Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Security Shield 2012 and Mossysky(?) Cleanup Assistance


  • Please log in to reply

#1
thatguy7

thatguy7

    Member

  • Member
  • PipPip
  • 76 posts
The computer had Security Shield 2012 running rampant on it. I was able to do a system restore that made the computer functional. There were two anti virus programs installed, so I removed McAfee and left MSE.

Ran MBAM (per removal forum) and am providing the log below. After running MBAM, I ran OTL and am also providing that log below.

Thanks in advance for your help!

MBAM

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.22.05

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Kristi Jensen :: KRISTI-PC [administrator]

3/22/2012 11:06:04 PM
mbam-log-2012-03-22 (23-06-04).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 208607
Time elapsed: 6 minute(s), 15 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 3
HKCU\Software\mossyskysa (Adware.HotBar.MS) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\MossySky (Adware.HotBar.MS) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MossySkySA (Adware.HotBar.MS) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 5
C:\ProgramData\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MossySky (Adware.HotBar.MS) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MossySky\bin (Adware.HotBar.MS) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MossySky\bin\1.0.16.0 (Adware.HotBar.MS) -> Quarantined and deleted successfully.
C:\ProgramData\MossySkySA (Adware.HotBar.MS) -> Quarantined and deleted successfully.

Files Detected: 7
C:\Program Files (x86)\MossySky\bin\1.0.16.0\copyright.txt (Adware.HotBar.MS) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MossySky\bin\1.0.16.0\MossySkySACB.exe (Adware.HotBar.MS) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MossySky\bin\1.0.16.0\MossySkySAHook.dll (Adware.HotBar.MS) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MossySky\bin\1.0.16.0\MossySkyUninstaller.exe (Adware.HotBar.MS) -> Quarantined and deleted successfully.
C:\ProgramData\MossySkySA\MossySkySA.dat (Adware.HotBar.MS) -> Quarantined and deleted successfully.
C:\ProgramData\MossySkySA\MossySkySAau.dat (Adware.HotBar.MS) -> Quarantined and deleted successfully.
C:\ProgramData\MossySkySA\MossySkySA_kyf_update.dat (Adware.HotBar.MS) -> Quarantined and deleted successfully.

(end)


OTL LOG:
OTL logfile created on: 3/22/2012 11:24:33 PM - Run 2
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Replaced Info\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 2.39 Gb Available Physical Memory | 62.91% Memory free
7.60 Gb Paging File | 6.05 Gb Available in Paging File | 79.63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 286.31 Gb Total Space | 221.01 Gb Free Space | 77.19% Space Free | Partition Type: NTFS
Drive D: | 2.06 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: KRISTI-PC | User Name: Replaced Info | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/22 22:37:36 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Replaced Info\Desktop\OTL.exe
PRC - [2012/01/14 17:00:51 | 000,135,608 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe
PRC - [2012/01/03 07:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2010/09/13 12:48:14 | 000,097,384 | R--- | M] (Amazon.com) -- C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe
PRC - [2010/09/13 12:48:12 | 000,025,704 | R--- | M] (Amazon.com) -- C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
PRC - [2010/09/07 10:47:18 | 000,202,048 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
PRC - [2010/09/07 10:47:08 | 000,664,896 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
PRC - [2010/03/18 13:57:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/03/18 13:56:56 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/08/24 16:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe
PRC - [2007/09/11 01:45:04 | 000,124,832 | ---- | M] () -- C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
PRC - [2007/09/11 01:43:54 | 000,067,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe
PRC - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/16 15:25:08 | 012,431,360 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ff30db6905f8ec024fc808ed8779c0f3\System.Windows.Forms.ni.dll
MOD - [2012/02/16 15:25:00 | 001,586,688 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\a09ee392fa90849f2e9313a1ebbe0279\System.Drawing.ni.dll
MOD - [2012/02/16 15:24:33 | 005,452,800 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d49f4cb0755ccc34cd35ff96dc2ef9e3\System.Xml.ni.dll
MOD - [2012/02/16 15:24:24 | 007,952,384 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\1f14b3e1ee0847f8662f513e67f92547\System.ni.dll
MOD - [2011/10/13 20:28:01 | 011,490,304 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll
MOD - [2010/09/07 10:47:08 | 000,664,896 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
MOD - [2010/08/10 00:01:06 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/04/27 17:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011/04/27 17:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/02/25 20:00:32 | 000,252,928 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2010/02/23 18:57:42 | 000,835,952 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2010/02/05 18:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/11/05 23:05:28 | 000,489,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2009/07/28 16:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/01/14 17:00:51 | 000,135,608 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
SRV - [2012/01/03 07:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/02/28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/11/19 21:04:47 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/09/13 12:48:12 | 000,025,704 | R--- | M] (Amazon.com) [Auto | Running] -- C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe -- (ADVService)
SRV - [2010/09/07 10:47:18 | 000,202,048 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
SRV - [2010/04/03 17:01:24 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/03/18 13:57:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2010/03/18 13:56:56 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/06 10:21:50 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009/08/24 16:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe -- (PCCUJobMgr)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/09/11 01:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)
SRV - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/04/27 15:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2011/03/11 00:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/18 16:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/11/19 21:00:47 | 000,052,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/09/23 01:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/06/18 15:09:42 | 000,030,208 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motmodem.sys -- (motmodem)
DRV:64bit: - [2010/06/18 14:42:40 | 000,020,992 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgp.sys -- (motccgp)
DRV:64bit: - [2010/04/01 14:44:06 | 000,026,624 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Motousbnet.sys -- (Motousbnet)
DRV:64bit: - [2010/03/31 00:50:16 | 000,724,536 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2010/03/24 14:55:56 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/03/10 19:51:32 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/02/22 19:03:42 | 000,075,304 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010/02/20 09:24:34 | 010,300,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/02/12 16:49:16 | 000,877,088 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192Ce.sys -- (rtl8192Ce)
DRV:64bit: - [2010/02/10 16:01:58 | 000,158,720 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/08 22:57:22 | 000,239,136 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/01/25 19:57:54 | 000,010,240 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motusbdevice.sys -- (motusbdevice)
DRV:64bit: - [2009/09/17 14:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009/07/30 21:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 16:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 19:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/22 18:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2009/06/19 20:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009/06/15 14:58:50 | 000,012,800 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\QIOMem.sys -- (QIOMem)
DRV:64bit: - [2009/06/10 15:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 15:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 15:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/01/29 17:18:12 | 000,009,216 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgpfl.sys -- (motccgpfl)
DRV:64bit: - [2009/01/29 17:11:38 | 000,006,144 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motfilt.sys -- (BTCFilterService)
DRV:64bit: - [2007/11/02 15:52:02 | 000,008,576 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motswch.sys -- (MotoSwitchService)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {149DF522-D092-430F-ADAD-63CCDE2E24C8}
IE:64bit: - HKLM\..\SearchScopes\{149DF522-D092-430F-ADAD-63CCDE2E24C8}: "URL" = http://www.google.co...ng}&rlz=1I7TSND
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=TSND&bmod=TSND
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=TSND&bmod=TSND
IE - HKLM\..\SearchScopes,DefaultScope = {4771967F-AF19-4BBE-B4B1-AD2E27F28BF9}
IE - HKLM\..\SearchScopes\{4771967F-AF19-4BBE-B4B1-AD2E27F28BF9}: "URL" = http://www.google.co...ng}&rlz=1I7TSND

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=TSND&bmod=TSND
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=TSND&bmod=TSND
IE - HKCU\..\SearchScopes,DefaultScope = {BB1C6E14-FCEE-4F6F-8B52-2FE52F333D4B}
IE - HKCU\..\SearchScopes\{4771967F-AF19-4BBE-B4B1-AD2E27F28BF9}: "URL" = http://www.google.co...ng}&rlz=1I7TSND
IE - HKCU\..\SearchScopes\{BB1C6E14-FCEE-4F6F-8B52-2FE52F333D4B}: "URL" = http://www.google.co...ND_enUS402US402
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.blogspot.com/"
FF - prefs.js..network.proxy.no_proxies_on: "localho,t,127.0.0.1,*.local,192.168.0.0/16"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/03/22 22:21:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/04/21 19:30:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Replaced Info\AppData\Roaming\Mozilla\Extensions
[2011/11/10 22:50:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/11/09 20:29:56 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/02/17 11:41:33 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/02/15 20:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/02/15 20:00:00 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe (Toshiba)
O4 - HKLM..\Run: [QuickFinder Scheduler] c:\Program Files (x86)\Corel\WordPerfect Office X5\Programs\QFSCHD150.EXE (Corel Corporation)
O4 - HKLM..\Run: [ToshibaAppPlace] C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe (Toshiba)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Open with WordPerfect - c:\Program Files (x86)\Corel\WordPerfect Office X5\Programs\WPLauncher.hta ()
O8 - Extra context menu item: Open with WordPerfect - c:\Program Files (x86)\Corel\WordPerfect Office X5\Programs\WPLauncher.hta ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnime...veX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.150.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D87989E5-7382-4106-8B32-E86289E6B3E0}: DhcpNameServer = 10.150.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F15FB5BA-2071-4066-959B-12714FF829F1}: DhcpNameServer = 192.168.0.1 205.171.3.25
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{b1d58e79-7610-11e0-a665-60eb69471da3}\Shell - "" = AutoRun
O33 - MountPoints2\{b1d58e79-7610-11e0-a665-60eb69471da3}\Shell\AutoRun\command - "" = E:\setup.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/22 23:03:53 | 000,000,000 | ---D | C] -- C:\Users\Replaced Info\AppData\Local\{415BBCAA-DE50-4958-A37C-B819DCC89F8F}
[2012/03/22 23:01:46 | 000,000,000 | ---D | C] -- C:\Users\Replaced Info\AppData\Local\{71C24417-9290-45ED-AABD-988A15D0D004}
[2012/03/22 22:37:32 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Replaced Info\Desktop\OTL.exe
[2012/03/22 22:24:11 | 000,000,000 | ---D | C] -- C:\Users\Replaced Info\AppData\Local\{39EE58EF-1E57-4BE6-96CD-97DF6F2679C1}
[2012/03/22 22:12:23 | 000,000,000 | ---D | C] -- C:\Users\Replaced Info\AppData\Local\{83733D45-D3F8-488F-94F0-1EEE0894FD09}
[2012/03/20 10:32:01 | 000,000,000 | ---D | C] -- C:\Users\Replaced Info\AppData\Local\{34EA59DE-0A82-402D-8DD9-E4B95DEE4ECC}
[2012/03/20 10:31:50 | 000,000,000 | ---D | C] -- C:\Users\Replaced Info\AppData\Local\{28CBB7C4-A777-4A50-859E-BE8B6A81EA45}
[2012/03/19 11:58:07 | 000,000,000 | ---D | C] -- C:\Users\Replaced Info\AppData\Local\{A8A05AD5-2D98-4F40-A3EF-84A3A2ABEE6F}
[2012/03/19 11:57:57 | 000,000,000 | ---D | C] -- C:\Users\Replaced Info\AppData\Local\{6FC2B200-4AE5-4223-85CF-1577DA10B79D}
[2012/03/18 17:34:55 | 000,000,000 | ---D | C] -- C:\Users\Replaced Info\AppData\Local\{51DF2228-96A1-419B-B2F2-4EA657B0260C}
[2012/03/18 17:34:10 | 000,000,000 | ---D | C] -- C:\Users\Replaced Info\AppData\Local\{D1873B70-1E44-464C-B04A-B682562A8B71}
[2012/03/18 08:26:03 | 000,000,000 | ---D | C] -- C:\Users\Replaced Info\AppData\Local\{3ADA5708-BDCF-414A-B1F4-71999F7811BD}
[2012/03/17 16:06:57 | 000,000,000 | ---D | C] -- C:\Users\Replaced Info\AppData\Local\{5A9674B6-7B28-4CB5-B7E3-1818F8E517C4}
[2012/03/17 16:06:43 | 000,000,000 | ---D | C] -- C:\Users\Replaced Info\AppData\Local\{D710396C-C2E0-4FA2-9186-D6524BB97CD8}
[2012/03/16 23:12:45 | 000,000,000 | ---D | C] -- C:\Users\Replaced Info\AppData\Local\{6CDEFD68-5F08-4917-B68B-68014B0E1045}
[2012/03/16 23:12:33 | 000,000,000 | ---D | C] -- C:\Users\Replaced Info\AppData\Local\{23214BB1-83DD-4747-B57F-960AAFD323C2}
[2012/03/16 10:41:13 | 000,000,000 | ---D | C] -- C:\Users\Replaced Info\AppData\Local\{04999278-BC98-4B86-9D81-D2D886B3BAF3}
[2012/03/16 10:40:55 | 000,000,000 | ---D | C] -- C:\Users\Replaced Info\AppData\Local\{64415FC2-BE1C-4167-8FD6-7FDBFA368F96}
[2012/03/14 12:59:15 | 000,000,000 | ---D | C] -- C:\Users\Replaced Info\AppData\Local\{673EF8BA-79C6-4436-A1B0-3E50727B4F0E}
[2012/03/14 12:59:02 | 000,000,000 | ---D | C] -- C:\Users\Replaced Info\AppData\Local\{E8CFD65B-42A6-4881-B4AE-5A5D754AA94E}
[2012/03/13 12:32:22 | 000,000,000 | ---D | C] -- C:\Users\Replaced Info\AppData\Local\{79E5BDDE-2D52-4390-8D8D-341C15AA4AE0}
[2012/03/13 12:32:09 | 000,000,000 | ---D | C] -- C:\Users\Replaced Info\AppData\Local\{6EFBDBAD-B668-4B30-8EB2-430BBD098B66}
[2012/03/12 19:21:27 | 000,000,000 | ---D | C] -- C:\Users\Replaced Info\AppData\Local\{8934CDB6-75D2-4BF2-B3E6-28605E6AE427}
[2012/03/12 19:21:16 | 000,000,000 | ---D | C] -- C:\Users\Replaced Info\AppData\Local\{A920FFCC-348D-4E2A-8F8B-3BE38D353A38}
[2012/03/11 22:13:47 | 000,000,000 | ---D | C] -- C:\Users\Replaced Info\AppData\Local\{5893F9D1-5283-41A6-97CD-2AC1E3361C32}
[2012/03/11 22:13:34 | 000,000,000 | ---D | C] -- C:\Users\Replaced Info\AppData\Local\{89C8AFC2-8EE4-491A-B166-3AC55169E6BC}
[2012/03/10 12:15:12 | 000,000,000 | ---D | C] -- C:\Users\Replaced Info\AppData\Local\{A6AAE3A5-BC41-4C56-9769-4253440430BD}
[2012/03/10 12:14:56 | 000,000,000 | ---D | C] -- C:\Users\Replaced Info\AppData\Local\{6C238E54-C9F6-490D-8C12-CC0E84C40839}
[2012/03/08 14:31:03 | 000,000,000 | ---D | C] -- C:\Users\Replaced Info\AppData\Local\{F4C6B781-0C71-4105-91C7-AE94E5E0E989}
[2012/03/08 14:30:51 | 000,000,000 | ---D | C] -- C:\Users\Replaced Info\AppData\Local\{2AC638FF-587B-4FE0-85B7-5CDB857D52D4}
[2012/03/06 18:54:52 | 000,000,000 | ---D | C] -- C:\Users\Replaced Info\AppData\Local\{3AD9870E-2E60-49C0-BB2A-62AC45CE59FC}
[2012/03/06 18:54:41 | 000,000,000 | ---D | C] -- C:\Users\Replaced Info\AppData\Local\{00A680C8-C8F9-42AE-8131-AA3D0C44433D}
[2012/03/05 20:03:32 | 000,000,000 | ---D | C] -- C:\Users\Replaced Info\AppData\Local\{534B0208-A5ED-4374-ABEC-C025D7BFEAF0}
[2012/03/05 20:03:16 | 000,000,000 | ---D | C] -- C:\Users\Replaced Info\AppData\Local\{2AA63C1E-D775-46DE-B235-80C0E91C7F3D}
[2012/03/05 15:38:14 | 000,000,000 | ---D | C] -- C:\Users\Replaced Info\AppData\Local\{BFDE69CD-649B-4BA8-A374-B813494A82E2}
[2012/03/05 15:37:55 | 000,000,000 | ---D | C] -- C:\Users\Replaced Info\AppData\Local\{1FD562AC-00AA-4C39-95B5-87D3E296D5F5}
[2012/03/04 15:15:20 | 000,000,000 | ---D | C] -- C:\Users\Replaced Info\AppData\Local\{5413C550-E2D8-4542-9157-CD14C5845E2F}
[2012/03/04 15:15:09 | 000,000,000 | ---D | C] -- C:\Users\Replaced Info\AppData\Local\{0CBF1221-0366-43D6-AF99-722C799234C5}
[2012/03/03 20:22:20 | 000,000,000 | ---D | C] -- C:\Users\Replaced Info\AppData\Local\{0D562CF5-8FEB-4003-BC13-BF47789FA0BC}
[2012/03/03 20:22:07 | 000,000,000 | ---D | C] -- C:\Users\Replaced Info\AppData\Local\{B6CFBCD8-C356-4BA1-B326-E24BF011EA6F}
[2012/03/02 12:30:34 | 000,000,000 | ---D | C] -- C:\Users\Replaced Info\AppData\Local\{62F8D83A-8710-4DDA-A083-AB6AC30419B2}
[2012/03/02 12:30:22 | 000,000,000 | ---D | C] -- C:\Users\Replaced Info\AppData\Local\{79C30B7C-BBD3-4E01-936B-9C7A0254B51F}
[2012/03/01 17:52:20 | 000,000,000 | ---D | C] -- C:\Users\Replaced Info\AppData\Local\{66E2A95E-1EE6-4B48-B374-DD839F816EFC}
[2012/03/01 17:52:09 | 000,000,000 | ---D | C] -- C:\Users\Replaced Info\AppData\Local\{B56EAD29-735B-404C-B531-CF2DD85D1138}
[2012/03/01 15:02:21 | 000,000,000 | ---D | C] -- C:\Users\Replaced Info\AppData\Local\{DADF61AC-649A-4324-BDEE-AF4DCB0C9CB5}
[2012/03/01 15:02:05 | 000,000,000 | ---D | C] -- C:\Users\Replaced Info\AppData\Local\{33D0BC4D-66DB-48D0-83DF-EB61A768C7B3}
[2012/02/29 17:52:59 | 000,000,000 | ---D | C] -- C:\Users\Replaced Info\AppData\Local\{11FB6AE6-F646-4684-96D0-9090B1DBC3E8}
[2012/02/29 17:52:49 | 000,000,000 | ---D | C] -- C:\Users\Replaced Info\AppData\Local\{9E78A240-3CB9-444C-9624-2D7595DBCAE1}
[2012/02/28 15:26:44 | 000,000,000 | ---D | C] -- C:\Users\Replaced Info\AppData\Local\{95CE4E74-E68D-4BEA-AD24-8FE2F1E5C396}
[2012/02/28 15:26:34 | 000,000,000 | ---D | C] -- C:\Users\Replaced Info\AppData\Local\{4DEC3C85-CFA2-43AF-B567-F432F9F8C965}
[2012/02/26 19:45:23 | 000,000,000 | ---D | C] -- C:\Users\Replaced Info\AppData\Local\{5FB66B42-5156-4323-B69A-147BA637607D}
[2012/02/26 19:45:09 | 000,000,000 | ---D | C] -- C:\Users\Replaced Info\AppData\Local\{8DADD4E0-DDFB-4B2B-9C53-2BD71DE6DE60}
[2012/02/24 17:39:11 | 000,000,000 | ---D | C] -- C:\Users\Replaced Info\AppData\Local\{38ED2DE7-7797-44B5-849D-8CD69EF9794F}
[2012/02/24 17:39:00 | 000,000,000 | ---D | C] -- C:\Users\Replaced Info\AppData\Local\{AC756EEC-42F0-4C5A-AAAA-114C9D151367}
[2012/02/23 23:43:03 | 000,000,000 | ---D | C] -- C:\Users\Replaced Info\AppData\Local\{07AF6B66-978A-4D8B-9904-C922D4055111}
[2012/02/23 23:42:47 | 000,000,000 | ---D | C] -- C:\Users\Replaced Info\AppData\Local\{598EBEE7-6901-4E04-B6C3-7B1E321B5453}
[2012/02/23 11:42:18 | 000,000,000 | ---D | C] -- C:\Users\Replaced Info\AppData\Local\{0279D1FD-26BE-401A-8E30-15C9ED0D0640}
[2012/02/23 11:42:08 | 000,000,000 | ---D | C] -- C:\Users\Replaced Info\AppData\Local\{1A99EEE4-4B6F-4D83-9C95-A64D41C4B74D}

========== Files - Modified Within 30 Days ==========

[2012/03/22 23:27:06 | 000,729,880 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/03/22 23:27:06 | 000,626,512 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/03/22 23:27:06 | 000,107,756 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/03/22 23:26:54 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/03/22 23:21:26 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/22 23:20:56 | 3062,255,616 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/22 23:12:02 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/22 23:08:57 | 000,015,792 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/22 23:08:57 | 000,015,792 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/22 22:37:36 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Replaced Info\Desktop\OTL.exe
[2012/03/16 11:12:18 | 003,690,064 | ---- | M] () -- C:\Users\Replaced Info\Documents\10-Hr Construction_SG_1.2.pdf
[2012/03/14 13:09:30 | 000,782,016 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012/02/23 12:09:56 | 000,001,448 | ---- | M] () -- C:\Users\Replaced Info\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/02/23 11:51:21 | 000,072,822 | ---- | M] () -- C:\windows\SysWow64\ieuinit.inf
[2012/02/23 11:51:18 | 000,072,822 | ---- | M] () -- C:\windows\SysNative\ieuinit.inf

========== Files Created - No Company Name ==========

[2012/03/16 11:12:18 | 003,690,064 | ---- | C] () -- C:\Users\Replaced Info\Documents\10-Hr Construction_SG_1.2.pdf
[2012/02/23 12:09:55 | 000,001,420 | ---- | C] () -- C:\Users\Replaced Info\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2012/02/23 11:51:21 | 000,072,822 | ---- | C] () -- C:\windows\SysWow64\ieuinit.inf
[2012/02/23 11:51:18 | 000,072,822 | ---- | C] () -- C:\windows\SysNative\ieuinit.inf
[2011/07/04 19:35:56 | 000,000,000 | ---- | C] () -- C:\Users\Replaced Info\AppData\Local\{D3EB9C63-14E7-4B58-8914-852F4CCFED7E}
[2011/04/21 19:58:52 | 000,743,534 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/03/10 20:56:07 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/11/23 01:38:07 | 000,021,840 | ---- | C] () -- C:\windows\SysWow64\SIntfNT.dll
[2010/11/23 01:38:07 | 000,017,212 | ---- | C] () -- C:\windows\SysWow64\SIntf32.dll
[2010/11/23 01:38:07 | 000,012,067 | ---- | C] () -- C:\windows\SysWow64\SIntf16.dll
[2010/11/23 01:25:01 | 000,038,782 | ---- | C] () -- C:\windows\DIIUnin.dat
[2010/11/19 21:00:23 | 000,000,209 | ---- | C] () -- C:\windows\ODBCINST.INI
[2010/11/18 16:10:16 | 000,000,008 | RHS- | C] () -- C:\ProgramData\194E7210C7.sys
[2010/11/01 22:03:04 | 000,003,766 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys

========== LOP Check ==========

[2010/10/23 14:56:30 | 000,000,000 | ---D | M] -- C:\Users\Replaced Info\AppData\Roaming\Book Place
[2011/11/08 22:43:03 | 000,000,000 | ---D | M] -- C:\Users\Replaced Info\AppData\Roaming\go
[2010/10/23 17:29:33 | 000,000,000 | ---D | M] -- C:\Users\Replaced Info\AppData\Roaming\Tific
[2010/10/23 15:06:12 | 000,000,000 | ---D | M] -- C:\Users\Replaced Info\AppData\Roaming\Toshiba
[2010/11/23 11:40:39 | 000,000,000 | ---D | M] -- C:\Users\Replaced Info\AppData\Roaming\WildTangent
[2010/10/23 14:48:42 | 000,000,000 | ---D | M] -- C:\Users\Replaced Info\AppData\Roaming\WinBatch
[2012/03/14 19:16:14 | 000,032,568 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

Advertisements


#2
BlackOxide

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Hi, thatguy7! My name is BlackOxide and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any queries or you are unsure about anything, just say and I'll help you out :)

It may well be worth you printing/saving the instructions throughout the fix, so you have them to hand just incase you are unable to access this site.

Please note the following:
  • Remember to post your logs, not attach them. So, any logs from any programs we run, should be just 'copied & pasted' into your reply, unless I specifically need you to attach them.
  • Please only run the tools that I request. I know malware can be frustrating but running other tools in the meantime and between posts, only makes it harder for me to analyse and fix your PC in the long run.
  • I will always try and respond to replies as soon as possible, but please be patient as some logs require more time than others to fully analyse.
  • If you are not sure of anything along the way, just ask.

OK, lets start ;)

First of all, sorry for the delay, it seems to be very busy on here lately. Lets start getting this resolved :)

Could you do the following for me please....




1)
OTL Quick Scan
  • Double click on the OTL icon to run it.
  • When the window appears, underneath Output at the top, make sure Standard Output is selected.
  • Tick the Scan All Users box at the top
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open a notepad window.
  • Please post the contents of this log



2)
Download aswMBR.exe (1.8mb) to your desktop.

Double click aswMBR.exe to run it.

If it asks to download the Avast defintions, just click No.

Click the "Scan" button to start the scan.

Posted Image


On completion of the scan click save log, save it to your desktop and post it in your next reply.

Posted Image



3)
Can you give me an update as to how the PC is running and if there is any further information/updates I need to know about since the last time you posted.




In your next reply
Please post the contents of...
OTL log
aswMBR log
Update on how the PC is running

  • 0

#3
thatguy7

thatguy7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 76 posts
Thank you for your help! Below are all requests

1. OTL LOG

OTL logfile created on: 3/28/2012 2:55:09 PM - Run 3
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Kristi Replaced\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 2.20 Gb Available Physical Memory | 57.79% Memory free
7.60 Gb Paging File | 5.83 Gb Available in Paging File | 76.73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 286.31 Gb Total Space | 220.60 Gb Free Space | 77.05% Space Free | Partition Type: NTFS
Drive D: | 2.06 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: KRISTI-PC | User Name: Kristi Replaced | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/22 22:37:36 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Kristi Replaced\Desktop\OTL.exe
PRC - [2012/01/03 07:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2010/09/13 12:48:14 | 000,097,384 | R--- | M] (Amazon.com) -- C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe
PRC - [2010/09/13 12:48:12 | 000,025,704 | R--- | M] (Amazon.com) -- C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
PRC - [2010/09/07 10:47:18 | 000,202,048 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
PRC - [2010/09/07 10:47:08 | 000,664,896 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
PRC - [2010/03/18 13:56:56 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/08/24 16:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe
PRC - [2009/07/13 19:14:47 | 000,254,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2007/09/11 01:45:04 | 000,124,832 | ---- | M] () -- C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
PRC - [2007/09/11 01:43:54 | 000,067,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe
PRC - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/16 15:25:08 | 012,431,360 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms

\ff30db6905f8ec024fc808ed8779c0f3\System.Windows.Forms.ni.dll
MOD - [2012/02/16 15:25:00 | 001,586,688 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing

\a09ee392fa90849f2e9313a1ebbe0279\System.Drawing.ni.dll
MOD - [2012/02/16 15:24:33 | 005,452,800 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d49f4cb0755ccc34cd35ff96dc2ef9e3\System.Xml.ni.dll
MOD - [2012/02/16 15:24:24 | 007,952,384 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\1f14b3e1ee0847f8662f513e67f92547\System.ni.dll
MOD - [2011/10/13 20:28:01 | 011,490,304 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll
MOD - [2010/09/07 10:47:08 | 000,664,896 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
MOD - [2010/08/10 00:01:06 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/04/27 17:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client

\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011/04/27 17:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware

\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe --

(wlcrasvc)
SRV:64bit: - [2010/02/25 20:00:32 | 000,252,928 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA

eco Utility Service)
SRV:64bit: - [2010/02/23 18:57:42 | 000,835,952 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe --

(TPCHSrv)
SRV:64bit: - [2010/02/05 18:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert

\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/11/05 23:05:28 | 000,489,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe --

(TosCoSrv)
SRV:64bit: - [2009/07/28 16:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll --

(WinDefend)
SRV - [2012/01/14 17:00:51 | 000,135,608 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Norton PC Checkup\Engine

\2.0.3.198\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
SRV - [2012/01/03 07:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe --

(AdobeARMservice)
SRV - [2011/02/28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/11/19 21:04:47 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet

Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/09/13 12:48:12 | 000,025,704 | R--- | M] (Amazon.com) [Auto | Running] -- C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe --

(ADVService)
SRV - [2010/09/07 10:47:18 | 000,202,048 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
SRV - [2010/04/03 17:01:24 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console

\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/03/18 13:57:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS

\UNS.exe -- (UNS) Intel®
SRV - [2010/03/18 13:56:56 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS

\LMS.exe -- (LMS) Intel®
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe --

(clr_optimization_v4.0.30319_32)
SRV - [2009/10/06 10:21:50 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station

\TMachInfo.exe -- (TMachInfo)
SRV - [2009/08/24 16:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe

-- (PCCUJobMgr)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe --

(clr_optimization_v2.0.50727_32)
SRV - [2007/09/11 01:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe --

(AdobeActiveFileMonitor6.0)
SRV - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

-- (PSI_SVC_2)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/04/27 15:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys

-- (NisDrv)
DRV:64bit: - [2011/03/11 00:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys

-- (amdsata)
DRV:64bit: - [2011/03/11 00:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys --

(amdxata)
DRV:64bit: - [2011/02/18 16:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys --

(USBAAPL64)
DRV:64bit: - [2010/11/19 21:00:47 | 000,052,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys --

(PxHlpa64)
DRV:64bit: - [2010/09/23 01:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys

-- (fssfltr)
DRV:64bit: - [2010/06/18 15:09:42 | 000,030,208 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motmodem.sys -- (motmodem)
DRV:64bit: - [2010/06/18 14:42:40 | 000,020,992 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgp.sys -- (motccgp)
DRV:64bit: - [2010/04/01 14:44:06 | 000,026,624 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Motousbnet.sys --

(Motousbnet)
DRV:64bit: - [2010/03/31 00:50:16 | 000,724,536 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys

-- (CnxtHdAudService)
DRV:64bit: - [2010/03/24 14:55:56 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/03/10 19:51:32 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys --

(SynTP)
DRV:64bit: - [2010/02/22 19:03:42 | 000,075,304 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers

\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010/02/20 09:24:34 | 010,300,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys --

(igfx)
DRV:64bit: - [2010/02/12 16:49:16 | 000,877,088 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:

\Windows\SysNative\drivers\rtl8192Ce.sys -- (rtl8192Ce)
DRV:64bit: - [2010/02/10 16:01:58 | 000,158,720 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys --

(Impcd)
DRV:64bit: - [2010/02/08 22:57:22 | 000,239,136 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers

\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/01/25 19:57:54 | 000,010,240 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motusbdevice.sys --

(motusbdevice)
DRV:64bit: - [2009/09/17 14:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys --

(HECIx64) Intel®
DRV:64bit: - [2009/07/30 21:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys

-- (tdcmdpst)
DRV:64bit: - [2009/07/14 16:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS --

(TVALZ)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys --

(amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys --

(LSI_SAS2)
DRV:64bit: - [2009/07/13 19:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys

-- (HpSAMD)
DRV:64bit: - [2009/07/13 19:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys --

(Fs_Rec)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys --

(stexstor)
DRV:64bit: - [2009/06/22 18:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys --

(PGEffect)
DRV:64bit: - [2009/06/19 20:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys --

(TVALZFL)
DRV:64bit: - [2009/06/15 14:58:50 | 000,012,800 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\QIOMem.sys -- (QIOMem)
DRV:64bit: - [2009/06/10 15:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS

-- (SrvHsfV92)
DRV:64bit: - [2009/06/10 15:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS

-- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 15:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS

-- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys --

(ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys --

(b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys

-- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers

\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys

-- (GEARAspiWDM)
DRV:64bit: - [2009/01/29 17:18:12 | 000,009,216 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgpfl.sys --

(motccgpfl)
DRV:64bit: - [2009/01/29 17:11:38 | 000,006,144 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motfilt.sys --

(BTCFilterService)
DRV:64bit: - [2007/11/02 15:52:02 | 000,008,576 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motswch.sys --

(MotoSwitchService)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys --

(WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {149DF522-D092-430F-ADAD-63CCDE2E24C8}
IE:64bit: - HKLM\..\SearchScopes\{149DF522-D092-430F-ADAD-63CCDE2E24C8}: "URL" = http://www.google.co...=com.microsoft:

{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSND
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=TSND&bmod=TSND
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=TSND&bmod=TSND
IE - HKLM\..\SearchScopes,DefaultScope = {4771967F-AF19-4BBE-B4B1-AD2E27F28BF9}
IE - HKLM\..\SearchScopes\{4771967F-AF19-4BBE-B4B1-AD2E27F28BF9}: "URL" = http://www.google.co...oft:{language}:

{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSND


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-529817530-4253198526-2575106538-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...redirectdomain?

brand=TSND&bmod=TSND
IE - HKU\S-1-5-21-529817530-4253198526-2575106538-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-529817530-4253198526-2575106538-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...redirectdomain?

brand=TSND&bmod=TSND
IE - HKU\S-1-5-21-529817530-4253198526-2575106538-1001\..\SearchScopes,DefaultScope = {BB1C6E14-FCEE-4F6F-8B52-2FE52F333D4B}
IE - HKU\S-1-5-21-529817530-4253198526-2575106538-1001\..\SearchScopes\{4771967F-AF19-4BBE-B4B1-AD2E27F28BF9}: "URL" = http://www.google.co...sourceid=ie7&q=

{searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSND
IE - HKU\S-1-5-21-529817530-4253198526-2575106538-1001\..\SearchScopes\{BB1C6E14-FCEE-4F6F-8B52-2FE52F333D4B}: "URL" = http://www.google.co...sourceid=ie7&q=

{searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSND_enUS402US402
IE - HKU\S-1-5-21-529817530-4253198526-2575106538-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-529817530-4253198526-2575106538-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.blogspot.com/"
FF - prefs.js..network.proxy.no_proxies_on: "localho,t,127.0.0.1,*.local,192.168.0.0/16"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/03/22 22:21:23 |

000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/04/21 19:30:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kristi Replaced\AppData\Roaming\Mozilla\Extensions
[2012/03/22 23:37:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/11/09 20:29:56 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/03/22 23:37:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012/02/17 11:41:33 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/02/15 20:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/02/15 20:00:00 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google

Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype

Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in

\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

(Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-529817530-4253198526-2575106538-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program

Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe (Toshiba)
O4 - HKLM..\Run: [QuickFinder Scheduler] c:\Program Files (x86)\Corel\WordPerfect Office X5\Programs\QFSCHD150.EXE (Corel Corporation)
O4 - HKLM..\Run: [ToshibaAppPlace] C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe (Toshiba)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Open with WordPerfect - c:\Program Files (x86)\Corel\WordPerfect Office X5\Programs\WPLauncher.hta ()
O8 - Extra context menu item: Open with WordPerfect - c:\Program Files (x86)\Corel\WordPerfect Office X5\Programs\WPLauncher.hta ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype

Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

(Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnime...veX_Control.cab (Photo Upload

Plugin Class)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.150.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D87989E5-7382-4106-8B32-E86289E6B3E0}: DhcpNameServer = 10.150.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F15FB5BA-2071-4066-959B-12714FF829F1}: DhcpNameServer = 192.168.0.1 205.171.3.25
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype

Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{b1d58e79-7610-11e0-a665-60eb69471da3}\Shell - "" = AutoRun
O33 - MountPoints2\{b1d58e79-7610-11e0-a665-60eb69471da3}\Shell\AutoRun\command - "" = E:\setup.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/28 14:55:17 | 000,000,000 | ---D | C] -- C:\Users\Kristi Replaced\AppData\Local\{6C173D95-7B68-4F92-A305-44F395BB0B63}
[2012/03/28 14:54:51 | 000,000,000 | ---D | C] -- C:\Users\Kristi Replaced\AppData\Local\{1BC498CA-8804-48C4-8FE8-7D1B33E3A588}
[2012/03/22 23:39:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/03/22 23:03:53 | 000,000,000 | ---D | C] -- C:\Users\Kristi Replaced\AppData\Local\{415BBCAA-DE50-4958-A37C-B819DCC89F8F}
[2012/03/22 23:01:46 | 000,000,000 | ---D | C] -- C:\Users\Kristi Replaced\AppData\Local\{71C24417-9290-45ED-AABD-988A15D0D004}
[2012/03/22 22:37:32 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Kristi Replaced\Desktop\OTL.exe
[2012/03/22 22:24:11 | 000,000,000 | ---D | C] -- C:\Users\Kristi Replaced\AppData\Local\{39EE58EF-1E57-4BE6-96CD-97DF6F2679C1}
[2012/03/22 22:12:23 | 000,000,000 | ---D | C] -- C:\Users\Kristi Replaced\AppData\Local\{83733D45-D3F8-488F-94F0-1EEE0894FD09}
[2012/03/20 10:32:01 | 000,000,000 | ---D | C] -- C:\Users\Kristi Replaced\AppData\Local\{34EA59DE-0A82-402D-8DD9-E4B95DEE4ECC}
[2012/03/20 10:31:50 | 000,000,000 | ---D | C] -- C:\Users\Kristi Replaced\AppData\Local\{28CBB7C4-A777-4A50-859E-BE8B6A81EA45}
[2012/03/19 11:58:07 | 000,000,000 | ---D | C] -- C:\Users\Kristi Replaced\AppData\Local\{A8A05AD5-2D98-4F40-A3EF-84A3A2ABEE6F}
[2012/03/19 11:57:57 | 000,000,000 | ---D | C] -- C:\Users\Kristi Replaced\AppData\Local\{6FC2B200-4AE5-4223-85CF-1577DA10B79D}
[2012/03/18 17:34:55 | 000,000,000 | ---D | C] -- C:\Users\Kristi Replaced\AppData\Local\{51DF2228-96A1-419B-B2F2-4EA657B0260C}
[2012/03/18 17:34:10 | 000,000,000 | ---D | C] -- C:\Users\Kristi Replaced\AppData\Local\{D1873B70-1E44-464C-B04A-B682562A8B71}
[2012/03/18 08:26:03 | 000,000,000 | ---D | C] -- C:\Users\Kristi Replaced\AppData\Local\{3ADA5708-BDCF-414A-B1F4-71999F7811BD}
[2012/03/17 16:06:57 | 000,000,000 | ---D | C] -- C:\Users\Kristi Replaced\AppData\Local\{5A9674B6-7B28-4CB5-B7E3-1818F8E517C4}
[2012/03/17 16:06:43 | 000,000,000 | ---D | C] -- C:\Users\Kristi Replaced\AppData\Local\{D710396C-C2E0-4FA2-9186-D6524BB97CD8}
[2012/03/16 23:12:45 | 000,000,000 | ---D | C] -- C:\Users\Kristi Replaced\AppData\Local\{6CDEFD68-5F08-4917-B68B-68014B0E1045}
[2012/03/16 23:12:33 | 000,000,000 | ---D | C] -- C:\Users\Kristi Replaced\AppData\Local\{23214BB1-83DD-4747-B57F-960AAFD323C2}
[2012/03/16 10:41:13 | 000,000,000 | ---D | C] -- C:\Users\Kristi Replaced\AppData\Local\{04999278-BC98-4B86-9D81-D2D886B3BAF3}
[2012/03/16 10:40:55 | 000,000,000 | ---D | C] -- C:\Users\Kristi Replaced\AppData\Local\{64415FC2-BE1C-4167-8FD6-7FDBFA368F96}
[2012/03/14 12:59:15 | 000,000,000 | ---D | C] -- C:\Users\Kristi Replaced\AppData\Local\{673EF8BA-79C6-4436-A1B0-3E50727B4F0E}
[2012/03/14 12:59:02 | 000,000,000 | ---D | C] -- C:\Users\Kristi Replaced\AppData\Local\{E8CFD65B-42A6-4881-B4AE-5A5D754AA94E}
[2012/03/13 12:32:22 | 000,000,000 | ---D | C] -- C:\Users\Kristi Replaced\AppData\Local\{79E5BDDE-2D52-4390-8D8D-341C15AA4AE0}
[2012/03/13 12:32:09 | 000,000,000 | ---D | C] -- C:\Users\Kristi Replaced\AppData\Local\{6EFBDBAD-B668-4B30-8EB2-430BBD098B66}
[2012/03/12 19:21:27 | 000,000,000 | ---D | C] -- C:\Users\Kristi Replaced\AppData\Local\{8934CDB6-75D2-4BF2-B3E6-28605E6AE427}
[2012/03/12 19:21:16 | 000,000,000 | ---D | C] -- C:\Users\Kristi Replaced\AppData\Local\{A920FFCC-348D-4E2A-8F8B-3BE38D353A38}
[2012/03/11 22:13:47 | 000,000,000 | ---D | C] -- C:\Users\Kristi Replaced\AppData\Local\{5893F9D1-5283-41A6-97CD-2AC1E3361C32}
[2012/03/11 22:13:34 | 000,000,000 | ---D | C] -- C:\Users\Kristi Replaced\AppData\Local\{89C8AFC2-8EE4-491A-B166-3AC55169E6BC}
[2012/03/10 12:15:12 | 000,000,000 | ---D | C] -- C:\Users\Kristi Replaced\AppData\Local\{A6AAE3A5-BC41-4C56-9769-4253440430BD}
[2012/03/10 12:14:56 | 000,000,000 | ---D | C] -- C:\Users\Kristi Replaced\AppData\Local\{6C238E54-C9F6-490D-8C12-CC0E84C40839}
[2012/03/08 14:31:03 | 000,000,000 | ---D | C] -- C:\Users\Kristi Replaced\AppData\Local\{F4C6B781-0C71-4105-91C7-AE94E5E0E989}
[2012/03/08 14:30:51 | 000,000,000 | ---D | C] -- C:\Users\Kristi Replaced\AppData\Local\{2AC638FF-587B-4FE0-85B7-5CDB857D52D4}
[2012/03/06 18:54:52 | 000,000,000 | ---D | C] -- C:\Users\Kristi Replaced\AppData\Local\{3AD9870E-2E60-49C0-BB2A-62AC45CE59FC}
[2012/03/06 18:54:41 | 000,000,000 | ---D | C] -- C:\Users\Kristi Replaced\AppData\Local\{00A680C8-C8F9-42AE-8131-AA3D0C44433D}
[2012/03/05 20:03:32 | 000,000,000 | ---D | C] -- C:\Users\Kristi Replaced\AppData\Local\{534B0208-A5ED-4374-ABEC-C025D7BFEAF0}
[2012/03/05 20:03:16 | 000,000,000 | ---D | C] -- C:\Users\Kristi Replaced\AppData\Local\{2AA63C1E-D775-46DE-B235-80C0E91C7F3D}
[2012/03/05 15:38:14 | 000,000,000 | ---D | C] -- C:\Users\Kristi Replaced\AppData\Local\{BFDE69CD-649B-4BA8-A374-B813494A82E2}
[2012/03/05 15:37:55 | 000,000,000 | ---D | C] -- C:\Users\Kristi Replaced\AppData\Local\{1FD562AC-00AA-4C39-95B5-87D3E296D5F5}
[2012/03/04 15:15:20 | 000,000,000 | ---D | C] -- C:\Users\Kristi Replaced\AppData\Local\{5413C550-E2D8-4542-9157-CD14C5845E2F}
[2012/03/04 15:15:09 | 000,000,000 | ---D | C] -- C:\Users\Kristi Replaced\AppData\Local\{0CBF1221-0366-43D6-AF99-722C799234C5}
[2012/03/03 20:22:20 | 000,000,000 | ---D | C] -- C:\Users\Kristi Replaced\AppData\Local\{0D562CF5-8FEB-4003-BC13-BF47789FA0BC}
[2012/03/03 20:22:07 | 000,000,000 | ---D | C] -- C:\Users\Kristi Replaced\AppData\Local\{B6CFBCD8-C356-4BA1-B326-E24BF011EA6F}
[2012/03/02 12:30:34 | 000,000,000 | ---D | C] -- C:\Users\Kristi Replaced\AppData\Local\{62F8D83A-8710-4DDA-A083-AB6AC30419B2}
[2012/03/02 12:30:22 | 000,000,000 | ---D | C] -- C:\Users\Kristi Replaced\AppData\Local\{79C30B7C-BBD3-4E01-936B-9C7A0254B51F}
[2012/03/01 17:52:20 | 000,000,000 | ---D | C] -- C:\Users\Kristi Replaced\AppData\Local\{66E2A95E-1EE6-4B48-B374-DD839F816EFC}
[2012/03/01 17:52:09 | 000,000,000 | ---D | C] -- C:\Users\Kristi Replaced\AppData\Local\{B56EAD29-735B-404C-B531-CF2DD85D1138}
[2012/03/01 15:02:21 | 000,000,000 | ---D | C] -- C:\Users\Kristi Replaced\AppData\Local\{DADF61AC-649A-4324-BDEE-AF4DCB0C9CB5}
[2012/03/01 15:02:05 | 000,000,000 | ---D | C] -- C:\Users\Kristi Replaced\AppData\Local\{33D0BC4D-66DB-48D0-83DF-EB61A768C7B3}
[2012/02/29 17:52:59 | 000,000,000 | ---D | C] -- C:\Users\Kristi Replaced\AppData\Local\{11FB6AE6-F646-4684-96D0-9090B1DBC3E8}
[2012/02/29 17:52:49 | 000,000,000 | ---D | C] -- C:\Users\Kristi Replaced\AppData\Local\{9E78A240-3CB9-444C-9624-2D7595DBCAE1}
[2012/02/28 15:26:44 | 000,000,000 | ---D | C] -- C:\Users\Kristi Replaced\AppData\Local\{95CE4E74-E68D-4BEA-AD24-8FE2F1E5C396}
[2012/02/28 15:26:34 | 000,000,000 | ---D | C] -- C:\Users\Kristi Replaced\AppData\Local\{4DEC3C85-CFA2-43AF-B567-F432F9F8C965}

========== Files - Modified Within 30 Days ==========

[2012/03/28 14:58:17 | 000,729,880 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/03/28 14:58:17 | 000,626,512 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/03/28 14:58:17 | 000,107,756 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/03/28 14:53:33 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/28 14:53:08 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/03/28 14:53:01 | 3062,255,616 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/22 23:29:13 | 000,015,792 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/22 23:29:13 | 000,015,792 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/22 23:12:02 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/22 22:37:36 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Kristi Replaced\Desktop\OTL.exe
[2012/03/16 11:12:18 | 003,690,064 | ---- | M] () -- C:\Users\Kristi Replaced\Documents\10-Hr Construction_SG_1.2.pdf
[2012/03/14 13:09:30 | 000,782,016 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2012/03/16 11:12:18 | 003,690,064 | ---- | C] () -- C:\Users\Kristi Replaced\Documents\10-Hr Construction_SG_1.2.pdf
[2011/07/04 19:35:56 | 000,000,000 | ---- | C] () -- C:\Users\Kristi Replaced\AppData\Local\{D3EB9C63-14E7-4B58-8914-852F4CCFED7E}
[2011/04/21 19:58:52 | 000,743,534 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/03/10 20:56:07 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/11/23 01:38:07 | 000,021,840 | ---- | C] () -- C:\windows\SysWow64\SIntfNT.dll
[2010/11/23 01:38:07 | 000,017,212 | ---- | C] () -- C:\windows\SysWow64\SIntf32.dll
[2010/11/23 01:38:07 | 000,012,067 | ---- | C] () -- C:\windows\SysWow64\SIntf16.dll
[2010/11/23 01:25:01 | 000,038,782 | ---- | C] () -- C:\windows\DIIUnin.dat
[2010/11/19 21:00:23 | 000,000,209 | ---- | C] () -- C:\windows\ODBCINST.INI
[2010/11/18 16:10:16 | 000,000,008 | RHS- | C] () -- C:\ProgramData\194E7210C7.sys
[2010/11/01 22:03:04 | 000,003,766 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys

========== LOP Check ==========

[2010/10/23 14:52:55 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Book Place
[2010/10/23 14:56:30 | 000,000,000 | ---D | M] -- C:\Users\Kristi Replaced\AppData\Roaming\Book Place
[2011/11/08 22:43:03 | 000,000,000 | ---D | M] -- C:\Users\Kristi Replaced\AppData\Roaming\go
[2010/10/23 17:29:33 | 000,000,000 | ---D | M] -- C:\Users\Kristi Replaced\AppData\Roaming\Tific
[2010/10/23 15:06:12 | 000,000,000 | ---D | M] -- C:\Users\Kristi Replaced\AppData\Roaming\Toshiba
[2010/11/23 11:40:39 | 000,000,000 | ---D | M] -- C:\Users\Kristi Replaced\AppData\Roaming\WildTangent
[2010/10/23 14:48:42 | 000,000,000 | ---D | M] -- C:\Users\Kristi Replaced\AppData\Roaming\WinBatch
[2012/03/14 19:16:14 | 000,032,568 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >


2. aswMBR LOG

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-28 15:02:07
-----------------------------
15:02:07.476 OS Version: Windows x64 6.1.7600
15:02:07.476 Number of processors: 2 586 0x2505
15:02:07.476 ComputerName: KRISTI-PC UserName:
15:02:08.911 Initialize success
15:02:19.939 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
15:02:19.939 Disk 0 Vendor: Hitachi_ PB3O Size: 305245MB BusType: 3
15:02:19.955 Disk 0 MBR read successfully
15:02:19.955 Disk 0 MBR scan
15:02:19.970 Disk 0 Windows VISTA default MBR code
15:02:19.986 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
15:02:20.001 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 293177 MB offset 3074048
15:02:20.033 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 10567 MB offset 603500544
15:02:20.079 Disk 0 scanning C:\windows\system32\drivers
15:02:26.382 Service scanning
15:02:47.600 Service MpNWMon C:\windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
15:03:00.485 Modules scanning
15:03:00.501 Disk 0 trace - called modules:
15:03:00.532 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
15:03:00.532 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004b7b730]
15:03:00.548 3 CLASSPNP.SYS[fffff88001ad343f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800497a050]
15:03:00.548 Scan finished successfully
15:03:17.427 Disk 0 MBR has been saved successfully to "E:\MBR.dat"
15:03:17.458 The log file has been saved successfully to "E:\aswMBR.txt"


3. PC Status

The PC has not been used since the last logs were ran.
  • 0

#4
BlackOxide

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
The logs are looking good so far :)

If you could follow the steps below please, we'll run a few more scans to see if any other traces are leftover.



1)
Lets do another Quick Scan with MBAM just to verify that it now shows the machine as being clean and that no other infections have entered.

Run a Quick Scan with Malwarebytes Anti-Malware (MBAM) after updating...
  • Open MBAM
  • Click the Update tab, then click Check for Updates and let it install any updates if they are available
  • Click the Scanner tab, then make sure Quick Scan is selected and click Scan
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • Post the log that it produces in your next reply



2)
If you haven't already done so, could you run a Full Scan with MSE please. Let me know if it finds any infections.



3)
Download Security Check from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.




In your next reply
Please post the contents of...
MBAM log
MSE infections (if any are found)
Security Check log

  • 0

#5
thatguy7

thatguy7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 76 posts
Is the syswow64 folder not of concern?

Below are the requested logs:

1. MBAM


Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.28.07

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Kristi Replaced :: KRISTI-PC [administrator]

3/28/2012 5:24:37 PM
mbam-log-2012-03-28 (17-24-37).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 209833
Time elapsed: 5 minute(s), 57 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


2. MSE


After 2.5 hours, no threats were found.


3. SecurityCheck


Results of screen317's Security Check version 0.99.32
Windows 7 x64 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Java™ 6 Update 31
Adobe Reader X (10.1.2)
Mozilla Firefox 10.0.2 Firefox out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Norton ccSvcHst.exe
Windows Defender MSMpEng.exe
Microsoft Security Essentials msseces.exe
Microsoft Security Client Antimalware MsMpEng.exe
Microsoft Security Client Antimalware NisSrv.exe
``````````End of Log````````````
  • 0

#6
BlackOxide

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts

Is the syswow64 folder not of concern?

Nope, that folder is normal on 64bit versions of Windows, so nothing to worry about there.


Good to hear MSE found no infections. Security Check has indicated you don't have the latest version of Firefox installed, so I would adivse updating to the latest version. You can do this by clicking the orange Firefox button in the top left corner, then Help, then About. It should then download the latest version automatically and then prompt you to install it.

Overall though, it's looking good. Do you have any outstanding problems or anything you want to run past me?
  • 0

#7
thatguy7

thatguy7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 76 posts

Overall though, it's looking good. Do you have any outstanding problems or anything you want to run past me?


Great, thanks for your assistance. I'm going to update Windows and Firefox, then run FileHippo to see what else needs to be updated. After that I will test it out online, etc.


Thanks again for your help.
  • 0

#8
BlackOxide

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
No problem, you're welcome :thumbsup:


What I'll do now, is post my cleanup steps, which will guide you through removing any tools we no longer need etc and provide some tips on staying safe. I'll leave the topic open for a few days, so if you have any problems with any of the updates for example, or notice any Adware return, then let me know.



Good stuff, your logs now appear clean :cool:

Thank you for following the procedures, your system now appears free from Malware. It's now time to remove the programs we have used throughout this cleanup and make sure important programs are updated to their latest versions. This all helps in the fight against being reinfected.

Please make sure you follow the steps below, as they are highly recommended.


========== CLEANUP ==========

Remove the Tools used in this cleanup

1)
Tools on the Desktop:
You can now safely remove aswMBR and Security Check from the Desktop (if present)

2)
OTL Cleanup
  • Open OTL
  • Click the CleanUp button at the top, it will ask to reboot your PC, please allow it to do so

3)
We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.


========== Anti Malware Protection ==========

Having a good Anti Virus program and an on-access Anti Malware program, is great in the battle against malware and various other forms of infections. You should aways make sure your Anti Virus is Enabled and has the latest defintions downloaded (Anti Virus software will nearly always update it's definitions automatically)

Here are some recommendations:

Free Anti Virus Protection...
If you haven't got an AntiVirus or are thinking of changing, my personal recommendations are Microsoft Security Essentials and Avast, both are free to use. Remember though, you can only have one Anti Virus installed at any one given time.

Paid Anti Virus Protection...
If you want a bit more than just an Anti Virus and would like extra features such as Firewall and Anti Spam, you will have to look at purchasing an Anti Virus product. A lot of people do use free AV software as these products use the same virus databases as the paid ones, but some people prefer to have the extra features and the help and support that the paid products tend to offer. If you are looking into purchasing one, my recommendations would be Kaspersky Internet Security or ESET Smart Security. There are however many different ones out there and it is wise to just download trial versions to see which ones suit you best, before actually buying.

MalwareBytes Anti-Malware
This is an excellent Anti-Malware product. It is recommended to periodically run a Quick Scan to keep your PC as clean as possible. Remember to check for updates before running a scan, so click the Update tab along the top, then click Check for Updates.



========== Updates ==========

Keeping your PC updated is vital in the battle against infections and exploits. This is where a lot of people fall down, as there are many infections which will exploit loopholes within Windows itself, Java and Adobe Reader. Keeping these updated is a very worthwhile habit to get into.

Windows Updates

Updates to your Operating System are vital in closing loopholes and fixing bugs which some infections exploit.
Here's how to check to see if you are missing any updates. Just click your version of Windows below, to see how to check...
Windows XP
Windows Vista
Windows 7

Java updates
  • Click the Start button
  • Click Control Panel
  • Double Click Java
    (If you don't see the Java icon - In XP, click Switch to Category View. In Vista, click Classic View. In Windows 7, click View By: in the top right and change it to Large Icons)
  • Click the Update tab
  • Click Update Now
  • Allow any updates to be downloaded and installed
Adobe Reader updates
  • Open Adobe Reader
  • Click Help on the menu at the top
  • Click Check for Updates
  • Allow any updates to be downloaded and installed



========== Key Tips ==========

- Never be tempted to download software you didn't ask for
If for example you see a "Free Registry Booster" or "Get rid of all your malware problems or blue screens by using this software", don't be tempted to click on them. The software is often useless, could actually be harmful to your PC and they are generally just out to get your money. If you didn't ask for the software, don't download it ;)

- Run regular scans
Set yourself a date, approximately every 2, 3 or 4 weeks, whereby you run a Full Scan with your Anti Virus and a scan with any Anti Malware/Spyware program you may have installed, like Malwarebytes' Anti Malware.


Have fun and stay safe online ;)
BlackOxide

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP