Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
Smart HDD On external hard drive?
Message
<blockquote data-quote="marynbtol" data-source="post: 62963" data-attributes="member: 1852"><p>Still too large. I' have pasted it to the body of this post.</p><p>OTL logfile created on: 7/22/2012 2:46:12 PM - Run 1</p><p>OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\marynbtol\Downloads</p><p>64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation</p><p>Internet Explorer (Version = 9.0.8112.16421)</p><p>Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy</p><p> </p><p>5.48 Gb Total Physical Memory | 3.96 Gb Available Physical Memory | 72.31% Memory free</p><p>10.96 Gb Paging File | 9.18 Gb Available in Paging File | 83.76% Paging File free</p><p>Paging file location(s): ?:\pagefile.sys [binary data]</p><p> </p><p>%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)</p><p>Drive C: | 580.58 Gb Total Space | 524.50 Gb Free Space | 90.34% Space Free | Partition Type: NTFS</p><p>Drive G: | 298.09 Gb Total Space | 243.69 Gb Free Space | 81.75% Space Free | Partition Type: NTFS</p><p> </p><p>Computer Name: MARYNBTOL-LAP | User Name: marynbtol | Logged in as Administrator.</p><p>Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans</p><p>Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days</p><p> </p><p><span style="color: #E56717">========== Processes (SafeList) ==========</span></p><p> </p><p>PRC - [2012/07/22 14:44:31 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\marynbtol\Downloads\OTL.exe</p><p>PRC - [2012/06/26 06:16:49 | 000,135,608 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe</p><p>PRC - [2012/04/07 23:08:42 | 000,307,824 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe</p><p>PRC - [2012/04/03 22:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe</p><p>PRC - [2011/11/18 21:08:48 | 000,456,048 | ---- | M] (GFI Software) -- C:\Program Files (x86)\GFI Software\VIPRE Business\EnterpriseService.exe</p><p>PRC - [2011/09/01 02:22:18 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe</p><p>PRC - [2011/07/19 11:59:30 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe</p><p>PRC - [2010/05/20 20:15:00 | 000,110,736 | R--- | M] (InterVideo) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe</p><p>PRC - [2010/03/11 18:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe</p><p>PRC - [2009/12/03 10:12:12 | 000,976,320 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe</p><p> </p><p> </p><p><span style="color: #E56717">========== Modules (No Company Name) ==========</span></p><p> </p><p>MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll</p><p>MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll</p><p> </p><p> </p><p><span style="color: #E56717">========== Win32 Services (SafeList) ==========</span></p><p> </p><p>SRV:<strong>64bit:</strong> - [2011/07/01 15:46:14 | 000,828,856 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\Toshiba\TPHM\TPCHSrv.exe -- (TPCHSrv)</p><p>SRV:<strong>64bit:</strong> - [2011/06/10 01:10:00 | 000,138,152 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)</p><p>SRV:<strong>64bit:</strong> - [2011/05/24 13:58:12 | 000,294,848 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)</p><p>SRV:<strong>64bit:</strong> - [2011/05/17 18:34:18 | 000,574,896 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)</p><p>SRV:<strong>64bit:</strong> - [2011/04/20 20:16:30 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)</p><p>SRV:<strong>64bit:</strong> - [2010/10/20 18:41:00 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)</p><p>SRV:<strong>64bit:</strong> - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)</p><p>SRV:<strong>64bit:</strong> - [2010/09/09 21:26:34 | 000,162,824 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\GFNEXSrv.exe -- (GFNEXSrv)</p><p>SRV:<strong>64bit:</strong> - [2009/09/14 01:00:00 | 000,166,400 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE -- (EPSON_EB_RPCV4_04) EPSON V5 Service4(04)</p><p>SRV:<strong>64bit:</strong> - [2009/09/14 01:00:00 | 000,128,512 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE -- (EPSON_PM_RPCV4_04) EPSON V3 Service4(04)</p><p>SRV:<strong>64bit:</strong> - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)</p><p>SRV - [2012/07/11 15:06:28 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)</p><p>SRV - [2012/06/26 06:16:49 | 000,135,608 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)</p><p>SRV - [2012/04/03 22:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)</p><p>SRV - [2011/11/18 21:08:48 | 000,456,048 | ---- | M] (GFI Software) [Auto | Running] -- C:\Program Files (x86)\GFI Software\VIPRE Business\EnterpriseService.exe -- (VIPRE Business Service)</p><p>SRV - [2011/09/01 02:22:18 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor10.0)</p><p>SRV - [2011/07/19 11:59:30 | 000,126,392 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe -- (PCCUJobMgr)</p><p>SRV - [2011/07/11 21:16:06 | 000,057,216 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)</p><p>SRV - [2010/05/20 20:15:00 | 000,110,736 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)</p><p>SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)</p><p>SRV - [2010/03/11 18:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)</p><p>SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)</p><p> </p><p> </p><p><span style="color: #E56717">========== Driver Services (SafeList) ==========</span></p><p> </p><p>DRV:<strong>64bit:</strong> - [2012/06/02 12:30:29 | 000,033,096 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbamchameleon.sys -- (mbamchameleon)</p><p>DRV:<strong>64bit:</strong> - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)</p><p>DRV:<strong>64bit:</strong> - [2011/04/20 21:00:52 | 009,256,960 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)</p><p>DRV:<strong>64bit:</strong> - [2011/04/20 19:39:58 | 000,300,544 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)</p><p>DRV:<strong>64bit:</strong> - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)</p><p>DRV:<strong>64bit:</strong> - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)</p><p>DRV:<strong>64bit:</strong> - [2011/02/23 21:14:44 | 001,142,376 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)</p><p>DRV:<strong>64bit:</strong> - [2011/02/08 23:07:00 | 000,038,096 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)</p><p>DRV:<strong>64bit:</strong> - [2011/02/03 23:59:06 | 001,413,680 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)</p><p>DRV:<strong>64bit:</strong> - [2011/01/13 23:58:30 | 000,413,800 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)</p><p>DRV:<strong>64bit:</strong> - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)</p><p>DRV:<strong>64bit:</strong> - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)</p><p>DRV:<strong>64bit:</strong> - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)</p><p>DRV:<strong>64bit:</strong> - [2010/11/17 12:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)</p><p>DRV:<strong>64bit:</strong> - [2010/10/29 20:11:42 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)</p><p>DRV:<strong>64bit:</strong> - [2010/03/19 03:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)</p><p>DRV:<strong>64bit:</strong> - [2009/07/31 00:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)</p><p>DRV:<strong>64bit:</strong> - [2009/07/14 19:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)</p><p>DRV:<strong>64bit:</strong> - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)</p><p>DRV:<strong>64bit:</strong> - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)</p><p>DRV:<strong>64bit:</strong> - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)</p><p>DRV:<strong>64bit:</strong> - [2009/06/19 23:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)</p><p>DRV:<strong>64bit:</strong> - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)</p><p>DRV:<strong>64bit:</strong> - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)</p><p>DRV:<strong>64bit:</strong> - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)</p><p>DRV:<strong>64bit:</strong> - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)</p><p>DRV:<strong>64bit:</strong> - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)</p><p>DRV:<strong>64bit:</strong> - [2007/04/17 15:51:50 | 000,014,112 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\regi.sys -- (regi)</p><p>DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)</p><p> </p><p> </p><p><span style="color: #E56717">========== Standard Registry (SafeList) ==========</span></p><p> </p><p> </p><p><span style="color: #E56717">========== Internet Explorer ==========</span></p><p> </p><p>IE:<strong>64bit:</strong> - HKLM\..\SearchScopes,DefaultScope = {B51D0C86-5974-4BEB-B7E2-102CBC61796E}</p><p>IE:<strong>64bit:</strong> - HKLM\..\SearchScopes\{B51D0C86-5974-4BEB-B7E2-102CBC61796E}: "URL" = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP</p><p>IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm</p><p>IE - HKLM\..\SearchScopes,DefaultScope = {B51D0C86-5974-4BEB-B7E2-102CBC61796E}</p><p>IE - HKLM\..\SearchScopes\{B51D0C86-5974-4BEB-B7E2-102CBC61796E}: "URL" = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP</p><p> </p><p>IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1</p><p>IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/</p><p>IE - HKCU\..\SearchScopes,DefaultScope = {B51D0C86-5974-4BEB-B7E2-102CBC61796E}</p><p>IE - HKCU\..\SearchScopes\{392DA89D-7688-4FF9-A2F3-CE4F46CFB64A}: "URL" = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP</p><p>IE - HKCU\..\SearchScopes\{B51D0C86-5974-4BEB-B7E2-102CBC61796E}: "URL" = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP_enUS478</p><p>IE - HKCU\..\SearchScopes\{E83E9660-FD39-48A4-AE4D-2ADDCEF3CFEF}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3197087</p><p>IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0</p><p>IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local></p><p> </p><p> </p><p><span style="color: #E56717">========== FireFox ==========</span></p><p> </p><p>FF:<strong>64bit:</strong> - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found</p><p>FF:<strong>64bit:</strong> - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found</p><p>FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()</p><p>FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found</p><p>FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()</p><p>FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)</p><p>FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found</p><p>FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)</p><p>FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)</p><p>FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)</p><p>FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)</p><p>FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)</p><p>FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)</p><p> </p><p> </p><p> </p><p>O1 HOSTS File: ([2012/07/22 14:25:24 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts</p><p>O1 - Hosts: 127.0.0.1 localhost</p><p>O2:<strong>64bit:</strong> - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)</p><p>O2:<strong>64bit:</strong> - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)</p><p>O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)</p><p>O3:<strong>64bit:</strong> - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)</p><p>O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.</p><p>O3:<strong>64bit:</strong> - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)</p><p>O4:<strong>64bit:</strong> - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)</p><p>O4:<strong>64bit:</strong> - HKLM..\Run: [HSON] C:\Program Files\Toshiba\TBS\HSON.exe (TOSHIBA Corporation)</p><p>O4:<strong>64bit:</strong> - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)</p><p>O4:<strong>64bit:</strong> - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)</p><p>O4:<strong>64bit:</strong> - HKLM..\Run: [TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)</p><p>O4:<strong>64bit:</strong> - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)</p><p>O4:<strong>64bit:</strong> - HKLM..\Run: [TosNC] C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)</p><p>O4:<strong>64bit:</strong> - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)</p><p>O4:<strong>64bit:</strong> - HKLM..\Run: [TosSENotify] C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)</p><p>O4:<strong>64bit:</strong> - HKLM..\Run: [TosVolRegulator] C:\Program Files\Toshiba\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)</p><p>O4:<strong>64bit:</strong> - HKLM..\Run: [TosWaitSrv] C:\Program Files\Toshiba\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)</p><p>O4:<strong>64bit:</strong> - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)</p><p>O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)</p><p>O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)</p><p>O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe (Toshiba)</p><p>O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)</p><p>O4 - HKLM..\Run: [ToshibaAppPlace] C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe (Toshiba)</p><p>O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)</p><p>O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present</p><p>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0</p><p>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5</p><p>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3</p><p>O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present</p><p>O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0</p><p>O10:<strong>64bit:</strong> - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)</p><p>O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)</p><p>O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)</p><p>O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)</p><p>O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)</p><p>O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)</p><p>O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 72.240.13.7 72.240.13.5 156.154.70.43</p><p>O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{28E87616-E1FC-4FD7-9BFB-F467E6621248}: DhcpNameServer = 72.240.13.7 72.240.13.5 156.154.70.43</p><p>O18:<strong>64bit:</strong> - Protocol\Handler\livecall - No CLSID value found</p><p>O18:<strong>64bit:</strong> - Protocol\Handler\msdaipp - No CLSID value found</p><p>O18:<strong>64bit:</strong> - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found</p><p>O18:<strong>64bit:</strong> - Protocol\Handler\msdaipp\oledb - No CLSID value found</p><p>O18:<strong>64bit:</strong> - Protocol\Handler\msnim - No CLSID value found</p><p>O18:<strong>64bit:</strong> - Protocol\Handler\mso-offdap - No CLSID value found</p><p>O18:<strong>64bit:</strong> - Protocol\Handler\mso-offdap11 - No CLSID value found</p><p>O18:<strong>64bit:</strong> - Protocol\Handler\wlmailhtml - No CLSID value found</p><p>O18:<strong>64bit:</strong> - Protocol\Handler\wlpg - No CLSID value found</p><p>O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)</p><p>O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)</p><p>O18:<strong>64bit:</strong> - Protocol\Filter\text/xml - No CLSID value found</p><p>O20:<strong>64bit:</strong> - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)</p><p>O20:<strong>64bit:</strong> - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)</p><p>O20:<strong>64bit:</strong> - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)</p><p>O20:<strong>64bit:</strong> - HKLM Winlogon: VMApplet - (/pagefile) - File not found</p><p>O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)</p><p>O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)</p><p>O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found</p><p>O32 - HKLM CDRom: AutoRun - 1</p><p>O34 - HKLM BootExecute: (autocheck autochk *)</p><p>O35:<strong>64bit:</strong> - HKLM\..comfile [open] -- "%1" %*</p><p>O35:<strong>64bit:</strong> - HKLM\..exefile [open] -- "%1" %*</p><p>O35 - HKLM\..comfile [open] -- "%1" %*</p><p>O35 - HKLM\..exefile [open] -- "%1" %*</p><p>O37:<strong>64bit:</strong> - HKLM\...com [@ = ComFile] -- "%1" %*</p><p>O37:<strong>64bit:</strong> - HKLM\...exe [@ = exefile] -- "%1" %*</p><p>O37 - HKLM\...com [@ = ComFile] -- "%1" %*</p><p>O37 - HKLM\...exe [@ = exefile] -- "%1" %*</p><p>O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)</p><p>O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)</p><p>O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)</p><p> </p><p> CREATERESTOREPOINT</p><p>Restore point Set: OTL Restore Point</p><p> </p><p><span style="color: #E56717">========== Files/Folders - Created Within 30 Days ==========</span></p><p> </p><p>[2012/07/22 14:30:59 | 000,000,000 | ---D | C] -- C:\windows\temp</p><p>[2012/07/22 14:25:34 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN</p><p>[2012/07/22 14:11:44 | 000,000,000 | ---D | C] -- C:\Users\marynbtol\AppData\Local\ElevatedDiagnostics</p><p>[2012/07/22 13:20:20 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe</p><p>[2012/07/22 13:20:20 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe</p><p>[2012/07/22 13:20:20 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe</p><p>[2012/07/22 13:20:14 | 000,000,000 | ---D | C] -- C:\Qoobox</p><p>[2012/07/22 13:20:00 | 000,000,000 | ---D | C] -- C:\windows\erdnt</p><p>[2012/07/21 14:25:37 | 000,000,000 | ---D | C] -- C:\Users\marynbtol\Desktop\Scrapbook Life Journal</p><p>[2012/07/21 14:25:35 | 000,000,000 | ---D | C] -- C:\Users\marynbtol\Desktop\pse dowloads</p><p>[2012/07/21 14:25:31 | 000,000,000 | ---D | C] -- C:\Users\marynbtol\Desktop\pics</p><p>[2012/07/21 14:09:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva</p><p>[2012/07/21 14:09:07 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva</p><p>[2012/07/21 13:14:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EaseUS</p><p>[2012/07/19 15:33:05 | 000,000,000 | ---D | C] -- C:\Users\marynbtol\Desktop\RK_Quarantine</p><p>[2012/07/19 15:04:37 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro</p><p>[2012/07/19 13:05:56 | 000,000,000 | ---D | C] -- C:\Users\marynbtol\AppData\Local\CRE</p><p>[2012/07/19 13:05:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit</p><p>[2012/07/19 13:05:44 | 000,000,000 | ---D | C] -- C:\Users\marynbtol\AppData\Local\PC_Cleanup_Utility_Inc</p><p>[2012/07/19 13:05:43 | 000,000,000 | ---D | C] -- C:\Users\marynbtol\AppData\Local\PC Cleanup Utility Inc</p><p>[2012/07/19 13:05:43 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Cleanup Utility Inc</p><p>[2012/07/19 13:05:07 | 000,000,000 | ---D | C] -- C:\Users\marynbtol\AppData\Local\Conduit</p><p>[2012/07/19 13:04:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Cleanup Utility</p><p>[2012/07/15 20:04:02 | 000,000,000 | ---D | C] -- C:\Users\marynbtol\AppData\Local\Deployment</p><p>[2012/07/15 20:04:02 | 000,000,000 | ---D | C] -- C:\Users\marynbtol\AppData\Local\Apps</p><p>[2012/07/14 16:57:12 | 000,000,000 | ---D | C] -- C:\Users\marynbtol\AppData\Local\Apple Computer</p><p>[2012/07/14 16:57:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes</p><p>[2012/07/14 16:56:59 | 000,000,000 | ---D | C] -- C:\windows\SysNative\DRVSTORE</p><p>[2012/07/14 16:55:48 | 000,000,000 | ---D | C] -- C:\Program Files\iPod</p><p>[2012/07/14 16:55:47 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes</p><p>[2012/07/14 16:55:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes</p><p>[2012/07/14 16:55:47 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}</p><p>[2012/07/14 16:54:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple</p><p>[2012/07/14 16:53:53 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour</p><p>[2012/07/14 16:53:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour</p><p>[2012/07/08 17:37:00 | 000,000,000 | ---D | C] -- C:\Users\marynbtol\Desktop\2635</p><p>[2012/06/29 08:38:18 | 000,000,000 | ---D | C] -- C:\Users\marynbtol\AppData\Roaming\PCCUStubInstaller</p><p>[2012/06/26 06:16:51 | 000,000,000 | ---D | C] -- C:\Users\marynbtol\AppData\Local\Tific</p><p>[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]</p><p> </p><p><span style="color: #E56717">========== Files - Modified Within 30 Days ==========</span></p><p> </p><p>[2012/07/22 14:44:14 | 000,024,944 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0</p><p>[2012/07/22 14:44:14 | 000,024,944 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0</p><p>[2012/07/22 14:41:30 | 000,726,316 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI</p><p>[2012/07/22 14:41:30 | 000,624,352 | ---- | M] () -- C:\windows\SysNative\perfh009.dat</p><p>[2012/07/22 14:41:30 | 000,106,696 | ---- | M] () -- C:\windows\SysNative\perfc009.dat</p><p>[2012/07/22 14:37:22 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job</p><p>[2012/07/22 14:36:40 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat</p><p>[2012/07/22 14:36:33 | 117,006,335 | -HS- | M] () -- C:\hiberfil.sys</p><p>[2012/07/22 14:25:24 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts</p><p>[2012/07/22 14:06:03 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job</p><p>[2012/07/22 14:01:04 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job</p><p>[2012/07/21 14:09:07 | 000,001,669 | ---- | M] () -- C:\Users\Public\Desktop\Recuva.lnk</p><p>[2012/07/20 06:28:54 | 000,001,454 | ---- | M] () -- C:\Users\marynbtol\Desktop\Internet Explorer.lnk</p><p>[2012/07/19 13:05:58 | 000,000,009 | ---- | M] () -- C:\END</p><p>[2012/07/14 16:57:07 | 000,001,754 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk</p><p>[2012/07/12 14:22:58 | 000,871,168 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT</p><p>[2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys</p><p>[2012/06/26 06:02:17 | 000,002,315 | ---- | M] () -- C:\Users\Public\Desktop\Toshiba Laptop Checkup.lnk</p><p>[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]</p><p> </p><p><span style="color: #E56717">========== Files Created - No Company Name ==========</span></p><p> </p><p>[2012/07/22 13:45:21 | 000,001,948 | ---- | C] () -- C:\Users\Public\Desktop\TOSHIBA Media Controller.lnk</p><p>[2012/07/22 13:45:20 | 000,002,315 | ---- | C] () -- C:\Users\Public\Desktop\Toshiba Laptop Checkup.lnk</p><p>[2012/07/22 13:45:20 | 000,001,816 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk</p><p>[2012/07/22 13:20:20 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe</p><p>[2012/07/22 13:20:20 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe</p><p>[2012/07/22 13:20:20 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe</p><p>[2012/07/22 13:20:20 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe</p><p>[2012/07/22 13:20:20 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe</p><p>[2012/07/21 14:09:07 | 000,001,669 | ---- | C] () -- C:\Users\Public\Desktop\Recuva.lnk</p><p>[2012/07/20 06:28:54 | 000,001,454 | ---- | C] () -- C:\Users\marynbtol\Desktop\Internet Explorer.lnk</p><p>[2012/07/19 15:30:32 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk</p><p>[2012/07/19 15:30:32 | 000,002,497 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk</p><p>[2012/07/19 15:30:32 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk</p><p>[2012/07/19 15:30:32 | 000,002,222 | ---- | C] () -- C:\Users\Public\Desktop\VIPRE Business.lnk</p><p>[2012/07/19 15:30:32 | 000,001,990 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk</p><p>[2012/07/19 15:30:32 | 000,001,912 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Elements 10.lnk</p><p>[2012/07/19 15:30:32 | 000,001,896 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Photoshop Elements 10.lnk</p><p>[2012/07/19 15:30:32 | 000,001,754 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk</p><p>[2012/07/19 15:30:32 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk</p><p>[2012/07/19 15:30:32 | 000,001,385 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk</p><p>[2012/07/19 15:30:32 | 000,001,352 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk</p><p>[2012/07/19 15:30:32 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk</p><p>[2012/07/19 15:30:32 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk</p><p>[2012/07/19 15:30:32 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk</p><p>[2012/07/19 15:30:32 | 000,001,316 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk</p><p>[2012/07/19 15:30:32 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk</p><p>[2012/07/19 15:30:32 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk</p><p>[2012/07/19 15:30:32 | 000,001,014 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Download Assistant.lnk</p><p>[2012/07/19 15:30:32 | 000,001,002 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Download Assistant.lnk</p><p>[2012/07/19 15:30:32 | 000,000,968 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk</p><p>[2012/07/19 15:30:32 | 000,000,941 | ---- | C] () -- C:\Users\Public\Desktop\EPSON Scan.lnk</p><p>[2012/07/19 13:20:07 | 000,001,080 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk</p><p>[2012/07/19 13:05:57 | 000,000,009 | ---- | C] () -- C:\END</p><p>[2012/04/11 07:20:36 | 000,073,220 | ---- | C] () -- C:\windows\SysWow64\EPPICPrinterDB.dat</p><p>[2012/04/11 07:20:36 | 000,031,053 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern131.dat</p><p>[2012/04/11 07:20:36 | 000,029,114 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern1.dat</p><p>[2012/04/11 07:20:36 | 000,027,417 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern121.dat</p><p>[2012/04/11 07:20:36 | 000,021,021 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern3.dat</p><p>[2012/04/11 07:20:36 | 000,015,670 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern5.dat</p><p>[2012/04/11 07:20:36 | 000,013,280 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern2.dat</p><p>[2012/04/11 07:20:36 | 000,010,673 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern4.dat</p><p>[2012/04/11 07:20:36 | 000,004,943 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern6.dat</p><p>[2012/04/11 07:20:36 | 000,001,140 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_PT.dat</p><p>[2012/04/11 07:20:36 | 000,001,140 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_BP.dat</p><p>[2012/04/11 07:20:36 | 000,001,137 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_ES.dat</p><p>[2012/04/11 07:20:36 | 000,001,130 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_FR.dat</p><p>[2012/04/11 07:20:36 | 000,001,130 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_CF.dat</p><p>[2012/04/11 07:20:36 | 000,001,104 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_EN.dat</p><p>[2012/04/11 07:20:36 | 000,000,097 | ---- | C] () -- C:\windows\SysWow64\PICSDK.ini</p><p>[2012/04/11 07:16:54 | 000,000,051 | ---- | C] () -- C:\windows\EPART725.ini</p><p>[2012/04/10 08:05:31 | 000,000,376 | ---- | C] () -- C:\windows\ODBC.INI</p><p>[2012/01/10 16:02:16 | 000,451,072 | ---- | C] () -- C:\windows\SysWow64\ISSRemoveSP.exe</p><p>[2012/01/10 15:57:31 | 000,128,312 | ---- | C] () -- C:\windows\SysWow64\GFNEX.dll</p><p>[2012/01/10 15:56:45 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin</p><p>[2012/01/10 15:54:12 | 000,003,155 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat</p><p>[2011/02/03 23:56:58 | 000,066,856 | ---- | C] () -- C:\windows\SysWow64\SynTPEnhPS.dll</p><p> </p><p><span style="color: #E56717">========== LOP Check ==========</span></p><p> </p><p>[2012/04/08 17:52:03 | 000,000,000 | ---D | M] -- C:\Users\marynbtol\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant</p><p>[2012/04/13 09:49:39 | 000,000,000 | ---D | M] -- C:\Users\marynbtol\AppData\Roaming\Epson</p><p>[2012/04/17 15:48:11 | 000,000,000 | ---D | M] -- C:\Users\marynbtol\AppData\Roaming\GFI Software</p><p>[2012/05/07 20:52:16 | 000,000,000 | ---D | M] -- C:\Users\marynbtol\AppData\Roaming\No Company Name</p><p>[2012/06/29 08:38:18 | 000,000,000 | ---D | M] -- C:\Users\marynbtol\AppData\Roaming\PCCUStubInstaller</p><p>[2012/04/07 18:36:58 | 000,000,000 | ---D | M] -- C:\Users\marynbtol\AppData\Roaming\Tific</p><p>[2012/04/07 18:04:52 | 000,000,000 | ---D | M] -- C:\Users\marynbtol\AppData\Roaming\Toshiba</p><p>[2012/04/07 18:01:16 | 000,000,000 | ---D | M] -- C:\Users\marynbtol\AppData\Roaming\WinBatch</p><p>[2009/07/14 01:08:49 | 000,013,138 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT</p><p> </p><p><span style="color: #E56717">========== Purity Check ==========</span></p><p> </p><p> </p><p> </p><p><span style="color: #E56717">========== Custom Scans ==========</span></p><p> </p><p><span style="color: #A23BEC">< %SYSTEMDRIVE%\*.exe ></span></p><p> </p><p><span style="color: #A23BEC">< %ALLUSERSPROFILE%\Application Data\*.exe ></span></p><p> </p><p><span style="color: #A23BEC">< %APPDATA%\*. ></span></p><p>[2012/04/09 15:52:22 | 000,000,000 | ---D | M] -- C:\Users\marynbtol\AppData\Roaming\Adobe</p><p>[2012/07/14 17:13:42 | 000,000,000 | ---D | M] -- C:\Users\marynbtol\AppData\Roaming\Apple Computer</p><p>[2012/04/07 18:02:49 | 000,000,000 | ---D | M] -- C:\Users\marynbtol\AppData\Roaming\ATI</p><p>[2012/04/08 17:52:03 | 000,000,000 | ---D | M] -- C:\Users\marynbtol\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant</p><p>[2012/04/13 09:49:39 | 000,000,000 | ---D | M] -- C:\Users\marynbtol\AppData\Roaming\Epson</p><p>[2012/04/17 15:48:11 | 000,000,000 | ---D | M] -- C:\Users\marynbtol\AppData\Roaming\GFI Software</p><p>[2012/04/08 07:09:42 | 000,000,000 | ---D | M] -- C:\Users\marynbtol\AppData\Roaming\Google</p><p>[2012/04/07 18:02:16 | 000,000,000 | ---D | M] -- C:\Users\marynbtol\AppData\Roaming\Identities</p><p>[2012/04/11 07:04:23 | 000,000,000 | ---D | M] -- C:\Users\marynbtol\AppData\Roaming\InstallShield</p><p>[2011/07/26 22:49:31 | 000,000,000 | ---D | M] -- C:\Users\marynbtol\AppData\Roaming\Macromedia</p><p>[2012/06/02 12:35:23 | 000,000,000 | ---D | M] -- C:\Users\marynbtol\AppData\Roaming\Malwarebytes</p><p>[2010/11/21 03:16:41 | 000,000,000 | ---D | M] -- C:\Users\marynbtol\AppData\Roaming\Media Center Programs</p><p>[2012/05/08 04:08:35 | 000,000,000 | --SD | M] -- C:\Users\marynbtol\AppData\Roaming\Microsoft</p><p>[2012/05/07 20:52:16 | 000,000,000 | ---D | M] -- C:\Users\marynbtol\AppData\Roaming\No Company Name</p><p>[2012/06/29 08:38:18 | 000,000,000 | ---D | M] -- C:\Users\marynbtol\AppData\Roaming\PCCUStubInstaller</p><p>[2012/04/07 18:36:58 | 000,000,000 | ---D | M] -- C:\Users\marynbtol\AppData\Roaming\Tific</p><p>[2012/04/07 18:04:52 | 000,000,000 | ---D | M] -- C:\Users\marynbtol\AppData\Roaming\Toshiba</p><p>[2012/04/07 18:01:16 | 000,000,000 | ---D | M] -- C:\Users\marynbtol\AppData\Roaming\WinBatch</p><p> </p><p><span style="color: #A23BEC">< MD5 for: ATAPI.SYS ></span></p><p>[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\erdnt\cache64\atapi.sys</p><p>[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\drivers\atapi.sys</p><p>[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys</p><p>[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys</p><p> </p><p><span style="color: #A23BEC">< MD5 for: CSRSS.EXE ></span></p><p>[2009/07/13 21:39:02 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=60C2862B4BF0FD9F582EF344C2B1EC72 -- C:\windows\SysNative\csrss.exe</p><p>[2009/07/13 21:39:02 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=60C2862B4BF0FD9F582EF344C2B1EC72 -- C:\Windows\winsxs\amd64_microsoft-windows-csrss_31bf3856ad364e35_6.1.7600.16385_none_b4d8d57efdc6b4f3\csrss.exe</p><p> </p><p><span style="color: #A23BEC">< MD5 for: EXPLORER.EXE ></span></p><p>[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe</p><p>[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\erdnt\cache86\explorer.exe</p><p>[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe</p><p>[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe</p><p>[2011/02/26 02:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe</p><p>[2010/11/20 23:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe</p><p>[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe</p><p>[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe</p><p>[2010/11/20 23:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe</p><p> </p><p><span style="color: #A23BEC">< MD5 for: PRINTISOLATIONHOST.EXE ></span></p><p>[2009/07/13 21:39:27 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=22F020C76E339EB2B2187BA73A7E4173 -- C:\windows\SysNative\PrintIsolationHost.exe</p><p>[2009/07/13 21:39:27 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=22F020C76E339EB2B2187BA73A7E4173 -- C:\Windows\winsxs\amd64_microsoft-windows-p..ng-server-isolation_31bf3856ad364e35_6.1.7600.16385_none_f8a40495785334a9\PrintIsolationHost.exe</p><p> </p><p><span style="color: #A23BEC">< MD5 for: SVCHOST.EXE ></span></p><p>[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe</p><p>[2011/03/01 04:10:51 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=635455A95EB8EC47AC72142E501465ED -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7601.21671_none_14271b75353e4391\svchost.exe</p><p>[2011/03/01 04:07:49 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=6F68F63794097E54F36474ED4384B759 -- C:\Windows\erdnt\cache64\svchost.exe</p><p>[2011/03/01 04:07:49 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=6F68F63794097E54F36474ED4384B759 -- C:\windows\SysNative\svchost.exe</p><p>[2011/03/01 04:07:49 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=6F68F63794097E54F36474ED4384B759 -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7601.17568_none_13af509c1c123937\svchost.exe</p><p>[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe</p><p>[2011/03/01 04:07:49 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=A91A288C91F9D9F1CFA4FAA9893C4D55 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7601.21671_none_b8087ff17ce0d25b\svchost.exe</p><p>[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe</p><p>[2011/03/01 04:05:31 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=ECDB182F885292145826C58252B53000 -- C:\Windows\erdnt\cache86\svchost.exe</p><p>[2011/03/01 04:05:31 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=ECDB182F885292145826C58252B53000 -- C:\Windows\SysWOW64\svchost.exe</p><p>[2011/03/01 04:05:31 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=ECDB182F885292145826C58252B53000 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7601.17568_none_b790b51863b4c801\svchost.exe</p><p> </p><p><span style="color: #A23BEC">< MD5 for: USERINIT.EXE ></span></p><p>[2010/11/20 23:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache86\userinit.exe</p><p>[2010/11/20 23:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe</p><p>[2010/11/20 23:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe</p><p>[2010/11/20 23:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\erdnt\cache64\userinit.exe</p><p>[2010/11/20 23:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\windows\SysNative\userinit.exe</p><p>[2010/11/20 23:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe</p><p> </p><p><span style="color: #A23BEC">< MD5 for: WINLOGON.EXE ></span></p><p>[2010/11/20 23:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\erdnt\cache64\winlogon.exe</p><p>[2010/11/20 23:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\windows\SysNative\winlogon.exe</p><p>[2010/11/20 23:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe</p><p>[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe</p><p> </p><p><span style="color: #A23BEC">< %systemroot%\*. /mp /s ></span></p><p> </p><p><span style="color: #A23BEC">< hklm\software\clients\startmenuinternet|command /rs ></span></p><p>HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --show-icons [2012/07/10 00:09:02 | 001,250,328 | ---- | M] (Google Inc.)</p><p>HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --hide-icons [2012/07/10 00:09:02 | 001,250,328 | ---- | M] (Google Inc.)</p><p>HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/07/10 00:09:02 | 001,250,328 | ---- | M] (Google Inc.)</p><p>HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [2012/07/10 00:09:02 | 001,250,328 | ---- | M] (Google Inc.)</p><p>HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/07/26 22:39:26 | 000,074,240 | ---- | M] (Microsoft Corporation)</p><p>HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/07/26 22:39:26 | 000,074,240 | ---- | M] (Microsoft Corporation)</p><p>HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/07/26 22:39:26 | 000,074,240 | ---- | M] (Microsoft Corporation)</p><p>HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2012/06/02 05:08:27 | 000,748,664 | ---- | M] (Microsoft Corporation)</p><p>HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" [2012/06/02 05:08:27 | 000,748,664 | ---- | M] (Microsoft Corporation)</p><p> </p><p><span style="color: #A23BEC">< hklm\software\clients\startmenuinternet|command /64 /rs ></span></p><p>64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --SHOW-ICONS [2012/07/10 00:09:02 | 001,250,328 | ---- | M] (Google Inc.)</p><p>64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --HIDE-ICONS [2012/07/10 00:09:02 | 001,250,328 | ---- | M] (Google Inc.)</p><p>64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --MAKE-DEFAULT-BROWSER [2012/07/10 00:09:02 | 001,250,328 | ---- | M] (Google Inc.)</p><p>64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" [2012/07/10 00:09:02 | 001,250,328 | ---- | M] (Google Inc.)</p><p>64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2011/07/26 22:39:25 | 000,089,088 | ---- | M] (Microsoft Corporation)</p><p>64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2011/07/26 22:39:25 | 000,089,088 | ---- | M] (Microsoft Corporation)</p><p>64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2011/07/26 22:39:25 | 000,089,088 | ---- | M] (Microsoft Corporation)</p><p>64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2012/06/02 05:08:27 | 000,748,664 | ---- | M] (Microsoft Corporation)</p><p>64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" [2012/06/02 05:08:27 | 000,748,664 | ---- | M] (Microsoft Corporation)</p><p> </p><p><span style="color: #A23BEC">< %systemroot%\system32\*.dll /lockedfiles ></span></p><p> </p><p><span style="color: #A23BEC">< %systemroot%\Tasks\*.job /lockedfiles ></span></p><p> </p><p><span style="color: #A23BEC">< %systemroot%\system32\drivers\*.sys /lockedfiles ></span></p><p></p><p>< End of report ></p></blockquote><p></p>
[QUOTE="marynbtol, post: 62963, member: 1852"] Still too large. I' have pasted it to the body of this post. OTL logfile created on: 7/22/2012 2:46:12 PM - Run 1 OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\marynbtol\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 5.48 Gb Total Physical Memory | 3.96 Gb Available Physical Memory | 72.31% Memory free 10.96 Gb Paging File | 9.18 Gb Available in Paging File | 83.76% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 580.58 Gb Total Space | 524.50 Gb Free Space | 90.34% Space Free | Partition Type: NTFS Drive G: | 298.09 Gb Total Space | 243.69 Gb Free Space | 81.75% Space Free | Partition Type: NTFS Computer Name: MARYNBTOL-LAP | User Name: marynbtol | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2012/07/22 14:44:31 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\marynbtol\Downloads\OTL.exe PRC - [2012/06/26 06:16:49 | 000,135,608 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe PRC - [2012/04/07 23:08:42 | 000,307,824 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe PRC - [2012/04/03 22:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011/11/18 21:08:48 | 000,456,048 | ---- | M] (GFI Software) -- C:\Program Files (x86)\GFI Software\VIPRE Business\EnterpriseService.exe PRC - [2011/09/01 02:22:18 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe PRC - [2011/07/19 11:59:30 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe PRC - [2010/05/20 20:15:00 | 000,110,736 | R--- | M] (InterVideo) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe PRC - [2010/03/11 18:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe PRC - [2009/12/03 10:12:12 | 000,976,320 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - [2011/07/01 15:46:14 | 000,828,856 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\Toshiba\TPHM\TPCHSrv.exe -- (TPCHSrv) SRV:[b]64bit:[/b] - [2011/06/10 01:10:00 | 000,138,152 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service) SRV:[b]64bit:[/b] - [2011/05/24 13:58:12 | 000,294,848 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\TECO\TecoService.exe -- (TOSHIBA eco Utility Service) SRV:[b]64bit:[/b] - [2011/05/17 18:34:18 | 000,574,896 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv) SRV:[b]64bit:[/b] - [2011/04/20 20:16:30 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:[b]64bit:[/b] - [2010/10/20 18:41:00 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv) SRV:[b]64bit:[/b] - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:[b]64bit:[/b] - [2010/09/09 21:26:34 | 000,162,824 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\GFNEXSrv.exe -- (GFNEXSrv) SRV:[b]64bit:[/b] - [2009/09/14 01:00:00 | 000,166,400 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE -- (EPSON_EB_RPCV4_04) EPSON V5 Service4(04) SRV:[b]64bit:[/b] - [2009/09/14 01:00:00 | 000,128,512 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE -- (EPSON_PM_RPCV4_04) EPSON V3 Service4(04) SRV:[b]64bit:[/b] - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2012/07/11 15:06:28 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/06/26 06:16:49 | 000,135,608 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher) SRV - [2012/04/03 22:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011/11/18 21:08:48 | 000,456,048 | ---- | M] (GFI Software) [Auto | Running] -- C:\Program Files (x86)\GFI Software\VIPRE Business\EnterpriseService.exe -- (VIPRE Business Service) SRV - [2011/09/01 02:22:18 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor10.0) SRV - [2011/07/19 11:59:30 | 000,126,392 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe -- (PCCUJobMgr) SRV - [2011/07/11 21:16:06 | 000,057,216 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo) SRV - [2010/05/20 20:15:00 | 000,110,736 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr) SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010/03/11 18:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - [2012/06/02 12:30:29 | 000,033,096 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbamchameleon.sys -- (mbamchameleon) DRV:[b]64bit:[/b] - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:[b]64bit:[/b] - [2011/04/20 21:00:52 | 009,256,960 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:[b]64bit:[/b] - [2011/04/20 19:39:58 | 000,300,544 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:[b]64bit:[/b] - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:[b]64bit:[/b] - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:[b]64bit:[/b] - [2011/02/23 21:14:44 | 001,142,376 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce) DRV:[b]64bit:[/b] - [2011/02/08 23:07:00 | 000,038,096 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect) DRV:[b]64bit:[/b] - [2011/02/03 23:59:06 | 001,413,680 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:[b]64bit:[/b] - [2011/01/13 23:58:30 | 000,413,800 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:[b]64bit:[/b] - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:[b]64bit:[/b] - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:[b]64bit:[/b] - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:[b]64bit:[/b] - [2010/11/17 12:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:[b]64bit:[/b] - [2010/10/29 20:11:42 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:[b]64bit:[/b] - [2010/03/19 03:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:[b]64bit:[/b] - [2009/07/31 00:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst) DRV:[b]64bit:[/b] - [2009/07/14 19:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ) DRV:[b]64bit:[/b] - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:[b]64bit:[/b] - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:[b]64bit:[/b] - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:[b]64bit:[/b] - [2009/06/19 23:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL) DRV:[b]64bit:[/b] - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:[b]64bit:[/b] - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:[b]64bit:[/b] - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:[b]64bit:[/b] - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:[b]64bit:[/b] - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:[b]64bit:[/b] - [2007/04/17 15:51:50 | 000,014,112 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\regi.sys -- (regi) DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {B51D0C86-5974-4BEB-B7E2-102CBC61796E} IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{B51D0C86-5974-4BEB-B7E2-102CBC61796E}: "URL" = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {B51D0C86-5974-4BEB-B7E2-102CBC61796E} IE - HKLM\..\SearchScopes\{B51D0C86-5974-4BEB-B7E2-102CBC61796E}: "URL" = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKCU\..\SearchScopes,DefaultScope = {B51D0C86-5974-4BEB-B7E2-102CBC61796E} IE - HKCU\..\SearchScopes\{392DA89D-7688-4FF9-A2F3-CE4F46CFB64A}: "URL" = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP IE - HKCU\..\SearchScopes\{B51D0C86-5974-4BEB-B7E2-102CBC61796E}: "URL" = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP_enUS478 IE - HKCU\..\SearchScopes\{E83E9660-FD39-48A4-AE4D-2ADDCEF3CFEF}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3197087 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local> [color=#E56717]========== FireFox ==========[/color] FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) O1 HOSTS File: ([2012/07/22 14:25:24 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:[b]64bit:[/b] - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:[b]64bit:[/b] - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (<TOSHIBA>) O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>) O3:[b]64bit:[/b] - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3:[b]64bit:[/b] - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:[b]64bit:[/b] - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:[b]64bit:[/b] - HKLM..\Run: [HSON] C:\Program Files\Toshiba\TBS\HSON.exe (TOSHIBA Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:[b]64bit:[/b] - HKLM..\Run: [TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [TosNC] C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [TosSENotify] C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [TosVolRegulator] C:\Program Files\Toshiba\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [TosWaitSrv] C:\Program Files\Toshiba\TPHM\TosWaitSrv.exe (TOSHIBA Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe (Toshiba) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [ToshibaAppPlace] C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe (Toshiba) O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 72.240.13.7 72.240.13.5 156.154.70.43 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{28E87616-E1FC-4FD7-9BFB-F467E6621248}: DhcpNameServer = 72.240.13.7 72.240.13.5 156.154.70.43 O18:[b]64bit:[/b] - Protocol\Handler\livecall - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\msdaipp - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\msnim - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\mso-offdap - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\mso-offdap11 - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18:[b]64bit:[/b] - Protocol\Filter\text/xml - No CLSID value found O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %* O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...com [@ = ComFile] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) CREATERESTOREPOINT Restore point Set: OTL Restore Point [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2012/07/22 14:30:59 | 000,000,000 | ---D | C] -- C:\windows\temp [2012/07/22 14:25:34 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN [2012/07/22 14:11:44 | 000,000,000 | ---D | C] -- C:\Users\marynbtol\AppData\Local\ElevatedDiagnostics [2012/07/22 13:20:20 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe [2012/07/22 13:20:20 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe [2012/07/22 13:20:20 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe [2012/07/22 13:20:14 | 000,000,000 | ---D | C] -- C:\Qoobox [2012/07/22 13:20:00 | 000,000,000 | ---D | C] -- C:\windows\erdnt [2012/07/21 14:25:37 | 000,000,000 | ---D | C] -- C:\Users\marynbtol\Desktop\Scrapbook Life Journal [2012/07/21 14:25:35 | 000,000,000 | ---D | C] -- C:\Users\marynbtol\Desktop\pse dowloads [2012/07/21 14:25:31 | 000,000,000 | ---D | C] -- C:\Users\marynbtol\Desktop\pics [2012/07/21 14:09:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva [2012/07/21 14:09:07 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva [2012/07/21 13:14:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EaseUS [2012/07/19 15:33:05 | 000,000,000 | ---D | C] -- C:\Users\marynbtol\Desktop\RK_Quarantine [2012/07/19 15:04:37 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro [2012/07/19 13:05:56 | 000,000,000 | ---D | C] -- C:\Users\marynbtol\AppData\Local\CRE [2012/07/19 13:05:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit [2012/07/19 13:05:44 | 000,000,000 | ---D | C] -- C:\Users\marynbtol\AppData\Local\PC_Cleanup_Utility_Inc [2012/07/19 13:05:43 | 000,000,000 | ---D | C] -- C:\Users\marynbtol\AppData\Local\PC Cleanup Utility Inc [2012/07/19 13:05:43 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Cleanup Utility Inc [2012/07/19 13:05:07 | 000,000,000 | ---D | C] -- C:\Users\marynbtol\AppData\Local\Conduit [2012/07/19 13:04:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Cleanup Utility [2012/07/15 20:04:02 | 000,000,000 | ---D | C] -- C:\Users\marynbtol\AppData\Local\Deployment [2012/07/15 20:04:02 | 000,000,000 | ---D | C] -- C:\Users\marynbtol\AppData\Local\Apps [2012/07/14 16:57:12 | 000,000,000 | ---D | C] -- C:\Users\marynbtol\AppData\Local\Apple Computer [2012/07/14 16:57:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012/07/14 16:56:59 | 000,000,000 | ---D | C] -- C:\windows\SysNative\DRVSTORE [2012/07/14 16:55:48 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012/07/14 16:55:47 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2012/07/14 16:55:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2012/07/14 16:55:47 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001} [2012/07/14 16:54:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple [2012/07/14 16:53:53 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2012/07/14 16:53:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour [2012/07/08 17:37:00 | 000,000,000 | ---D | C] -- C:\Users\marynbtol\Desktop\2635 [2012/06/29 08:38:18 | 000,000,000 | ---D | C] -- C:\Users\marynbtol\AppData\Roaming\PCCUStubInstaller [2012/06/26 06:16:51 | 000,000,000 | ---D | C] -- C:\Users\marynbtol\AppData\Local\Tific [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2012/07/22 14:44:14 | 000,024,944 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/07/22 14:44:14 | 000,024,944 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/07/22 14:41:30 | 000,726,316 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2012/07/22 14:41:30 | 000,624,352 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2012/07/22 14:41:30 | 000,106,696 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2012/07/22 14:37:22 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2012/07/22 14:36:40 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2012/07/22 14:36:33 | 117,006,335 | -HS- | M] () -- C:\hiberfil.sys [2012/07/22 14:25:24 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts [2012/07/22 14:06:03 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2012/07/22 14:01:04 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2012/07/21 14:09:07 | 000,001,669 | ---- | M] () -- C:\Users\Public\Desktop\Recuva.lnk [2012/07/20 06:28:54 | 000,001,454 | ---- | M] () -- C:\Users\marynbtol\Desktop\Internet Explorer.lnk [2012/07/19 13:05:58 | 000,000,009 | ---- | M] () -- C:\END [2012/07/14 16:57:07 | 000,001,754 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2012/07/12 14:22:58 | 000,871,168 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys [2012/06/26 06:02:17 | 000,002,315 | ---- | M] () -- C:\Users\Public\Desktop\Toshiba Laptop Checkup.lnk [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2012/07/22 13:45:21 | 000,001,948 | ---- | C] () -- C:\Users\Public\Desktop\TOSHIBA Media Controller.lnk [2012/07/22 13:45:20 | 000,002,315 | ---- | C] () -- C:\Users\Public\Desktop\Toshiba Laptop Checkup.lnk [2012/07/22 13:45:20 | 000,001,816 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2012/07/22 13:20:20 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe [2012/07/22 13:20:20 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe [2012/07/22 13:20:20 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe [2012/07/22 13:20:20 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe [2012/07/22 13:20:20 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe [2012/07/21 14:09:07 | 000,001,669 | ---- | C] () -- C:\Users\Public\Desktop\Recuva.lnk [2012/07/20 06:28:54 | 000,001,454 | ---- | C] () -- C:\Users\marynbtol\Desktop\Internet Explorer.lnk [2012/07/19 15:30:32 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk [2012/07/19 15:30:32 | 000,002,497 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk [2012/07/19 15:30:32 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk [2012/07/19 15:30:32 | 000,002,222 | ---- | C] () -- C:\Users\Public\Desktop\VIPRE Business.lnk [2012/07/19 15:30:32 | 000,001,990 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2012/07/19 15:30:32 | 000,001,912 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Elements 10.lnk [2012/07/19 15:30:32 | 000,001,896 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Photoshop Elements 10.lnk [2012/07/19 15:30:32 | 000,001,754 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2012/07/19 15:30:32 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk [2012/07/19 15:30:32 | 000,001,385 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk [2012/07/19 15:30:32 | 000,001,352 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk [2012/07/19 15:30:32 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk [2012/07/19 15:30:32 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk [2012/07/19 15:30:32 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk [2012/07/19 15:30:32 | 000,001,316 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk [2012/07/19 15:30:32 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk [2012/07/19 15:30:32 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk [2012/07/19 15:30:32 | 000,001,014 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Download Assistant.lnk [2012/07/19 15:30:32 | 000,001,002 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Download Assistant.lnk [2012/07/19 15:30:32 | 000,000,968 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk [2012/07/19 15:30:32 | 000,000,941 | ---- | C] () -- C:\Users\Public\Desktop\EPSON Scan.lnk [2012/07/19 13:20:07 | 000,001,080 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/07/19 13:05:57 | 000,000,009 | ---- | C] () -- C:\END [2012/04/11 07:20:36 | 000,073,220 | ---- | C] () -- C:\windows\SysWow64\EPPICPrinterDB.dat [2012/04/11 07:20:36 | 000,031,053 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern131.dat [2012/04/11 07:20:36 | 000,029,114 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern1.dat [2012/04/11 07:20:36 | 000,027,417 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern121.dat [2012/04/11 07:20:36 | 000,021,021 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern3.dat [2012/04/11 07:20:36 | 000,015,670 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern5.dat [2012/04/11 07:20:36 | 000,013,280 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern2.dat [2012/04/11 07:20:36 | 000,010,673 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern4.dat [2012/04/11 07:20:36 | 000,004,943 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern6.dat [2012/04/11 07:20:36 | 000,001,140 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_PT.dat [2012/04/11 07:20:36 | 000,001,140 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_BP.dat [2012/04/11 07:20:36 | 000,001,137 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_ES.dat [2012/04/11 07:20:36 | 000,001,130 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_FR.dat [2012/04/11 07:20:36 | 000,001,130 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_CF.dat [2012/04/11 07:20:36 | 000,001,104 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_EN.dat [2012/04/11 07:20:36 | 000,000,097 | ---- | C] () -- C:\windows\SysWow64\PICSDK.ini [2012/04/11 07:16:54 | 000,000,051 | ---- | C] () -- C:\windows\EPART725.ini [2012/04/10 08:05:31 | 000,000,376 | ---- | C] () -- C:\windows\ODBC.INI [2012/01/10 16:02:16 | 000,451,072 | ---- | C] () -- C:\windows\SysWow64\ISSRemoveSP.exe [2012/01/10 15:57:31 | 000,128,312 | ---- | C] () -- C:\windows\SysWow64\GFNEX.dll [2012/01/10 15:56:45 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin [2012/01/10 15:54:12 | 000,003,155 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat [2011/02/03 23:56:58 | 000,066,856 | ---- | C] () -- C:\windows\SysWow64\SynTPEnhPS.dll [color=#E56717]========== LOP Check ==========[/color] [2012/04/08 17:52:03 | 000,000,000 | ---D | M] -- C:\Users\marynbtol\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2012/04/13 09:49:39 | 000,000,000 | ---D | M] -- C:\Users\marynbtol\AppData\Roaming\Epson [2012/04/17 15:48:11 | 000,000,000 | ---D | M] -- C:\Users\marynbtol\AppData\Roaming\GFI Software [2012/05/07 20:52:16 | 000,000,000 | ---D | M] -- C:\Users\marynbtol\AppData\Roaming\No Company Name [2012/06/29 08:38:18 | 000,000,000 | ---D | M] -- C:\Users\marynbtol\AppData\Roaming\PCCUStubInstaller [2012/04/07 18:36:58 | 000,000,000 | ---D | M] -- C:\Users\marynbtol\AppData\Roaming\Tific [2012/04/07 18:04:52 | 000,000,000 | ---D | M] -- C:\Users\marynbtol\AppData\Roaming\Toshiba [2012/04/07 18:01:16 | 000,000,000 | ---D | M] -- C:\Users\marynbtol\AppData\Roaming\WinBatch [2009/07/14 01:08:49 | 000,013,138 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color] [color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*.exe >[/color] [color=#A23BEC]< %APPDATA%\*. >[/color] [2012/04/09 15:52:22 | 000,000,000 | ---D | M] -- C:\Users\marynbtol\AppData\Roaming\Adobe [2012/07/14 17:13:42 | 000,000,000 | ---D | M] -- C:\Users\marynbtol\AppData\Roaming\Apple Computer [2012/04/07 18:02:49 | 000,000,000 | ---D | M] -- C:\Users\marynbtol\AppData\Roaming\ATI [2012/04/08 17:52:03 | 000,000,000 | ---D | M] -- C:\Users\marynbtol\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2012/04/13 09:49:39 | 000,000,000 | ---D | M] -- C:\Users\marynbtol\AppData\Roaming\Epson [2012/04/17 15:48:11 | 000,000,000 | ---D | M] -- C:\Users\marynbtol\AppData\Roaming\GFI Software [2012/04/08 07:09:42 | 000,000,000 | ---D | M] -- C:\Users\marynbtol\AppData\Roaming\Google [2012/04/07 18:02:16 | 000,000,000 | ---D | M] -- C:\Users\marynbtol\AppData\Roaming\Identities [2012/04/11 07:04:23 | 000,000,000 | ---D | M] -- C:\Users\marynbtol\AppData\Roaming\InstallShield [2011/07/26 22:49:31 | 000,000,000 | ---D | M] -- C:\Users\marynbtol\AppData\Roaming\Macromedia [2012/06/02 12:35:23 | 000,000,000 | ---D | M] -- C:\Users\marynbtol\AppData\Roaming\Malwarebytes [2010/11/21 03:16:41 | 000,000,000 | ---D | M] -- C:\Users\marynbtol\AppData\Roaming\Media Center Programs [2012/05/08 04:08:35 | 000,000,000 | --SD | M] -- C:\Users\marynbtol\AppData\Roaming\Microsoft [2012/05/07 20:52:16 | 000,000,000 | ---D | M] -- C:\Users\marynbtol\AppData\Roaming\No Company Name [2012/06/29 08:38:18 | 000,000,000 | ---D | M] -- C:\Users\marynbtol\AppData\Roaming\PCCUStubInstaller [2012/04/07 18:36:58 | 000,000,000 | ---D | M] -- C:\Users\marynbtol\AppData\Roaming\Tific [2012/04/07 18:04:52 | 000,000,000 | ---D | M] -- C:\Users\marynbtol\AppData\Roaming\Toshiba [2012/04/07 18:01:16 | 000,000,000 | ---D | M] -- C:\Users\marynbtol\AppData\Roaming\WinBatch [color=#A23BEC]< MD5 for: ATAPI.SYS >[/color] [2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\erdnt\cache64\atapi.sys [2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\drivers\atapi.sys [2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys [color=#A23BEC]< MD5 for: CSRSS.EXE >[/color] [2009/07/13 21:39:02 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=60C2862B4BF0FD9F582EF344C2B1EC72 -- C:\windows\SysNative\csrss.exe [2009/07/13 21:39:02 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=60C2862B4BF0FD9F582EF344C2B1EC72 -- C:\Windows\winsxs\amd64_microsoft-windows-csrss_31bf3856ad364e35_6.1.7600.16385_none_b4d8d57efdc6b4f3\csrss.exe [color=#A23BEC]< MD5 for: EXPLORER.EXE >[/color] [2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\erdnt\cache86\explorer.exe [2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe [2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011/02/26 02:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010/11/20 23:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2010/11/20 23:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe [color=#A23BEC]< MD5 for: PRINTISOLATIONHOST.EXE >[/color] [2009/07/13 21:39:27 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=22F020C76E339EB2B2187BA73A7E4173 -- C:\windows\SysNative\PrintIsolationHost.exe [2009/07/13 21:39:27 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=22F020C76E339EB2B2187BA73A7E4173 -- C:\Windows\winsxs\amd64_microsoft-windows-p..ng-server-isolation_31bf3856ad364e35_6.1.7600.16385_none_f8a40495785334a9\PrintIsolationHost.exe [color=#A23BEC]< MD5 for: SVCHOST.EXE >[/color] [2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe [2011/03/01 04:10:51 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=635455A95EB8EC47AC72142E501465ED -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7601.21671_none_14271b75353e4391\svchost.exe [2011/03/01 04:07:49 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=6F68F63794097E54F36474ED4384B759 -- C:\Windows\erdnt\cache64\svchost.exe [2011/03/01 04:07:49 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=6F68F63794097E54F36474ED4384B759 -- C:\windows\SysNative\svchost.exe [2011/03/01 04:07:49 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=6F68F63794097E54F36474ED4384B759 -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7601.17568_none_13af509c1c123937\svchost.exe [2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe [2011/03/01 04:07:49 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=A91A288C91F9D9F1CFA4FAA9893C4D55 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7601.21671_none_b8087ff17ce0d25b\svchost.exe [2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe [2011/03/01 04:05:31 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=ECDB182F885292145826C58252B53000 -- C:\Windows\erdnt\cache86\svchost.exe [2011/03/01 04:05:31 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=ECDB182F885292145826C58252B53000 -- C:\Windows\SysWOW64\svchost.exe [2011/03/01 04:05:31 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=ECDB182F885292145826C58252B53000 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7601.17568_none_b790b51863b4c801\svchost.exe [color=#A23BEC]< MD5 for: USERINIT.EXE >[/color] [2010/11/20 23:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache86\userinit.exe [2010/11/20 23:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010/11/20 23:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2010/11/20 23:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\erdnt\cache64\userinit.exe [2010/11/20 23:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\windows\SysNative\userinit.exe [2010/11/20 23:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe [color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color] [2010/11/20 23:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\erdnt\cache64\winlogon.exe [2010/11/20 23:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\windows\SysNative\winlogon.exe [2010/11/20 23:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [color=#A23BEC]< %systemroot%\*. /mp /s >[/color] [color=#A23BEC]< hklm\software\clients\startmenuinternet|command /rs >[/color] HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --show-icons [2012/07/10 00:09:02 | 001,250,328 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --hide-icons [2012/07/10 00:09:02 | 001,250,328 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/07/10 00:09:02 | 001,250,328 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [2012/07/10 00:09:02 | 001,250,328 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/07/26 22:39:26 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/07/26 22:39:26 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/07/26 22:39:26 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2012/06/02 05:08:27 | 000,748,664 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" [2012/06/02 05:08:27 | 000,748,664 | ---- | M] (Microsoft Corporation) [color=#A23BEC]< hklm\software\clients\startmenuinternet|command /64 /rs >[/color] 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --SHOW-ICONS [2012/07/10 00:09:02 | 001,250,328 | ---- | M] (Google Inc.) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --HIDE-ICONS [2012/07/10 00:09:02 | 001,250,328 | ---- | M] (Google Inc.) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --MAKE-DEFAULT-BROWSER [2012/07/10 00:09:02 | 001,250,328 | ---- | M] (Google Inc.) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" [2012/07/10 00:09:02 | 001,250,328 | ---- | M] (Google Inc.) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2011/07/26 22:39:25 | 000,089,088 | ---- | M] (Microsoft Corporation) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2011/07/26 22:39:25 | 000,089,088 | ---- | M] (Microsoft Corporation) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2011/07/26 22:39:25 | 000,089,088 | ---- | M] (Microsoft Corporation) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2012/06/02 05:08:27 | 000,748,664 | ---- | M] (Microsoft Corporation) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" [2012/06/02 05:08:27 | 000,748,664 | ---- | M] (Microsoft Corporation) [color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color] [color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >[/color] [color=#A23BEC]< %systemroot%\system32\drivers\*.sys /lockedfiles >[/color] < End of report > [/QUOTE]
Insert quotes…
Verification
Post reply
Top
