Here is the OLT.txt info with scan all users. Note: I ran it the first time with this option unchecked and ran it again and got the following output with all users. If you need the one without all users I have it as well. Note this is part 1, the file was to long to fit in one reply. I will post a second OLT.txt part 2 which has the rest:
OTL logfile created on: 8/11/2012 4:19:51 PM - Run 2
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Cravers\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.75 Gb Total Physical Memory | 2.30 Gb Available Physical Memory | 61.44% Memory free
7.49 Gb Paging File | 6.17 Gb Available in Paging File | 82.30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 287.61 Gb Total Space | 233.74 Gb Free Space | 81.27% Space Free | Partition Type: NTFS
Computer Name: CRAVERS-PC | User Name: Cravers | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/08/11 15:56:16 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Cravers\Desktop\OTL.exe
PRC - [2012/04/20 01:59:04 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2012/04/20 01:59:02 | 000,247,728 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2012/02/10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE
PRC - [2012/01/17 01:18:36 | 000,138,232 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe
PRC - [2011/11/12 13:04:12 | 000,268,640 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
PRC - [2011/11/12 12:21:58 | 006,141,792 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2010/10/27 20:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/08/25 12:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/07/29 00:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2009/07/14 23:10:30 | 000,042,368 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
PRC - [2009/07/13 19:24:00 | 000,304,496 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2009/03/10 22:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
========== Modules (No Company Name) ==========
MOD - [2011/09/14 10:19:06 | 008,500,224 | ---- | M] () -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\QtGui4.dll
MOD - [2011/09/14 10:19:06 | 002,348,544 | ---- | M] () -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\QtCore4.dll
========== Win32 Services (SafeList) ==========
SRV:
64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:
64bit: - [2009/08/21 13:31:06 | 000,488,800 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:
64bit: - [2009/08/11 20:10:48 | 000,252,272 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:
64bit: - [2009/08/04 15:15:06 | 000,826,224 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:
64bit: - [2009/08/03 22:17:56 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:
64bit: - [2009/07/30 03:54:22 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:
64bit: - [2009/07/28 19:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:
64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:
64bit: - [2009/07/07 13:38:24 | 000,065,904 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\rselect\RSelSvc.exe -- (RSELSVC)
SRV - [2012/04/20 01:59:04 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2012/02/10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012/02/10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE -- (BBSvc)
SRV - [2012/01/17 01:18:36 | 000,138,232 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe -- (NIS)
SRV - [2011/11/12 12:21:58 | 006,141,792 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/08/27 14:28:00 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/08/17 14:48:42 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009/08/10 23:55:58 | 000,248,688 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)
SRV - [2009/07/14 23:10:30 | 000,042,368 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe -- (ConfigFree Gadget Service)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/04/29 15:21:18 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService)
SRV - [2009/03/10 22:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
========== Driver Services (SafeList) ==========
DRV:
64bit: - [2012/08/11 14:33:17 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:
64bit: - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:
64bit: - [2012/03/01 02:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:
64bit: - [2012/01/17 18:46:01 | 000,405,624 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1306020.00A\symnets.sys -- (SymNetS)
DRV:
64bit: - [2012/01/17 18:45:57 | 001,092,728 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1306020.00A\SymEFA64.sys -- (SymEFA)
DRV:
64bit: - [2012/01/17 18:45:55 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1306020.00A\SymDS64.sys -- (SymDS)
DRV:
64bit: - [2012/01/17 18:35:24 | 000,190,072 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1306020.00A\Ironx64.sys -- (SymIRON)
DRV:
64bit: - [2012/01/17 18:33:51 | 000,738,936 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1306020.00A\srtsp64.sys -- (SRTSP)
DRV:
64bit: - [2012/01/17 18:33:51 | 000,037,496 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1306020.00A\srtspx64.sys -- (SRTSPX)
DRV:
64bit: - [2011/11/29 18:44:29 | 000,167,048 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1306020.00A\ccSetx64.sys -- (ccSet_NIS)
DRV:
64bit: - [2011/03/21 13:22:06 | 000,452,200 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:
64bit: - [2010/12/24 16:27:44 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(5).sys -- (WsAudio_DeviceS(5)
DRV:
64bit: - [2010/12/24 16:27:44 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(4).sys -- (WsAudio_DeviceS(4)
DRV:
64bit: - [2010/12/24 16:27:44 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(3).sys -- (WsAudio_DeviceS(3)
DRV:
64bit: - [2010/12/24 16:27:44 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(2).sys -- (WsAudio_DeviceS(2)
DRV:
64bit: - [2010/12/24 16:27:44 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1)
DRV:
64bit: - [2010/04/26 17:23:08 | 001,103,904 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
DRV:
64bit: - [2010/01/20 15:18:26 | 000,040,320 | ---- | M] (Belcarra Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btblan.sys -- (Leapfrog-USBLAN)
DRV:
64bit: - [2009/07/31 00:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:
64bit: - [2009/07/30 16:07:12 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:
64bit: - [2009/07/24 19:57:08 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
DRV:
64bit: - [2009/07/20 21:48:32 | 000,274,480 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:
64bit: - [2009/07/14 19:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:
64bit: - [2009/07/13 21:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:
64bit: - [2009/07/13 21:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:
64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:
64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:
64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:
64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:
64bit: - [2009/07/07 12:51:42 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FwLnk.sys -- (FwLnk)
DRV:
64bit: - [2009/06/22 21:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:
64bit: - [2009/06/19 23:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:
64bit: - [2009/06/19 22:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:
64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:
64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:
64bit: - [2009/06/10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:
64bit: - [2009/06/10 17:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:
64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:
64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:
64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:
64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:
64bit: - [2009/05/05 04:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:
64bit: - [2009/04/29 15:21:08 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio)
DRV:
64bit: - [2009/02/13 02:24:56 | 001,485,824 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_DPV.sys -- (HSF_DPV)
DRV:
64bit: - [2009/02/13 02:20:56 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAXHWAZL.sys -- (CAXHWAZL)
DRV:
64bit: - [2009/02/13 02:19:34 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_CNXT.sys -- (winachsf)
DRV:
64bit: - [2006/06/18 10:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2012/08/11 16:04:54 | 002,068,600 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\Definitions\VirusDefs\20120810.035\ex64.sys -- (NAVEX15)
DRV - [2012/08/11 16:04:54 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/08/11 16:04:54 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Unknown] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11220.sys -- (EraserUtilDrv11220)
DRV - [2012/08/11 16:04:54 | 000,120,440 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\Definitions\VirusDefs\20120810.035\eng64.sys -- (NAVENG)
DRV - [2012/01/17 18:35:11 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\Definitions\IPSDefs\20120202.002\IDSviA64.sys -- (IDSVia64)
DRV - [2012/01/17 18:34:24 | 001,157,240 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\Definitions\BASHDefs\20111201.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:
64bit: - HKLM\..\SearchScopes,DefaultScope = {CE358FE6-0749-4AE1-A7DE-4D8151450CCF}
IE:
64bit: - HKLM\..\SearchScopes\{CE358FE6-0749-4AE1-A7DE-4D8151450CCF}: "URL" =
http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
IE - HKLM\..\SearchScopes,DefaultScope = {E029CB26-F311-4A39-8088-8086CC1FFAB5}
IE - HKLM\..\SearchScopes\{E029CB26-F311-4A39-8088-8086CC1FFAB5}: "URL" =
http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-660660762-1580669307-3164895231-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-660660762-1580669307-3164895231-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.msn.com/?pc=Z152&install_date=20110914
IE - HKU\S-1-5-21-660660762-1580669307-3164895231-1000\..\SearchScopes,DefaultScope = {9FE76A4B-4202-43B5-A8DA-4381CB66B5AD}
IE - HKU\S-1-5-21-660660762-1580669307-3164895231-1000\..\SearchScopes\{12DC6175-B360-2C25-BF0E-2B6E49ADC9F3}: "URL" =
http://www.bing.com/search?q={searc...install_date=20110914&iesrc={referrer:source}
IE - HKU\S-1-5-21-660660762-1580669307-3164895231-1000\..\SearchScopes\{9FE76A4B-4202-43B5-A8DA-4381CB66B5AD}: "URL" =
http://www.google.com/search?source...tEncoding}&oe={outputEncoding}&rlz=1I7TSNA_en
IE - HKU\S-1-5-21-660660762-1580669307-3164895231-1000\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" =
http://www.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=NIS&chn=retail&geo=US&ver=18
IE - HKU\S-1-5-21-660660762-1580669307-3164895231-1000\..\SearchScopes\{E029CB26-F311-4A39-8088-8086CC1FFAB5}: "URL" =
http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
IE - HKU\S-1-5-21-660660762-1580669307-3164895231-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..extensions.enabledItems:
MapShare-status@tomtom.com:1.7.1
FF - prefs.js..extensions.enabledItems:
baseTheme@tomtom.com:1.0.2
FF - user.js - File not found
FF:
64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Cravers\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Cravers\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Cravers\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\IPSFFPlgn\ [2012/08/11 14:34:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\coFFPlgn\ [2012/08/11 15:43:14 | 000,000,000 | ---D | M]
[2012/05/09 20:58:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cravers\AppData\Roaming\Mozilla\Extensions
[2012/05/09 20:58:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cravers\AppData\Roaming\Mozilla\Extensions\
home2@tomtom.com
[2012/05/09 20:58:09 | 000,000,000 | ---D | M] (Map status indicator) -- C:\PROGRAM FILES (X86)\TOMTOM HOME 2\XUL\EXTENSIONS\
MAPSHARE-STATUS@TOMTOM.COM
========== Chrome ==========
CHR - homepage:
http://www.msn.com/?pc=Z152&install_date=20110914
CHR - default_search_provider: Bing (Enabled)
CHR - default_search_provider: search_url =
http://www.bing.com/search?q={searchTerms}&pc=Z152&form=ZGACDF&install_date=20110914
CHR - default_search_provider: suggest_url =
http://api.bing.com/osjson.aspx?query=%s
CHR - homepage:
http://www.msn.com/?pc=Z152&install_date=20110914
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Cravers\AppData\Local\Google\Chrome\Application\21.0.1180.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Cravers\AppData\Local\Google\Chrome\Application\21.0.1180.75\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Cravers\AppData\Local\Google\Chrome\Application\21.0.1180.75\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Cravers\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Norton Confidential (Enabled) = C:\Users\Cravers\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.4.6_0\npcoplgn.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.140.8 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java(TM) Platform SE 6 U14 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Cravers\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Cravers\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Cravers\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Norton Identity Protection = C:\Users\Cravers\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.2.6_0\
CHR - Extension: Gmail = C:\Users\Cravers\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2012/08/11 15:15:44 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:
64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:
64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg64.dll (Google Inc.)
O2 - BHO: (Bing Bar Helper) - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O3:
64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:
64bit: - HKU\S-1-5-21-660660762-1580669307-3164895231-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:
64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:
64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:
64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:
64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:
64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:
64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:
64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:
64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:
64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:
64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [Monitor] C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe (Toshiba)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKU\S-1-5-21-660660762-1580669307-3164895231-1000..\Run: [TomTomHOME.exe] C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-660660762-1580669307-3164895231-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-660660762-1580669307-3164895231-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 184.16.4.22
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5A72ED9B-0D97-4506-8D10-822DC047658D}: DhcpNameServer = 192.168.1.1 184.16.4.22
O18:
64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:
64bit: - Protocol\Handler\livecall - No CLSID value found
O18:
64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:
64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:
64bit: - Protocol\Handler\msnim - No CLSID value found
O18:
64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:
64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:
64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:
64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:
64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (sasnative64)
O35:
64bit: - HKLM\..comfile [open] -- "%1" %*
O35:
64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:
64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:
64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012/08/11 15:56:39 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Cravers\Desktop\OTL.exe
[2012/08/11 15:39:49 | 010,652,120 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Cravers\Desktop\mbam-setup-1.62.0.1300.exe
[2012/08/11 15:23:27 | 000,000,000 | ---D | C] -- C:\windows\temp
[2012/08/11 15:15:49 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/08/11 15:01:15 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2012/08/11 15:01:15 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2012/08/11 15:01:15 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2012/08/11 14:50:59 | 000,000,000 | ---D | C] -- C:\Users\Cravers\AppData\Local\{034BB902-8393-4AFF-8CA6-92410A4490D2}
[2012/08/11 14:50:45 | 000,000,000 | ---D | C] -- C:\Users\Cravers\AppData\Local\{1DC7771C-FF33-4D9B-9105-DF1539A0DA63}
[2012/08/11 14:44:58 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/08/11 14:44:31 | 000,000,000 | ---D | C] -- C:\windows\erdnt
[2012/08/11 14:33:45 | 000,000,000 | ---D | C] -- C:\Users\Cravers\AppData\Local\{47E43952-FE1B-47FB-88BC-000D6FB333CD}
[2012/08/11 14:33:22 | 000,000,000 | ---D | C] -- C:\Users\Cravers\AppData\Local\{7888A7E8-E751-4864-B229-E514F0C7C39B}
[2012/08/11 14:32:04 | 001,092,728 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NISx64\1306020.00A\SymEFA64.sys
[2012/08/11 14:32:04 | 000,738,936 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NISx64\1306020.00A\srtsp64.sys
[2012/08/11 14:32:04 | 000,451,192 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NISx64\1306020.00A\SymDS64.sys
[2012/08/11 14:32:04 | 000,405,624 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NISx64\1306020.00A\symnets.sys
[2012/08/11 14:32:04 | 000,190,072 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NISx64\1306020.00A\Ironx64.sys
[2012/08/11 14:32:04 | 000,167,048 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NISx64\1306020.00A\ccSetx64.sys
[2012/08/11 14:32:04 | 000,037,496 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NISx64\1306020.00A\srtspx64.sys
[2012/08/11 14:31:51 | 000,000,000 | ---D | C] -- C:\windows\SysNative\drivers\NISx64
[2012/08/11 14:31:51 | 000,000,000 | ---D | C] -- C:\windows\SysNative\drivers\NISx64\1306020.00A
[2012/08/11 14:31:50 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
[2012/08/11 14:31:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Internet Security
[2012/08/11 14:07:25 | 004,729,547 | R--- | C] (Swearware) -- C:\Users\Cravers\Desktop\ComboFix.exe
[2012/08/11 12:28:35 | 000,000,000 | ---D | C] -- C:\Users\Cravers\AppData\Local\{65D6A19A-5093-404E-BE12-4EF238255CE5}
[2012/08/11 12:28:12 | 000,000,000 | ---D | C] -- C:\Users\Cravers\AppData\Local\{0E35F2F2-598D-4C30-99CD-0162817D0C06}
[2012/08/11 01:55:43 | 000,000,000 | ---D | C] -- C:\FRST
[2012/08/11 00:43:46 | 000,000,000 | ---D | C] -- C:\Users\Cravers\AppData\Local\{27F626C8-6E76-4AAD-BAFF-2782EE15FAE6}
[2012/08/11 00:43:35 | 000,000,000 | ---D | C] -- C:\Users\Cravers\AppData\Local\{9C84BD47-4D6B-47F0-968A-33CAE1E3FDA3}
[2012/08/11 00:38:28 | 000,000,000 | ---D | C] -- C:\Users\Cravers\AppData\Local\{C265FA24-5AF2-4B59-92A2-24DE0AE9CB9D}
[2012/08/11 00:38:06 | 000,000,000 | ---D | C] -- C:\Users\Cravers\AppData\Local\{C6ADD36E-B558-4B59-9F15-7340F7106958}
[2012/08/10 12:10:42 | 000,000,000 | ---D | C] -- C:\Users\Cravers\AppData\Local\{606BB818-9BC6-47EA-B88F-E985770201FD}
[2012/08/10 12:10:29 | 000,000,000 | ---D | C] -- C:\Users\Cravers\AppData\Local\{210CB0CB-CE36-4D10-9BE3-B5C8A3D21CAE}
[2012/08/10 00:20:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Reference Assemblies
[2012/08/10 00:20:12 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2012/08/10 00:20:10 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2012/08/10 00:20:10 | 000,000,000 | ---D | C] -- C:\inetpub
[2012/08/09 22:18:56 | 000,000,000 | ---D | C] -- C:\Users\Cravers\AppData\Local\{554BC5DC-BC37-4A93-96C9-264E24D46B38}
[2012/08/09 22:18:30 | 000,000,000 | ---D | C] -- C:\Users\Cravers\AppData\Local\{C19EC154-806E-4374-9471-BD3F71B84F13}
[2012/08/09 20:56:10 | 000,000,000 | ---D | C] -- C:\Users\Cravers\AppData\Local\{B20F82E1-1F8E-41FD-A3BB-FE924FC711FC}
[2012/08/09 20:55:44 | 000,000,000 | ---D | C] -- C:\Users\Cravers\AppData\Local\{B7AAD67D-854B-4907-A91A-9188E893A9E8}
[2012/08/09 20:46:15 | 000,000,000 | ---D | C] -- C:\Users\Cravers\AppData\Local\NPE
[2012/08/09 20:01:00 | 000,000,000 | ---D | C] -- C:\windows\Sun
[2012/08/09 08:50:47 | 000,000,000 | ---D | C] -- C:\Users\Cravers\AppData\Local\{F8B550ED-DB18-4760-885A-5F472CD9398C}
[2012/08/09 08:50:24 | 000,000,000 | ---D | C] -- C:\Users\Cravers\AppData\Local\{E3DBF095-F243-49C5-A51D-387425DCC54C}
[2012/08/08 20:49:53 | 000,000,000 | ---D | C] -- C:\Users\Cravers\AppData\Local\{9D165C06-2A41-469A-BB7D-89A45DD92153}
[2012/08/08 20:49:30 | 000,000,000 | ---D | C] -- C:\Users\Cravers\AppData\Local\{3300073F-94AC-4823-ADB2-1A4E4FC21B8C}
[2012/08/08 20:47:27 | 000,000,000 | ---D | C] -- C:\windows\Minidump
[2012/08/08 07:20:59 | 000,000,000 | ---D | C] -- C:\Users\Cravers\AppData\Local\{025103F2-DE2A-488F-ADAD-4DFA50489A33}
[2012/08/08 07:20:42 | 000,000,000 | ---D | C] -- C:\Users\Cravers\AppData\Local\{5EBA4E6C-2EE1-462B-BEF7-37E082B46D95}
[2012/08/07 13:36:13 | 000,000,000 | ---D | C] -- C:\Users\Cravers\AppData\Local\{25363F1B-77BB-494B-B246-E4D6D46721D8}
[2012/08/07 13:36:02 | 000,000,000 | ---D | C] -- C:\Users\Cravers\AppData\Local\{76935FB7-52F4-41E4-90C6-013E231BB5A7}
[2012/08/06 23:02:19 | 000,000,000 | ---D | C] -- C:\Users\Cravers\AppData\Local\{96DD7E75-D3FB-4BA8-8154-AED33C2BB339}
[2012/08/06 08:01:10 | 000,000,000 | ---D | C] -- C:\Users\Cravers\AppData\Local\{BF72BFE2-6D6E-4B4A-87AF-0C1893C593DB}
[2012/08/06 08:00:43 | 000,000,000 | ---D | C] -- C:\Users\Cravers\AppData\Local\{86CBAE9F-49A8-43F8-B04A-8FFE22437F4C}
[2012/08/05 20:00:14 | 000,000,000 | ---D | C] -- C:\Users\Cravers\AppData\Local\{A9813D7A-5551-471D-B1E4-ED061EE618DA}
[2012/08/05 19:59:52 | 000,000,000 | ---D | C] -- C:\Users\Cravers\AppData\Local\{19FB5AE7-51DC-4372-9048-83DEFE4689F9}
[2012/08/05 07:25:44 | 000,000,000 | ---D | C] -- C:\Users\Cravers\AppData\Local\{FE29098B-E5D2-4C34-89AA-29859D1E98B9}
[2012/08/05 07:25:21 | 000,000,000 | ---D | C] -- C:\Users\Cravers\AppData\Local\{EA218DD9-3BDE-49DA-8BC2-229B9D444556}
[2012/08/04 19:07:49 | 000,000,000 | ---D | C] -- C:\Users\Cravers\AppData\Local\{342C4F73-F0B2-4A44-B45B-016AE6E1BF16}
[2012/08/04 19:07:25 | 000,000,000 | ---D | C] -- C:\Users\Cravers\AppData\Local\{AA56A065-C9A5-4233-BDFC-4E824865AB78}
[2012/08/04 07:06:50 | 000,000,000 | ---D | C] -- C:\Users\Cravers\AppData\Local\{0058B95B-2F64-4D65-ACA8-EC6ECB1C7508}
[2012/08/03 09:12:30 | 000,000,000 | ---D | C] -- C:\Users\Cravers\AppData\Local\{7E33F082-6BD4-4AD8-8857-C431FF50BD4B}
[2012/08/03 09:12:07 | 000,000,000 | ---D | C] -- C:\Users\Cravers\AppData\Local\{8342625C-DCCF-4C7D-B143-B95378825434}
[2012/08/02 20:27:46 | 000,000,000 | ---D | C] -- C:\Users\Cravers\AppData\Local\{98C5389B-2E64-4E3E-8714-BAAB5B63C919}
[2012/08/02 07:50:03 | 000,000,000 | ---D | C] -- C:\Users\Cravers\AppData\Local\{B88F67AD-C50C-4609-9BB3-4B2711494C0D}
[2012/08/02 07:49:40 | 000,000,000 | ---D | C] -- C:\Users\Cravers\AppData\Local\{CAEF0EA6-AC89-4213-85C7-8E8439D62C0E}
[2012/08/01 19:49:14 | 000,000,000 | ---D | C] -- C:\Users\Cravers\AppData\Local\{62FE0603-012D-4E25-81EE-56CC46A8B778}
[2012/08/01 07:19:44 | 000,000,000 | ---D | C] -- C:\Users\Cravers\AppData\Local\{BC309ECB-1BE5-44F2-B8BA-853FB0F16C50}
[2012/08/01 07:19:33 | 000,000,000 | ---D | C] -- C:\Users\Cravers\AppData\Local\{AB7200E7-A8DD-4FB9-8BB5-52AC69718F6F}
[2012/07/31 07:59:08 | 000,000,000 | ---D | C] -- C:\Users\Cravers\AppData\Local\{A9B05FFA-0636-48D9-8830-7C0B01C9E79D}
[2012/07/31 07:58:45 | 000,000,000 | ---D | C] -- C:\Users\Cravers\AppData\Local\{41A398B9-3949-45C7-91E6-036A33FAB5ED}
[2012/07/30 19:58:15 | 000,000,000 | ---D | C] -- C:\Users\Cravers\AppData\Local\{AB590BCE-DEB8-4B65-98F7-4B365026B12E}
[2012/07/30 07:42:22 | 000,000,000 | ---D | C] -- C:\Users\Cravers\AppData\Local\{33990E27-33E6-4E49-B196-A83C9568CB1F}
[2012/07/30 07:42:00 | 000,000,000 | ---D | C] -- C:\Users\Cravers\AppData\Local\{B868F459-1278-4692-B5B5-B94C9D326A85}
[2012/07/29 19:41:30 | 000,000,000 | ---D | C] -- C:\Users\Cravers\AppData\Local\{1B62D7AC-E935-4793-A404-F5BE4D36930F}
[2012/07/29 19:41:12 | 000,000,000 | ---D | C] -- C:\Users\Cravers\AppData\Local\{A2256D30-44F9-413A-B62F-3BA48F24A060}