TechSpot

Windows 7 will not start in reboot loop

By Mike Craver
Aug 10, 2012
  1. Hi, I recently had some virus notifications come up and I tried to fix but now all my computer does is reboot. I'm running windows 7. Looking at some other threads I have run the FRST64 tool and I have attached the FRST.txt file in case it would be helpful. Any help on this issue would be appreciated. I have a Toshiba Satallite 505 laptop. I have tried to run a restore point, recovery point, safe mode, etc... but it still reboot before login screen.
     

    Attached Files:

  2. Mike Craver

    Mike Craver TS Rookie Topic Starter Posts: 22

    Sorry, forgot to mention that my Windows 7 is running in 64 bit.
     
  3. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ==================================================

    Please observe forum rules.
    All logs have to be pasted not attached.
     
  4. Mike Craver

    Mike Craver TS Rookie Topic Starter Posts: 22

    Below is the log txt for the FRST.txt file as requested:

    Scan result of Farbar Recovery Scan Tool Version: 09-08-2012
    Ran by SYSTEM at 10-08-2012 22:31:56
    Running from F:\
    Windows 7 Home Premium (X64) OS Language: English(US)
    The current controlset is ControlSet001

    ========================== Registry (Whitelisted) =============

    HKLM\...\Run: [] [x]
    HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7982112 2009-07-28] (Realtek Semiconductor)
    HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1815848 2009-07-20] (Synaptics Incorporated)
    HKLM\...\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE [497504 2009-08-21] (TOSHIBA Corporation)
    HKLM\...\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation)
    HKLM\...\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe [909624 2009-08-05] (TOSHIBA Corporation)
    HKLM\...\Run: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe [711000 2009-08-04] (TOSHIBA Corporation)
    HKLM\...\Run: [SmartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-07-29] (TOSHIBA Corporation)
    HKLM\...\Run: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r [1482080 2009-08-11] (TOSHIBA Corporation)
    HKLM\...\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2009-08-03] (TOSHIBA Corporation)
    HKLM\...\Run: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe [595816 2009-10-28] (TOSHIBA Corporation)
    HKLM\...\Run: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [34648 2009-10-28] (TOSHIBA Corporation)
    HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2009-07-29] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 [1294136 2009-08-17] (TOSHIBA Corporation)
    HKLM-x32\...\Run: [TWebCamera] "%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun [x]
    HKLM-x32\...\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED [529256 2009-08-09] (Toshiba)
    HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [31072 2008-10-25] (Microsoft Corporation)
    HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2011-09-07] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [937920 2011-03-29] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe" [268640 2011-11-12] (LeapFrog Enterprises, Inc.)
    HKLM-x32\...\Run: [Advanced System Protector] "C:\Program Files (x86)\Systweak\Advanced System Protector\ASP.exe" /autorun [x]
    HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-03-17] (Apple Inc.)
    HKLM-x32\...\Run: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s [619008 2010-05-25] (Nikon Corporation)
    HKLM-x32\...\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
    HKU\Cravers\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-11-12] (Google Inc.)
    HKU\Cravers\...\Run: [Google Update] "C:\Users\Cravers\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2010-05-22] (Google Inc.)
    HKU\Cravers\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)
    HKU\Cravers\...\Run: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [247728 2012-04-19] (TomTom)
    HKLM\...\RunOnce: [*Restore] C:\windows\system32\rstrui.exe /RUNONCE [296960 2009-07-13] (Microsoft Corporation)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 184.16.4.22
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\Ulead Photo Express 4.0 SE Calendar Checker .lnk
    ShortcutTarget: Ulead Photo Express 4.0 SE Calendar Checker .lnk -> C:\Program Files (x86)\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe (Ulead Systems, Inc.)

    ==================== Services (Whitelisted) ======

    2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
    2 NIS; "C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe" /s "NIS" /m "C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\diMaster.dll" /prefetch:1 [309688 2012-04-12] (Symantec Corporation)
    2 TomTomHOMEService; C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [92592 2012-04-19] (TomTom)

    ========================== Drivers (Whitelisted) =============

    1 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\Definitions\BASHDefs\20120804.001_d58\BHDrvx64.sys [1161376 2012-08-03] (Symantec Corporation)
    1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1307010.005\ccSetx64.sys [167048 2011-11-29] (Symantec Corporation)
    1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-09] (Symantec Corporation)
    3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-08-09] (Symantec Corporation)
    1 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\Definitions\IPSDefs\20120809.001\IDSvia64.sys [509088 2012-08-09] (Symantec Corporation)
    3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\Definitions\VirusDefs\20120810.001\ENG64.SYS [120440 2012-08-10] (Symantec Corporation)
    3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\Definitions\VirusDefs\20120810.001\EX64.SYS [2068600 2012-08-10] (Symantec Corporation)
    1 SRTSP; C:\Windows\System32\Drivers\NISx64\1307010.005\SRTSP64.SYS [737912 2012-03-28] (Symantec Corporation)
    1 SRTSPX; C:\Windows\system32\drivers\NISx64\1307010.005\SRTSPX64.SYS [37496 2012-03-28] (Symantec Corporation)
    0 SymDS; C:\Windows\System32\drivers\NISx64\1307010.005\SYMDS64.SYS [451192 2012-01-17] (Symantec Corporation)
    0 SymEFA; C:\Windows\System32\drivers\NISx64\1307010.005\SYMEFA64.SYS [1092728 2012-03-28] (Symantec Corporation)
    3 SymEvent; \??\C:\windows\system32\Drivers\SYMEVENT64x86.SYS [175736 2012-04-29] (Symantec Corporation)
    1 SymIRON; C:\Windows\system32\drivers\NISx64\1307010.005\Ironx64.SYS [190072 2012-03-28] (Symantec Corporation)
    1 SymNetS; C:\Windows\System32\Drivers\NISx64\1307010.005\SYMNETS.SYS [405624 2012-03-28] (Symantec Corporation)
    3 RSUSBSTOR; C:\Windows\System32\Drivers\RtsUStor.sys [x]
    3 RtsUIR; C:\Windows\System32\DRIVERS\Rts516xIR.sys [x]
    3 USBCCID; C:\Windows\System32\DRIVERS\RtsUCcid.sys [x]

    ========================== NetSvcs (Whitelisted) ===========


    ============ One Month Created Files and Folders ==============

    2012-08-10 12:52 - 2012-08-10 12:52 - 00275104 ____A C:\Windows\Minidump\081012-42728-01.dmp
    2012-08-10 11:14 - 2012-08-10 11:14 - 00275104 ____A C:\Windows\Minidump\081012-70715-01.dmp
    2012-08-10 11:13 - 2012-08-10 12:52 - 476798241 ____A C:\Windows\MEMORY.DMP
    2012-08-10 08:10 - 2012-08-10 08:10 - 00000000 ____D C:\Users\Cravers\AppData\Local\{606BB818-9BC6-47EA-B88F-E985770201FD}
    2012-08-10 08:10 - 2012-08-10 08:10 - 00000000 ____D C:\Users\Cravers\AppData\Local\{210CB0CB-CE36-4D10-9BE3-B5C8A3D21CAE}
    2012-08-09 20:21 - 2012-08-09 20:22 - 00752484 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
    2012-08-09 20:21 - 2012-08-09 20:22 - 00006320 ____A C:\Windows\iis7.log
    2012-08-09 20:20 - 2012-08-10 20:32 - 00000000 ____D C:\Program Files\Reference Assemblies
    2012-08-09 20:20 - 2012-08-10 20:32 - 00000000 ____D C:\Program Files\MSBuild
    2012-08-09 20:20 - 2012-08-10 20:32 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
    2012-08-09 20:20 - 2012-08-09 20:20 - 00000000 ____D C:\inetpub
    2012-08-09 19:50 - 2012-08-09 19:50 - 00039511 ____A C:\Users\Cravers\Desktop\sfcdetails.txt
    2012-08-09 18:18 - 2012-08-09 18:19 - 00000000 ____D C:\Users\Cravers\AppData\Local\{554BC5DC-BC37-4A93-96C9-264E24D46B38}
    2012-08-09 18:18 - 2012-08-09 18:18 - 00000000 ____D C:\Users\Cravers\AppData\Local\{C19EC154-806E-4374-9471-BD3F71B84F13}
    2012-08-09 17:25 - 2012-08-09 17:25 - 00003760 ____A C:\{979004F1-2ACB-4713-8791-B1DBA8A8FA6B}
    2012-08-09 17:18 - 2012-08-09 17:19 - 00003760 ____A C:\{7B94B2D2-AC20-4745-B17B-5F19C0508B4A}
    2012-08-09 16:56 - 2012-08-09 16:56 - 00000000 ____D C:\Users\Cravers\AppData\Local\{B20F82E1-1F8E-41FD-A3BB-FE924FC711FC}
    2012-08-09 16:55 - 2012-08-09 16:56 - 00000000 ____D C:\Users\Cravers\AppData\Local\{B7AAD67D-854B-4907-A91A-9188E893A9E8}
    2012-08-09 16:46 - 2012-08-09 17:12 - 00000000 ____D C:\Users\Cravers\AppData\Local\NPE
    2012-08-09 16:35 - 2012-08-09 16:35 - 00003792 ____A C:\{17908C2A-6A26-4A73-A6C2-80079EDEF91C}
    2012-08-09 16:01 - 2012-08-09 16:01 - 00000000 ____D C:\Windows\Sun
    2012-08-09 04:50 - 2012-08-09 04:50 - 00000000 ____D C:\Users\Cravers\AppData\Local\{F8B550ED-DB18-4760-885A-5F472CD9398C}
    2012-08-09 04:50 - 2012-08-09 04:50 - 00000000 ____D C:\Users\Cravers\AppData\Local\{E3DBF095-F243-49C5-A51D-387425DCC54C}
    2012-08-08 16:49 - 2012-08-08 16:50 - 00000000 ____D C:\Users\Cravers\AppData\Local\{9D165C06-2A41-469A-BB7D-89A45DD92153}
    2012-08-08 16:49 - 2012-08-08 16:49 - 00000000 ____D C:\Users\Cravers\AppData\Local\{3300073F-94AC-4823-ADB2-1A4E4FC21B8C}
    2012-08-08 16:47 - 2012-08-10 12:52 - 00000000 ____D C:\Windows\Minidump
    2012-08-08 03:20 - 2012-08-08 03:21 - 00000000 ____D C:\Users\Cravers\AppData\Local\{025103F2-DE2A-488F-ADAD-4DFA50489A33}
    2012-08-08 03:20 - 2012-08-08 03:20 - 00000000 ____D C:\Users\Cravers\AppData\Local\{5EBA4E6C-2EE1-462B-BEF7-37E082B46D95}
    2012-08-07 09:36 - 2012-08-07 09:36 - 00000000 ____D C:\Users\Cravers\AppData\Local\{76935FB7-52F4-41E4-90C6-013E231BB5A7}
    2012-08-07 09:36 - 2012-08-07 09:36 - 00000000 ____D C:\Users\Cravers\AppData\Local\{25363F1B-77BB-494B-B246-E4D6D46721D8}
    2012-08-06 19:02 - 2012-08-06 19:02 - 00000000 ____D C:\Users\Cravers\AppData\Local\{96DD7E75-D3FB-4BA8-8154-AED33C2BB339}
    2012-08-06 04:01 - 2012-08-06 04:01 - 00000000 ____D C:\Users\Cravers\AppData\Local\{BF72BFE2-6D6E-4B4A-87AF-0C1893C593DB}
    2012-08-06 04:00 - 2012-08-06 19:02 - 00000000 ____D C:\Users\Cravers\AppData\Local\{86CBAE9F-49A8-43F8-B04A-8FFE22437F4C}
    2012-08-05 16:00 - 2012-08-05 16:00 - 00000000 ____D C:\Users\Cravers\AppData\Local\{A9813D7A-5551-471D-B1E4-ED061EE618DA}
    2012-08-05 15:59 - 2012-08-05 16:00 - 00000000 ____D C:\Users\Cravers\AppData\Local\{19FB5AE7-51DC-4372-9048-83DEFE4689F9}
    2012-08-05 03:25 - 2012-08-05 03:25 - 00000000 ____D C:\Users\Cravers\AppData\Local\{FE29098B-E5D2-4C34-89AA-29859D1E98B9}
    2012-08-05 03:25 - 2012-08-05 03:25 - 00000000 ____D C:\Users\Cravers\AppData\Local\{EA218DD9-3BDE-49DA-8BC2-229B9D444556}
    2012-08-05 03:19 - 2012-08-10 12:58 - 00000504 ____A C:\Windows\setupact.log
    2012-08-05 03:19 - 2012-08-05 03:19 - 00000332 ____A C:\Windows\PFRO.log
    2012-08-05 03:19 - 2012-08-05 03:19 - 00000000 ____A C:\Windows\setuperr.log
    2012-08-04 15:07 - 2012-08-04 15:07 - 00000000 ____D C:\Users\Cravers\AppData\Local\{AA56A065-C9A5-4233-BDFC-4E824865AB78}
    2012-08-04 15:07 - 2012-08-04 15:07 - 00000000 ____D C:\Users\Cravers\AppData\Local\{342C4F73-F0B2-4A44-B45B-016AE6E1BF16}
    2012-08-04 03:06 - 2012-08-04 03:07 - 00000000 ____D C:\Users\Cravers\AppData\Local\{0058B95B-2F64-4D65-ACA8-EC6ECB1C7508}
    2012-08-03 05:12 - 2012-08-04 03:06 - 00000000 ____D C:\Users\Cravers\AppData\Local\{8342625C-DCCF-4C7D-B143-B95378825434}
    2012-08-03 05:12 - 2012-08-03 05:12 - 00000000 ____D C:\Users\Cravers\AppData\Local\{7E33F082-6BD4-4AD8-8857-C431FF50BD4B}
    2012-08-02 16:27 - 2012-08-02 16:27 - 00000000 ____D C:\Users\Cravers\AppData\Local\{98C5389B-2E64-4E3E-8714-BAAB5B63C919}
    2012-08-02 03:50 - 2012-08-02 03:50 - 00000000 ____D C:\Users\Cravers\AppData\Local\{B88F67AD-C50C-4609-9BB3-4B2711494C0D}
    2012-08-02 03:49 - 2012-08-02 16:27 - 00000000 ____D C:\Users\Cravers\AppData\Local\{CAEF0EA6-AC89-4213-85C7-8E8439D62C0E}
    2012-08-01 15:49 - 2012-08-01 15:49 - 00000000 ____D C:\Users\Cravers\AppData\Local\{62FE0603-012D-4E25-81EE-56CC46A8B778}
    2012-08-01 03:19 - 2012-08-01 15:49 - 00000000 ____D C:\Users\Cravers\AppData\Local\{AB7200E7-A8DD-4FB9-8BB5-52AC69718F6F}
    2012-08-01 03:19 - 2012-08-01 03:19 - 00000000 ____D C:\Users\Cravers\AppData\Local\{BC309ECB-1BE5-44F2-B8BA-853FB0F16C50}
    2012-07-31 03:59 - 2012-07-31 03:59 - 00000000 ____D C:\Users\Cravers\AppData\Local\{A9B05FFA-0636-48D9-8830-7C0B01C9E79D}
    2012-07-31 03:58 - 2012-07-31 03:59 - 00000000 ____D C:\Users\Cravers\AppData\Local\{41A398B9-3949-45C7-91E6-036A33FAB5ED}
    2012-07-30 15:58 - 2012-07-30 15:58 - 00000000 ____D C:\Users\Cravers\AppData\Local\{AB590BCE-DEB8-4B65-98F7-4B365026B12E}
    2012-07-30 03:42 - 2012-07-30 15:58 - 00000000 ____D C:\Users\Cravers\AppData\Local\{B868F459-1278-4692-B5B5-B94C9D326A85}
    2012-07-30 03:42 - 2012-07-30 03:42 - 00000000 ____D C:\Users\Cravers\AppData\Local\{33990E27-33E6-4E49-B196-A83C9568CB1F}
    2012-07-29 15:41 - 2012-07-29 15:41 - 00000000 ____D C:\Users\Cravers\AppData\Local\{A2256D30-44F9-413A-B62F-3BA48F24A060}
    2012-07-29 15:41 - 2012-07-29 15:41 - 00000000 ____D C:\Users\Cravers\AppData\Local\{1B62D7AC-E935-4793-A404-F5BE4D36930F}
    2012-07-29 03:15 - 2012-07-29 03:15 - 00000000 ____D C:\Users\Cravers\AppData\Local\{8C0CCD60-C77C-4393-91E9-6DBC80BF0531}
    2012-07-29 03:15 - 2012-07-29 03:15 - 00000000 ____D C:\Users\Cravers\AppData\Local\{7E6D807F-5305-47A9-B36A-C153BCD830BA}
    2012-07-28 10:18 - 2012-07-28 10:18 - 00000000 ____D C:\Users\Cravers\AppData\Local\{C94A201E-EE7F-429F-800B-D188CAEEF8D8}
    2012-07-28 10:18 - 2012-07-28 10:18 - 00000000 ____D C:\Users\Cravers\AppData\Local\{44F610D1-41B6-4A9C-AD59-680C119800C4}
    2012-07-27 18:41 - 2012-07-27 18:41 - 00000000 ____D C:\Users\Cravers\AppData\Local\{27E80FA7-ECBE-457A-917B-D01113F1C680}
    2012-07-27 06:40 - 2012-07-27 18:41 - 00000000 ____D C:\Users\Cravers\AppData\Local\{1E337C71-D7B4-4263-B9A1-46670279F8C8}
    2012-07-27 06:40 - 2012-07-27 06:41 - 00000000 ____D C:\Users\Cravers\AppData\Local\{117E6453-D752-4B51-944C-ADD4F86E110D}
    2012-07-26 17:26 - 2012-07-26 17:26 - 00000000 ____D C:\Users\Cravers\AppData\Local\{E8E0EAD7-5E20-4A6A-8E5A-C0831B52628F}
    2012-07-26 05:25 - 2012-07-26 17:26 - 00000000 ____D C:\Users\Cravers\AppData\Local\{FB7B14AA-EED5-4B51-9621-FF09662245B0}
    2012-07-26 05:25 - 2012-07-26 05:25 - 00000000 ____D C:\Users\Cravers\AppData\Local\{D8CBC848-33F9-40E3-8837-4617BEDB6E4E}
    2012-07-25 17:24 - 2012-07-25 17:25 - 00000000 ____D C:\Users\Cravers\AppData\Local\{58BC3975-8E65-44E7-86BF-CE20CC26B909}
    2012-07-25 05:13 - 2012-07-25 05:13 - 00000000 ____D C:\Users\Cravers\AppData\Local\{101D5083-0963-4DE5-ABD6-0C9640E0E914}
    2012-07-25 05:12 - 2012-07-25 17:24 - 00000000 ____D C:\Users\Cravers\AppData\Local\{547DAF9C-186A-4625-AC13-D8CFC0504BFF}
    2012-07-24 16:29 - 2012-07-24 16:29 - 00000000 ____D C:\Users\Cravers\AppData\Local\{79B7B0AE-9626-44B6-AE6F-5A62CB88E7FC}
    2012-07-24 03:49 - 2012-07-24 16:29 - 00000000 ____D C:\Users\Cravers\AppData\Local\{EA2F6D27-C445-4F36-AF38-7DA9597DB6C9}
    2012-07-24 03:49 - 2012-07-24 03:50 - 00000000 ____D C:\Users\Cravers\AppData\Local\{46AFAEAB-DDA6-4A4A-8716-07628B732FAA}
    2012-07-23 15:49 - 2012-07-23 15:49 - 00000000 ____D C:\Users\Cravers\AppData\Local\{E24ABD66-C381-442B-813C-D75810CF08A7}
    2012-07-23 03:48 - 2012-07-23 15:49 - 00000000 ____D C:\Users\Cravers\AppData\Local\{9F4C460E-5CBD-4282-85FC-6A5B7E22309B}
    2012-07-23 03:48 - 2012-07-23 03:48 - 00000000 ____D C:\Users\Cravers\AppData\Local\{83F66D9C-CB6F-4724-90F8-C8CE61F08CF2}
    2012-07-22 15:20 - 2012-07-22 15:20 - 00000000 ____D C:\Users\Cravers\AppData\Local\{2A032765-FCDE-4B35-9372-D1A38C1A4CE9}
    2012-07-22 03:19 - 2012-07-22 15:20 - 00000000 ____D C:\Users\Cravers\AppData\Local\{DAA91AAA-3A03-4E6F-A5D4-413BC7B31098}
    2012-07-22 03:19 - 2012-07-22 03:19 - 00000000 ____D C:\Users\Cravers\AppData\Local\{A6429D73-EA77-4FB8-8E0D-976ED3DA3C09}
    2012-07-21 07:55 - 2012-07-21 07:55 - 00000000 ____D C:\Users\Cravers\AppData\Local\{6CD56AD3-AE9A-4A29-91E3-EFBBDDA279E7}
    2012-07-20 19:43 - 2012-07-20 19:43 - 00000000 ____D C:\Users\Cravers\AppData\Local\{05557194-00FB-44F2-9A8A-2E3DC3B31F34}
    2012-07-20 03:33 - 2012-07-20 03:33 - 00000000 ____D C:\Users\Cravers\AppData\Local\{59E54FC8-B3B2-41D8-8741-CBDAAA3C2097}
    2012-07-19 05:54 - 2012-07-20 19:43 - 00000000 ____D C:\Users\Cravers\AppData\Local\{08FE84C6-EDDE-488E-B8DD-D2BFC399B808}
    2012-07-19 05:54 - 2012-07-19 05:54 - 00000000 ____D C:\Users\Cravers\AppData\Local\{AE613DA5-0778-4CFC-BC5A-1E2532591D14}
    2012-07-18 17:00 - 2012-07-18 17:01 - 00000000 ____D C:\Users\Cravers\AppData\Local\{48834504-01DE-4636-AE57-F020A30A0179}
    2012-07-18 04:30 - 2012-07-18 04:30 - 00000000 ____D C:\Users\Cravers\AppData\Local\{FBEE84D7-1184-4C60-8BF5-762D07188926}
    2012-07-18 04:29 - 2012-07-18 17:00 - 00000000 ____D C:\Users\Cravers\AppData\Local\{F58FDBB4-FEDF-4743-8E23-91C86F2DB71E}
    2012-07-17 16:29 - 2012-07-17 16:29 - 00000000 ____D C:\Users\Cravers\AppData\Local\{0CE382D2-75DA-4C6D-8BA4-E19959727061}
    2012-07-17 03:52 - 2012-07-17 16:29 - 00000000 ____D C:\Users\Cravers\AppData\Local\{E6390593-FCA7-419A-BD28-DF54D9962868}
    2012-07-17 03:52 - 2012-07-17 03:53 - 00000000 ____D C:\Users\Cravers\AppData\Local\{3821B517-1738-4B71-A1DD-BFC35382CA1D}
    2012-07-16 15:52 - 2012-07-16 15:52 - 00000000 ____D C:\Users\Cravers\AppData\Local\{C547EEF0-07E2-4F0E-B2D4-56D215560784}
    2012-07-16 03:30 - 2012-07-16 15:52 - 00000000 ____D C:\Users\Cravers\AppData\Local\{767BE223-7AA3-4AAB-B2BD-6AA538C335BB}
    2012-07-16 03:30 - 2012-07-16 03:31 - 00000000 ____D C:\Users\Cravers\AppData\Local\{D45CC10C-0566-43B3-A98E-84F2D055D795}
    2012-07-15 15:30 - 2012-07-15 15:30 - 00000000 ____D C:\Users\Cravers\AppData\Local\{C78FF54C-430F-48CF-A5D9-A425EDF8BBD7}
    2012-07-15 03:29 - 2012-07-15 15:30 - 00000000 ____D C:\Users\Cravers\AppData\Local\{DAD9D81A-CFAA-4F03-8738-5A41391AD4FE}
    2012-07-15 03:29 - 2012-07-15 03:29 - 00000000 ____D C:\Users\Cravers\AppData\Local\{265125E8-405F-4B33-8B31-10947F5A601D}
    2012-07-14 15:23 - 2012-07-14 15:23 - 00000000 ____D C:\Users\Cravers\AppData\Local\{321E37BA-83FF-4AC4-A8F6-BF9FB88A26FF}
    2012-07-14 03:22 - 2012-07-14 15:23 - 00000000 ____D C:\Users\Cravers\AppData\Local\{B7C5615F-B95D-437B-8E6B-F85A50C1A504}
    2012-07-14 03:22 - 2012-07-14 03:22 - 00000000 ____D C:\Users\Cravers\AppData\Local\{8D25B30F-2E5E-4D25-87FA-3084DBDA013A}
    2012-07-13 09:17 - 2012-07-13 09:17 - 00000000 ____D C:\Users\Cravers\AppData\Local\{8CEB3DDD-1A33-4D24-A27B-E34E96F8F45D}
    2012-07-13 09:17 - 2012-07-13 09:17 - 00000000 ____D C:\Users\Cravers\AppData\Local\{6F8A2A17-3DD6-4266-AA92-DBD4331CB8E2}
    2012-07-12 17:16 - 2012-07-12 17:16 - 00000000 ____D C:\Users\Cravers\AppData\Local\{28C74209-F648-45B3-9A7C-BC31FC67931C}
    2012-07-12 05:03 - 2012-07-12 17:15 - 00000000 ____D C:\Users\Cravers\AppData\Local\{0BC57E11-6A04-4E94-90B9-5E664D7D5706}
    2012-07-12 05:03 - 2012-07-12 05:04 - 00000000 ____D C:\Users\Cravers\AppData\Local\{287309CB-A69C-4878-9618-3F93FA473D4A}
    2012-07-11 17:03 - 2012-07-11 17:03 - 00000000 ____D C:\Users\Cravers\AppData\Local\{39CF6684-406F-45E0-84D1-1A3E52CC60C6}
    2012-07-11 05:01 - 2012-07-11 05:01 - 00000000 ____D C:\Users\Cravers\AppData\Local\{3A133A44-DD2D-4AFF-9668-F16756573CA9}
    2012-07-11 05:00 - 2012-07-11 17:03 - 00000000 ____D C:\Users\Cravers\AppData\Local\{CE0A8A32-3B5A-4C16-9C34-F6A91B81DE16}


    ============ 3 Months Modified Files ========================

    2012-08-10 13:23 - 2010-05-26 20:07 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2012-08-10 13:16 - 2010-05-22 11:19 - 00000916 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-660660762-1580669307-3164895231-1000UA.job
    2012-08-10 13:07 - 2009-07-13 20:45 - 00015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-08-10 13:07 - 2009-07-13 20:45 - 00015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-08-10 13:06 - 2009-07-13 21:13 - 00799316 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-08-10 13:02 - 2010-03-08 21:47 - 01347760 ____A C:\Windows\WindowsUpdate.log
    2012-08-10 12:58 - 2012-08-05 03:19 - 00000504 ____A C:\Windows\setupact.log
    2012-08-10 12:58 - 2010-05-26 20:07 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2012-08-10 12:58 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-08-10 12:52 - 2012-08-10 12:52 - 00275104 ____A C:\Windows\Minidump\081012-42728-01.dmp
    2012-08-10 12:52 - 2012-08-10 11:13 - 476798241 ____A C:\Windows\MEMORY.DMP
    2012-08-10 11:14 - 2012-08-10 11:14 - 00275104 ____A C:\Windows\Minidump\081012-70715-01.dmp
    2012-08-10 08:17 - 2010-05-22 11:20 - 00002432 ____A C:\Users\Cravers\Desktop\Google Chrome.lnk
    2012-08-09 20:22 - 2012-08-09 20:21 - 00752484 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
    2012-08-09 20:22 - 2012-08-09 20:21 - 00006320 ____A C:\Windows\iis7.log
    2012-08-09 19:50 - 2012-08-09 19:50 - 00039511 ____A C:\Users\Cravers\Desktop\sfcdetails.txt
    2012-08-09 17:25 - 2012-08-09 17:25 - 00003760 ____A C:\{979004F1-2ACB-4713-8791-B1DBA8A8FA6B}
    2012-08-09 17:19 - 2012-08-09 17:18 - 00003760 ____A C:\{7B94B2D2-AC20-4745-B17B-5F19C0508B4A}
    2012-08-09 16:35 - 2012-08-09 16:35 - 00003792 ____A C:\{17908C2A-6A26-4A73-A6C2-80079EDEF91C}
    2012-08-05 10:16 - 2010-05-22 11:19 - 00000864 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-660660762-1580669307-3164895231-1000Core.job
    2012-08-05 03:19 - 2012-08-05 03:19 - 00000332 ____A C:\Windows\PFRO.log
    2012-08-05 03:19 - 2012-08-05 03:19 - 00000000 ____A C:\Windows\setuperr.log
    2012-06-02 14:19 - 2012-06-19 03:28 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-06-02 14:19 - 2012-06-19 03:28 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-06-02 14:19 - 2012-06-19 03:28 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-06-02 14:19 - 2012-06-19 03:27 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
    2012-06-02 14:19 - 2012-06-19 03:27 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
    2012-06-02 14:15 - 2012-06-19 03:28 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2012-06-02 14:15 - 2012-06-19 03:27 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
    2012-06-02 11:19 - 2012-06-19 03:27 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2012-06-02 11:15 - 2012-06-19 03:27 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
    2012-05-19 17:39 - 2011-11-27 16:11 - 00000020 ____H C:\Users\All Users\PKP_DLev.DAT
    2012-05-19 17:31 - 2011-11-27 16:11 - 00000020 ____H C:\Users\All Users\PKP_DLet.DAT
    2012-05-19 03:20 - 2011-05-08 17:57 - 00002503 ____A C:\Users\Public\Desktop\Norton Internet Security.lnk

    ========================= Known DLLs (Whitelisted) ============


    ========================= Bamital & volsnap Check ============

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    TDL4: custom:26000022 <===== ATTENTION!

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ========================= Memory info ======================

    Percentage of memory in use: 19%
    Total physical RAM: 3836.17 MB
    Available physical RAM: 3097.29 MB
    Total Pagefile: 3834.32 MB
    Available Pagefile: 3183.61 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.9 MB

    ======================= Partitions =========================

    1 Drive c: (TI105736W0B) (Fixed) (Total:287.61 GB) (Free:233.03 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    2 Drive d: (System) (Fixed) (Total:1.46 GB) (Free:1.27 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    3 Drive e: (Repair disc Windows 7 64-bit) (CDROM) (Total:0.14 GB) (Free:0 GB) UDF
    4 Drive f: (HP v125w) (Removable) (Total:3.75 GB) (Free:0.38 GB) FAT32
    5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 298 GB 0 B
    Disk 1 Online 3850 MB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Recovery 1500 MB 1024 KB
    Partition 2 Primary 287 GB 1501 MB
    Partition 3 Primary 9 GB 289 GB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : 27
    Hidden: Yes
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 D System NTFS Partition 1500 MB Healthy Hidden

    ==================================================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 C TI105736W0B NTFS Partition 287 GB Healthy

    ==================================================================================

    Disk: 0
    Partition 3
    Type : 17 (Suspicious Type)
    Hidden: Yes
    Active: No

    There is no volume associated with this partition.

    ==================================================================================

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 3846 MB 4032 KB

    ==================================================================================

    Disk: 1
    Partition 1
    Type : 0C
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 F HP v125w FAT32 Removable 3846 MB Healthy

    ==================================================================================

    Last Boot: 2012-05-18 17:16

    ======================= End Of Log ==========================
     
  5. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    I don't see much there but let's try something...

    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the UBCD.
    Run FRST/FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    See if you can start normally.
     

    Attached Files:

  6. Mike Craver

    Mike Craver TS Rookie Topic Starter Posts: 22

    Here is the results of FixLog.txt, however, same issue of rebooting. Can't get to login screen.

    Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 09-08-2012
    Ran by SYSTEM at 2012-08-10 23:42:00 Run:3
    Running from F:\

    ==============================================

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ Default Value restored successfully.
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\*Restore Value deleted successfully.

    ==== End of Fixlog ====
     
  7. Mike Craver

    Mike Craver TS Rookie Topic Starter Posts: 22

    One other note, there used to be a partition error with c:\windows\svchost.exe, but it is no longer showing, maybe it was something I did before starting this post. Just FYI. Also, not before all this was happening, I was getting a trojan error for zero??? can't remember the rest. Maybe that will help in some way.

    Also, the last time I logged into windows, it said I was missing a sortkey.nlp file and I couldnt open my event viewer along with other system programs. This is all the other relevant information I can give at this time.
     
  8. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Let's try different fix...

    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the UBCD.
    Run FRST/FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    See if you can boot now.
     

    Attached Files:

  9. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    We posted at the same time.
     
  10. Mike Craver

    Mike Craver TS Rookie Topic Starter Posts: 22

    Here is the fixlog.txt again. Still booting up problems. All I get now if a launch startup repair and start windows normally which both don't work.:

    I noticed this log had a lot to do with system32 folder, is that expected since I'm running 64 bit?

    Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 09-08-2012
    Ran by SYSTEM at 2012-08-10 23:55:13 Run:4
    Running from F:\

    ==============================================

    DEFAULT hive was successfully copied to System32\config\HiveBackup
    DEFAULT hive was successfully restored from registry back up.
    SAM hive was successfully copied to System32\config\HiveBackup
    SAM hive was successfully restored from registry back up.
    SECURITY hive was successfully copied to System32\config\HiveBackup
    SECURITY hive was successfully restored from registry back up.
    SOFTWARE hive was successfully copied to System32\config\HiveBackup
    SOFTWARE hive was successfully restored from registry back up.
    SYSTEM hive was successfully copied to System32\config\HiveBackup
    SYSTEM hive was successfully restored from registry back up.

    ==== End of Fixlog ====
     
  11. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    System32 is present on 64-bit as well.

    In your original FRST I didn't see any serious infection so I suspect that you broke something when you're running your own fixes.

    Let me see if we can figure something out.

    I can see this:
    Both drives have boot components.
    What is drive D? What do you have on it? Any old Windows installation on it?
    Possibly your computer is trying to boot to drive D.
     
  12. Mike Craver

    Mike Craver TS Rookie Topic Starter Posts: 22

    This is the cd drive. I have a recovery disk I created when I was still in windows. It allows me to boot up to the system restore, command line, etc... options. The problem was happening before I loaded this cd. Anything for me to help? I can tell you one more thing, it seems that the window/svchost.exe no longer resides there. It's gone.
     
  13. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Oh I see. Somehow I saw 146GB not 1.46GB. Must be tired :)

    Wait, I see I missed something.

    Post fresh FRST log.
     
  14. Mike Craver

    Mike Craver TS Rookie Topic Starter Posts: 22

    Here is a fresh FRST.txt log:

    Scan result of Farbar Recovery Scan Tool Version: 09-08-2012
    Ran by SYSTEM at 11-08-2012 00:25:24
    Running from F:\
    Windows 7 Home Premium (X64) OS Language: English(US)
    The current controlset is ControlSet001

    ========================== Registry (Whitelisted) =============

    HKLM\...\Run: [] [x]
    HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7982112 2009-07-28] (Realtek Semiconductor)
    HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1815848 2009-07-20] (Synaptics Incorporated)
    HKLM\...\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE [497504 2009-08-21] (TOSHIBA Corporation)
    HKLM\...\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation)
    HKLM\...\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe [909624 2009-08-05] (TOSHIBA Corporation)
    HKLM\...\Run: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe [711000 2009-08-04] (TOSHIBA Corporation)
    HKLM\...\Run: [SmartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-07-29] (TOSHIBA Corporation)
    HKLM\...\Run: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r [1482080 2009-08-11] (TOSHIBA Corporation)
    HKLM\...\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2009-08-03] (TOSHIBA Corporation)
    HKLM\...\Run: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe [595816 2009-10-28] (TOSHIBA Corporation)
    HKLM\...\Run: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [34648 2009-10-28] (TOSHIBA Corporation)
    HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2009-07-29] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 [1294136 2009-08-17] (TOSHIBA Corporation)
    HKLM-x32\...\Run: [TWebCamera] "%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun [x]
    HKLM-x32\...\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED [529256 2009-08-09] (Toshiba)
    HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [31072 2008-10-25] (Microsoft Corporation)
    HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2011-09-07] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [937920 2011-03-29] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe" [268640 2011-11-12] (LeapFrog Enterprises, Inc.)
    HKLM-x32\...\Run: [StartNowToolbarHelper] "C:\Program Files (x86)\StartNow Toolbar\ToolbarHelper.exe" [x]
    HKLM-x32\...\Run: [Advanced System Protector] "C:\Program Files (x86)\Systweak\Advanced System Protector\ASP.exe" /autorun [x]
    HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-03-17] (Apple Inc.)
    HKLM-x32\...\Run: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s [619008 2010-05-25] (Nikon Corporation)
    HKLM-x32\...\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
    HKU\Cravers\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-11-12] (Google Inc.)
    HKU\Cravers\...\Run: [Google Update] "C:\Users\Cravers\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2010-05-22] (Google Inc.)
    HKU\Cravers\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)
    HKU\Cravers\...\Run: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [247728 2012-04-19] (TomTom)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 184.16.4.22
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\Ulead Photo Express 4.0 SE Calendar Checker .lnk
    ShortcutTarget: Ulead Photo Express 4.0 SE Calendar Checker .lnk -> C:\Program Files (x86)\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe (Ulead Systems, Inc.)

    ==================== Services (Whitelisted) ======

    2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
    2 NIS; "C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe" /s "NIS" /m "C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\diMaster.dll" /prefetch:1 [309688 2012-04-12] (Symantec Corporation)
    2 TomTomHOMEService; C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [92592 2012-04-19] (TomTom)
    2 Updater Service for StartNow Toolbar; C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe [x]

    ========================== Drivers (Whitelisted) =============

    1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1307010.005\ccSetx64.sys [167048 2011-11-29] (Symantec Corporation)
    1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-09] (Symantec Corporation)
    3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-08-09] (Symantec Corporation)
    1 SRTSPX; C:\Windows\system32\drivers\NISx64\1307010.005\SRTSPX64.SYS [37496 2012-03-28] (Symantec Corporation)
    0 SymDS; C:\Windows\System32\drivers\NISx64\1307010.005\SYMDS64.SYS [451192 2012-01-17] (Symantec Corporation)
    0 SymEFA; C:\Windows\System32\drivers\NISx64\1307010.005\SYMEFA64.SYS [1092728 2012-03-28] (Symantec Corporation)
    3 SymEvent; \??\C:\windows\system32\Drivers\SYMEVENT64x86.SYS [175736 2012-04-29] (Symantec Corporation)
    1 SymIRON; C:\Windows\system32\drivers\NISx64\1307010.005\Ironx64.SYS [190072 2012-03-28] (Symantec Corporation)
    1 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\Definitions\BASHDefs\20120507.001\BHDrvx64.sys [x]
    1 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\Definitions\IPSDefs\20120518.001\IDSvia64.sys [x]
    3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\Definitions\VirusDefs\20120518.020\ENG64.SYS [x]
    3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\Definitions\VirusDefs\20120518.020\EX64.SYS [x]
    3 RSUSBSTOR; C:\Windows\System32\Drivers\RtsUStor.sys [x]
    3 RtsUIR; C:\Windows\System32\DRIVERS\Rts516xIR.sys [x]
    3 SRTSP; C:\Windows\System32\Drivers\NISx64\1307000.009\SRTSP64.SYS [x]
    3 SymNetS; C:\Windows\System32\Drivers\NISx64\1307000.009\SYMNETS.SYS [x]
    3 USBCCID; C:\Windows\System32\DRIVERS\RtsUCcid.sys [x]

    ========================== NetSvcs (Whitelisted) ===========


    ============ One Month Created Files and Folders ==============

    2012-08-10 21:55 - 2012-08-10 21:56 - 00000000 ____D C:\FRST
    2012-08-10 12:52 - 2012-08-10 12:52 - 00275104 ____A C:\Windows\Minidump\081012-42728-01.dmp
    2012-08-10 11:14 - 2012-08-10 11:14 - 00275104 ____A C:\Windows\Minidump\081012-70715-01.dmp
    2012-08-10 11:13 - 2012-08-10 12:52 - 476798241 ____A C:\Windows\MEMORY.DMP
    2012-08-10 08:10 - 2012-08-10 08:10 - 00000000 ____D C:\Users\Cravers\AppData\Local\{606BB818-9BC6-47EA-B88F-E985770201FD}
    2012-08-10 08:10 - 2012-08-10 08:10 - 00000000 ____D C:\Users\Cravers\AppData\Local\{210CB0CB-CE36-4D10-9BE3-B5C8A3D21CAE}
    2012-08-09 20:21 - 2012-08-09 20:22 - 00752484 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
    2012-08-09 20:21 - 2012-08-09 20:22 - 00006320 ____A C:\Windows\iis7.log
    2012-08-09 20:20 - 2012-08-10 20:32 - 00000000 ____D C:\Program Files\Reference Assemblies
    2012-08-09 20:20 - 2012-08-10 20:32 - 00000000 ____D C:\Program Files\MSBuild
    2012-08-09 20:20 - 2012-08-10 20:32 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
    2012-08-09 20:20 - 2012-08-09 20:20 - 00000000 ____D C:\inetpub
    2012-08-09 19:50 - 2012-08-09 19:50 - 00039511 ____A C:\Users\Cravers\Desktop\sfcdetails.txt
    2012-08-09 18:18 - 2012-08-09 18:19 - 00000000 ____D C:\Users\Cravers\AppData\Local\{554BC5DC-BC37-4A93-96C9-264E24D46B38}
    2012-08-09 18:18 - 2012-08-09 18:18 - 00000000 ____D C:\Users\Cravers\AppData\Local\{C19EC154-806E-4374-9471-BD3F71B84F13}
    2012-08-09 17:25 - 2012-08-09 17:25 - 00003760 ____A C:\{979004F1-2ACB-4713-8791-B1DBA8A8FA6B}
    2012-08-09 17:18 - 2012-08-09 17:19 - 00003760 ____A C:\{7B94B2D2-AC20-4745-B17B-5F19C0508B4A}
    2012-08-09 16:56 - 2012-08-09 16:56 - 00000000 ____D C:\Users\Cravers\AppData\Local\{B20F82E1-1F8E-41FD-A3BB-FE924FC711FC}
    2012-08-09 16:55 - 2012-08-09 16:56 - 00000000 ____D C:\Users\Cravers\AppData\Local\{B7AAD67D-854B-4907-A91A-9188E893A9E8}
    2012-08-09 16:46 - 2012-08-09 17:12 - 00000000 ____D C:\Users\Cravers\AppData\Local\NPE
    2012-08-09 16:35 - 2012-08-09 16:35 - 00003792 ____A C:\{17908C2A-6A26-4A73-A6C2-80079EDEF91C}
    2012-08-09 16:01 - 2012-08-09 16:01 - 00000000 ____D C:\Windows\Sun
    2012-08-09 04:50 - 2012-08-09 04:50 - 00000000 ____D C:\Users\Cravers\AppData\Local\{F8B550ED-DB18-4760-885A-5F472CD9398C}
    2012-08-09 04:50 - 2012-08-09 04:50 - 00000000 ____D C:\Users\Cravers\AppData\Local\{E3DBF095-F243-49C5-A51D-387425DCC54C}
    2012-08-08 16:49 - 2012-08-08 16:50 - 00000000 ____D C:\Users\Cravers\AppData\Local\{9D165C06-2A41-469A-BB7D-89A45DD92153}
    2012-08-08 16:49 - 2012-08-08 16:49 - 00000000 ____D C:\Users\Cravers\AppData\Local\{3300073F-94AC-4823-ADB2-1A4E4FC21B8C}
    2012-08-08 16:47 - 2012-08-10 12:52 - 00000000 ____D C:\Windows\Minidump
    2012-08-08 03:20 - 2012-08-08 03:21 - 00000000 ____D C:\Users\Cravers\AppData\Local\{025103F2-DE2A-488F-ADAD-4DFA50489A33}
    2012-08-08 03:20 - 2012-08-08 03:20 - 00000000 ____D C:\Users\Cravers\AppData\Local\{5EBA4E6C-2EE1-462B-BEF7-37E082B46D95}
    2012-08-07 09:36 - 2012-08-07 09:36 - 00000000 ____D C:\Users\Cravers\AppData\Local\{76935FB7-52F4-41E4-90C6-013E231BB5A7}
    2012-08-07 09:36 - 2012-08-07 09:36 - 00000000 ____D C:\Users\Cravers\AppData\Local\{25363F1B-77BB-494B-B246-E4D6D46721D8}
    2012-08-06 19:02 - 2012-08-06 19:02 - 00000000 ____D C:\Users\Cravers\AppData\Local\{96DD7E75-D3FB-4BA8-8154-AED33C2BB339}
    2012-08-06 04:01 - 2012-08-06 04:01 - 00000000 ____D C:\Users\Cravers\AppData\Local\{BF72BFE2-6D6E-4B4A-87AF-0C1893C593DB}
    2012-08-06 04:00 - 2012-08-06 19:02 - 00000000 ____D C:\Users\Cravers\AppData\Local\{86CBAE9F-49A8-43F8-B04A-8FFE22437F4C}
    2012-08-05 16:00 - 2012-08-05 16:00 - 00000000 ____D C:\Users\Cravers\AppData\Local\{A9813D7A-5551-471D-B1E4-ED061EE618DA}
    2012-08-05 15:59 - 2012-08-05 16:00 - 00000000 ____D C:\Users\Cravers\AppData\Local\{19FB5AE7-51DC-4372-9048-83DEFE4689F9}
    2012-08-05 03:25 - 2012-08-05 03:25 - 00000000 ____D C:\Users\Cravers\AppData\Local\{FE29098B-E5D2-4C34-89AA-29859D1E98B9}
    2012-08-05 03:25 - 2012-08-05 03:25 - 00000000 ____D C:\Users\Cravers\AppData\Local\{EA218DD9-3BDE-49DA-8BC2-229B9D444556}
    2012-08-05 03:19 - 2012-08-10 12:58 - 00000504 ____A C:\Windows\setupact.log
    2012-08-05 03:19 - 2012-08-05 03:19 - 00000332 ____A C:\Windows\PFRO.log
    2012-08-05 03:19 - 2012-08-05 03:19 - 00000000 ____A C:\Windows\setuperr.log
    2012-08-04 15:07 - 2012-08-04 15:07 - 00000000 ____D C:\Users\Cravers\AppData\Local\{AA56A065-C9A5-4233-BDFC-4E824865AB78}
    2012-08-04 15:07 - 2012-08-04 15:07 - 00000000 ____D C:\Users\Cravers\AppData\Local\{342C4F73-F0B2-4A44-B45B-016AE6E1BF16}
    2012-08-04 03:06 - 2012-08-04 03:07 - 00000000 ____D C:\Users\Cravers\AppData\Local\{0058B95B-2F64-4D65-ACA8-EC6ECB1C7508}
    2012-08-03 05:12 - 2012-08-04 03:06 - 00000000 ____D C:\Users\Cravers\AppData\Local\{8342625C-DCCF-4C7D-B143-B95378825434}
    2012-08-03 05:12 - 2012-08-03 05:12 - 00000000 ____D C:\Users\Cravers\AppData\Local\{7E33F082-6BD4-4AD8-8857-C431FF50BD4B}
    2012-08-02 16:27 - 2012-08-02 16:27 - 00000000 ____D C:\Users\Cravers\AppData\Local\{98C5389B-2E64-4E3E-8714-BAAB5B63C919}
    2012-08-02 03:50 - 2012-08-02 03:50 - 00000000 ____D C:\Users\Cravers\AppData\Local\{B88F67AD-C50C-4609-9BB3-4B2711494C0D}
    2012-08-02 03:49 - 2012-08-02 16:27 - 00000000 ____D C:\Users\Cravers\AppData\Local\{CAEF0EA6-AC89-4213-85C7-8E8439D62C0E}
    2012-08-01 15:49 - 2012-08-01 15:49 - 00000000 ____D C:\Users\Cravers\AppData\Local\{62FE0603-012D-4E25-81EE-56CC46A8B778}
    2012-08-01 03:19 - 2012-08-01 15:49 - 00000000 ____D C:\Users\Cravers\AppData\Local\{AB7200E7-A8DD-4FB9-8BB5-52AC69718F6F}
    2012-08-01 03:19 - 2012-08-01 03:19 - 00000000 ____D C:\Users\Cravers\AppData\Local\{BC309ECB-1BE5-44F2-B8BA-853FB0F16C50}
    2012-07-31 03:59 - 2012-07-31 03:59 - 00000000 ____D C:\Users\Cravers\AppData\Local\{A9B05FFA-0636-48D9-8830-7C0B01C9E79D}
    2012-07-31 03:58 - 2012-07-31 03:59 - 00000000 ____D C:\Users\Cravers\AppData\Local\{41A398B9-3949-45C7-91E6-036A33FAB5ED}
    2012-07-30 15:58 - 2012-07-30 15:58 - 00000000 ____D C:\Users\Cravers\AppData\Local\{AB590BCE-DEB8-4B65-98F7-4B365026B12E}
    2012-07-30 03:42 - 2012-07-30 15:58 - 00000000 ____D C:\Users\Cravers\AppData\Local\{B868F459-1278-4692-B5B5-B94C9D326A85}
    2012-07-30 03:42 - 2012-07-30 03:42 - 00000000 ____D C:\Users\Cravers\AppData\Local\{33990E27-33E6-4E49-B196-A83C9568CB1F}
    2012-07-29 15:41 - 2012-07-29 15:41 - 00000000 ____D C:\Users\Cravers\AppData\Local\{A2256D30-44F9-413A-B62F-3BA48F24A060}
    2012-07-29 15:41 - 2012-07-29 15:41 - 00000000 ____D C:\Users\Cravers\AppData\Local\{1B62D7AC-E935-4793-A404-F5BE4D36930F}
    2012-07-29 03:15 - 2012-07-29 03:15 - 00000000 ____D C:\Users\Cravers\AppData\Local\{8C0CCD60-C77C-4393-91E9-6DBC80BF0531}
    2012-07-29 03:15 - 2012-07-29 03:15 - 00000000 ____D C:\Users\Cravers\AppData\Local\{7E6D807F-5305-47A9-B36A-C153BCD830BA}
    2012-07-28 10:18 - 2012-07-28 10:18 - 00000000 ____D C:\Users\Cravers\AppData\Local\{C94A201E-EE7F-429F-800B-D188CAEEF8D8}
    2012-07-28 10:18 - 2012-07-28 10:18 - 00000000 ____D C:\Users\Cravers\AppData\Local\{44F610D1-41B6-4A9C-AD59-680C119800C4}
    2012-07-27 18:41 - 2012-07-27 18:41 - 00000000 ____D C:\Users\Cravers\AppData\Local\{27E80FA7-ECBE-457A-917B-D01113F1C680}
    2012-07-27 06:40 - 2012-07-27 18:41 - 00000000 ____D C:\Users\Cravers\AppData\Local\{1E337C71-D7B4-4263-B9A1-46670279F8C8}
    2012-07-27 06:40 - 2012-07-27 06:41 - 00000000 ____D C:\Users\Cravers\AppData\Local\{117E6453-D752-4B51-944C-ADD4F86E110D}
    2012-07-26 17:26 - 2012-07-26 17:26 - 00000000 ____D C:\Users\Cravers\AppData\Local\{E8E0EAD7-5E20-4A6A-8E5A-C0831B52628F}
    2012-07-26 05:25 - 2012-07-26 17:26 - 00000000 ____D C:\Users\Cravers\AppData\Local\{FB7B14AA-EED5-4B51-9621-FF09662245B0}
    2012-07-26 05:25 - 2012-07-26 05:25 - 00000000 ____D C:\Users\Cravers\AppData\Local\{D8CBC848-33F9-40E3-8837-4617BEDB6E4E}
    2012-07-25 17:24 - 2012-07-25 17:25 - 00000000 ____D C:\Users\Cravers\AppData\Local\{58BC3975-8E65-44E7-86BF-CE20CC26B909}
    2012-07-25 05:13 - 2012-07-25 05:13 - 00000000 ____D C:\Users\Cravers\AppData\Local\{101D5083-0963-4DE5-ABD6-0C9640E0E914}
    2012-07-25 05:12 - 2012-07-25 17:24 - 00000000 ____D C:\Users\Cravers\AppData\Local\{547DAF9C-186A-4625-AC13-D8CFC0504BFF}
    2012-07-24 16:29 - 2012-07-24 16:29 - 00000000 ____D C:\Users\Cravers\AppData\Local\{79B7B0AE-9626-44B6-AE6F-5A62CB88E7FC}
    2012-07-24 03:49 - 2012-07-24 16:29 - 00000000 ____D C:\Users\Cravers\AppData\Local\{EA2F6D27-C445-4F36-AF38-7DA9597DB6C9}
    2012-07-24 03:49 - 2012-07-24 03:50 - 00000000 ____D C:\Users\Cravers\AppData\Local\{46AFAEAB-DDA6-4A4A-8716-07628B732FAA}
    2012-07-23 15:49 - 2012-07-23 15:49 - 00000000 ____D C:\Users\Cravers\AppData\Local\{E24ABD66-C381-442B-813C-D75810CF08A7}
    2012-07-23 03:48 - 2012-07-23 15:49 - 00000000 ____D C:\Users\Cravers\AppData\Local\{9F4C460E-5CBD-4282-85FC-6A5B7E22309B}
    2012-07-23 03:48 - 2012-07-23 03:48 - 00000000 ____D C:\Users\Cravers\AppData\Local\{83F66D9C-CB6F-4724-90F8-C8CE61F08CF2}
    2012-07-22 15:20 - 2012-07-22 15:20 - 00000000 ____D C:\Users\Cravers\AppData\Local\{2A032765-FCDE-4B35-9372-D1A38C1A4CE9}
    2012-07-22 03:19 - 2012-07-22 15:20 - 00000000 ____D C:\Users\Cravers\AppData\Local\{DAA91AAA-3A03-4E6F-A5D4-413BC7B31098}
    2012-07-22 03:19 - 2012-07-22 03:19 - 00000000 ____D C:\Users\Cravers\AppData\Local\{A6429D73-EA77-4FB8-8E0D-976ED3DA3C09}
    2012-07-21 07:55 - 2012-07-21 07:55 - 00000000 ____D C:\Users\Cravers\AppData\Local\{6CD56AD3-AE9A-4A29-91E3-EFBBDDA279E7}
    2012-07-20 19:43 - 2012-07-20 19:43 - 00000000 ____D C:\Users\Cravers\AppData\Local\{05557194-00FB-44F2-9A8A-2E3DC3B31F34}
    2012-07-20 03:33 - 2012-07-20 03:33 - 00000000 ____D C:\Users\Cravers\AppData\Local\{59E54FC8-B3B2-41D8-8741-CBDAAA3C2097}
    2012-07-19 05:54 - 2012-07-20 19:43 - 00000000 ____D C:\Users\Cravers\AppData\Local\{08FE84C6-EDDE-488E-B8DD-D2BFC399B808}
    2012-07-19 05:54 - 2012-07-19 05:54 - 00000000 ____D C:\Users\Cravers\AppData\Local\{AE613DA5-0778-4CFC-BC5A-1E2532591D14}
    2012-07-18 17:00 - 2012-07-18 17:01 - 00000000 ____D C:\Users\Cravers\AppData\Local\{48834504-01DE-4636-AE57-F020A30A0179}
    2012-07-18 04:30 - 2012-07-18 04:30 - 00000000 ____D C:\Users\Cravers\AppData\Local\{FBEE84D7-1184-4C60-8BF5-762D07188926}
    2012-07-18 04:29 - 2012-07-18 17:00 - 00000000 ____D C:\Users\Cravers\AppData\Local\{F58FDBB4-FEDF-4743-8E23-91C86F2DB71E}
    2012-07-17 16:29 - 2012-07-17 16:29 - 00000000 ____D C:\Users\Cravers\AppData\Local\{0CE382D2-75DA-4C6D-8BA4-E19959727061}
    2012-07-17 03:52 - 2012-07-17 16:29 - 00000000 ____D C:\Users\Cravers\AppData\Local\{E6390593-FCA7-419A-BD28-DF54D9962868}
    2012-07-17 03:52 - 2012-07-17 03:53 - 00000000 ____D C:\Users\Cravers\AppData\Local\{3821B517-1738-4B71-A1DD-BFC35382CA1D}
    2012-07-16 15:52 - 2012-07-16 15:52 - 00000000 ____D C:\Users\Cravers\AppData\Local\{C547EEF0-07E2-4F0E-B2D4-56D215560784}
    2012-07-16 03:30 - 2012-07-16 15:52 - 00000000 ____D C:\Users\Cravers\AppData\Local\{767BE223-7AA3-4AAB-B2BD-6AA538C335BB}
    2012-07-16 03:30 - 2012-07-16 03:31 - 00000000 ____D C:\Users\Cravers\AppData\Local\{D45CC10C-0566-43B3-A98E-84F2D055D795}
    2012-07-15 15:30 - 2012-07-15 15:30 - 00000000 ____D C:\Users\Cravers\AppData\Local\{C78FF54C-430F-48CF-A5D9-A425EDF8BBD7}
    2012-07-15 03:29 - 2012-07-15 15:30 - 00000000 ____D C:\Users\Cravers\AppData\Local\{DAD9D81A-CFAA-4F03-8738-5A41391AD4FE}
    2012-07-15 03:29 - 2012-07-15 03:29 - 00000000 ____D C:\Users\Cravers\AppData\Local\{265125E8-405F-4B33-8B31-10947F5A601D}
    2012-07-14 15:23 - 2012-07-14 15:23 - 00000000 ____D C:\Users\Cravers\AppData\Local\{321E37BA-83FF-4AC4-A8F6-BF9FB88A26FF}
    2012-07-14 03:22 - 2012-07-14 15:23 - 00000000 ____D C:\Users\Cravers\AppData\Local\{B7C5615F-B95D-437B-8E6B-F85A50C1A504}
    2012-07-14 03:22 - 2012-07-14 03:22 - 00000000 ____D C:\Users\Cravers\AppData\Local\{8D25B30F-2E5E-4D25-87FA-3084DBDA013A}
    2012-07-13 09:17 - 2012-07-13 09:17 - 00000000 ____D C:\Users\Cravers\AppData\Local\{8CEB3DDD-1A33-4D24-A27B-E34E96F8F45D}
    2012-07-13 09:17 - 2012-07-13 09:17 - 00000000 ____D C:\Users\Cravers\AppData\Local\{6F8A2A17-3DD6-4266-AA92-DBD4331CB8E2}
    2012-07-12 17:16 - 2012-07-12 17:16 - 00000000 ____D C:\Users\Cravers\AppData\Local\{28C74209-F648-45B3-9A7C-BC31FC67931C}
    2012-07-12 05:03 - 2012-07-12 17:15 - 00000000 ____D C:\Users\Cravers\AppData\Local\{0BC57E11-6A04-4E94-90B9-5E664D7D5706}
    2012-07-12 05:03 - 2012-07-12 05:04 - 00000000 ____D C:\Users\Cravers\AppData\Local\{287309CB-A69C-4878-9618-3F93FA473D4A}


    ============ 3 Months Modified Files ========================

    2012-08-10 13:23 - 2010-05-26 20:07 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2012-08-10 13:16 - 2010-05-22 11:19 - 00000916 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-660660762-1580669307-3164895231-1000UA.job
    2012-08-10 13:07 - 2009-07-13 20:45 - 00015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-08-10 13:07 - 2009-07-13 20:45 - 00015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-08-10 13:06 - 2009-07-13 21:13 - 00799316 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-08-10 13:02 - 2010-03-08 21:47 - 01347760 ____A C:\Windows\WindowsUpdate.log
    2012-08-10 12:58 - 2012-08-05 03:19 - 00000504 ____A C:\Windows\setupact.log
    2012-08-10 12:58 - 2010-05-26 20:07 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2012-08-10 12:58 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-08-10 12:52 - 2012-08-10 12:52 - 00275104 ____A C:\Windows\Minidump\081012-42728-01.dmp
    2012-08-10 12:52 - 2012-08-10 11:13 - 476798241 ____A C:\Windows\MEMORY.DMP
    2012-08-10 11:14 - 2012-08-10 11:14 - 00275104 ____A C:\Windows\Minidump\081012-70715-01.dmp
    2012-08-10 08:17 - 2010-05-22 11:20 - 00002432 ____A C:\Users\Cravers\Desktop\Google Chrome.lnk
    2012-08-09 20:22 - 2012-08-09 20:21 - 00752484 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
    2012-08-09 20:22 - 2012-08-09 20:21 - 00006320 ____A C:\Windows\iis7.log
    2012-08-09 19:50 - 2012-08-09 19:50 - 00039511 ____A C:\Users\Cravers\Desktop\sfcdetails.txt
    2012-08-09 17:25 - 2012-08-09 17:25 - 00003760 ____A C:\{979004F1-2ACB-4713-8791-B1DBA8A8FA6B}
    2012-08-09 17:19 - 2012-08-09 17:18 - 00003760 ____A C:\{7B94B2D2-AC20-4745-B17B-5F19C0508B4A}
    2012-08-09 16:35 - 2012-08-09 16:35 - 00003792 ____A C:\{17908C2A-6A26-4A73-A6C2-80079EDEF91C}
    2012-08-05 10:16 - 2010-05-22 11:19 - 00000864 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-660660762-1580669307-3164895231-1000Core.job
    2012-08-05 03:19 - 2012-08-05 03:19 - 00000332 ____A C:\Windows\PFRO.log
    2012-08-05 03:19 - 2012-08-05 03:19 - 00000000 ____A C:\Windows\setuperr.log
    2012-06-02 14:19 - 2012-06-19 03:28 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-06-02 14:19 - 2012-06-19 03:28 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-06-02 14:19 - 2012-06-19 03:28 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-06-02 14:19 - 2012-06-19 03:27 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
    2012-06-02 14:19 - 2012-06-19 03:27 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
    2012-06-02 14:15 - 2012-06-19 03:28 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2012-06-02 14:15 - 2012-06-19 03:27 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
    2012-06-02 11:19 - 2012-06-19 03:27 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2012-06-02 11:15 - 2012-06-19 03:27 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
    2012-05-19 17:39 - 2011-11-27 16:11 - 00000020 ____H C:\Users\All Users\PKP_DLev.DAT
    2012-05-19 17:31 - 2011-11-27 16:11 - 00000020 ____H C:\Users\All Users\PKP_DLet.DAT
    2012-05-19 03:20 - 2011-05-08 17:57 - 00002503 ____A C:\Users\Public\Desktop\Norton Internet Security.lnk

    ========================= Known DLLs (Whitelisted) ============


    ========================= Bamital & volsnap Check ============

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    TDL4: custom:26000022 <===== ATTENTION!

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ========================= Memory info ======================

    Percentage of memory in use: 14%
    Total physical RAM: 3836.17 MB
    Available physical RAM: 3279.64 MB
    Total Pagefile: 3834.32 MB
    Available Pagefile: 3276.04 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.91 MB

    ======================= Partitions =========================

    1 Drive c: (TI105736W0B) (Fixed) (Total:287.61 GB) (Free:232.96 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    2 Drive d: (System) (Fixed) (Total:1.46 GB) (Free:1.27 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    3 Drive e: (Repair disc Windows 7 64-bit) (CDROM) (Total:0.14 GB) (Free:0 GB) UDF
    4 Drive f: (HP v125w) (Removable) (Total:3.75 GB) (Free:0.37 GB) FAT32
    5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 298 GB 0 B
    Disk 1 Online 3850 MB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Recovery 1500 MB 1024 KB
    Partition 2 Primary 287 GB 1501 MB
    Partition 3 Primary 9 GB 289 GB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : 27
    Hidden: Yes
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 D System NTFS Partition 1500 MB Healthy Hidden

    ==================================================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 C TI105736W0B NTFS Partition 287 GB Healthy

    ==================================================================================

    Disk: 0
    Partition 3
    Type : 17 (Suspicious Type)
    Hidden: Yes
    Active: No

    There is no volume associated with this partition.

    ==================================================================================

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 3846 MB 4032 KB

    ==================================================================================

    Disk: 1
    Partition 1
    Type : 0C
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 F HP v125w FAT32 Removable 3846 MB Healthy

    ==================================================================================

    Last Boot: 2012-05-18 17:16

    ======================= End Of Log ==========================
     
  15. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the UBCD.
    Run FRST/FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply..

    See if you can boot now.
     

    Attached Files:

  16. Mike Craver

    Mike Craver TS Rookie Topic Starter Posts: 22

    Okay, I'm back in thanks. However, I still get a sortkey.nlp not found and I can't even load event viewer b/c it says I'm missing a snap in and such. Is there anything else I should do now to help clean / fix my system. Thanks, for your time. I will probably log back in tomorrow morning. Falling asleep.
     
  17. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Don't worry about any errors for now.
    The most important thing is that you were able to boot.

    Do NOT touch that computer for anything else than following my instructions.

    When you have a chance....

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  18. Mike Craver

    Mike Craver TS Rookie Topic Starter Posts: 22

    Attached is the combofix.txt file:

    ComboFix 12-08-10.02 - Cravers 08/11/2012 15:03:22.1.2 - x64
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3836.2559 [GMT -4:00]
    Running from: c:\users\Cravers\Desktop\ComboFix.exe
    AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Ulead Photo Express 4.0 SE Calendar Checker .lnk
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Service_Updater Service for StartNow Toolbar
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-07-11 to 2012-08-11 )))))))))))))))))))))))))))))))
    .
    .
    2012-08-11 19:13 . 2012-08-11 19:13--------d-----w-c:\users\Default\AppData\Local\temp
    2012-08-11 18:31 . 2012-08-11 18:31--------d-----w-c:\windows\system32\drivers\NISx64
    2012-08-11 18:31 . 2012-08-11 18:31--------d-----w-c:\program files (x86)\Norton Internet Security
    2012-08-11 05:55 . 2012-08-11 05:56--------d-----w-C:\FRST
    2012-08-10 04:20 . 2012-08-11 04:32--------d-----w-c:\program files (x86)\Reference Assemblies
    2012-08-10 04:20 . 2012-08-11 04:32--------d-----w-c:\program files\Reference Assemblies
    2012-08-10 04:20 . 2012-08-11 04:32--------d-----w-c:\program files\MSBuild
    2012-08-10 04:20 . 2012-08-10 04:20--------d-----w-C:\inetpub
    2012-08-10 00:46 . 2012-08-10 01:12--------d-----w-c:\users\Cravers\AppData\Local\NPE
    2012-08-10 00:01 . 2012-08-10 00:01--------d-----w-c:\windows\Sun
    2012-08-03 22:22 . 2012-08-03 22:22109568----a-w-c:\programdata\Microsoft\Windows\DRM\A4D5.tmp
    2012-08-03 22:22 . 2012-08-03 22:22109568----a-w-c:\programdata\Microsoft\Windows\DRM\9C1C.tmp.dat
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-08-11 18:33 . 2011-05-09 01:57175736----a-w-c:\windows\system32\drivers\SYMEVENT64x86.SYS
    2012-07-10 12:29 . 2012-07-10 12:29737072----a-w-c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
    2012-07-10 12:28 . 2010-06-03 23:474283672----a-w-c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
    2012-07-10 12:28 . 2010-06-03 23:4742776----a-w-c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
    2012-07-10 12:28 . 2010-05-23 19:22539984----a-w-c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    2012-06-22 11:42 . 2012-06-22 11:4319736----a-w-c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2012-06-02 22:19 . 2012-06-19 11:2738424----a-w-c:\windows\system32\wups.dll
    2012-06-02 22:19 . 2012-06-19 11:282428952----a-w-c:\windows\system32\wuaueng.dll
    2012-06-02 22:19 . 2012-06-19 11:2857880----a-w-c:\windows\system32\wuauclt.exe
    2012-06-02 22:19 . 2012-06-19 11:2844056----a-w-c:\windows\system32\wups2.dll
    2012-06-02 22:19 . 2012-06-19 11:27701976----a-w-c:\windows\system32\wuapi.dll
    2012-06-02 22:15 . 2012-06-19 11:282622464----a-w-c:\windows\system32\wucltux.dll
    2012-06-02 22:15 . 2012-06-19 11:2799840----a-w-c:\windows\system32\wudriver.dll
    2012-06-02 19:19 . 2012-06-19 11:27186752----a-w-c:\windows\system32\wuwebv.dll
    2012-06-02 19:15 . 2012-06-19 11:2736864----a-w-c:\windows\system32\wuapp.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{1dad3af3-ef2f-4f64-ac4b-11789189fcb6}]
    2012-02-10 15:281307928----a-w-c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-13 39408]
    "TomTomHOME.exe"="c:\program files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [2012-04-20 247728]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-30 98304]
    "ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-08-17 1294136]
    "TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2009-08-11 2446648]
    "NortonOnlineBackupReminder"="c:\program files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" [2009-08-10 529256]
    "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
    "Monitor"="c:\program files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe" [2011-11-12 268640]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-03-18 421888]
    "Nikon Message Center 2"="c:\program files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe" [2010-05-26 619008]
    "ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecuteREG_MULTI_SZ autocheck autochk *\0sasnative64
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security PackagesREG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-16 135664]
    R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-16 135664]
    R3 Leapfrog-USBLAN;Leapfrog-USBLAN;c:\windows\system32\DRIVERS\btblan.sys [2010-01-20 40320]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
    R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
    R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-08-17 51512]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-22 1255736]
    R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2010-12-24 29288]
    R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2010-12-24 29288]
    R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2010-12-24 29288]
    R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2010-12-24 29288]
    R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2010-12-24 29288]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
    S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1306020.00A\SYMDS64.SYS [2012-01-17 451192]
    S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1306020.00A\SYMEFA64.SYS [2012-01-17 1092728]
    S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [2009-07-24 482384]
    S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\Definitions\BASHDefs\20111201.001\BHDrvx64.sys [2012-01-17 1157240]
    S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1306020.00A\ccSetx64.sys [2011-11-29 167048]
    S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\Definitions\IPSDefs\20120202.002\IDSVia64.sys [2012-01-17 488568]
    S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1306020.00A\Ironx64.SYS [2012-01-17 190072]
    S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\NISx64\1306020.00A\SYMNETS.SYS [2012-01-17 405624]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-30 203264]
    S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]
    S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-08-11 248688]
    S2 ConfigFree Gadget Service;ConfigFree Gadget Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-07-15 42368]
    S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]
    S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]
    S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe [2012-01-17 138232]
    S2 RSELSVC;TOSHIBA Modem region select service;c:\program files\TOSHIBA\rselect\RSelSvc.exe [2009-07-07 65904]
    S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2012-04-20 92592]
    S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-08-12 252272]
    S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 14472]
    S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [2009-02-13 292864]
    S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2009-07-07 9216]
    S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-23 35008]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-03-21 452200]
    S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2010-04-26 1103904]
    S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-08-04 137560]
    S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2009-08-04 826224]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-08-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-16 22:25]
    .
    2012-08-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-16 22:25]
    .
    2012-08-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-660660762-1580669307-3164895231-1000Core.job
    - c:\users\Cravers\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-22 19:19]
    .
    2012-08-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-660660762-1580669307-3164895231-1000UA.job
    - c:\users\Cravers\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-22 19:19]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-29 7982112]
    "TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-08-04 709976]
    "combofix"="c:\combofix\CF22784.3XE" [2009-07-14 344576]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.1.1 184.16.4.22
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    Wow6432Node-HKLM-Run-StartNowToolbarHelper - c:\program files (x86)\StartNow Toolbar\ToolbarHelper.exe
    Wow6432Node-HKLM-Run-Advanced System Protector - c:\program files (x86)\Systweak\Advanced System Protector\ASP.exe
    Toolbar-Locked - (no file)
    HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
    HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
    HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe
    HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
    HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
    HKLM-Run-SmartFaceVWatcher - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
    HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
    HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
    HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
    AddRemove-SamsungCamCorderDriver - c:\windows\Uninstall.exe
    AddRemove-StartNow Toolbar - c:\program files (x86)\StartNow Toolbar\StartNowToolbarUninstall.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
    "ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.6.2.10\diMaster.dll\" /prefetch:1"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    c:\program files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
    c:\program files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
    c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
    c:\program files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
    .
    **************************************************************************
    .
    Completion time: 2012-08-11 15:23:24 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-08-11 19:23
    .
    Pre-Run: 250,975,596,544 bytes free
    Post-Run: 250,934,874,112 bytes free
    .
    - - End Of File - - 59A3D2163C3278DCF2649657EFDC05B0
     
  19. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Looks good :)

    Download Malwarebytes' Anti-Malware (MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
    NOTE. If you already have MBAM installed, update it before running the scan.

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform quick scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    Be sure to restart the computer IF MBAM asks you to do so.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    =============================

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  20. Mike Craver

    Mike Craver TS Rookie Topic Starter Posts: 22

    Here is the malwarebytes log Will do the others soon:

    Malwarebytes Anti-Malware 1.62.0.1300
    www.malwarebytes.org

    Database version: v2012.08.11.04

    Windows 7 x64 NTFS
    Internet Explorer 8.0.7600.16385
    Cravers :: CRAVERS-PC [administrator]

    8/11/2012 3:52:03 PM
    mbam-log-2012-08-11 (15-52-03).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 200350
    Time elapsed: 3 minute(s), 11 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
     
  21. Mike Craver

    Mike Craver TS Rookie Topic Starter Posts: 22

    Here is the OLT.txt info with scan all users. Note: I ran it the first time with this option unchecked and ran it again and got the following output with all users. If you need the one without all users I have it as well. Note this is part 1, the file was to long to fit in one reply. I will post a second OLT.txt part 2 which has the rest:

    OTL logfile created on: 8/11/2012 4:19:51 PM - Run 2
    OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Cravers\Desktop
    64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.75 Gb Total Physical Memory | 2.30 Gb Available Physical Memory | 61.44% Memory free
    7.49 Gb Paging File | 6.17 Gb Available in Paging File | 82.30% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 287.61 Gb Total Space | 233.74 Gb Free Space | 81.27% Space Free | Partition Type: NTFS

    Computer Name: CRAVERS-PC | User Name: Cravers | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/08/11 15:56:16 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Cravers\Desktop\OTL.exe
    PRC - [2012/04/20 01:59:04 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
    PRC - [2012/04/20 01:59:02 | 000,247,728 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
    PRC - [2012/02/10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE
    PRC - [2012/01/17 01:18:36 | 000,138,232 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe
    PRC - [2011/11/12 13:04:12 | 000,268,640 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
    PRC - [2011/11/12 12:21:58 | 006,141,792 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
    PRC - [2010/10/27 20:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    PRC - [2010/08/25 12:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
    PRC - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    PRC - [2009/07/29 00:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
    PRC - [2009/07/14 23:10:30 | 000,042,368 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
    PRC - [2009/07/13 19:24:00 | 000,304,496 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
    PRC - [2009/03/10 22:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe


    ========== Modules (No Company Name) ==========

    MOD - [2011/09/14 10:19:06 | 008,500,224 | ---- | M] () -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\QtGui4.dll
    MOD - [2011/09/14 10:19:06 | 002,348,544 | ---- | M] () -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\QtCore4.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
    SRV:64bit: - [2009/08/21 13:31:06 | 000,488,800 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
    SRV:64bit: - [2009/08/11 20:10:48 | 000,252,272 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
    SRV:64bit: - [2009/08/04 15:15:06 | 000,826,224 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
    SRV:64bit: - [2009/08/03 22:17:56 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
    SRV:64bit: - [2009/07/30 03:54:22 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV:64bit: - [2009/07/28 19:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
    SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009/07/07 13:38:24 | 000,065,904 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\rselect\RSelSvc.exe -- (RSELSVC)
    SRV - [2012/04/20 01:59:04 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
    SRV - [2012/02/10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE -- (BBUpdate)
    SRV - [2012/02/10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE -- (BBSvc)
    SRV - [2012/01/17 01:18:36 | 000,138,232 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe -- (NIS)
    SRV - [2011/11/12 12:21:58 | 006,141,792 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
    SRV - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
    SRV - [2009/08/27 14:28:00 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
    SRV - [2009/08/17 14:48:42 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
    SRV - [2009/08/10 23:55:58 | 000,248,688 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)
    SRV - [2009/07/14 23:10:30 | 000,042,368 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe -- (ConfigFree Gadget Service)
    SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2009/04/29 15:21:18 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService)
    SRV - [2009/03/10 22:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/08/11 14:33:17 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
    DRV:64bit: - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
    DRV:64bit: - [2012/03/01 02:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2012/01/17 18:46:01 | 000,405,624 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1306020.00A\symnets.sys -- (SymNetS)
    DRV:64bit: - [2012/01/17 18:45:57 | 001,092,728 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1306020.00A\SymEFA64.sys -- (SymEFA)
    DRV:64bit: - [2012/01/17 18:45:55 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1306020.00A\SymDS64.sys -- (SymDS)
    DRV:64bit: - [2012/01/17 18:35:24 | 000,190,072 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1306020.00A\Ironx64.sys -- (SymIRON)
    DRV:64bit: - [2012/01/17 18:33:51 | 000,738,936 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1306020.00A\srtsp64.sys -- (SRTSP)
    DRV:64bit: - [2012/01/17 18:33:51 | 000,037,496 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1306020.00A\srtspx64.sys -- (SRTSPX)
    DRV:64bit: - [2011/11/29 18:44:29 | 000,167,048 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1306020.00A\ccSetx64.sys -- (ccSet_NIS)
    DRV:64bit: - [2011/03/21 13:22:06 | 000,452,200 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2010/12/24 16:27:44 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(5).sys -- (WsAudio_DeviceS(5)
    DRV:64bit: - [2010/12/24 16:27:44 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(4).sys -- (WsAudio_DeviceS(4)
    DRV:64bit: - [2010/12/24 16:27:44 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(3).sys -- (WsAudio_DeviceS(3)
    DRV:64bit: - [2010/12/24 16:27:44 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(2).sys -- (WsAudio_DeviceS(2)
    DRV:64bit: - [2010/12/24 16:27:44 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1)
    DRV:64bit: - [2010/04/26 17:23:08 | 001,103,904 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
    DRV:64bit: - [2010/01/20 15:18:26 | 000,040,320 | ---- | M] (Belcarra Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btblan.sys -- (Leapfrog-USBLAN)
    DRV:64bit: - [2009/07/31 00:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
    DRV:64bit: - [2009/07/30 16:07:12 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
    DRV:64bit: - [2009/07/24 19:57:08 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
    DRV:64bit: - [2009/07/20 21:48:32 | 000,274,480 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
    DRV:64bit: - [2009/07/14 19:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
    DRV:64bit: - [2009/07/13 21:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2009/07/13 21:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/07 12:51:42 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FwLnk.sys -- (FwLnk)
    DRV:64bit: - [2009/06/22 21:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
    DRV:64bit: - [2009/06/19 23:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
    DRV:64bit: - [2009/06/19 22:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
    DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
    DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
    DRV:64bit: - [2009/06/10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
    DRV:64bit: - [2009/06/10 17:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
    DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/05/05 04:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
    DRV:64bit: - [2009/04/29 15:21:08 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio)
    DRV:64bit: - [2009/02/13 02:24:56 | 001,485,824 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_DPV.sys -- (HSF_DPV)
    DRV:64bit: - [2009/02/13 02:20:56 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAXHWAZL.sys -- (CAXHWAZL)
    DRV:64bit: - [2009/02/13 02:19:34 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_CNXT.sys -- (winachsf)
    DRV:64bit: - [2006/06/18 10:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk)
    DRV - [2012/08/11 16:04:54 | 002,068,600 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\Definitions\VirusDefs\20120810.035\ex64.sys -- (NAVEX15)
    DRV - [2012/08/11 16:04:54 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
    DRV - [2012/08/11 16:04:54 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Unknown] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11220.sys -- (EraserUtilDrv11220)
    DRV - [2012/08/11 16:04:54 | 000,120,440 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\Definitions\VirusDefs\20120810.035\eng64.sys -- (NAVENG)
    DRV - [2012/01/17 18:35:11 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\Definitions\IPSDefs\20120202.002\IDSviA64.sys -- (IDSVia64)
    DRV - [2012/01/17 18:34:24 | 001,157,240 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\Definitions\BASHDefs\20111201.001\BHDrvx64.sys -- (BHDrvx64)
    DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {CE358FE6-0749-4AE1-A7DE-4D8151450CCF}
    IE:64bit: - HKLM\..\SearchScopes\{CE358FE6-0749-4AE1-A7DE-4D8151450CCF}: "URL" = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
    IE - HKLM\..\SearchScopes,DefaultScope = {E029CB26-F311-4A39-8088-8086CC1FFAB5}
    IE - HKLM\..\SearchScopes\{E029CB26-F311-4A39-8088-8086CC1FFAB5}: "URL" = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7TSNA


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-660660762-1580669307-3164895231-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKU\S-1-5-21-660660762-1580669307-3164895231-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=Z152&install_date=20110914
    IE - HKU\S-1-5-21-660660762-1580669307-3164895231-1000\..\SearchScopes,DefaultScope = {9FE76A4B-4202-43B5-A8DA-4381CB66B5AD}
    IE - HKU\S-1-5-21-660660762-1580669307-3164895231-1000\..\SearchScopes\{12DC6175-B360-2C25-BF0E-2B6E49ADC9F3}: "URL" = http://www.bing.com/search?q={searc...install_date=20110914&iesrc={referrer:source}
    IE - HKU\S-1-5-21-660660762-1580669307-3164895231-1000\..\SearchScopes\{9FE76A4B-4202-43B5-A8DA-4381CB66B5AD}: "URL" = http://www.google.com/search?source...tEncoding}&oe={outputEncoding}&rlz=1I7TSNA_en
    IE - HKU\S-1-5-21-660660762-1580669307-3164895231-1000\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=NIS&chn=retail&geo=US&ver=18
    IE - HKU\S-1-5-21-660660762-1580669307-3164895231-1000\..\SearchScopes\{E029CB26-F311-4A39-8088-8086CC1FFAB5}: "URL" = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
    IE - HKU\S-1-5-21-660660762-1580669307-3164895231-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..extensions.enabledItems: MapShare-status@tomtom.com:1.7.1
    FF - prefs.js..extensions.enabledItems: baseTheme@tomtom.com:1.0.2
    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll File not found
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll File not found
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Cravers\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Cravers\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Cravers\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\IPSFFPlgn\ [2012/08/11 14:34:56 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\coFFPlgn\ [2012/08/11 15:43:14 | 000,000,000 | ---D | M]

    [2012/05/09 20:58:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cravers\AppData\Roaming\Mozilla\Extensions
    [2012/05/09 20:58:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cravers\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
    [2012/05/09 20:58:09 | 000,000,000 | ---D | M] (Map status indicator) -- C:\PROGRAM FILES (X86)\TOMTOM HOME 2\XUL\EXTENSIONS\MAPSHARE-STATUS@TOMTOM.COM

    ========== Chrome ==========

    CHR - homepage: http://www.msn.com/?pc=Z152&install_date=20110914
    CHR - default_search_provider: Bing (Enabled)
    CHR - default_search_provider: search_url = http://www.bing.com/search?q={searchTerms}&pc=Z152&form=ZGACDF&install_date=20110914
    CHR - default_search_provider: suggest_url = http://api.bing.com/osjson.aspx?query=%s
    CHR - homepage: http://www.msn.com/?pc=Z152&install_date=20110914
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Users\Cravers\AppData\Local\Google\Chrome\Application\21.0.1180.75\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Cravers\AppData\Local\Google\Chrome\Application\21.0.1180.75\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Cravers\AppData\Local\Google\Chrome\Application\21.0.1180.75\gcswf32.dll
    CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Cravers\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\windows\system32\Macromed\Flash\NPSWF32.dll
    CHR - plugin: Norton Confidential (Enabled) = C:\Users\Cravers\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.4.6_0\npcoplgn.dll
    CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Java Deployment Toolkit 6.0.140.8 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeploytk.dll
    CHR - plugin: Java(TM) Platform SE 6 U14 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
    CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: Unity Player (Enabled) = C:\Users\Cravers\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
    CHR - Extension: YouTube = C:\Users\Cravers\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: Google Search = C:\Users\Cravers\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: Norton Identity Protection = C:\Users\Cravers\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.2.6_0\
    CHR - Extension: Gmail = C:\Users\Cravers\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2012/08/11 15:15:44 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg64.dll (Google Inc.)
    O2 - BHO: (Bing Bar Helper) - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
    O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\CoIEPlg.dll (Symantec Corporation)
    O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\IPS\IPSBHO.dll (Symantec Corporation)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
    O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\CoIEPlg.dll (Symantec Corporation)
    O3 - HKLM\..\Toolbar: (Bing Bar) - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3:64bit: - HKU\S-1-5-21-660660762-1580669307-3164895231-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
    O4 - HKLM..\Run: [Monitor] C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
    O4 - HKLM..\Run: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation)
    O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe (Toshiba)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
    O4 - HKU\S-1-5-21-660660762-1580669307-3164895231-1000..\Run: [TomTomHOME.exe] C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-660660762-1580669307-3164895231-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-660660762-1580669307-3164895231-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
    O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 184.16.4.22
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5A72ED9B-0D97-4506-8D10-822DC047658D}: DhcpNameServer = 192.168.1.1 184.16.4.22
    O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O34 - HKLM BootExecute: (sasnative64)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/08/11 15:56:39 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Cravers\Desktop\OTL.exe
    [2012/08/11 15:39:49 | 010,652,120 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Cravers\Desktop\mbam-setup-1.62.0.1300.exe
    [2012/08/11 15:23:27 | 000,000,000 | ---D | C] -- C:\windows\temp
    [2012/08/11 15:15:49 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
    [2012/08/11 15:01:15 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
    [2012/08/11 15:01:15 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
    [2012/08/11 15:01:15 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
    [2012/08/11 14:50:59 | 000,000,000 | ---D | C] -- C:\Users\Cravers\AppData\Local\{034BB902-8393-4AFF-8CA6-92410A4490D2}
    [2012/08/11 14:50:45 | 000,000,000 | ---D | C] -- C:\Users\Cravers\AppData\Local\{1DC7771C-FF33-4D9B-9105-DF1539A0DA63}
    [2012/08/11 14:44:58 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/08/11 14:44:31 | 000,000,000 | ---D | C] -- C:\windows\erdnt
    [2012/08/11 14:33:45 | 000,000,000 | ---D | C] -- C:\Users\Cravers\AppData\Local\{47E43952-FE1B-47FB-88BC-000D6FB333CD}
    [2012/08/11 14:33:22 | 000,000,000 | ---D | C] -- C:\Users\Cravers\AppData\Local\{7888A7E8-E751-4864-B229-E514F0C7C39B}
    [2012/08/11 14:32:04 | 001,092,728 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NISx64\1306020.00A\SymEFA64.sys
    [2012/08/11 14:32:04 | 000,738,936 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NISx64\1306020.00A\srtsp64.sys
    [2012/08/11 14:32:04 | 000,451,192 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NISx64\1306020.00A\SymDS64.sys
    [2012/08/11 14:32:04 | 000,405,624 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NISx64\1306020.00A\symnets.sys
    [2012/08/11 14:32:04 | 000,190,072 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NISx64\1306020.00A\Ironx64.sys
    [2012/08/11 14:32:04 | 000,167,048 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NISx64\1306020.00A\ccSetx64.sys
    [2012/08/11 14:32:04 | 000,037,496 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NISx64\1306020.00A\srtspx64.sys
    [2012/08/11 14:31:51 | 000,000,000 | ---D | C] -- C:\windows\SysNative\drivers\NISx64
    [2012/08/11 14:31:51 | 000,000,000 | ---D | C] -- C:\windows\SysNative\drivers\NISx64\1306020.00A
    [2012/08/11 14:31:50 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
    [2012/08/11 14:31:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Internet Security
    [2012/08/11 14:07:25 | 004,729,547 | R--- | C] (Swearware) -- C:\Users\Cravers\Desktop\ComboFix.exe
    [2012/08/11 12:28:35 | 000,000,000 | ---D | C] -- C:\Users\Cravers\AppData\Local\{65D6A19A-5093-404E-BE12-4EF238255CE5}
    [2012/08/11 12:28:12 | 000,000,000 | ---D | C] -- C:\Users\Cravers\AppData\Local\{0E35F2F2-598D-4C30-99CD-0162817D0C06}
    [2012/08/11 01:55:43 | 000,000,000 | ---D | C] -- C:\FRST
    [2012/08/11 00:43:46 | 000,000,000 | ---D | C] -- C:\Users\Cravers\AppData\Local\{27F626C8-6E76-4AAD-BAFF-2782EE15FAE6}
    [2012/08/11 00:43:35 | 000,000,000 | ---D | C] -- C:\Users\Cravers\AppData\Local\{9C84BD47-4D6B-47F0-968A-33CAE1E3FDA3}
    [2012/08/11 00:38:28 | 000,000,000 | ---D | C] -- C:\Users\Cravers\AppData\Local\{C265FA24-5AF2-4B59-92A2-24DE0AE9CB9D}
    [2012/08/11 00:38:06 | 000,000,000 | ---D | C] -- C:\Users\Cravers\AppData\Local\{C6ADD36E-B558-4B59-9F15-7340F7106958}
    [2012/08/10 12:10:42 | 000,000,000 | ---D | C] -- C:\Users\Cravers\AppData\Local\{606BB818-9BC6-47EA-B88F-E985770201FD}
    [2012/08/10 12:10:29 | 000,000,000 | ---D | C] -- C:\Users\Cravers\AppData\Local\{210CB0CB-CE36-4D10-9BE3-B5C8A3D21CAE}
    [2012/08/10 00:20:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Reference Assemblies
    [2012/08/10 00:20:12 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
    [2012/08/10 00:20:10 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
    [2012/08/10 00:20:10 | 000,000,000 | ---D | C] -- C:\inetpub
    [2012/08/09 22:18:56 | 000,000,000 | ---D | C] -- C:\Users\Cravers\AppData\Local\{554BC5DC-BC37-4A93-96C9-264E24D46B38}
    [2012/08/09 22:18:30 | 000,000,000 | ---D | C] -- C:\Users\Cravers\AppData\Local\{C19EC154-806E-4374-9471-BD3F71B84F13}
    [2012/08/09 20:56:10 | 000,000,000 | ---D | C] -- C:\Users\Cravers\AppData\Local\{B20F82E1-1F8E-41FD-A3BB-FE924FC711FC}
    [2012/08/09 20:55:44 | 000,000,000 | ---D | C] -- C:\Users\Cravers\AppData\Local\{B7AAD67D-854B-4907-A91A-9188E893A9E8}
    [2012/08/09 20:46:15 | 000,000,000 | ---D | C] -- C:\Users\Cravers\AppData\Local\NPE
    [2012/08/09 20:01:00 | 000,000,000 | ---D | C] -- C:\windows\Sun
    [2012/08/09 08:50:47 | 000,000,000 | ---D | C] -- C:\Users\Cravers\AppData\Local\{F8B550ED-DB18-4760-885A-5F472CD9398C}
    [2012/08/09 08:50:24 | 000,000,000 | ---D | C] -- C:\Users\Cravers\AppData\Local\{E3DBF095-F243-49C5-A51D-387425DCC54C}
    [2012/08/08 20:49:53 | 000,000,000 | ---D | C] -- C:\Users\Cravers\AppData\Local\{9D165C06-2A41-469A-BB7D-89A45DD92153}
    [2012/08/08 20:49:30 | 000,000,000 | ---D | C] -- C:\Users\Cravers\AppData\Local\{3300073F-94AC-4823-ADB2-1A4E4FC21B8C}
    [2012/08/08 20:47:27 | 000,000,000 | ---D | C] -- C:\windows\Minidump
    [2012/08/08 07:20:59 | 000,000,000 | ---D | C] -- C:\Users\Cravers\AppData\Local\{025103F2-DE2A-488F-ADAD-4DFA50489A33}
    [2012/08/08 07:20:42 | 000,000,000 | ---D | C] -- C:\Users\Cravers\AppData\Local\{5EBA4E6C-2EE1-462B-BEF7-37E082B46D95}
    [2012/08/07 13:36:13 | 000,000,000 | ---D | C] -- C:\Users\Cravers\AppData\Local\{25363F1B-77BB-494B-B246-E4D6D46721D8}
    [2012/08/07 13:36:02 | 000,000,000 | ---D | C] -- C:\Users\Cravers\AppData\Local\{76935FB7-52F4-41E4-90C6-013E231BB5A7}
    [2012/08/06 23:02:19 | 000,000,000 | ---D | C] -- C:\Users\Cravers\AppData\Local\{96DD7E75-D3FB-4BA8-8154-AED33C2BB339}
    [2012/08/06 08:01:10 | 000,000,000 | ---D | C] -- C:\Users\Cravers\AppData\Local\{BF72BFE2-6D6E-4B4A-87AF-0C1893C593DB}
    [2012/08/06 08:00:43 | 000,000,000 | ---D | C] -- C:\Users\Cravers\AppData\Local\{86CBAE9F-49A8-43F8-B04A-8FFE22437F4C}
    [2012/08/05 20:00:14 | 000,000,000 | ---D | C] -- C:\Users\Cravers\AppData\Local\{A9813D7A-5551-471D-B1E4-ED061EE618DA}
    [2012/08/05 19:59:52 | 000,000,000 | ---D | C] -- C:\Users\Cravers\AppData\Local\{19FB5AE7-51DC-4372-9048-83DEFE4689F9}
    [2012/08/05 07:25:44 | 000,000,000 | ---D | C] -- C:\Users\Cravers\AppData\Local\{FE29098B-E5D2-4C34-89AA-29859D1E98B9}
    [2012/08/05 07:25:21 | 000,000,000 | ---D | C] -- C:\Users\Cravers\AppData\Local\{EA218DD9-3BDE-49DA-8BC2-229B9D444556}
    [2012/08/04 19:07:49 | 000,000,000 | ---D | C] -- C:\Users\Cravers\AppData\Local\{342C4F73-F0B2-4A44-B45B-016AE6E1BF16}
    [2012/08/04 19:07:25 | 000,000,000 | ---D | C] -- C:\Users\Cravers\AppData\Local\{AA56A065-C9A5-4233-BDFC-4E824865AB78}
    [2012/08/04 07:06:50 | 000,000,000 | ---D | C] -- C:\Users\Cravers\AppData\Local\{0058B95B-2F64-4D65-ACA8-EC6ECB1C7508}
    [2012/08/03 09:12:30 | 000,000,000 | ---D | C] -- C:\Users\Cravers\AppData\Local\{7E33F082-6BD4-4AD8-8857-C431FF50BD4B}
    [2012/08/03 09:12:07 | 000,000,000 | ---D | C] -- C:\Users\Cravers\AppData\Local\{8342625C-DCCF-4C7D-B143-B95378825434}
    [2012/08/02 20:27:46 | 000,000,000 | ---D | C] -- C:\Users\Cravers\AppData\Local\{98C5389B-2E64-4E3E-8714-BAAB5B63C919}
    [2012/08/02 07:50:03 | 000,000,000 | ---D | C] -- C:\Users\Cravers\AppData\Local\{B88F67AD-C50C-4609-9BB3-4B2711494C0D}
    [2012/08/02 07:49:40 | 000,000,000 | ---D | C] -- C:\Users\Cravers\AppData\Local\{CAEF0EA6-AC89-4213-85C7-8E8439D62C0E}
    [2012/08/01 19:49:14 | 000,000,000 | ---D | C] -- C:\Users\Cravers\AppData\Local\{62FE0603-012D-4E25-81EE-56CC46A8B778}
    [2012/08/01 07:19:44 | 000,000,000 | ---D | C] -- C:\Users\Cravers\AppData\Local\{BC309ECB-1BE5-44F2-B8BA-853FB0F16C50}
    [2012/08/01 07:19:33 | 000,000,000 | ---D | C] -- C:\Users\Cravers\AppData\Local\{AB7200E7-A8DD-4FB9-8BB5-52AC69718F6F}
    [2012/07/31 07:59:08 | 000,000,000 | ---D | C] -- C:\Users\Cravers\AppData\Local\{A9B05FFA-0636-48D9-8830-7C0B01C9E79D}
    [2012/07/31 07:58:45 | 000,000,000 | ---D | C] -- C:\Users\Cravers\AppData\Local\{41A398B9-3949-45C7-91E6-036A33FAB5ED}
    [2012/07/30 19:58:15 | 000,000,000 | ---D | C] -- C:\Users\Cravers\AppData\Local\{AB590BCE-DEB8-4B65-98F7-4B365026B12E}
    [2012/07/30 07:42:22 | 000,000,000 | ---D | C] -- C:\Users\Cravers\AppData\Local\{33990E27-33E6-4E49-B196-A83C9568CB1F}
    [2012/07/30 07:42:00 | 000,000,000 | ---D | C] -- C:\Users\Cravers\AppData\Local\{B868F459-1278-4692-B5B5-B94C9D326A85}
    [2012/07/29 19:41:30 | 000,000,000 | ---D | C] -- C:\Users\Cravers\AppData\Local\{1B62D7AC-E935-4793-A404-F5BE4D36930F}
    [2012/07/29 19:41:12 | 000,000,000 | ---D | C] -- C:\Users\Cravers\AppData\Local\{A2256D30-44F9-413A-B62F-3BA48F24A060}
     
  22. Mike Craver

    Mike Craver TS Rookie Topic Starter Posts: 22

    OLT.txt Part 2 - Rest of File that was to large:

    [2012/07/29 07:15:24 | 000,000,000 | ---D | C] -- C:\Users\Cravers\AppData\Local\{8C0CCD60-C77C-4393-91E9-6DBC80BF0531}
    [2012/07/29 07:15:12 | 000,000,000 | ---D | C] -- C:\Users\Cravers\AppData\Local\{7E6D807F-5305-47A9-B36A-C153BCD830BA}
    [2012/07/28 14:18:44 | 000,000,000 | ---D | C] -- C:\Users\Cravers\AppData\Local\{44F610D1-41B6-4A9C-AD59-680C119800C4}
    [2012/07/28 14:18:33 | 000,000,000 | ---D | C] -- C:\Users\Cravers\AppData\Local\{C94A201E-EE7F-429F-800B-D188CAEEF8D8}
    [2012/07/27 22:41:34 | 000,000,000 | ---D | C] -- C:\Users\Cravers\AppData\Local\{27E80FA7-ECBE-457A-917B-D01113F1C680}
    [2012/07/27 10:40:59 | 000,000,000 | ---D | C] -- C:\Users\Cravers\AppData\Local\{117E6453-D752-4B51-944C-ADD4F86E110D}
    [2012/07/27 10:40:37 | 000,000,000 | ---D | C] -- C:\Users\Cravers\AppData\Local\{1E337C71-D7B4-4263-B9A1-46670279F8C8}
    [2012/07/26 21:26:14 | 000,000,000 | ---D | C] -- C:\Users\Cravers\AppData\Local\{E8E0EAD7-5E20-4A6A-8E5A-C0831B52628F}
    [2012/07/26 09:25:38 | 000,000,000 | ---D | C] -- C:\Users\Cravers\AppData\Local\{D8CBC848-33F9-40E3-8837-4617BEDB6E4E}
    [2012/07/26 09:25:16 | 000,000,000 | ---D | C] -- C:\Users\Cravers\AppData\Local\{FB7B14AA-EED5-4B51-9621-FF09662245B0}
    [2012/07/25 21:24:50 | 000,000,000 | ---D | C] -- C:\Users\Cravers\AppData\Local\{58BC3975-8E65-44E7-86BF-CE20CC26B909}
    [2012/07/25 09:13:12 | 000,000,000 | ---D | C] -- C:\Users\Cravers\AppData\Local\{101D5083-0963-4DE5-ABD6-0C9640E0E914}
    [2012/07/25 09:12:50 | 000,000,000 | ---D | C] -- C:\Users\Cravers\AppData\Local\{547DAF9C-186A-4625-AC13-D8CFC0504BFF}
    [2012/07/24 20:29:16 | 000,000,000 | ---D | C] -- C:\Users\Cravers\AppData\Local\{79B7B0AE-9626-44B6-AE6F-5A62CB88E7FC}
    [2012/07/24 07:49:54 | 000,000,000 | ---D | C] -- C:\Users\Cravers\AppData\Local\{46AFAEAB-DDA6-4A4A-8716-07628B732FAA}
    [2012/07/24 07:49:31 | 000,000,000 | ---D | C] -- C:\Users\Cravers\AppData\Local\{EA2F6D27-C445-4F36-AF38-7DA9597DB6C9}
    [2012/07/23 19:49:06 | 000,000,000 | ---D | C] -- C:\Users\Cravers\AppData\Local\{E24ABD66-C381-442B-813C-D75810CF08A7}
    [2012/07/23 07:48:15 | 000,000,000 | ---D | C] -- C:\Users\Cravers\AppData\Local\{83F66D9C-CB6F-4724-90F8-C8CE61F08CF2}
    [2012/07/23 07:48:04 | 000,000,000 | ---D | C] -- C:\Users\Cravers\AppData\Local\{9F4C460E-5CBD-4282-85FC-6A5B7E22309B}
    [2012/07/22 19:20:21 | 000,000,000 | ---D | C] -- C:\Users\Cravers\AppData\Local\{2A032765-FCDE-4B35-9372-D1A38C1A4CE9}
    [2012/07/22 07:19:42 | 000,000,000 | ---D | C] -- C:\Users\Cravers\AppData\Local\{A6429D73-EA77-4FB8-8E0D-976ED3DA3C09}
    [2012/07/22 07:19:30 | 000,000,000 | ---D | C] -- C:\Users\Cravers\AppData\Local\{DAA91AAA-3A03-4E6F-A5D4-413BC7B31098}
    [2012/07/21 11:55:55 | 000,000,000 | ---D | C] -- C:\Users\Cravers\AppData\Local\{6CD56AD3-AE9A-4A29-91E3-EFBBDDA279E7}
    [2012/07/20 23:43:19 | 000,000,000 | ---D | C] -- C:\Users\Cravers\AppData\Local\{05557194-00FB-44F2-9A8A-2E3DC3B31F34}
    [2012/07/20 07:33:42 | 000,000,000 | ---D | C] -- C:\Users\Cravers\AppData\Local\{59E54FC8-B3B2-41D8-8741-CBDAAA3C2097}
    [2012/07/19 09:54:14 | 000,000,000 | ---D | C] -- C:\Users\Cravers\AppData\Local\{AE613DA5-0778-4CFC-BC5A-1E2532591D14}
    [2012/07/19 09:54:00 | 000,000,000 | ---D | C] -- C:\Users\Cravers\AppData\Local\{08FE84C6-EDDE-488E-B8DD-D2BFC399B808}
    [2012/07/18 21:00:57 | 000,000,000 | ---D | C] -- C:\Users\Cravers\AppData\Local\{48834504-01DE-4636-AE57-F020A30A0179}
    [2012/07/18 08:30:08 | 000,000,000 | ---D | C] -- C:\Users\Cravers\AppData\Local\{FBEE84D7-1184-4C60-8BF5-762D07188926}
    [2012/07/18 08:29:45 | 000,000,000 | ---D | C] -- C:\Users\Cravers\AppData\Local\{F58FDBB4-FEDF-4743-8E23-91C86F2DB71E}
    [2012/07/17 20:29:20 | 000,000,000 | ---D | C] -- C:\Users\Cravers\AppData\Local\{0CE382D2-75DA-4C6D-8BA4-E19959727061}
    [2012/07/17 07:52:56 | 000,000,000 | ---D | C] -- C:\Users\Cravers\AppData\Local\{3821B517-1738-4B71-A1DD-BFC35382CA1D}
    [2012/07/17 07:52:35 | 000,000,000 | ---D | C] -- C:\Users\Cravers\AppData\Local\{E6390593-FCA7-419A-BD28-DF54D9962868}
    [2012/07/16 19:52:09 | 000,000,000 | ---D | C] -- C:\Users\Cravers\AppData\Local\{C547EEF0-07E2-4F0E-B2D4-56D215560784}
    [2012/07/16 07:30:55 | 000,000,000 | ---D | C] -- C:\Users\Cravers\AppData\Local\{D45CC10C-0566-43B3-A98E-84F2D055D795}
    [2012/07/16 07:30:41 | 000,000,000 | ---D | C] -- C:\Users\Cravers\AppData\Local\{767BE223-7AA3-4AAB-B2BD-6AA538C335BB}
    [2012/07/15 19:30:13 | 000,000,000 | ---D | C] -- C:\Users\Cravers\AppData\Local\{C78FF54C-430F-48CF-A5D9-A425EDF8BBD7}
    [2012/07/15 07:29:33 | 000,000,000 | ---D | C] -- C:\Users\Cravers\AppData\Local\{265125E8-405F-4B33-8B31-10947F5A601D}
    [2012/07/15 07:29:10 | 000,000,000 | ---D | C] -- C:\Users\Cravers\AppData\Local\{DAD9D81A-CFAA-4F03-8738-5A41391AD4FE}
    [2012/07/14 19:23:15 | 000,000,000 | ---D | C] -- C:\Users\Cravers\AppData\Local\{321E37BA-83FF-4AC4-A8F6-BF9FB88A26FF}
    [2012/07/14 07:22:32 | 000,000,000 | ---D | C] -- C:\Users\Cravers\AppData\Local\{8D25B30F-2E5E-4D25-87FA-3084DBDA013A}
    [2012/07/14 07:22:10 | 000,000,000 | ---D | C] -- C:\Users\Cravers\AppData\Local\{B7C5615F-B95D-437B-8E6B-F85A50C1A504}
    [2012/07/13 13:17:44 | 000,000,000 | ---D | C] -- C:\Users\Cravers\AppData\Local\{6F8A2A17-3DD6-4266-AA92-DBD4331CB8E2}
    [2012/07/13 13:17:27 | 000,000,000 | ---D | C] -- C:\Users\Cravers\AppData\Local\{8CEB3DDD-1A33-4D24-A27B-E34E96F8F45D}
    [2012/07/12 21:16:00 | 000,000,000 | ---D | C] -- C:\Users\Cravers\AppData\Local\{28C74209-F648-45B3-9A7C-BC31FC67931C}
    [2 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/08/11 15:56:16 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Cravers\Desktop\OTL.exe
    [2012/08/11 15:49:19 | 000,015,792 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/08/11 15:49:19 | 000,015,792 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/08/11 15:41:49 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
    [2012/08/11 15:41:44 | 3016,884,224 | -HS- | M] () -- C:\hiberfil.sys
    [2012/08/11 15:40:37 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/08/11 15:39:20 | 010,652,120 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Cravers\Desktop\mbam-setup-1.62.0.1300.exe
    [2012/08/11 15:15:44 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
    [2012/08/11 14:34:33 | 002,038,662 | ---- | M] () -- C:\windows\SysNative\drivers\NISx64\1306020.00A\Cat.DB
    [2012/08/11 14:33:17 | 000,175,736 | ---- | M] (Symantec Corporation) -- C:\windows\SysNative\drivers\SYMEVENT64x86.SYS
    [2012/08/11 14:33:17 | 000,007,488 | ---- | M] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.CAT
    [2012/08/11 14:33:17 | 000,000,855 | ---- | M] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.INF
    [2012/08/11 14:32:55 | 000,002,584 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
    [2012/08/11 14:31:31 | 000,001,267 | ---- | M] () -- C:\Users\Cravers\Desktop\Norton Installation Files.lnk
    [2012/08/11 14:31:07 | 000,000,916 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-660660762-1580669307-3164895231-1000UA.job
    [2012/08/11 14:31:07 | 000,000,898 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/08/11 14:06:34 | 004,729,547 | R--- | M] (Swearware) -- C:\Users\Cravers\Desktop\ComboFix.exe
    [2012/08/11 00:42:50 | 000,000,894 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/08/10 17:06:30 | 000,674,632 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
    [2012/08/10 17:06:30 | 000,127,438 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
    [2012/08/10 17:06:29 | 000,799,316 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
    [2012/08/10 16:52:31 | 476,798,241 | ---- | M] () -- C:\windows\MEMORY.DMP
    [2012/08/10 12:17:35 | 000,002,432 | ---- | M] () -- C:\Users\Cravers\Desktop\Google Chrome.lnk
    [2012/08/10 00:22:03 | 000,752,484 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
    [2012/08/09 21:25:08 | 000,003,760 | ---- | M] () -- C:\{979004F1-2ACB-4713-8791-B1DBA8A8FA6B}
    [2012/08/09 21:19:00 | 000,003,760 | ---- | M] () -- C:\{7B94B2D2-AC20-4745-B17B-5F19C0508B4A}
    [2012/08/09 20:35:58 | 000,003,792 | ---- | M] () -- C:\{17908C2A-6A26-4A73-A6C2-80079EDEF91C}
    [2012/08/05 14:16:00 | 000,000,864 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-660660762-1580669307-3164895231-1000Core.job
    [2 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/08/11 15:40:37 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/08/11 15:01:15 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
    [2012/08/11 15:01:15 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
    [2012/08/11 15:01:15 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
    [2012/08/11 15:01:15 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
    [2012/08/11 15:01:15 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
    [2012/08/11 14:34:22 | 002,038,662 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1306020.00A\Cat.DB
    [2012/08/11 14:32:55 | 000,002,584 | ---- | C] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
    [2012/08/11 14:31:53 | 000,004,782 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1306020.00A\SymVTcer.dat
    [2012/08/11 14:31:53 | 000,003,434 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1306020.00A\SymEFA.inf
    [2012/08/11 14:31:53 | 000,002,852 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1306020.00A\SymDS.inf
    [2012/08/11 14:31:53 | 000,001,441 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1306020.00A\SymNet.inf
    [2012/08/11 14:31:53 | 000,001,438 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1306020.00A\srtsp64.inf
    [2012/08/11 14:31:53 | 000,001,420 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1306020.00A\srtspx64.inf
    [2012/08/11 14:31:53 | 000,000,853 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1306020.00A\ccSetx64.inf
    [2012/08/11 14:31:53 | 000,000,772 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1306020.00A\Iron.inf
    [2012/08/11 14:31:51 | 000,007,496 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1306020.00A\SymDS64.cat
    [2012/08/11 14:31:51 | 000,007,468 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1306020.00A\ccsetx64.cat
    [2012/08/11 14:31:51 | 000,007,462 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1306020.00A\srtspx64.cat
    [2012/08/11 14:31:51 | 000,007,460 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1306020.00A\SymEFA64.cat
    [2012/08/11 14:31:51 | 000,007,458 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1306020.00A\symnet64.cat
    [2012/08/11 14:31:51 | 000,007,458 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1306020.00A\srtsp64.cat
    [2012/08/11 14:31:51 | 000,007,450 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1306020.00A\iron.cat
    [2012/08/11 14:31:51 | 000,000,172 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1306020.00A\isolate.ini
    [2012/08/10 15:13:40 | 476,798,241 | ---- | C] () -- C:\windows\MEMORY.DMP
    [2012/08/10 00:21:57 | 000,752,484 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
    [2012/08/09 21:25:06 | 000,003,760 | ---- | C] () -- C:\{979004F1-2ACB-4713-8791-B1DBA8A8FA6B}
    [2012/08/09 21:18:57 | 000,003,760 | ---- | C] () -- C:\{7B94B2D2-AC20-4745-B17B-5F19C0508B4A}
    [2012/08/09 20:35:58 | 000,003,792 | ---- | C] () -- C:\{17908C2A-6A26-4A73-A6C2-80079EDEF91C}
    [2012/01/15 20:00:25 | 000,007,605 | ---- | C] () -- C:\Users\Cravers\AppData\Local\Resmon.ResmonCfg
    [2011/11/27 20:11:35 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Icons
    [2011/11/27 20:11:35 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Hybrid Synthesizers
    [2011/11/27 20:11:35 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Hybrid Morph
    [2011/11/27 20:11:35 | 000,000,268 | RH-- | C] () -- C:\Users\Cravers\AppData\Roaming\Hybrid Basic
    [2011/11/27 20:11:35 | 000,000,268 | RH-- | C] () -- C:\Users\Cravers\AppData\Roaming\Horns
    [2011/11/27 20:11:35 | 000,000,268 | RH-- | C] () -- C:\Users\Cravers\AppData\Roaming\Horn Section
    [2011/11/27 20:11:35 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT
    [2011/11/27 20:11:35 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT
    [2011/11/27 20:11:35 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT
    [2011/01/07 18:41:16 | 000,000,178 | ---- | C] () -- C:\Users\Cravers\AppData\Roaming\wklnhst.dat

    ========== LOP Check ==========

    [2011/10/11 22:06:36 | 000,000,000 | ---D | M] -- C:\Users\Cravers\AppData\Roaming\Amazon
    [2011/12/11 16:49:39 | 000,000,000 | ---D | M] -- C:\Users\Cravers\AppData\Roaming\Barnes & Noble
    [2012/02/07 22:13:17 | 000,000,000 | ---D | M] -- C:\Users\Cravers\AppData\Roaming\calibre
    [2011/11/27 20:58:52 | 000,000,000 | ---D | M] -- C:\Users\Cravers\AppData\Roaming\Nikon
    [2010/11/03 19:17:45 | 000,000,000 | ---D | M] -- C:\Users\Cravers\AppData\Roaming\OverDrive
    [2012/02/06 13:24:38 | 000,000,000 | ---D | M] -- C:\Users\Cravers\AppData\Roaming\Pdfsvg
    [2011/09/14 19:16:48 | 000,000,000 | ---D | M] -- C:\Users\Cravers\AppData\Roaming\Systweak
    [2011/01/07 18:41:18 | 000,000,000 | ---D | M] -- C:\Users\Cravers\AppData\Roaming\Template
    [2012/05/09 20:58:26 | 000,000,000 | ---D | M] -- C:\Users\Cravers\AppData\Roaming\TomTom
    [2010/08/25 19:37:47 | 000,000,000 | ---D | M] -- C:\Users\Cravers\AppData\Roaming\Toshiba
    [2011/01/20 20:08:52 | 000,000,000 | ---D | M] -- C:\Users\Cravers\AppData\Roaming\WildTangent
    [2010/05/16 16:39:40 | 000,000,000 | ---D | M] -- C:\Users\Cravers\AppData\Roaming\WinBatch
    [2011/04/19 22:26:47 | 000,000,000 | ---D | M] -- C:\Users\Cravers\AppData\Roaming\Windows Live Writer
    [2012/04/01 07:39:46 | 000,032,640 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    < End of report >
     
  23. Mike Craver

    Mike Craver TS Rookie Topic Starter Posts: 22

    Attached here is the Extras.txt - Note: This was created when I had the all users box unchecked the first time. I renamed and moved the file, however, it would not create another one after that using any option. Let me know if you need anything else. I may not reply with updates until Monday since my daughter is having her first birthday tomorrow :). Thanks,

    OTL Extras logfile created on: 8/11/2012 3:58:19 PM - Run 1
    OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Cravers\Desktop
    64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.75 Gb Total Physical Memory | 2.55 Gb Available Physical Memory | 67.95% Memory free
    7.49 Gb Paging File | 6.22 Gb Available in Paging File | 82.97% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 287.61 Gb Total Space | 233.78 Gb Free Space | 81.28% Space Free | Partition Type: NTFS

    Computer Name: CRAVERS-PC | User Name: Cravers | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{59C7800B-8463-40AB-BD18-604D5E734F6B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
    "{AEB6FA0C-EEDD-4ABC-A277-0CCA67C02C8B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
    "{B1170EB8-ECE0-42F2-BC8C-A8724A624E2C}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
    "{CD0DEB5B-A8E1-41FA-A013-49BCBEF00E8F}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{DAC0ACD4-2A5C-4666-89A0-5D1F80380611}" = lport=2869 | protocol=6 | dir=in | app=system |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{08743644-7F1A-467B-986D-CCC27F2F2229}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
    "{0CFE4DA2-FA7C-4A90-AD90-8F1A341C659F}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
    "{64FF8DD4-55DA-461B-9E1E-4BCD882E8A12}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
    "{6692EC45-F8AD-47F0-94FF-81C63CA09FFA}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
    "{8CCD6118-BF32-4425-BDEB-79D34304395B}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
    "{C73105FE-3415-4891-9D79-6259FA87C01C}" = dir=in | app=c:\program files (x86)\leapfrog\leapfrog connect\leapfrogconnect.exe |
    "{D3F3CA49-03D1-4402-BFCA-F79D38B44E19}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
    "{F4637A19-3DBF-41E8-9D04-7C8405E703E5}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
    "{F573BF84-8174-4D4E-B906-28F457C360A6}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
    "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
    "{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{5BCC94A1-DEF1-4AB4-8046-BC13048E929A}" = TOSHIBA ReelTime
    "{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
    "{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
    "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
    "{81F3BC27-141B-635F-5D6B-5DE08D3B5884}" = ccc-utility64
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
    "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
    "{89F7D66C-777D-473B-AA11-319C0F190EAC}" = TOSHIBA Internal Modem Region Select Utility
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
    "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
    "{A0880F03-8480-482E-1606-BC91669B0882}" = ATI Catalyst Install Manager
    "{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
    "{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
    "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    "{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
    "{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
    "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
    "{F64684A0-754B-4637-B7F9-6E8DAA8CD5CD}" = TOSHIBA Bulletin Board
    "{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
    "8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D" = Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
    "CCleaner" = CCleaner
    "CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
    "Recuva" = Recuva
    "Speccy" = Speccy
    "SynTPDeinstKey" = Synaptics Pointing Device Driver

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
    "{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0D795777-9D60-4692-8386-F2B3F2B5E5BF}" = Label@Once 1.0
    "{0DB8F853-899A-8628-E0D7-29FB190CF848}" = Catalyst Control Center Graphics Full Existing
    "{0FB630AB-7BD8-40AE-B223-60397D57C3C9}" = Realtek WLAN Driver
    "{117BCF94-6A1E-6741-39F5-09444381445E}" = CCC Help Italian
    "{1211D6B0-B7B5-CB9A-99A2-066473FC35CA}" = CCC Help Swedish
    "{14956199-1890-C3D4-F8B8-3C0C6FD82993}" = ccc-core-static
    "{154C378D-D990-42DF-BDFD-5225E2EE3D8C}" = V.92 Modem On Hold
    "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = TOSHIBA Assist
    "{1D210042-41EE-4472-2219-6A900366B9A3}" = CCC Help French
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 14
    "{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
    "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
    "{2ABB6396-785C-E2CB-579E-79BAF98E0527}" = Catalyst Control Center Graphics Previews Vista
    "{3135D885-9D9A-4B4D-8D45-9DB05DA115CA}" = Amazon Links
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{3B843B38-04B1-4CE6-8888-586273E0F289}" = Quickbooks Financial Center
    "{3E1B8E31-9692-207B-77B7-A8339AF03795}" = Catalyst Control Center Graphics Full New
    "{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
    "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
    "{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
    "{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
    "{58630658-9DF7-E873-9F5D-0EAF87D25DAA}" = CCC Help Norwegian
    "{594A3C2C-19B3-E02E-359C-B8D134F6B939}" = CCC Help Korean
    "{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = ToshibaRegistration
    "{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
    "{6055830B-40E4-C794-3F04-2D0CD8AF1AAC}" = CCC Help Russian
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
    "{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
    "{6E932CA6-FD17-7694-FD7C-14CE25770EA5}" = Catalyst Control Center Graphics Previews Common
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{739A6E9D-5D7D-8A5D-EC8A-4BD11E5749AA}" = CCC Help Hungarian
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
    "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
    "{8C72927B-7410-131A-E641-B9C505F4973C}" = CCC Help Japanese
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISER_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{911AB6CA-E04C-1E98-523D-8FCFAB4F456C}" = CCC Help Czech
    "{9216C6A7-694A-4437-BD00-BD1CF58E1839}" = CCC Help Spanish
    "{92DE68CE-BC3E-7323-EA53-99490C8BD34D}" = Catalyst Control Center Graphics Light
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{95140000-0080-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
    "{9668AE11-E05C-8169-F6D8-FBF7B507D7DB}" = CCC Help German
    "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
    "{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = TOSHIBA Application Installer
    "{979587FD-F264-3C71-B0BE-6FC8DA993790}" = CCC Help Thai
    "{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}" = TOSHIBA Media Controller
    "{992C016C-CA8F-4D13-ABAB-D24A481C102B}" = LeapFrog Leapster2 Plugin
    "{999307CD-D57D-8C98-27ED-07F384ACFAA1}" = CCC Help Turkish
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9AEAF9CC-390B-49C0-8F7F-14092BF163B6}" = NetZero Launcher
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
    "{A1D5C69A-ACC1-4511-9A68-45B470397234}" = LeapFrog Crammer Plugin
    "{A208044D-A88B-4ACF-AE95-E4F213E6EDC0}" = TOSHIBA Supervisor Password
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A7594D38-0B7E-BCF7-A938-1AC03A6477FB}" = CCC Help English
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
    "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.6
    "{AC7BE07B-14D3-6EB5-814A-EB0A63CBFB47}" = CCC Help Polish
    "{B014EE44-9197-4513-9613-71E6EB1B514E}" = Nikon Message Center 2
    "{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
    "{B1CDB3C6-8DD8-4864-8589-BDFBDA033941}" = CCC Help Chinese Traditional
    "{B2E447CB-2950-46A6-A403-0E4F7EED564B}" = SAMSUNG Video Codec 1.2.5009
    "{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
    "{BBC0D330-C37B-4472-BFB9-AA217CF0C95F}" = Ulead Photo Express 4.0 SE
    "{BDABF8CD-7436-EC6C-DD82-439225E22557}" = CCC Help Finnish
    "{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Toshiba Online Backup
    "{C5A15C68-0DF3-8A13-352E-E605491D7E3D}" = Catalyst Control Center InstallProxy
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{CFAE78A9-A7A4-537E-7CC0-5A794FFBF73F}" = Catalyst Control Center Core Implementation
    "{D0387727-C89D-4774-B643-B9333EAA09DE}" = TOSHIBA Hardware Setup
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D14AAC37-38FC-4454-9CEC-B3CD081632C4}" = calibre
    "{D19A1978-2FB2-B39A-5D30-C1EA38F788DD}" = CCC Help Danish
    "{D1E7142C-6BC3-49EB-A71A-E5D7ADAC7599}" = Nikon File Uploader 2
    "{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D647F06F-2908-487E-9CDA-DE52148CBF49}" = OverDrive Media Console
    "{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}" = Bing Bar
    "{D8634D93-03DD-01F1-AC7D-EE468AA24F45}" = CCC Help Dutch
    "{DA84ECBF-4B79-47F2-B34C-95C38484C058}" = Skype Launcher
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DDD62492-32A7-412B-8AF1-2CF032AD42E3}" = ViewNX 2
    "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E151E679-4EC8-36F9-A691-C7600688A1CA}" = CCC Help Chinese Standard
    "{E3D63B95-4B21-414A-A2C7-D6D6A6AC6D79}" = Catalyst Control Center - Branding
    "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
    "{E69992ED-A7F6-406C-9280-1C156417BC49}" = TOSHIBA Quality Application
    "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
    "{EBC6193C-ED23-E332-9A9C-D5CB83CDDE2B}" = Catalyst Control Center Localization All
    "{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F18046C5-1C4E-4BE1-A3D6-A6F970E2E8E8}" = ArcSoft Panorama Maker 5
    "{F3529665-D75E-4D6D-98F0-745C78C68E9B}" = TOSHIBA ConfigFree
    "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
    "{F544CA20-6810-E275-D288-F0D92CFADE4A}" = CCC Help Greek
    "{F9D59E62-845F-49A2-8B75-DDB00661673C}" = LeapFrog Connect
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "{FE5ED1C0-A340-4EAC-B4BE-FA0AB173436C}" = LeapFrog LeapPad Explorer Plugin
    "{FEED29DD-7BF3-582C-3353-1F2634C2323D}" = CCC Help Portuguese
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.12
    "BN_DesktopReader" = NOOK for PC
    "CrammerPlugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog Crammer Plugin)
    "Digital Editions" = Adobe Digital Editions
    "ENTERPRISER" = Microsoft Office Enterprise 2007
    "HOMESTUDENTR" = Microsoft Office Home and Student 2007
    "InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
    "InstallShield_{5BCC94A1-DEF1-4AB4-8046-BC13048E929A}" = TOSHIBA ReelTime
    "InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
    "InstallShield_{89F7D66C-777D-473B-AA11-319C0F190EAC}" = TOSHIBA Internal Modem Region Select Utility
    "InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
    "InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
    "InstallShield_{F64684A0-754B-4637-B7F9-6E8DAA8CD5CD}" = TOSHIBA Bulletin Board
    "InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
    "LeapPadExplorerPlugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog LeapPad Explorer Plugin)
    "Leapster2Plugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog Leapster2 Plugin)
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
    "NIS" = Norton Internet Security
    "SamsungCamCorderDriver" = Samsung CamCorder Driver
    "StartNow Toolbar" = StartNow Toolbar
    "Systweak Advanced System Protector " = Systweak Advanced System Protector
    "TomTom HOME" = TomTom HOME 2.8.4.2596
    "TOSHIBA Game Console" = WildTangent ORB Game Console
    "UPCShell" = LeapFrog Connect
    "WildTangent toshiba Master Uninstall" = WildTangent Games
    "WinLiveSuite" = Windows Live Essentials
    "WT078087" = Blackhawk Striker 2
    "WT078109" = FATE Undiscovered Realms
    "WT078123" = Monopoly
    "WT078129" = Polar Bowler
    "WT078130" = Virtual Families
    "WT078308" = Bejeweled 2 Deluxe
    "WT078349" = Mystery P.I. - The Vegas Heist
    "WT078385" = Virtual Villagers - The Secret City
    "WT078475" = Scrabble Plus
    "WT078491" = Faerie Solitaire

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Amazon Kindle" = Amazon Kindle
    "Google Chrome" = Google Chrome
    "UnityWebPlayer" = Unity Web Player

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 8/11/2012 3:15:51 PM | Computer Name = Cravers-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\windows\system32\conhost.exe".
    Dependent
    Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 8/11/2012 3:20:29 PM | Computer Name = Cravers-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\windows\system32\conhost.exe".
    Dependent
    Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 8/11/2012 3:21:18 PM | Computer Name = Cravers-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\windows\system32\conhost.exe".
    Dependent
    Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 8/11/2012 3:21:33 PM | Computer Name = Cravers-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\windows\system32\conhost.exe".
    Dependent
    Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 8/11/2012 3:21:44 PM | Computer Name = Cravers-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\windows\system32\conhost.exe".
    Dependent
    Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 8/11/2012 3:23:25 PM | Computer Name = Cravers-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\windows\system32\conhost.exe".
    Dependent
    Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 8/11/2012 3:23:31 PM | Computer Name = Cravers-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\windows\system32\conhost.exe".
    Dependent
    Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 8/11/2012 3:32:38 PM | Computer Name = Cravers-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\windows\system32\conhost.exe".
    Dependent
    Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 8/11/2012 3:45:14 PM | Computer Name = Cravers-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\windows\system32\conhost.exe".
    Dependent
    Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 8/11/2012 3:51:47 PM | Computer Name = Cravers-PC | Source = Application Hang | ID = 1002
    Description = The program mbam.exe version 1.62.0.87 stopped interacting with Windows
    and was closed. To see if more information about the problem is available, check
    the problem history in the Action Center control panel. Process ID: 434 Start Time:
    01cd77fa62cc6f36 Termination Time: 15 Application Path: C:\Program Files (x86)\Malwarebytes'
    Anti-Malware\mbam.exe Report Id: f29dc489-e3ed-11e1-9957-00266c4b28b2

    [ Media Center Events ]
    Error - 5/19/2012 7:24:18 AM | Computer Name = Cravers-PC | Source = MCUpdate | ID = 0
    Description = 7:24:02 AM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP
    status 404: The requested URL does not exist on the server. )

    Error - 5/21/2012 9:10:00 AM | Computer Name = Cravers-PC | Source = MCUpdate | ID = 0
    Description = 9:10:00 AM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP
    status 404: The requested URL does not exist on the server. )

    Error - 5/22/2012 7:38:49 AM | Computer Name = Cravers-PC | Source = MCUpdate | ID = 0
    Description = 7:38:49 AM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP
    status 404: The requested URL does not exist on the server. )

    Error - 7/10/2012 7:27:05 AM | Computer Name = Cravers-PC | Source = MCUpdate | ID = 0
    Description = 7:27:04 AM - Error connecting to the internet. 7:27:05 AM - Unable
    to contact server..

    Error - 7/10/2012 7:28:02 AM | Computer Name = Cravers-PC | Source = MCUpdate | ID = 0
    Description = 7:27:10 AM - Error connecting to the internet. 7:27:10 AM - Unable
    to contact server..

    [ OSession Events ]
    Error - 2/21/2011 1:20:34 AM | Computer Name = Cravers-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4
    seconds with 0 seconds of active time. This session ended with a crash.

    [ System Events ]
    Error - 8/11/2012 3:18:06 PM | Computer Name = Cravers-PC | Source = Service Control Manager | ID = 7009
    Description = A timeout was reached (30000 milliseconds) while waiting for the Google
    Update Service (gupdate) service to connect.

    Error - 8/11/2012 3:18:06 PM | Computer Name = Cravers-PC | Source = Service Control Manager | ID = 7000
    Description = The Google Update Service (gupdate) service failed to start due to
    the following error: %%1053

    Error - 8/11/2012 3:33:43 PM | Computer Name = Cravers-PC | Source = atikmdag | ID = 52236
    Description = CPLIB :: General - Invalid Parameter

    Error - 8/11/2012 3:33:43 PM | Computer Name = Cravers-PC | Source = atikmdag | ID = 43029
    Description = Display is not active

    Error - 8/11/2012 3:36:01 PM | Computer Name = Cravers-PC | Source = Service Control Manager | ID = 7009
    Description = A timeout was reached (30000 milliseconds) while waiting for the Google
    Update Service (gupdate) service to connect.

    Error - 8/11/2012 3:36:01 PM | Computer Name = Cravers-PC | Source = Service Control Manager | ID = 7000
    Description = The Google Update Service (gupdate) service failed to start due to
    the following error: %%1053

    Error - 8/11/2012 3:41:49 PM | Computer Name = Cravers-PC | Source = atikmdag | ID = 52236
    Description = CPLIB :: General - Invalid Parameter

    Error - 8/11/2012 3:41:49 PM | Computer Name = Cravers-PC | Source = atikmdag | ID = 43029
    Description = Display is not active

    Error - 8/11/2012 3:44:11 PM | Computer Name = Cravers-PC | Source = Service Control Manager | ID = 7009
    Description = A timeout was reached (30000 milliseconds) while waiting for the Google
    Update Service (gupdate) service to connect.

    Error - 8/11/2012 3:44:11 PM | Computer Name = Cravers-PC | Source = Service Control Manager | ID = 7000
    Description = The Google Update Service (gupdate) service failed to start due to
    the following error: %%1053


    < End of report >
     
  24. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Happy Birthday to your daughter :)

    OTL logs are clean.

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  25. Mike Craver

    Mike Craver TS Rookie Topic Starter Posts: 22

    Below is the checkup.txt file:

    Results of screen317's Security Check version 0.99.43
    Windows 7 x64 (UAC is enabled)
    Out of date service pack!!
    Internet Explorer 8 Out of date!
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    Norton Internet Security
    WMI entry may not exist for antivirus; attempting automatic update.
    `````````Anti-malware/Other Utilities Check:`````````
    Malwarebytes Anti-Malware version 1.62.0.1300
    Java(TM) 6 Update 14
    Java version out of Date!
    Adobe Flash Player 10 Flash Player out of Date!
    Adobe Reader 9 Adobe Reader out of Date!
    Google Chrome 21.0.1180.60
    Google Chrome 21.0.1180.75
    Google Chrome VisualElementsManifest.xml..
    ````````Process Check: objlist.exe by Laurent````````
    Norton ccSvcHst.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 3%
    ````````````````````End of Log``````````````````````
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...