
[2012/06/03 14:00:50 | 001,160,361 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 519.JPG
[2012/06/03 14:00:50 | 001,134,712 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 514.JPG
[2012/06/03 14:00:50 | 001,132,028 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 527.JPG
[2012/06/03 14:00:50 | 001,101,208 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 510.JPG
[2012/06/03 14:00:50 | 001,070,780 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 512.JPG
[2012/06/03 14:00:50 | 001,062,870 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 522.JPG
[2012/06/03 14:00:50 | 001,055,524 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 521.JPG
[2012/06/03 14:00:50 | 001,038,435 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 525.JPG
[2012/06/03 14:00:50 | 001,022,243 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 502.JPG
[2012/06/03 14:00:50 | 000,996,360 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 509.JPG
[2012/06/03 14:00:50 | 000,990,933 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 516.JPG
[2012/06/03 14:00:50 | 000,976,834 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 506.JPG
[2012/06/03 14:00:50 | 000,963,442 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 517.JPG
[2012/06/03 14:00:50 | 000,945,598 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 507.JPG
[2012/06/03 14:00:50 | 000,944,221 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 504.JPG
[2012/06/03 14:00:50 | 000,909,221 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 500.JPG
[2012/06/03 14:00:50 | 000,840,140 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 501.JPG
[2012/06/03 14:00:49 | 002,340,783 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 001.JPG
[2012/06/03 14:00:49 | 002,237,155 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 546.JPG
[2012/06/03 14:00:49 | 002,210,851 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 581.JPG
[2012/06/03 14:00:49 | 001,728,956 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 547.JPG
[2012/06/03 14:00:49 | 001,653,716 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 579.JPG
[2012/06/03 14:00:49 | 001,595,611 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 549.JPG
[2012/06/03 14:00:49 | 001,527,277 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 542.JPG
[2012/06/03 14:00:49 | 001,508,423 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 580.JPG
[2012/06/03 14:00:49 | 001,375,331 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 565.JPG
[2012/06/03 14:00:49 | 001,290,100 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 544.JPG
[2012/06/03 14:00:49 | 001,277,225 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 566.JPG
[2012/06/03 14:00:49 | 001,264,461 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 564.JPG
[2012/06/03 14:00:49 | 001,247,771 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 536.JPG
[2012/06/03 14:00:49 | 001,184,432 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 557.JPG
[2012/06/03 14:00:49 | 001,173,333 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 537.JPG
[2012/06/03 14:00:49 | 001,169,584 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 567.JPG
[2012/06/03 14:00:49 | 001,166,781 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 534.JPG
[2012/06/03 14:00:49 | 001,159,684 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 541.JPG
[2012/06/03 14:00:49 | 001,149,706 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 556.JPG
[2012/06/03 14:00:49 | 001,146,384 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 577.JPG
[2012/06/03 14:00:49 | 001,144,835 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 550.JPG
[2012/06/03 14:00:49 | 001,135,247 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 535.JPG
[2012/06/03 14:00:49 | 001,126,747 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 570.JPG
[2012/06/03 14:00:49 | 001,123,997 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 540.JPG
[2012/06/03 14:00:49 | 001,107,882 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 575.JPG
[2012/06/03 14:00:49 | 001,088,178 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 551.JPG
[2012/06/03 14:00:49 | 001,080,459 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 545.JPG
[2012/06/03 14:00:49 | 001,065,592 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 562.JPG
[2012/06/03 14:00:49 | 001,048,217 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 539.JPG
[2012/06/03 14:00:49 | 001,031,934 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 571.JPG
[2012/06/03 14:00:49 | 001,027,742 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 552.JPG
[2012/06/03 14:00:49 | 000,990,874 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 574.JPG
[2012/06/03 14:00:49 | 000,988,081 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 576.JPG
[2012/06/03 14:00:49 | 000,985,816 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 569.JPG
[2012/06/03 14:00:49 | 000,984,136 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 560.JPG
[2012/06/03 14:00:49 | 000,956,432 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 572.JPG
[2012/06/03 14:00:49 | 000,946,499 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 532.JPG
[2012/06/03 14:00:49 | 000,945,272 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 561.JPG
[2012/06/03 14:00:49 | 000,939,379 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 554.JPG
[2012/06/03 14:00:49 | 000,921,726 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 559.JPG
[2012/06/03 14:00:49 | 000,899,188 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 582.JPG
[2012/06/03 14:00:49 | 000,809,093 | ---- | C] () -- C:\Users\McKamely\Documents\Disney 2012 555.JPG
[2012/05/16 12:35:46 | 000,001,945 | ---- | C] () -- C:\windows\epplauncher.mif
[2012/05/16 12:35:35 | 000,743,534 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012/05/08 12:51:52 | 000,139,813 | ---- | C] () -- C:\Users\McKamely\Documents\image.jpg
[2012/05/03 09:48:26 | 000,015,187 | ---- | C] () -- C:\Users\McKamely\Documents\Bank of America1.docx
[2012/05/03 08:56:33 | 000,015,679 | ---- | C] () -- C:\Users\McKamely\Documents\Bank of America.docx
[2012/05/03 08:54:40 | 000,012,686 | ---- | C] () -- C:\Users\McKamely\Documents\Doc2.docx
[2012/05/01 12:25:47 | 000,058,307 | ---- | C] () -- C:\Users\McKamely\Documents\pegassus_dressup.jpg
[2012/04/25 16:15:48 | 000,160,038 | ---- | C] () -- C:\Users\McKamely\Documents\AustinPoster.jpg
[2012/04/23 12:23:55 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_Kernel_silabser_01009.Wdf
[2012/04/16 17:42:55 | 000,223,375 | ---- | C] () -- C:\Users\McKamely\Documents\Tor al.pptx
[2012/04/14 12:11:18 | 000,001,142 | ---- | C] () -- C:\Users\McKamely\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2012/04/14 12:07:05 | 000,074,640 | ---- | C] () -- C:\Users\McKamely\Documents\Presentation1.pptx
[2012/03/29 19:32:50 | 000,023,212 | ---- | C] () -- C:\Users\McKamely\Documents\FIFTH GRADE CONTRACT.docx
[2012/03/26 19:34:51 | 000,016,709 | ---- | C] () -- C:\Users\McKamely\Documents\Alex fav hair.docx
[2012/03/22 16:33:52 | 001,715,129 | ---- | C] () -- C:\Users\McKamely\Documents\Type the document title.docx
[2011/06/27 12:48:58 | 000,056,832 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll
[2011/06/27 12:28:08 | 013,899,776 | ---- | C] () -- C:\windows\SysWow64\ig4icd32.dll
[2011/02/03 22:56:58 | 000,066,856 | ---- | C] () -- C:\windows\SysWow64\SynTPEnhPS.dll
[2010/11/09 15:09:58 | 000,028,672 | ---- | C] () -- C:\windows\SysWow64\SPCtl.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2012/01/03 10:01:40 | 000,000,000 | ---D | M] -- C:\Users\McKamely\AppData\Roaming\GARMIN
[2012/01/02 17:39:59 | 000,000,000 | ---D | M] -- C:\Users\McKamely\AppData\Roaming\Origin
[2012/01/02 15:56:31 | 000,000,000 | ---D | M] -- C:\Users\McKamely\AppData\Roaming\Temp
[2012/01/02 17:07:19 | 000,000,000 | ---D | M] -- C:\Users\McKamely\AppData\Roaming\Toshiba
[2012/01/02 15:31:29 | 000,000,000 | ---D | M] -- C:\Users\McKamely\AppData\Roaming\WinBatch
[2012/06/12 17:21:00 | 000,032,616 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%*.* >
[2010/11/20 22:23:51 | 000,383,786 | RHS- | M] () -- C:\bootmgr
[2011/07/27 18:07:17 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2012/06/13 08:13:33 | 000,020,391 | ---- | M] () -- C:\ComboFix.txt
[2012/06/13 12:38:25 | 463,486,975 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/13 12:38:29 | 2049,642,495 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%Fonts*.com >

< %systemroot%Fonts*.dll >

< %systemroot%Fonts*.ini >

< %systemroot%Fonts*.ini2 >

< %systemroot%Fonts*.exe >

< %systemroot%system32spoolprtprocsw32x86*.* >

< %systemroot%REPAIR*.bak1 >

< %systemroot%REPAIR*.ini >

< %systemroot%system32*.jpg >

< %systemroot%*.jpg >

< %systemroot%*.png >

< %systemroot%*.scr >
[2011/05/13 17:42:24 | 000,302,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

< %systemroot%*._sy >

< %APPDATA%AdobeUpdate*.* >

< %ALLUSERSPROFILE%Favorites*.* >

< %APPDATA%Microsoft*.* >

< %PROGRAMFILES%*.* >
[2009/07/13 23:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%Update*.* >

< %systemroot%*. /mp /s >

< %systemroot%System32config*.sav >

< %PROGRAMFILES%ak. /s >

< %systemroot%system32ak. /s >

< %ALLUSERSPROFILE%Start Menu*.lnk /x >
[2012/03/09 08:55:19 | 000,000,614 | ---- | M] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

< %systemroot%system32configsystemprofile*.dat /x >
[2011/07/27 02:19:34 | 000,000,020 | ---- | M] () -- C:\Windows\(öè
[2010/11/20 22:24:22 | 000,071,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\bfsvc.exe
[2006/11/03 11:54:38 | 002,359,350 | ---- | M] () -- C:\Windows\Bluestream.bmp
[2012/06/13 12:38:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/07/27 02:42:15 | 000,000,010 | ---- | M] () -- C:\Windows\csup.txt
[2011/11/21 16:39:12 | 000,203,518 | ---- | M] () -- C:\Windows\DirectX.log
[2011/11/21 16:18:14 | 000,019,466 | ---- | M] () -- C:\Windows\DPINST.LOG
[2011/11/21 16:52:35 | 000,004,059 | ---- | M] () -- C:\Windows\DtcInstall.log
[2012/06/12 13:17:51 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2009/07/13 20:39:10 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\fveupdate.exe
[2000/08/30 19:00:00 | 000,080,412 | ---- | M] () -- C:\Windows\grep.exe
[2009/07/13 20:39:12 | 000,733,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\HelpPane.exe
[2009/07/13 20:39:12 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\hh.exe
[2009/06/10 15:30:55 | 000,048,265 | ---- | M] () -- C:\Windows\HomePremium.xml
[2011/11/21 16:25:36 | 000,012,878 | ---- | M] () -- C:\Windows\IE9_main.log
[2012/01/31 20:10:07 | 000,001,060 | ---- | M] () -- C:\Windows\KB893803v2.log
[2010/11/07 12:20:24 | 000,208,896 | ---- | M] () -- C:\Windows\MBR.exe
[2009/07/13 18:06:54 | 000,043,131 | ---- | M] () -- C:\Windows\mib.bin
[2009/06/10 15:36:48 | 000,001,405 | ---- | M] () -- C:\Windows\msdfmap.ini
[2009/04/19 23:56:28 | 000,060,416 | ---- | M] (NirSoft) -- C:\Windows\NIRCMD.exe
[2009/07/13 20:39:25 | 000,193,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\notepad.exe
[2012/06/12 21:12:57 | 001,136,260 | ---- | M] () -- C:\Windows\ntbtlog.txt
[2011/06/26 01:45:56 | 000,256,000 | ---- | M] () -- C:\Windows\PEV.exe
[2012/06/13 12:38:24 | 000,105,636 | ---- | M] () -- C:\Windows\PFRO.log
[2009/07/13 20:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\regedit.exe
[2011/02/09 18:56:00 | 001,284,712 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll
[2000/08/30 19:00:00 | 000,098,816 | ---- | M] () -- C:\Windows\sed.exe
[2012/06/13 12:38:30 | 000,048,389 | ---- | M] () -- C:\Windows\setupact.log
[2009/07/13 23:51:00 | 000,000,000 | ---- | M] () -- C:\Windows\setuperr.log
[2010/11/20 22:24:16 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\splwow64.exe
[2009/06/10 15:31:02 | 000,048,201 | ---- | M] () -- C:\Windows\Starter.xml
[2000/08/30 19:00:00 | 000,518,144 | ---- | M] (SteelWerX) -- C:\Windows\SWREG.exe
[2000/08/30 19:00:00 | 000,406,528 | ---- | M] (SteelWerX) -- C:\Windows\SWSC.exe
[2000/08/30 19:00:00 | 000,212,480 | ---- | M] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2012/06/13 08:08:11 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2011/11/21 15:54:08 | 000,003,652 | ---- | M] () -- C:\Windows\TSSysprep.log
[2009/06/10 16:41:17 | 000,094,784 | ---- | M] (Twain Working Group) -- C:\Windows\twain.dll
[2010/11/20 22:25:10 | 000,051,200 | ---- | M] (Twain Working Group) -- C:\Windows\twain_32.dll
[2009/06/10 16:41:17 | 000,049,680 | ---- | M] (Twain Working Group) -- C:\Windows\twunk_16.exe
[2009/07/13 20:14:42 | 000,031,232 | ---- | M] (Twain Working Group) -- C:\Windows\twunk_32.exe
[2012/04/13 07:29:55 | 000,000,478 | ---- | M] () -- C:\Windows\win.ini
[2009/07/13 23:54:24 | 000,000,749 | RH-- | M] () -- C:\Windows\WindowsShell.Manifest
[2012/06/13 12:42:42 | 001,502,179 | ---- | M] () -- C:\Windows\WindowsUpdate.log
[2009/07/13 20:14:45 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\winhlp32.exe
[2011/05/13 17:42:24 | 000,302,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
[2009/06/10 15:52:44 | 000,316,640 | ---- | M] () -- C:\Windows\WMSysPr9.prx
[2009/07/13 20:39:57 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\write.exe
[2000/08/30 19:00:00 | 000,068,096 | ---- | M] () -- C:\Windows\zip.exe
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
< %systemroot%*.config >

< %systemroot%system32*.db >

< %APPDATA%MicrosoftInternet ExplorerQuick Launch*.lnk /x >

< %USERPROFILE%Desktop*.exe >

< %PROGRAMFILES%Common Files*.* >

< %systemroot%*.src >

< %systemroot%install*.* >
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

< %systemroot%system32DLL*.* >

< %systemroot%system32HelpFiles*.* >

< %systemroot% asks*.* >

< %systemroot%system32 undll*.* >

< %systemroot%winn32*.* >

< %systemroot%Java*.* >

< %systemroot%system32 est*.* >

< %systemroot%system32Rundll32*.* >

< %systemroot%AppPatchCustom*.* >

< %APPDATA%RoamingMicrosoftWindowsRecent*.lnk /x >

< %PROGRAMFILES%PC-DoctorDownloads*.* >

< %PROGRAMFILES%Internet Explorer*.tmp >

< %PROGRAMFILES%Internet Explorer*.dat >

< %USERPROFILE%My Documents*.exe >

< %USERPROFILE%*.exe >

< %systemroot%ADDINS*.* >
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

< %systemroot%assembly*.bak2 >

< %systemroot%Config*.* >

< %systemroot%REPAIR*.bak2 >

< %systemroot%SECURITYDatabase*.sdb /x >
[2011/07/27 02:19:34 | 000,000,020 | ---- | M] () -- C:\Windows\(öè
[2010/11/20 22:24:22 | 000,071,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\bfsvc.exe
[2006/11/03 11:54:38 | 002,359,350 | ---- | M] () -- C:\Windows\Bluestream.bmp
[2012/06/13 12:38:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/07/27 02:42:15 | 000,000,010 | ---- | M] () -- C:\Windows\csup.txt
[2011/11/21 16:39:12 | 000,203,518 | ---- | M] () -- C:\Windows\DirectX.log
[2011/11/21 16:18:14 | 000,019,466 | ---- | M] () -- C:\Windows\DPINST.LOG
[2011/11/21 16:52:35 | 000,004,059 | ---- | M] () -- C:\Windows\DtcInstall.log
[2012/06/12 13:17:51 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2009/07/13 20:39:10 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\fveupdate.exe
[2000/08/30 19:00:00 | 000,080,412 | ---- | M] () -- C:\Windows\grep.exe
[2009/07/13 20:39:12 | 000,733,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\HelpPane.exe
[2009/07/13 20:39:12 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\hh.exe
[2009/06/10 15:30:55 | 000,048,265 | ---- | M] () -- C:\Windows\HomePremium.xml
[2011/11/21 16:25:36 | 000,012,878 | ---- | M] () -- C:\Windows\IE9_main.log
[2012/01/31 20:10:07 | 000,001,060 | ---- | M] () -- C:\Windows\KB893803v2.log
[2010/11/07 12:20:24 | 000,208,896 | ---- | M] () -- C:\Windows\MBR.exe
[2009/07/13 18:06:54 | 000,043,131 | ---- | M] () -- C:\Windows\mib.bin
[2009/06/10 15:36:48 | 000,001,405 | ---- | M] () -- C:\Windows\msdfmap.ini
[2009/04/19 23:56:28 | 000,060,416 | ---- | M] (NirSoft) -- C:\Windows\NIRCMD.exe
[2009/07/13 20:39:25 | 000,193,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\notepad.exe
[2012/06/12 21:12:57 | 001,136,260 | ---- | M] () -- C:\Windows\ntbtlog.txt
[2011/06/26 01:45:56 | 000,256,000 | ---- | M] () -- C:\Windows\PEV.exe
[2012/06/13 12:38:24 | 000,105,636 | ---- | M] () -- C:\Windows\PFRO.log
[2009/07/13 20:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\regedit.exe
[2011/02/09 18:56:00 | 001,284,712 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll
[2000/08/30 19:00:00 | 000,098,816 | ---- | M] () -- C:\Windows\sed.exe
[2012/06/13 12:38:30 | 000,048,389 | ---- | M] () -- C:\Windows\setupact.log
[2009/07/13 23:51:00 | 000,000,000 | ---- | M] () -- C:\Windows\setuperr.log
[2010/11/20 22:24:16 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\splwow64.exe
[2009/06/10 15:31:02 | 000,048,201 | ---- | M] () -- C:\Windows\Starter.xml
[2000/08/30 19:00:00 | 000,518,144 | ---- | M] (SteelWerX) -- C:\Windows\SWREG.exe
[2000/08/30 19:00:00 | 000,406,528 | ---- | M] (SteelWerX) -- C:\Windows\SWSC.exe
[2000/08/30 19:00:00 | 000,212,480 | ---- | M] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2012/06/13 08:08:11 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2011/11/21 15:54:08 | 000,003,652 | ---- | M] () -- C:\Windows\TSSysprep.log
[2009/06/10 16:41:17 | 000,094,784 | ---- | M] (Twain Working Group) -- C:\Windows\twain.dll
[2010/11/20 22:25:10 | 000,051,200 | ---- | M] (Twain Working Group) -- C:\Windows\twain_32.dll
[2009/06/10 16:41:17 | 000,049,680 | ---- | M] (Twain Working Group) -- C:\Windows\twunk_16.exe
[2009/07/13 20:14:42 | 000,031,232 | ---- | M] (Twain Working Group) -- C:\Windows\twunk_32.exe
[2012/04/13 07:29:55 | 000,000,478 | ---- | M] () -- C:\Windows\win.ini
[2009/07/13 23:54:24 | 000,000,749 | RH-- | M] () -- C:\Windows\WindowsShell.Manifest
[2012/06/13 12:42:42 | 001,502,179 | ---- | M] () -- C:\Windows\WindowsUpdate.log
[2009/07/13 20:14:45 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\winhlp32.exe
[2011/05/13 17:42:24 | 000,302,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
[2009/06/10 15:52:44 | 000,316,640 | ---- | M] () -- C:\Windows\WMSysPr9.prx
[2009/07/13 20:39:57 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\write.exe
[2000/08/30 19:00:00 | 000,068,096 | ---- | M] () -- C:\Windows\zip.exe
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

< %systemroot%SYSTEM*.bak2 >

< %systemroot%Web*.bak2 >

< %systemroot%Driver Cache*.* >

< %PROGRAMFILES%Mozilla Firefox*.exe >

< %ProgramFiles%Microsoft Common*.* >

< %ProgramFiles%TinyProxy. >

< %USERPROFILE%Favorites*.url /x >
[2012/06/13 12:51:45 | 003,670,016 | -HS- | M] () -- C:\Users\McKamely\NTUSER.DAT
[2012/06/13 12:51:45 | 000,262,144 | -HS- | M] () -- C:\Users\McKamely\ntuser.dat.LOG1
[2012/01/02 15:30:56 | 000,000,000 | -HS- | M] () -- C:\Users\McKamely\ntuser.dat.LOG2
[2012/01/02 17:10:27 | 000,065,536 | -HS- | M] () -- C:\Users\McKamely\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2012/01/02 17:10:27 | 000,524,288 | -HS- | M] () -- C:\Users\McKamely\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2012/01/02 17:10:27 | 000,524,288 | -HS- | M] () -- C:\Users\McKamely\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2012/01/02 15:30:57 | 000,000,020 | -HS- | M] () -- C:\Users\McKamely\ntuser.ini

< %systemroot%system32*.bk >

< %systemroot%*.te >

< %systemroot%system32system32*.* >

< %ALLUSERSPROFILE%*.dat /x >
[2012/03/09 08:55:19 | 000,000,614 | ---- | M] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

< %systemroot%system32drivers*.rmv >

< dir /b "%systemroot%system32*.exe" | find /I " " /c >

< dir /b "%systemroot%*.exe" | find /I " " /c >

< %PROGRAMFILES%Microsoft*.* >

< %systemroot%System32Wbemproquota.exe >

< %PROGRAMFILES%Mozilla Firefox*.dat >

< %USERPROFILE%Cookies*.txt /x >
[2012/06/13 12:51:45 | 003,670,016 | -HS- | M] () -- C:\Users\McKamely\NTUSER.DAT
[2012/06/13 12:51:45 | 000,262,144 | -HS- | M] () -- C:\Users\McKamely\ntuser.dat.LOG1
[2012/01/02 15:30:56 | 000,000,000 | -HS- | M] () -- C:\Users\McKamely\ntuser.dat.LOG2
[2012/01/02 17:10:27 | 000,065,536 | -HS- | M] () -- C:\Users\McKamely\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2012/01/02 17:10:27 | 000,524,288 | -HS- | M] () -- C:\Users\McKamely\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2012/01/02 17:10:27 | 000,524,288 | -HS- | M] () -- C:\Users\McKamely\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2012/01/02 15:30:57 | 000,000,020 | -HS- | M] () -- C:\Users\McKamely\ntuser.ini

< %SystemRoot%system32 onts*.* >

< %systemroot%system32winlog*.* >

< %systemroot%system32Language*.* >

< %systemroot%system32Settings*.* >

< %systemroot%system32*.quo >

< %SYSTEMROOT%AppPatch*.exe >

< %SYSTEMROOT%inf*.exe >

< %SYSTEMROOT%Installer*.exe >

< %systemroot%system32config*.bak2 >

< %systemroot%system32Computers*.* >

< %SystemRoot%system32Sound*.* >

< %SystemRoot%system32SpecialImg*.* >

< %SystemRoot%system32code*.* >

< %SystemRoot%system32draft*.* >

< %SystemRoot%system32MSSSys*.* >

< %ProgramFiles%Javascript*.* >

< %systemroot%pchealthhelpctrSystem*.exe /s >

< %systemroot%Web*.exe >

< %systemroot%system32msn*.* >

< %systemroot%system32*.tro >

< %AppData%MicrosoftInstallermsupdates*.* >

< %ProgramFiles%Messenger*.* >

< %systemroot%system32systhem32*.* >

< %systemroot%system*.exe >

< HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsWindowsUpdateAU >

< HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionWindowsUpdateAuto UpdateResultsInstallLastSuccessTime /rs >


< >
< End of report >
 
Here is Search report:

OTL Extras logfile created on: 6/13/2012 12:46:27 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\McKamely\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 66.00% Memory free
12.00 Gb Paging File | 10.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 579.61 Gb Total Space | 481.88 Gb Free Space | 83.14% Space Free | Partition Type: NTFS
Drive D: | 702.31 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MCKAMELY-PC
Current User Name: McKamely
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallDisableNotify" = 0
"FirewallOverride" = 1
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0645A454-AD44-4F0D-99CF-6B762735AD1F}" = aioprnt
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"{27EF8E7F-88D1-4ec5-ADE2-7E447FDF114E}" = Kodak AIO Printer
"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel(R) Wireless Display
"{3C41721F-AF0F-4086-AA1C-4C7F29076228}" = Intel(R) PROSet/Wireless WiFi Software
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{94A90C69-71C1-470A-88F5-AA47ECC96B40}" = TOSHIBA HDD Protection
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
"{C2F94B5E-201A-4754-8F2F-4395E1D90DA3}" = TOSHIBA eco Utility
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D66F0C3C-24F2-4463-9E2F-4381E5C40A26}" = iTunes
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Microsoft Security Client" = Microsoft Security Essentials
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D795777-9D60-4692-8386-F2B3F2B5E5BF}" = Label@Once 1.0
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{12A985FE-1E10-4FB2-B3F9-C8B4FB4D905F}" = KODAK Cloud Software Connector
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java(TM) 6 Update 25
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{376348C2-E372-48BC-A138-E896757BD86A}" = aioscnnr
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = The Sims™ 3 Late Night
"{48B41C3A-9A92-4B81-B653-C97FEB85C910}" = C4USelfUpdater
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{510D2239-6C2E-457B-9590-485EC552D94D}" = Garmin USB Drivers
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{56BA241F-580C-43D2-8403-947241AAE633}" = center
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = TOSHIBARegistration
"{5B01BCB7-A5D3-476F-AF11-E515BA206591}" = TOSHIBA Wireless LAN Indicator
"{5E3CFCA6-C95A-47CB-A822-7FA80D423AF2}" = MapSource
"{617773AE-ADBA-4479-BB04-65FE7758B35C}" = TOSHIBA Wireless Display Monitor
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{654F7484-88C5-46DC-AB32-C66BCB0E2102}" = TOSHIBA Sleep Utility
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA VIDEO PLAYER
"{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}" = TOSHIBA Resolution+ Plug-in for Windows Media Player
"{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748A531-DACF-4B0A-B927-804EBC2CB5FE}" = TurboTax 2011 wmoiper
"{781A93CD-1608-427D-B7F0-D05C07795B25}" = Intel(R) WiDi
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7FCA7183-ECBD-414D-B0F9-D469399303DA}" = MapSource - North American City Select v5
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = The Sims™ 3 Ambitions
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = TOSHIBA Application Installer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A14962A7-2B7D-456E-BFCD-F54E3A88D41F}" = Toshiba Book Place
"{A6B21A2C-9F04-4761-8E85-48BD9BE51E03}" = MapSource - US Rec Lakes with Fishing Hot Spots Central v5
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.1) MUI
"{AFBAB9A0-DDE8-49AE-8C17-A01B61BEE64B}" = Garmin MapSource
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BE94C681-68E2-4561-8ABC-8D2E799168B4}" = essentials
"{BFBCF96F-7361-486A-965C-54B17AC35421}" = ocr
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}" = TOSHIBA Assist
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C7A4F26F-F9B0-41B2-8659-99181108CDE3}" = TOSHIBA Media Controller
"{CAF5B770-082F-40C4-853D-3973BB81BDAA}" = TurboTax 2011 WinPerTaxSupport
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D7C40BDC-F6FA-46DC-BE4B-0C0EB6DD9212}" = MapSource - City Select North America v6 Update
"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0F274B7-592B-4669-8FB8-8D9825A09858}" = KODAK AiO Software
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E463E171-4082-4744-A466-F7CBE8502789}" = TurboTax 2011 WinPerReleaseEngine
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E69992ED-A7F6-406C-9280-1C156417BC49}" = TOSHIBA Quality Application
"{EE556A3E-EB37-4392-9637-BAA8EC2F47FA}" = TurboTax 2011 wrapper
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{EF53BFAB-4C10-40DB-A82D-9B07111715C6}" = aioscnnr
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in
"{FAD3D68B-2F9C-459B-AA79-C04B9090FD72}" = TurboTax 2011 WinPerFedFormset
"{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"CaddieSync Express" = CaddieSync Express 1.2.9
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"InstallShield_{7FCA7183-ECBD-414D-B0F9-D469399303DA}" = MapSource - North American City Select v5
"InstallShield_{A6B21A2C-9F04-4761-8E85-48BD9BE51E03}" = MapSource - US Rec Lakes with Fishing Hot Spots Central v5
"InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
"InstallShield_{D7C40BDC-F6FA-46DC-BE4B-0C0EB6DD9212}" = MapSource - City Select North America v6 Update
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"Origin" = Origin
"ProInst" = Intel PROSet Wireless
"TurboTax 2011" = TurboTax 2011
"WinLiveSuite" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4257975150-2182168125-953510654-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"e55b814e55744b76" = Best Buy pc app

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >
 
A couple of final questions:

Can I delete the programs and files I saved to the desktop like:

MBR.dat
aswMBR

Also, are there any special setting on MSE needed? It says protection is on and is scheduled to run once a week.

thanks!
 
Don't delete anything yet.
Default MSE settings are fine.

You didn't answer my question:
Any current issues?
p4494882.gif


============================================================

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code:
    :OTL
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\windows\SysWow64\spool\DRIVERS\x64\3\EKIJ5000MUI.exe File not found
    O15 - HKU\S-1-5-21-4257975150-2182168125-953510654-1001\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
    
    :Commands
    [purity]
    [emptytemp]
    [emptyjava]
    [emptyflash]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

==============================================================

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it.
  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Do NOT post JavaRa log.

========================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


3. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


4. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
Sorry been away from PC all night. Ran OCL and computer reset but did not get copy of report. Can you tell me where to access it?

Will be finishing up next steps tomorrow.
 
Security Check results:

Results of screen317's Security Check version 0.99.24
Windows 7 x64 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:

JavaFX 2.1.1
Java(TM) 6 Update 25
Java(TM) 7 Update 5
Out of date Java installed!
Adobe Flash Player 11.2.202.235
Adobe Reader X (10.1.1)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSMpEng.exe
Microsoft Security Essentials msseces.exe
``````````End of Log````````````
 
Farbar report:

Farbar Service Scanner Version: 09-06-2012
Ran by McKamely (administrator) on 13-06-2012 at 22:50:15
Running from "C:\Users\McKamely\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============
Firewall Disabled Policy:
==================

System Restore:
============
System Restore Disabled Policy:
========================

Action Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll
[2012-06-13 07:48] - [2012-04-24 00:37] - 0184320 ____A (Microsoft Corporation) 4F5414602E2544A4554D95517948B705
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****
 
Sorry been away from PC all night. Ran OCL and computer reset but did not get copy of report. Can you tell me where to access it?
Re-run OTL fix from safe mode.
Then continue with other steps.
 
Ok. Opened OTL in safe mode and immediately got the following report in notepad:

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\EKIJ5000StatusMonitor deleted successfully.
Registry key HKEY_USERS\S-1-5-21-4257975150-2182168125-953510654-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\intuit.com\ttlc\ deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56466 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: McKamely
->Temp folder emptied: 24681334 bytes
->Temporary Internet Files folder emptied: 854344833 bytes
->Java cache emptied: 78806 bytes
->Flash cache emptied: 208305 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 47716872 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 3882329 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 888.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: McKamely
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: McKamely
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.48.0 log created on 06132012_185542
Files\Folders moved on Reboot...
File move failed. C:\Users\McKamely\AppData\Local\Temp\FXSAPIDebugLogFile.txt scheduled to be moved on reboot.
Registry entries deleted on Reboot...
 
C:\FRST\Quarantine\services.exe Win64/Patched.B trojan deleted - quarantined
C:\FRST\Quarantine\{244fbb2e-a9d1-97b2-fe37-35e9f150b537}\n Win64/Sirefef.W trojan cleaned by deleting - quarantined
C:\FRST\Quarantine\{244fbb2e-a9d1-97b2-fe37-35e9f150b537}\U\80000000.@ Win64/Sirefef.AE trojan cleaned by deleting - quarantined
C:\FRST\Quarantine\{244fbb2e-a9d1-97b2-fe37-35e9f150b537}\{244fbb2e-a9d1-97b2-fe37-35e9f150b537}\n Win64/Sirefef.W trojan cleaned by deleting - quarantined
C:\FRST\Quarantine\{244fbb2e-a9d1-97b2-fe37-35e9f150b537}\{244fbb2e-a9d1-97b2-fe37-35e9f150b537}\U\80000000.@ Win64/Sirefef.AE trojan cleaned by deleting - quarantined
 
Uninstall:
JavaFX 2.1.1
Java(TM) 6 Update 25

===============================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code:
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

13. Please, let me know, how your computer is doing.
 
12. How did I get infected?, With steps so it does not happen again!:

I'll post this to the bleepingcomputer forum but in case anyone reads this. I have two kids that use the computer. So short answer is I know what sites they generally visit but do not know for sure. I have my own laptop and rarely use the family PC. I suspect it might have come from girlgogames.com or some link off girlgogames.com site. Started noticing that performance was slow and websites would timeout and not load as pointed out by my wife a few days before the infection really popped up. The issue really came to light when I did a google search and clicked on this link:
www.softballperformance.com/7-softball-hitting-drills-to-spice-up-y...

I don't recall specifics but all ___ broke loose and one of those phony antivirus/malware popups started popping up and became my new IE homepage. I've had them before where they charge you like $50 to download the software. This phony "link" downloaded iteself to the computer's programs. I don't recall the name of the phony virus program. I ran Malwarebytes and Microsoft Securty Essentials (MSE) in regular, non-safe mode. That was like crossing the beams in Ghostbusters (showing my age). Yeah, the trojan horse or whatever didn't like that so the computer started shutting down every minute and resetting itself. I needed a second computer to do any searches and perform and post the initial logs.
 
Back