Smart HDD On external hard drive?

M

marynbtol

New Member
Thread author
Jul 20, 2012
10
Removed Smart HDD yesterday sucessfully with your Uninstall instructions. Thank you! I had unplugged my external harddrive immediately once I realized I had the virus, so it was not plugged in when I went through the uninstall steps. Today I plugged it in and ran Malwarebytes on it and no threats were detected. However a few hours later I went to open an file on it and it days it cannot find any files. Has the Smart HDD removed my files and is there a way to restore them?
BTW I don't know what the OTL Log/aswMBR Log is so I'm not sure which to check.
 
Jack

Jack

Administrator
Verified
Staff Member
Well-known
Jan 24, 2011
9,378
Hi and welcome to the MALWARE TIPS forums!

I'm Jack and I am going to try to assist you with your problem. Please take note of the below:
  • I will start working on your malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine!
  • The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Refrain from running self fixes as this will hinder the malware removal process.
  • It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.


Before we start:
Please be aware that removing malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.
<hr />

STEP 1: Download and run Combofix
 
Download ComboFix from one of the following locations: 
Link 1  
Link 2  
 
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop  
 
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here  
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    NSIS_disclaimer_ENG.png


    NSIS_extraction.png

  • When finished, it shall produce a log for you. 
    [*]Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3.  If after the reboot you get errors about programms being marked for deletion then reboot, that will cure it.

<hr />
STEP 2: Download and run OTL
  1. Please download the OTL utility from here : http://oldtimer.geekstogo.com/OTL.exe
  2. Right-click on OTL.exe and select Run as Administrator to start OTL.
  3. Double click on OTL.exe to run it.
  4. Under the Custom Scan box paste this in:

    Code: 
    %SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT
  5. Click the Quick Scan button.The scan wont take long.
  6. When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    Please post this 2 logs in your first reply.

<hr />

What's next?

Attach the following logs to your post (You can find here details on how to use the Attachment System):

1.Combofix log
2.OTL log
3.Let me know if you had any problems with the above instructions and also let me know how things are running now!
 
M

marynbtol

New Member
Thread author
Jul 20, 2012
10
Combofix log is attached. Do I continue with step 2 or wait for your reply to the log?
 

Attachments

  • log.txt
    18.6 KB · Views: 153
Jack

Jack

Administrator
Verified
Staff Member
Well-known
Jan 24, 2011
9,378
Hello,
Please try now to attach your OTL log because I've increased the size on for this type of files :)
 
M

marynbtol

New Member
Thread author
Jul 20, 2012
10
Jack said:
Hello,
Please try now to attach your OTL log because I've increased the size on for this type of files :)
Click to expand...

Still too large. I' have pasted it to the body of this post.
OTL logfile created on: 7/22/2012 2:46:12 PM - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\marynbtol\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.48 Gb Total Physical Memory | 3.96 Gb Available Physical Memory | 72.31% Memory free
10.96 Gb Paging File | 9.18 Gb Available in Paging File | 83.76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 580.58 Gb Total Space | 524.50 Gb Free Space | 90.34% Space Free | Partition Type: NTFS
Drive G: | 298.09 Gb Total Space | 243.69 Gb Free Space | 81.75% Space Free | Partition Type: NTFS

Computer Name: MARYNBTOL-LAP | User Name: marynbtol | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/22 14:44:31 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\marynbtol\Downloads\OTL.exe
PRC - [2012/06/26 06:16:49 | 000,135,608 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe
PRC - [2012/04/07 23:08:42 | 000,307,824 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2012/04/03 22:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/11/18 21:08:48 | 000,456,048 | ---- | M] (GFI Software) -- C:\Program Files (x86)\GFI Software\VIPRE Business\EnterpriseService.exe
PRC - [2011/09/01 02:22:18 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
PRC - [2011/07/19 11:59:30 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
PRC - [2010/05/20 20:15:00 | 000,110,736 | R--- | M] (InterVideo) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2010/03/11 18:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2009/12/03 10:12:12 | 000,976,320 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/07/01 15:46:14 | 000,828,856 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\Toshiba\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2011/06/10 01:10:00 | 000,138,152 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2011/05/24 13:58:12 | 000,294,848 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2011/05/17 18:34:18 | 000,574,896 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2011/04/20 20:16:30 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/10/20 18:41:00 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/09/09 21:26:34 | 000,162,824 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\GFNEXSrv.exe -- (GFNEXSrv)
SRV:64bit: - [2009/09/14 01:00:00 | 000,166,400 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE -- (EPSON_EB_RPCV4_04) EPSON V5 Service4(04)
SRV:64bit: - [2009/09/14 01:00:00 | 000,128,512 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE -- (EPSON_PM_RPCV4_04) EPSON V3 Service4(04)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/07/11 15:06:28 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/06/26 06:16:49 | 000,135,608 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
SRV - [2012/04/03 22:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/11/18 21:08:48 | 000,456,048 | ---- | M] (GFI Software) [Auto | Running] -- C:\Program Files (x86)\GFI Software\VIPRE Business\EnterpriseService.exe -- (VIPRE Business Service)
SRV - [2011/09/01 02:22:18 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor10.0)
SRV - [2011/07/19 11:59:30 | 000,126,392 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe -- (PCCUJobMgr)
SRV - [2011/07/11 21:16:06 | 000,057,216 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010/05/20 20:15:00 | 000,110,736 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/11 18:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/06/02 12:30:29 | 000,033,096 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbamchameleon.sys -- (mbamchameleon)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/04/20 21:00:52 | 009,256,960 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/04/20 19:39:58 | 000,300,544 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/23 21:14:44 | 001,142,376 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)
DRV:64bit: - [2011/02/08 23:07:00 | 000,038,096 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2011/02/03 23:59:06 | 001,413,680 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/01/13 23:58:30 | 000,413,800 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/17 12:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010/10/29 20:11:42 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/03/19 03:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/07/31 00:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 19:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/19 23:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2007/04/17 15:51:50 | 000,014,112 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\regi.sys -- (regi)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {B51D0C86-5974-4BEB-B7E2-102CBC61796E}
IE:64bit: - HKLM\..\SearchScopes\{B51D0C86-5974-4BEB-B7E2-102CBC61796E}: "URL" = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {B51D0C86-5974-4BEB-B7E2-102CBC61796E}
IE - HKLM\..\SearchScopes\{B51D0C86-5974-4BEB-B7E2-102CBC61796E}: "URL" = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {B51D0C86-5974-4BEB-B7E2-102CBC61796E}
IE - HKCU\..\SearchScopes\{392DA89D-7688-4FF9-A2F3-CE4F46CFB64A}: "URL" = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
IE - HKCU\..\SearchScopes\{B51D0C86-5974-4BEB-B7E2-102CBC61796E}: "URL" = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP_enUS478
IE - HKCU\..\SearchScopes\{E83E9660-FD39-48A4-AE4D-2ADDCEF3CFEF}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3197087
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



O1 HOSTS File: ([2012/07/22 14:25:24 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\Toshiba\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\Toshiba\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\Toshiba\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe (Toshiba)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [ToshibaAppPlace] C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe (Toshiba)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 72.240.13.7 72.240.13.5 156.154.70.43
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{28E87616-E1FC-4FD7-9BFB-F467E6621248}: DhcpNameServer = 72.240.13.7 72.240.13.5 156.154.70.43
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/07/22 14:30:59 | 000,000,000 | ---D | C] -- C:\windows\temp
[2012/07/22 14:25:34 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/07/22 14:11:44 | 000,000,000 | ---D | C] -- C:\Users\marynbtol\AppData\Local\ElevatedDiagnostics
[2012/07/22 13:20:20 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2012/07/22 13:20:20 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2012/07/22 13:20:20 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2012/07/22 13:20:14 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/07/22 13:20:00 | 000,000,000 | ---D | C] -- C:\windows\erdnt
[2012/07/21 14:25:37 | 000,000,000 | ---D | C] -- C:\Users\marynbtol\Desktop\Scrapbook Life Journal
[2012/07/21 14:25:35 | 000,000,000 | ---D | C] -- C:\Users\marynbtol\Desktop\pse dowloads
[2012/07/21 14:25:31 | 000,000,000 | ---D | C] -- C:\Users\marynbtol\Desktop\pics
[2012/07/21 14:09:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
[2012/07/21 14:09:07 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva
[2012/07/21 13:14:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EaseUS
[2012/07/19 15:33:05 | 000,000,000 | ---D | C] -- C:\Users\marynbtol\Desktop\RK_Quarantine
[2012/07/19 15:04:37 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012/07/19 13:05:56 | 000,000,000 | ---D | C] -- C:\Users\marynbtol\AppData\Local\CRE
[2012/07/19 13:05:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2012/07/19 13:05:44 | 000,000,000 | ---D | C] -- C:\Users\marynbtol\AppData\Local\PC_Cleanup_Utility_Inc
[2012/07/19 13:05:43 | 000,000,000 | ---D | C] -- C:\Users\marynbtol\AppData\Local\PC Cleanup Utility Inc
[2012/07/19 13:05:43 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Cleanup Utility Inc
[2012/07/19 13:05:07 | 000,000,000 | ---D | C] -- C:\Users\marynbtol\AppData\Local\Conduit
[2012/07/19 13:04:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Cleanup Utility
[2012/07/15 20:04:02 | 000,000,000 | ---D | C] -- C:\Users\marynbtol\AppData\Local\Deployment
[2012/07/15 20:04:02 | 000,000,000 | ---D | C] -- C:\Users\marynbtol\AppData\Local\Apps
[2012/07/14 16:57:12 | 000,000,000 | ---D | C] -- C:\Users\marynbtol\AppData\Local\Apple Computer
[2012/07/14 16:57:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/07/14 16:56:59 | 000,000,000 | ---D | C] -- C:\windows\SysNative\DRVSTORE
[2012/07/14 16:55:48 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/07/14 16:55:47 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/07/14 16:55:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/07/14 16:55:47 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2012/07/14 16:54:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2012/07/14 16:53:53 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012/07/14 16:53:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2012/07/08 17:37:00 | 000,000,000 | ---D | C] -- C:\Users\marynbtol\Desktop\2635
[2012/06/29 08:38:18 | 000,000,000 | ---D | C] -- C:\Users\marynbtol\AppData\Roaming\PCCUStubInstaller
[2012/06/26 06:16:51 | 000,000,000 | ---D | C] -- C:\Users\marynbtol\AppData\Local\Tific
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/22 14:44:14 | 000,024,944 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/22 14:44:14 | 000,024,944 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/22 14:41:30 | 000,726,316 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/07/22 14:41:30 | 000,624,352 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/07/22 14:41:30 | 000,106,696 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/07/22 14:37:22 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/22 14:36:40 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/07/22 14:36:33 | 117,006,335 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/22 14:25:24 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2012/07/22 14:06:03 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/07/22 14:01:04 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/21 14:09:07 | 000,001,669 | ---- | M] () -- C:\Users\Public\Desktop\Recuva.lnk
[2012/07/20 06:28:54 | 000,001,454 | ---- | M] () -- C:\Users\marynbtol\Desktop\Internet Explorer.lnk
[2012/07/19 13:05:58 | 000,000,009 | ---- | M] () -- C:\END
[2012/07/14 16:57:07 | 000,001,754 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/07/12 14:22:58 | 000,871,168 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2012/06/26 06:02:17 | 000,002,315 | ---- | M] () -- C:\Users\Public\Desktop\Toshiba Laptop Checkup.lnk
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/22 13:45:21 | 000,001,948 | ---- | C] () -- C:\Users\Public\Desktop\TOSHIBA Media Controller.lnk
[2012/07/22 13:45:20 | 000,002,315 | ---- | C] () -- C:\Users\Public\Desktop\Toshiba Laptop Checkup.lnk
[2012/07/22 13:45:20 | 000,001,816 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/07/22 13:20:20 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2012/07/22 13:20:20 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2012/07/22 13:20:20 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2012/07/22 13:20:20 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2012/07/22 13:20:20 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2012/07/21 14:09:07 | 000,001,669 | ---- | C] () -- C:\Users\Public\Desktop\Recuva.lnk
[2012/07/20 06:28:54 | 000,001,454 | ---- | C] () -- C:\Users\marynbtol\Desktop\Internet Explorer.lnk
[2012/07/19 15:30:32 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012/07/19 15:30:32 | 000,002,497 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2012/07/19 15:30:32 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012/07/19 15:30:32 | 000,002,222 | ---- | C] () -- C:\Users\Public\Desktop\VIPRE Business.lnk
[2012/07/19 15:30:32 | 000,001,990 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/07/19 15:30:32 | 000,001,912 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Elements 10.lnk
[2012/07/19 15:30:32 | 000,001,896 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Photoshop Elements 10.lnk
[2012/07/19 15:30:32 | 000,001,754 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/07/19 15:30:32 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2012/07/19 15:30:32 | 000,001,385 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2012/07/19 15:30:32 | 000,001,352 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
[2012/07/19 15:30:32 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012/07/19 15:30:32 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
[2012/07/19 15:30:32 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012/07/19 15:30:32 | 000,001,316 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2012/07/19 15:30:32 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
[2012/07/19 15:30:32 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
[2012/07/19 15:30:32 | 000,001,014 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Download Assistant.lnk
[2012/07/19 15:30:32 | 000,001,002 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Download Assistant.lnk
[2012/07/19 15:30:32 | 000,000,968 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2012/07/19 15:30:32 | 000,000,941 | ---- | C] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2012/07/19 13:20:07 | 000,001,080 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/19 13:05:57 | 000,000,009 | ---- | C] () -- C:\END
[2012/04/11 07:20:36 | 000,073,220 | ---- | C] () -- C:\windows\SysWow64\EPPICPrinterDB.dat
[2012/04/11 07:20:36 | 000,031,053 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern131.dat
[2012/04/11 07:20:36 | 000,029,114 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern1.dat
[2012/04/11 07:20:36 | 000,027,417 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern121.dat
[2012/04/11 07:20:36 | 000,021,021 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern3.dat
[2012/04/11 07:20:36 | 000,015,670 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern5.dat
[2012/04/11 07:20:36 | 000,013,280 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern2.dat
[2012/04/11 07:20:36 | 000,010,673 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern4.dat
[2012/04/11 07:20:36 | 000,004,943 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern6.dat
[2012/04/11 07:20:36 | 000,001,140 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_PT.dat
[2012/04/11 07:20:36 | 000,001,140 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_BP.dat
[2012/04/11 07:20:36 | 000,001,137 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_ES.dat
[2012/04/11 07:20:36 | 000,001,130 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_FR.dat
[2012/04/11 07:20:36 | 000,001,130 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_CF.dat
[2012/04/11 07:20:36 | 000,001,104 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_EN.dat
[2012/04/11 07:20:36 | 000,000,097 | ---- | C] () -- C:\windows\SysWow64\PICSDK.ini
[2012/04/11 07:16:54 | 000,000,051 | ---- | C] () -- C:\windows\EPART725.ini
[2012/04/10 08:05:31 | 000,000,376 | ---- | C] () -- C:\windows\ODBC.INI
[2012/01/10 16:02:16 | 000,451,072 | ---- | C] () -- C:\windows\SysWow64\ISSRemoveSP.exe
[2012/01/10 15:57:31 | 000,128,312 | ---- | C] () -- C:\windows\SysWow64\GFNEX.dll
[2012/01/10 15:56:45 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2012/01/10 15:54:12 | 000,003,155 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat
[2011/02/03 23:56:58 | 000,066,856 | ---- | C] () -- C:\windows\SysWow64\SynTPEnhPS.dll

========== LOP Check ==========

[2012/04/08 17:52:03 | 000,000,000 | ---D | M] -- C:\Users\marynbtol\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012/04/13 09:49:39 | 000,000,000 | ---D | M] -- C:\Users\marynbtol\AppData\Roaming\Epson
[2012/04/17 15:48:11 | 000,000,000 | ---D | M] -- C:\Users\marynbtol\AppData\Roaming\GFI Software
[2012/05/07 20:52:16 | 000,000,000 | ---D | M] -- C:\Users\marynbtol\AppData\Roaming\No Company Name
[2012/06/29 08:38:18 | 000,000,000 | ---D | M] -- C:\Users\marynbtol\AppData\Roaming\PCCUStubInstaller
[2012/04/07 18:36:58 | 000,000,000 | ---D | M] -- C:\Users\marynbtol\AppData\Roaming\Tific
[2012/04/07 18:04:52 | 000,000,000 | ---D | M] -- C:\Users\marynbtol\AppData\Roaming\Toshiba
[2012/04/07 18:01:16 | 000,000,000 | ---D | M] -- C:\Users\marynbtol\AppData\Roaming\WinBatch
[2009/07/14 01:08:49 | 000,013,138 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*.exe >

< %APPDATA%\*. >
[2012/04/09 15:52:22 | 000,000,000 | ---D | M] -- C:\Users\marynbtol\AppData\Roaming\Adobe
[2012/07/14 17:13:42 | 000,000,000 | ---D | M] -- C:\Users\marynbtol\AppData\Roaming\Apple Computer
[2012/04/07 18:02:49 | 000,000,000 | ---D | M] -- C:\Users\marynbtol\AppData\Roaming\ATI
[2012/04/08 17:52:03 | 000,000,000 | ---D | M] -- C:\Users\marynbtol\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012/04/13 09:49:39 | 000,000,000 | ---D | M] -- C:\Users\marynbtol\AppData\Roaming\Epson
[2012/04/17 15:48:11 | 000,000,000 | ---D | M] -- C:\Users\marynbtol\AppData\Roaming\GFI Software
[2012/04/08 07:09:42 | 000,000,000 | ---D | M] -- C:\Users\marynbtol\AppData\Roaming\Google
[2012/04/07 18:02:16 | 000,000,000 | ---D | M] -- C:\Users\marynbtol\AppData\Roaming\Identities
[2012/04/11 07:04:23 | 000,000,000 | ---D | M] -- C:\Users\marynbtol\AppData\Roaming\InstallShield
[2011/07/26 22:49:31 | 000,000,000 | ---D | M] -- C:\Users\marynbtol\AppData\Roaming\Macromedia
[2012/06/02 12:35:23 | 000,000,000 | ---D | M] -- C:\Users\marynbtol\AppData\Roaming\Malwarebytes
[2010/11/21 03:16:41 | 000,000,000 | ---D | M] -- C:\Users\marynbtol\AppData\Roaming\Media Center Programs
[2012/05/08 04:08:35 | 000,000,000 | --SD | M] -- C:\Users\marynbtol\AppData\Roaming\Microsoft
[2012/05/07 20:52:16 | 000,000,000 | ---D | M] -- C:\Users\marynbtol\AppData\Roaming\No Company Name
[2012/06/29 08:38:18 | 000,000,000 | ---D | M] -- C:\Users\marynbtol\AppData\Roaming\PCCUStubInstaller
[2012/04/07 18:36:58 | 000,000,000 | ---D | M] -- C:\Users\marynbtol\AppData\Roaming\Tific
[2012/04/07 18:04:52 | 000,000,000 | ---D | M] -- C:\Users\marynbtol\AppData\Roaming\Toshiba
[2012/04/07 18:01:16 | 000,000,000 | ---D | M] -- C:\Users\marynbtol\AppData\Roaming\WinBatch

< MD5 for: ATAPI.SYS >
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\erdnt\cache64\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\drivers\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

< MD5 for: CSRSS.EXE >
[2009/07/13 21:39:02 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=60C2862B4BF0FD9F582EF344C2B1EC72 -- C:\windows\SysNative\csrss.exe
[2009/07/13 21:39:02 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=60C2862B4BF0FD9F582EF344C2B1EC72 -- C:\Windows\winsxs\amd64_microsoft-windows-csrss_31bf3856ad364e35_6.1.7600.16385_none_b4d8d57efdc6b4f3\csrss.exe

< MD5 for: EXPLORER.EXE >
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\erdnt\cache86\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 02:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 23:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/20 23:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: PRINTISOLATIONHOST.EXE >
[2009/07/13 21:39:27 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=22F020C76E339EB2B2187BA73A7E4173 -- C:\windows\SysNative\PrintIsolationHost.exe
[2009/07/13 21:39:27 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=22F020C76E339EB2B2187BA73A7E4173 -- C:\Windows\winsxs\amd64_microsoft-windows-p..ng-server-isolation_31bf3856ad364e35_6.1.7600.16385_none_f8a40495785334a9\PrintIsolationHost.exe

< MD5 for: SVCHOST.EXE >
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2011/03/01 04:10:51 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=635455A95EB8EC47AC72142E501465ED -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7601.21671_none_14271b75353e4391\svchost.exe
[2011/03/01 04:07:49 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=6F68F63794097E54F36474ED4384B759 -- C:\Windows\erdnt\cache64\svchost.exe
[2011/03/01 04:07:49 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=6F68F63794097E54F36474ED4384B759 -- C:\windows\SysNative\svchost.exe
[2011/03/01 04:07:49 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=6F68F63794097E54F36474ED4384B759 -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7601.17568_none_13af509c1c123937\svchost.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2011/03/01 04:07:49 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=A91A288C91F9D9F1CFA4FAA9893C4D55 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7601.21671_none_b8087ff17ce0d25b\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
[2011/03/01 04:05:31 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=ECDB182F885292145826C58252B53000 -- C:\Windows\erdnt\cache86\svchost.exe
[2011/03/01 04:05:31 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=ECDB182F885292145826C58252B53000 -- C:\Windows\SysWOW64\svchost.exe
[2011/03/01 04:05:31 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=ECDB182F885292145826C58252B53000 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7601.17568_none_b790b51863b4c801\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 23:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache86\userinit.exe
[2010/11/20 23:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 23:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/20 23:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\erdnt\cache64\userinit.exe
[2010/11/20 23:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\windows\SysNative\userinit.exe
[2010/11/20 23:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 23:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\erdnt\cache64\winlogon.exe
[2010/11/20 23:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\windows\SysNative\winlogon.exe
[2010/11/20 23:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --show-icons [2012/07/10 00:09:02 | 001,250,328 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --hide-icons [2012/07/10 00:09:02 | 001,250,328 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/07/10 00:09:02 | 001,250,328 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [2012/07/10 00:09:02 | 001,250,328 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/07/26 22:39:26 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/07/26 22:39:26 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/07/26 22:39:26 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2012/06/02 05:08:27 | 000,748,664 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" [2012/06/02 05:08:27 | 000,748,664 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --SHOW-ICONS [2012/07/10 00:09:02 | 001,250,328 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --HIDE-ICONS [2012/07/10 00:09:02 | 001,250,328 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --MAKE-DEFAULT-BROWSER [2012/07/10 00:09:02 | 001,250,328 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" [2012/07/10 00:09:02 | 001,250,328 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2011/07/26 22:39:25 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2011/07/26 22:39:25 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2011/07/26 22:39:25 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2012/06/02 05:08:27 | 000,748,664 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" [2012/06/02 05:08:27 | 000,748,664 | ---- | M] (Microsoft Corporation)

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< End of report >
 

Attachments

  • OTL log.txt
    98.2 KB · Views: 100
Jack

Jack

Administrator
Verified
Staff Member
Well-known
Jan 24, 2011
9,378
Hello,
Can you please run the below scans:
STEP 1. Run a scan with Kaspersky Virus Removal Tool
Click <a title="External link" href="http://www.kaspersky.com/antivirus-removal-tool?form=1" rel="nofollow external" rel="nofollow"><>here</></a> to download the Kaspersky Virus Removal Tool.
<ol>
<li>Save it to your desktop.</li>
<li>Double click the setup file to run it.</li>
<li>Follow the onscreen prompts until it is installed</li>
<li>Click the Options button (the 'Gear' icon), then make sure only the following are ticked:
<ul>
<li><span style="color: #ff0000;">System Memory</span></li>
<li><span style="color: #ff0000;">Hidden startup objects</span></li>
<li><span style="color: #ff0000;">Disk boot sectors</span></li>
<li><span style="color: #ff0000;">Local Disk (C: )</span></li>
<li><span style="color: #ff0000;">Also any other drives (Removable that you may have)</span></li>
</ul>
</li>
<li>Then click on <>Actions</> on the left hand side</li>
<li>Click <>Select Action</>, then make sure both <>Disinfect</> and <>Delete if disinfection fails</> are ticked</li>
<li>Click on <>Automatic Scan</></li>
<li>Now click the <>Start Scanning</> button, to run the scan</li>
<li>After the scan is complete, click the reports button ('Paper icon', next to the 'Gear' icon) on the right hand side</li>
<li>Click <>Detected threats</> on the left</li>
<li>Now click the <>Save</> button, and save it as <>kaslog.txt</> to your <>Desktop</></li>
<li>Please attach kaslog.txt in your next reply.</li>
</ol>
<hr />
STEP 2. Run a scan with ESET Online Scanner
<ol>
<li>Download ESET Online Scanner utility.
<><a title="External link" href="http://download.eset.com/special/eos/esetsmartinstaller_enu.exe" rel="nofollow">ESET Online Scanner Download Link</a></> <em>(This link will automatically download ESET Online Scanner on your computer.)</em></li>
<li>Double click on the Eset installer program (esetsmartinstaller_enu.exe).</li>
<li>Check <>Yes, I accept the Terms of Use</></li>
<li>Click the <>Start</> button.</li>
<li>Check <>Scan archives</></li>
<li>Push the <>Start</> button.</li>
<li>ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.</li>
<li>When the scan completes, push <>List of found threats</></li>
<li>Push <>Export to Text file </> and save the file to your desktop using a unique name, such as <>ESET Scan</>. Include the contents of this report in your next reply.Note - when ESET doesn't find any threats, no report will be created.</li>
<li>Push the <>back</> button.</li>
<li>Push <>Finish</></li>
</ol>
<hr />
STEP 3: Run a scan with RogueKiller
<ol>
<li>Please <>download the latest official version of </><>RogueKiller</>.
<a href="http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe" rel="nofollow" target="_blank">RogueKiller Download Link</a> (This link will automatically download RogueKiller on your computer)</li>
<li><>Double click on RogueKiller.exe</> to start this utility and then <>wait for the Prescan to complete</>.This should take only a few seconds and then you can <>click the Start button</> to perform a system scan.
<img title="Click on the Start button to perform a system scan" src="http://malwaretips.com/blogs/wp-content/uploads/2012/04/roguek-1.png" alt="[Image: roguekiller-1.png]" width="600" height="450" border="0" /></li>
<li>After the scan has completed, <>press the Delete button</> to remove any malicious registry keys.
<img title="Press Delete to remove the malicious registry keys" src="http://malwaretips.com/blogs/wp-content/uploads/2012/04/roguek-2.png" alt="[Image: roguekiller-2.png]" width="600" height="450" border="0" /></li>
<li>Next we will need to restore your shortcuts, <>so click on the ShortcutsFix button </>and allow the program to run.
<img title="Click on the Start button to perform a system scan" src="http://malwaretips.com/blogs/wp-content/uploads/2012/04/roguek-3.png" alt="[Image: roguekiller-1.png]" width="600" height="450" border="0" /></li>
</ol>

The report has been created on the desktop.In your next reply please post:

All RKreport.txt text files located on your desktop.

<hr />

STEP 4: Run Windows Repair All in One
Download <><a title="External link" href="http://www.tweaking.com/content/page/windows_repair_all_in_one.html" rel="nofollow">Windows Repair by Tweaking.com</a></> to your desktop.  Use the direct download link for the Portable version of Windows Repair by Tweaking.com
<ol>
<li>Double-click <>tweaking.com_windows_repair_aio.zip</> and extract the <>Tweaking.com - Windows Repair</> folder to your desktop.</li>
<li>Now open this folder and double-click <>Repair_Windows.exe</>.</li>
<li>Click the <>Start Repairs</> tab on the far right.</li>
<li>Click the <>Start</> button (bottom right)
Note: When asked if you would like to create a restore point. It is recommended just in-case something does not go as planned.</li>
<li>Click <>Unselect All</></li>
<li>Put a checkmark in the following items:
<ul>
<li>Repair Hosts File</li>
<li>Unhide Non System Files</li>
<li>Remove Policies Set By Infections</li>
<li>Set Windows Services To Default Startup</li>
</ul>
Note: Leave everything else unchecked</li>
<li>Put a checkmark in <>Restart System When Finished</></li>
<li>Now click the <>Start</> button (bottom right)</li>
</ol>What's next?

Attach the following logs to your post (You can find here details on how to use the Attachment System):

1.Kaspersky log
2.ESET log
3.RogueKiller logs
4.Let me know if you had any problems with the above instructions and also let me know how things are running now!
 
Last edited:
M

marynbtol

New Member
Thread author
Jul 20, 2012
10
Was out of town this past week with limited internet access. Have started running the above scans and will send reports tomorrow. What is weird is that while the Kaspersky scan is running it is scanning files that are located on my external hard drive yet the external hard drive folder still says it is empty. Good news is it looks like they are not gone just hidden somehow. I really appreciate your help and this site. Thank you!
 
M

marynbtol

New Member
Thread author
Jul 20, 2012
10
Am Attaching each log separately to see if that will prevent the "too large to attach" issue. All files on my external hard drive have been restored! Thank you so much! This is such a relief.
 

Attachments

  • kaslog.txt
    1.5 KB · Views: 132
M

marynbtol

New Member
Thread author
Jul 20, 2012
10
ESET and RK scan reports in email body: They would not attach to the post.
C:\Users\marynbtol\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\b101edb-12a580bf a variant of Java/Exploit.CVE-2012-1723.R trojan deleted - quarantined
C:\Users\marynbtol\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\7e7e4fdc-41c09f5f probably a variant of Java/Exploit.CVE-2012-0507.CD trojan deleted - quarantined
C:\Users\marynbtol\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\41ead2ec-736c2710 a variant of Java/Exploit.CVE-2012-1723.Q trojan deleted - quarantined
C:\Users\marynbtol\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\12d0e47b-76b354c1 multiple threats deleted - quarantined


lRogueKiller V7.6.4 [07/17/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: marynbtol [Admin rights]
Mode: Shortcuts HJfix -- Date: 07/28/2012 07:57:37

¤¤¤ Bad processes: 5 ¤¤¤
[BLACKLIST] setup_11.0.0.1245.x01_2012_07_26_15_03.exe -- C:\Users\marynbtol\Desktop\setup_11.0.0.1245.x01_2012_07_26_15_03.exe -> KILLED [TermProc]
[ROGUE ST] 0278302.exe -- C:\Users\MARYNB~1\AppData\Local\Temp\RarSFX0\0278302.exe -> KILLED [TermProc]
[ROGUE ST] 0278302.exe -- C:\Users\MARYNB~1\AppData\Local\Temp\3856246\0278302.exe -> NOT KILLED [0x5]
[RESIDUE] 0278302.exe -- C:\Users\MARYNB~1\AppData\Local\Temp\3856246\0278302.exe -> NOT KILLED [0x5]
[RESIDUE] 0278302.exe -- C:\Users\MARYNB~1\AppData\Local\Temp\3856246\0278302.exe -> NOT KILLED [0x5]

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 0 / Fail 0
Quick launch: Success 0 / Fail 0
Programs: Success 1 / Fail 0
Start menu: Success 0 / Fail 0
User folder: Success 34 / Fail 0
My documents: Success 0 / Fail 0
My favorites: Success 0 / Fail 0
My pictures: Success 1 / Fail 0
My music: Success 0 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 24847 / Fail 0
Backup: [NOT FOUND]

Drives:
[C:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[D:] \Device\CdRom0 -- 0x5 --> Skipped
[G:] \Device\HarddiskVolume9 -- 0x3 --> Restored

¤¤¤ Infection : ¤¤¤

Finished : << RKreport[6].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ;
RKreport[6].txt
 
Jack

Jack

Administrator
Verified
Staff Member
Well-known
Jan 24, 2011
9,378
OK,We're almost done!Glad to see that you've got your files back:)
Please run the below steps:
STEP 1: Run a HitmanPro scan
<ol>
<li><>Download the latest official version of HitmanPro</>.
<a href="http://www.surfright.nl/en/hitmanpro/" rel="nofollow" target="_blank"> <>HITMANPRO DOWNLOAD LINK</></a> <em>(This link will open a download page in a new window from where you can download HitmanPro)</em></li>
<li>Start HitmanPro  by <>double clicking on the previously downloaded file.</> and then following the prompts.
>>> IF you are experiencing problems while trying to start HitmanPro, you can use the Force Breach mode.To start HitmanPro in Force Breach mode, hold down the left CTRL-key when you start HitmanPro and all non-essential processes are terminated, including the malware process. (How to start HitmanPro in Force Breach mode – Video)
<img src="http://malwaretips.com/images/removalguide/hpro4.png" alt="[Image: hitmanproscan4.png]" border="0" /></li>
<li>Once the scan is complete, a screen displaying all the malicious files that the program found will be shown as seen in the image below.After reviewing each malicious object click <>Next</> .
<img src="http://malwaretips.com/blogs/wp-content/uploads/2012/02/rsz_hpro5.png" alt="[Image: hitmanproscan5.png]" border="0" /></li>
<li>Click <>Activate free license</> to start the free 30 days trial and remove the malicious files.
<img src="http://malwaretips.com/images/removalguide/hpro6.png" alt="[Image: hitmanproscan6.png]" border="0" /></li>
<li>HitmanPro will now start removing the infected objects, and in some instances, may suggest a reboot in order to completely remove the malware from your system. In this scenario, always confirm the reboot action to be on the safe side.
</ol>
Add to your next reply, any log that HitmanPro might generate.
<hr />
STEP 2 : Your <>JAVA</> is out of date ,so we need to updated it.

<img src="http://users.telenet.be/bluepatchy/miekiemoes/images/javaicon.gif" alt="Posted Image" /> <>UPDATE JAVA</>

Your version of <>Java</><> is out of date</>. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older versions of <>Java</> components and update:
<ul>
<li>Please download <a title="External link" href="http://singularlabs.com/software/javara/javara-download/" rel="nofollow external"><>JavaRa</></a> to your desktop.
<ul>
<li>Click the <>Download</> button next to <>Windows Binary (.zip)</> Version 1.16 to download <>JavaRA</> and unzip it to its own folder.</li>
</ul>
</li>
<li><>Run JavaRa.exe</></li>
<li>Pick the language of your choice and click <>Select</>. Then click <>Remove Older Versions</>. Accept any prompts.
<img src="http://singularlabs.com/wp-content/uploads/2011/05/JavaRa1.png" alt="Posted Image" /></li>
<li><>Open JavaRa.exe again</> and select <>Search For Updates</>.</li>
<li>Select <>Update Using Sun Java's Website</> then click <>Search</> and click on the <>Open Webpage</> button. Download and install the latest Java Runtime Environment (JRE) version for your computer.
</li>
</ul>
<hr />

STEP 3: Run a scan with OTL by OldTimer
<ol><li>You can download the OTL utility from the below link :
<><a title="External link" href="http://oldtimer.geekstogo.com/OTL.exe" rel="nofollow external">OTL DOWNLOAD LINK</a> <em>(This link will automatically download OTL on your computer)</em></></li>
<li>Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
<img src="http://malwaretips.com/blogs/wp-content/uploads/2012/07/OTL-logo.png" alt="" title="OTL-logo" width="106" height="118" class="alignnone size-full wp-image-3946" /></li>
<li>When the window appears, <>underneath Output</> at the top change it to <>Minimal Output</>.</li>
<li>Check the boxes beside <>LOP Check</> and <>Purity Check</>.</li>
<li>Under the Custom Scan box paste this in:
<code>%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT</code></li>
<li>Click the<> Run Scan</> button.
<img src="http://malwaretips.com/blogs/wp-content/uploads/2012/07/otl-custom.png" alt="" title="OTL with Custom scans" width="658" height="584" class="alignnone size-full wp-image-3945" /></li>
<li>When the scan completes, it will open a <>OTL.Txt</>. This will be saved in the same location as OTL.
<>Please post this log in your next reply.</>.</li></ol>
<em>Note: If OTL.exe will not run, it may be blocked by malware. Try these alternate versions: <a title="External link" href="http://www.itxassociates.com/OT-Tools/OTL.scr" rel="nofollow external">OTL.scr</a>, or <a title="External link" href="http://oldtimer.geekstogo.com/OTL.com" rel="nofollow external">OTL.com</a>.</em>
<hr />

What's next?

Attach the following logs to your post (You can find here details on how to use the Attachment System):
1.HitmanPro log
2.OTL logs
3.Let me know if you had any problems with the above instructions and also let me know how things are running now!
 
Last edited:
M

marynbtol

New Member
Thread author
Jul 20, 2012
10
OTL Report:
OTL logfile created on: 8/17/2012 10:06:08 AM - Run 2
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\marynbtol\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.48 Gb Total Physical Memory | 3.60 Gb Available Physical Memory | 65.70% Memory free
10.96 Gb Paging File | 8.83 Gb Available in Paging File | 80.63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 580.58 Gb Total Space | 521.06 Gb Free Space | 89.75% Space Free | Partition Type: NTFS

Computer Name: MARYNBTOL-LAP | User Name: marynbtol | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\marynbtol\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\GFI Software\VIPRE Business\EnterpriseService.exe (GFI Software)
PRC - C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
PRC - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (TPCHSrv) -- C:\Program Files\Toshiba\TPHM\TPCHSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TOSHIBA HDD SSD Alert Service) -- C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TOSHIBA eco Utility Service) -- C:\Program Files\Toshiba\TECO\TecoService.exe (TOSHIBA Corporation)
SRV:64bit: - (TosCoSrv) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (TODDSrv) -- C:\Windows\SysNative\TODDSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (GFNEXSrv) -- C:\Windows\SysNative\GFNEXSrv.exe ()
SRV:64bit: - (EPSON_EB_RPCV4_04) -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE (SEIKO EPSON CORPORATION)
SRV:64bit: - (EPSON_PM_RPCV4_04) -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE (SEIKO EPSON CORPORATION)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Norton PC Checkup Application Launcher) -- C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe (Symantec Corporation)
SRV - (VIPRE Business Service) -- C:\Program Files (x86)\GFI Software\VIPRE Business\EnterpriseService.exe (GFI Software)
SRV - (AdobeActiveFileMonitor10.0) -- C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (PCCUJobMgr) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe (Symantec Corporation)
SRV - (TMachInfo) -- C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)
SRV - (IviRegMgr) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (PSI_SVC_2) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (mbamchameleon) -- C:\Windows\SysNative\drivers\mbamchameleon.sys ()
DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (RTL8192Ce) -- C:\Windows\SysNative\drivers\rtl8192ce.sys (Realtek Semiconductor Corporation )
DRV:64bit: - (PGEffect) -- C:\Windows\SysNative\drivers\PGEffect.sys (TOSHIBA Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (tdcmdpst) -- C:\Windows\SysNative\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV:64bit: - (TVALZ) -- C:\Windows\SysNative\drivers\TVALZ_O.SYS (TOSHIBA Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (TVALZFL) -- C:\Windows\SysNative\drivers\TVALZFL.sys (TOSHIBA Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (regi) -- C:\Windows\SysNative\drivers\regi.sys (InterVideo)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {B51D0C86-5974-4BEB-B7E2-102CBC61796E}
IE:64bit: - HKLM\..\SearchScopes\{B51D0C86-5974-4BEB-B7E2-102CBC61796E}: "URL" = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {B51D0C86-5974-4BEB-B7E2-102CBC61796E}
IE - HKLM\..\SearchScopes\{B51D0C86-5974-4BEB-B7E2-102CBC61796E}: "URL" = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {B51D0C86-5974-4BEB-B7E2-102CBC61796E}
IE - HKCU\..\SearchScopes\{392DA89D-7688-4FF9-A2F3-CE4F46CFB64A}: "URL" = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
IE - HKCU\..\SearchScopes\{B51D0C86-5974-4BEB-B7E2-102CBC61796E}: "URL" = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP_enUS478
IE - HKCU\..\SearchScopes\{E83E9660-FD39-48A4-AE4D-2ADDCEF3CFEF}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3197087
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.6.2: C:\windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.6.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



O1 HOSTS File: ([2012/07/28 08:06:13 | 000,000,855 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\Toshiba\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\Toshiba\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\Toshiba\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe (Toshiba)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [ToshibaAppPlace] C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe (Toshiba)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 72.240.13.7 72.240.13.5 156.154.70.43
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{28E87616-E1FC-4FD7-9BFB-F467E6621248}: DhcpNameServer = 72.240.13.7 72.240.13.5 156.154.70.43
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/08/17 09:57:42 | 000,916,456 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\deployJava1.dll
[2012/08/17 09:57:41 | 001,034,216 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\npDeployJava1.dll
[2012/08/17 09:57:41 | 000,289,768 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\javaws.exe
[2012/08/17 09:57:28 | 000,189,416 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\javaw.exe
[2012/08/17 09:57:28 | 000,188,904 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\java.exe
[2012/08/17 09:57:28 | 000,108,008 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\WindowsAccessBridge-64.dll
[2012/08/17 09:57:18 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/07/28 08:04:35 | 000,000,000 | ---D | C] -- C:\Reg_Backup
[2012/07/28 08:04:33 | 000,181,064 | ---- | C] (Sysinternals) -- C:\windows\PSEXESVC.EXE
[2012/07/28 08:01:56 | 000,000,000 | ---D | C] -- C:\Tweaking.com_Windows_Repair_Logs
[2012/07/28 08:01:52 | 000,000,000 | ---D | C] -- C:\Users\marynbtol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
[2012/07/28 08:01:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tweaking.com
[2012/07/27 21:58:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/07/27 19:50:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012/07/22 16:57:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2012/07/22 16:54:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2012/07/22 16:47:39 | 000,000,000 | ---D | C] -- C:\Users\marynbtol\AppData\Local\Chromium
[2012/07/22 16:45:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Checkup
[2012/07/22 16:45:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Checkup
[2012/07/22 14:30:59 | 000,000,000 | ---D | C] -- C:\windows\temp
[2012/07/22 14:25:34 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/07/22 14:11:44 | 000,000,000 | ---D | C] -- C:\Users\marynbtol\AppData\Local\ElevatedDiagnostics
[2012/07/22 13:20:20 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2012/07/22 13:20:20 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2012/07/22 13:20:20 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2012/07/22 13:20:14 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/07/22 13:20:00 | 000,000,000 | ---D | C] -- C:\windows\erdnt
[2012/07/21 14:09:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
[2012/07/21 14:09:07 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva
[2012/07/21 13:14:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EaseUS
[2012/07/19 15:33:05 | 000,000,000 | ---D | C] -- C:\Users\marynbtol\Desktop\RK_Quarantine
[2012/07/19 15:04:37 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012/07/19 13:05:56 | 000,000,000 | ---D | C] -- C:\Users\marynbtol\AppData\Local\CRE
[2012/07/19 13:05:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2012/07/19 13:05:44 | 000,000,000 | ---D | C] -- C:\Users\marynbtol\AppData\Local\PC_Cleanup_Utility_Inc
[2012/07/19 13:05:43 | 000,000,000 | ---D | C] -- C:\Users\marynbtol\AppData\Local\PC Cleanup Utility Inc
[2012/07/19 13:05:43 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Cleanup Utility Inc
[2012/07/19 13:05:07 | 000,000,000 | ---D | C] -- C:\Users\marynbtol\AppData\Local\Conduit
[2012/07/19 13:04:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Cleanup Utility
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/17 10:06:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/08/17 10:01:00 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/17 09:57:20 | 001,034,216 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\npDeployJava1.dll
[2012/08/17 09:57:20 | 000,916,456 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\deployJava1.dll
[2012/08/17 09:57:20 | 000,289,768 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\javaws.exe
[2012/08/17 09:57:20 | 000,189,416 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\javaw.exe
[2012/08/17 09:57:20 | 000,188,904 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\java.exe
[2012/08/17 09:57:20 | 000,108,008 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\WindowsAccessBridge-64.dll
[2012/08/17 09:17:42 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/08/17 07:41:30 | 000,726,316 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/08/17 07:41:30 | 000,624,352 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/08/17 07:41:30 | 000,106,696 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/08/17 06:51:56 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/15 07:50:22 | 000,024,944 | ---- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/15 07:50:22 | 000,024,944 | ---- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/15 07:45:02 | 117,006,335 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/15 07:36:25 | 000,001,990 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/08/14 20:06:21 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2012/08/14 20:06:21 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/08/01 16:55:22 | 000,161,273 | ---- | M] () -- C:\Users\marynbtol\Desktop\Sept2012-list-topics.pdf
[2012/07/28 08:07:52 | 000,181,064 | ---- | M] (Sysinternals) -- C:\windows\PSEXESVC.EXE
[2012/07/28 08:07:52 | 000,000,042 | ---- | M] () -- C:\repairs_running.dat
[2012/07/28 08:06:13 | 000,000,855 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2012/07/28 08:01:52 | 000,002,258 | ---- | M] () -- C:\Users\marynbtol\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2012/07/27 19:46:23 | 141,653,048 | ---- | M] () -- C:\Users\marynbtol\Desktop\setup_11.0.0.1245.x01_2012_07_26_15_03.exe
[2012/07/22 14:25:24 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts_bak_378
[2012/07/20 06:28:54 | 000,001,454 | ---- | M] () -- C:\Users\marynbtol\Desktop\Internet Explorer.lnk
[2012/07/19 13:05:58 | 000,000,009 | ---- | M] () -- C:\END
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/01 16:55:22 | 000,161,273 | ---- | C] () -- C:\Users\marynbtol\Desktop\Sept2012-list-topics.pdf
[2012/07/28 08:07:42 | 000,000,042 | ---- | C] () -- C:\repairs_running.dat
[2012/07/28 08:01:52 | 000,002,258 | ---- | C] () -- C:\Users\marynbtol\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2012/07/27 19:41:54 | 141,653,048 | ---- | C] () -- C:\Users\marynbtol\Desktop\setup_11.0.0.1245.x01_2012_07_26_15_03.exe
[2012/07/22 13:45:21 | 000,001,948 | ---- | C] () -- C:\Users\Public\Desktop\TOSHIBA Media Controller.lnk
[2012/07/22 13:20:20 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2012/07/22 13:20:20 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2012/07/22 13:20:20 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2012/07/22 13:20:20 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2012/07/22 13:20:20 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2012/07/20 06:28:54 | 000,001,454 | ---- | C] () -- C:\Users\marynbtol\Desktop\Internet Explorer.lnk
[2012/07/19 15:30:32 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012/07/19 15:30:32 | 000,002,497 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2012/07/19 15:30:32 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012/07/19 15:30:32 | 000,002,222 | ---- | C] () -- C:\Users\Public\Desktop\VIPRE Business.lnk
[2012/07/19 15:30:32 | 000,001,990 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/07/19 15:30:32 | 000,001,912 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Elements 10.lnk
[2012/07/19 15:30:32 | 000,001,896 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Photoshop Elements 10.lnk
[2012/07/19 15:30:32 | 000,001,754 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/07/19 15:30:32 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2012/07/19 15:30:32 | 000,001,385 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2012/07/19 15:30:32 | 000,001,352 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
[2012/07/19 15:30:32 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012/07/19 15:30:32 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
[2012/07/19 15:30:32 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012/07/19 15:30:32 | 000,001,316 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2012/07/19 15:30:32 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
[2012/07/19 15:30:32 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
[2012/07/19 15:30:32 | 000,001,014 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Download Assistant.lnk
[2012/07/19 15:30:32 | 000,001,002 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Download Assistant.lnk
[2012/07/19 15:30:32 | 000,000,968 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2012/07/19 15:30:32 | 000,000,941 | ---- | C] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2012/07/19 13:20:07 | 000,001,080 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/19 13:05:57 | 000,000,009 | ---- | C] () -- C:\END
[2012/04/11 07:20:36 | 000,073,220 | ---- | C] () -- C:\windows\SysWow64\EPPICPrinterDB.dat
[2012/04/11 07:20:36 | 000,031,053 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern131.dat
[2012/04/11 07:20:36 | 000,029,114 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern1.dat
[2012/04/11 07:20:36 | 000,027,417 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern121.dat
[2012/04/11 07:20:36 | 000,021,021 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern3.dat
[2012/04/11 07:20:36 | 000,015,670 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern5.dat
[2012/04/11 07:20:36 | 000,013,280 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern2.dat
[2012/04/11 07:20:36 | 000,010,673 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern4.dat
[2012/04/11 07:20:36 | 000,004,943 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern6.dat
[2012/04/11 07:20:36 | 000,001,140 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_PT.dat
[2012/04/11 07:20:36 | 000,001,140 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_BP.dat
[2012/04/11 07:20:36 | 000,001,137 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_ES.dat
[2012/04/11 07:20:36 | 000,001,130 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_FR.dat
[2012/04/11 07:20:36 | 000,001,130 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_CF.dat
[2012/04/11 07:20:36 | 000,001,104 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_EN.dat
[2012/04/11 07:20:36 | 000,000,097 | ---- | C] () -- C:\windows\SysWow64\PICSDK.ini
[2012/04/11 07:16:54 | 000,000,051 | ---- | C] () -- C:\windows\EPART725.ini
[2012/04/10 08:05:31 | 000,000,376 | ---- | C] () -- C:\windows\ODBC.INI
[2012/01/10 16:02:16 | 000,451,072 | ---- | C] () -- C:\windows\SysWow64\ISSRemoveSP.exe
[2012/01/10 15:57:31 | 000,128,312 | ---- | C] () -- C:\windows\SysWow64\GFNEX.dll
[2012/01/10 15:56:45 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2012/01/10 15:54:12 | 000,003,155 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat
[2011/02/03 23:56:58 | 000,066,856 | ---- | C] () -- C:\windows\SysWow64\SynTPEnhPS.dll

========== LOP Check ==========

[2012/04/08 17:52:03 | 000,000,000 | ---D | M] -- C:\Users\marynbtol\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012/04/13 09:49:39 | 000,000,000 | ---D | M] -- C:\Users\marynbtol\AppData\Roaming\Epson
[2012/04/17 15:48:11 | 000,000,000 | ---D | M] -- C:\Users\marynbtol\AppData\Roaming\GFI Software
[2012/05/07 20:52:16 | 000,000,000 | ---D | M] -- C:\Users\marynbtol\AppData\Roaming\No Company Name
[2012/06/29 08:38:18 | 000,000,000 | ---D | M] -- C:\Users\marynbtol\AppData\Roaming\PCCUStubInstaller
[2012/04/07 18:36:58 | 000,000,000 | ---D | M] -- C:\Users\marynbtol\AppData\Roaming\Tific
[2012/04/07 18:04:52 | 000,000,000 | ---D | M] -- C:\Users\marynbtol\AppData\Roaming\Toshiba
[2012/04/07 18:01:16 | 000,000,000 | ---D | M] -- C:\Users\marynbtol\AppData\Roaming\WinBatch
[2009/07/14 01:08:49 | 000,013,638 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*.exe >

< %APPDATA%\*. >
[2012/07/28 20:51:11 | 000,000,000 | ---D | M] -- C:\Users\marynbtol\AppData\Roaming\Adobe
[2012/07/14 17:13:42 | 000,000,000 | ---D | M] -- C:\Users\marynbtol\AppData\Roaming\Apple Computer
[2012/04/07 18:02:49 | 000,000,000 | ---D | M] -- C:\Users\marynbtol\AppData\Roaming\ATI
[2012/04/08 17:52:03 | 000,000,000 | ---D | M] -- C:\Users\marynbtol\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012/04/13 09:49:39 | 000,000,000 | ---D | M] -- C:\Users\marynbtol\AppData\Roaming\Epson
[2012/04/17 15:48:11 | 000,000,000 | ---D | M] -- C:\Users\marynbtol\AppData\Roaming\GFI Software
[2012/04/08 07:09:42 | 000,000,000 | ---D | M] -- C:\Users\marynbtol\AppData\Roaming\Google
[2012/04/07 18:02:16 | 000,000,000 | ---D | M] -- C:\Users\marynbtol\AppData\Roaming\Identities
[2012/04/11 07:04:23 | 000,000,000 | ---D | M] -- C:\Users\marynbtol\AppData\Roaming\InstallShield
[2011/07/26 22:49:31 | 000,000,000 | ---D | M] -- C:\Users\marynbtol\AppData\Roaming\Macromedia
[2012/06/02 12:35:23 | 000,000,000 | ---D | M] -- C:\Users\marynbtol\AppData\Roaming\Malwarebytes
[2010/11/21 03:16:41 | 000,000,000 | ---D | M] -- C:\Users\marynbtol\AppData\Roaming\Media Center Programs
[2012/05/08 04:08:35 | 000,000,000 | --SD | M] -- C:\Users\marynbtol\AppData\Roaming\Microsoft
[2012/05/07 20:52:16 | 000,000,000 | ---D | M] -- C:\Users\marynbtol\AppData\Roaming\No Company Name
[2012/06/29 08:38:18 | 000,000,000 | ---D | M] -- C:\Users\marynbtol\AppData\Roaming\PCCUStubInstaller
[2012/04/07 18:36:58 | 000,000,000 | ---D | M] -- C:\Users\marynbtol\AppData\Roaming\Tific
[2012/04/07 18:04:52 | 000,000,000 | ---D | M] -- C:\Users\marynbtol\AppData\Roaming\Toshiba
[2012/04/07 18:01:16 | 000,000,000 | ---D | M] -- C:\Users\marynbtol\AppData\Roaming\WinBatch

< MD5 for: ATAPI.SYS >
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\erdnt\cache64\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\drivers\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

< MD5 for: CSRSS.EXE >
[2009/07/13 21:39:02 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=60C2862B4BF0FD9F582EF344C2B1EC72 -- C:\windows\SysNative\csrss.exe
[2009/07/13 21:39:02 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=60C2862B4BF0FD9F582EF344C2B1EC72 -- C:\Windows\winsxs\amd64_microsoft-windows-csrss_31bf3856ad364e35_6.1.7600.16385_none_b4d8d57efdc6b4f3\csrss.exe

< MD5 for: EXPLORER.EXE >
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\erdnt\cache86\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 02:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 23:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/20 23:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: PRINTISOLATIONHOST.EXE >
[2009/07/13 21:39:27 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=22F020C76E339EB2B2187BA73A7E4173 -- C:\windows\SysNative\PrintIsolationHost.exe
[2009/07/13 21:39:27 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=22F020C76E339EB2B2187BA73A7E4173 -- C:\Windows\winsxs\amd64_microsoft-windows-p..ng-server-isolation_31bf3856ad364e35_6.1.7600.16385_none_f8a40495785334a9\PrintIsolationHost.exe

< MD5 for: SVCHOST.EXE >
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2011/03/01 04:10:51 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=635455A95EB8EC47AC72142E501465ED -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7601.21671_none_14271b75353e4391\svchost.exe
[2011/03/01 04:07:49 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=6F68F63794097E54F36474ED4384B759 -- C:\Windows\erdnt\cache64\svchost.exe
[2011/03/01 04:07:49 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=6F68F63794097E54F36474ED4384B759 -- C:\windows\SysNative\svchost.exe
[2011/03/01 04:07:49 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=6F68F63794097E54F36474ED4384B759 -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7601.17568_none_13af509c1c123937\svchost.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2011/03/01 04:07:49 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=A91A288C91F9D9F1CFA4FAA9893C4D55 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7601.21671_none_b8087ff17ce0d25b\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
[2011/03/01 04:05:31 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=ECDB182F885292145826C58252B53000 -- C:\Windows\erdnt\cache86\svchost.exe
[2011/03/01 04:05:31 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=ECDB182F885292145826C58252B53000 -- C:\Windows\SysWOW64\svchost.exe
[2011/03/01 04:05:31 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=ECDB182F885292145826C58252B53000 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7601.17568_none_b790b51863b4c801\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 23:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache86\userinit.exe
[2010/11/20 23:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 23:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/20 23:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\erdnt\cache64\userinit.exe
[2010/11/20 23:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\windows\SysNative\userinit.exe
[2010/11/20 23:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 23:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\erdnt\cache64\winlogon.exe
[2010/11/20 23:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\windows\SysNative\winlogon.exe
[2010/11/20 23:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --show-icons [2012/08/14 00:31:01 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --hide-icons [2012/08/14 00:31:01 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/08/14 00:31:01 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [2012/08/14 00:31:01 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/07/26 22:39:26 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/07/26 22:39:26 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/07/26 22:39:26 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2012/06/02 05:08:27 | 000,748,664 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" [2012/06/02 05:08:27 | 000,748,664 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --SHOW-ICONS [2012/08/14 00:31:01 | 001,229,848 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --HIDE-ICONS [2012/08/14 00:31:01 | 001,229,848 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --MAKE-DEFAULT-BROWSER [2012/08/14 00:31:01 | 001,229,848 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" [2012/08/14 00:31:01 | 001,229,848 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2011/07/26 22:39:25 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2011/07/26 22:39:25 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2011/07/26 22:39:25 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2012/06/02 05:08:27 | 000,748,664 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" [2012/06/02 05:08:27 | 000,748,664 | ---- | M] (Microsoft Corporation)

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< End of report >

Have been away and just revisited the site. Thanks for your help. things have been running well! Updated java as suggested.
 

Similar threads

Game Of Thrones
    • Like
    • Wow
Serious Discussion New McAfee and what is wrong with it
Replies
28
Views
2,160
McAfee
nickstar1
nickstar1
S
  • Locked
Browser keeps switching to Yahoo/ Secure Search even though i set Google as deafult browser
Replies
1
Views
274
Windows Malware Removal Help & Support
nasdaq
nasdaq
S
  • Locked
Browser keeps switching to Yahoo/ Secure Search even though i set Google as deafult browser
Replies
6
Views
468
Windows Malware Removal Help & Support
nasdaq
nasdaq

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top