OTL logfile created on: 4/20/2012 3:14:23 PM - Run 2 OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Owner\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.80 Gb Total Physical Memory | 1.39 Gb Available Physical Memory | 36.43% Memory free 7.61 Gb Paging File | 4.79 Gb Available in Paging File | 63.04% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 453.89 Gb Total Space | 349.73 Gb Free Space | 77.05% Space Free | Partition Type: NTFS Drive G: | 1.84 Gb Total Space | 0.83 Gb Free Space | 44.99% Space Free | Partition Type: FAT Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2012/04/13 20:13:02 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe PRC - [2012/01/17 00:18:36 | 000,138,232 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton AntiVirus\Engine\19.6.2.10\ccsvchst.exe PRC - [2011/08/01 12:05:37 | 000,243,360 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10u_ActiveX.exe PRC - [2009/10/28 14:15:10 | 000,304,496 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe PRC - [2009/10/02 16:26:12 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2009/10/02 16:26:10 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2009/09/30 22:34:22 | 002,314,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2009/09/30 22:33:08 | 000,262,144 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2009/07/28 23:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe PRC - [2009/06/22 18:58:13 | 007,161,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Streets & Trips 2010\Streets.exe PRC - [2009/03/10 21:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe PRC - [2007/04/16 09:18:04 | 000,099,840 | ---- | M] (a la mode, inc.) -- C:\Program Files (x86)\a la mode\Sched\eSched.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2012/04/12 08:13:40 | 001,670,144 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\3ce70b84dbb9970e1893672c5d430c80\Microsoft.VisualBasic.ni.dll MOD - [2012/04/12 06:55:36 | 011,833,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\507b4ca18da9d2fde2e51a1f04593443\System.Web.ni.dll MOD - [2012/04/12 06:55:06 | 012,433,408 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\262285b3d0afafc5059f3fe9be69bff5\System.Windows.Forms.ni.dll MOD - [2012/04/12 06:54:58 | 001,590,784 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8177623eac8f15cf95b587625439eac7\System.Drawing.ni.dll MOD - [2012/02/15 10:11:12 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll MOD - [2012/02/15 10:10:19 | 003,347,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll MOD - [2012/02/15 10:10:13 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll MOD - [2012/02/15 10:10:09 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll MOD - [2012/02/15 10:10:08 | 007,967,232 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll MOD - [2011/10/15 09:32:25 | 000,220,672 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\2c2215e99c21daeec6bf697cf7bcf103\CustomMarshalers.ni.dll MOD - [2011/10/15 09:01:49 | 000,025,600 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\31fce331fded94dd06627603f6fe4562\Accessibility.ni.dll MOD - [2011/10/15 09:01:17 | 011,490,304 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll MOD - [2010/11/04 20:57:39 | 000,069,120 | ---- | M] () -- C:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll MOD - [2009/07/13 20:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb40.dll MOD - [2006/11/17 18:18:50 | 000,122,880 | ---- | M] () -- C:\Windows\SysWOW64\ala32.dll MOD - [1999/02/12 23:43:50 | 000,532,537 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\Web Folders\MSONSEXT.DLL [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - [2009/11/13 12:28:38 | 000,129,536 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService) SRV:[b]64bit:[/b] - [2009/11/10 16:54:54 | 000,824,688 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv) SRV:[b]64bit:[/b] - [2009/10/29 17:14:02 | 000,489,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv) SRV:[b]64bit:[/b] - [2009/10/21 12:30:36 | 000,531,520 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\ThpSrv.exe -- (Thpsrv) SRV:[b]64bit:[/b] - [2009/09/28 17:46:02 | 000,251,760 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service) SRV:[b]64bit:[/b] - [2009/07/28 18:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv) SRV:[b]64bit:[/b] - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2012/01/17 00:18:36 | 000,138,232 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton AntiVirus\Engine\19.6.2.10\ccSvcHst.exe -- (NAV) SRV - [2010/11/29 15:58:30 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo) SRV - [2010/09/10 15:46:32 | 000,045,056 | ---- | M] (Intuit) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService) SRV - [2010/09/02 18:01:50 | 000,121,416 | ---- | M] (SmithMicro Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\AT&T\Communication Manager\RcAppSvc.exe -- (ATTRcAppSvc) SRV - [2010/09/02 17:59:34 | 000,125,512 | ---- | M] (SmithMicro Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\AT&T\Communication Manager\ConAppsSvc.exe -- (CAATT) SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/11/06 12:00:22 | 004,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Disabled | Stopped] -- C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeper.exe -- (WebrootSpySweeperService) SRV - [2009/10/27 23:12:14 | 000,252,784 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService) SRV - [2009/10/02 16:26:12 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R) SRV - [2009/09/30 22:34:22 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R) SRV - [2009/09/30 22:33:08 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R) SRV - [2009/07/23 21:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService) SRV - [2009/06/16 09:58:08 | 000,020,480 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService) SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009/03/10 21:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - [2012/04/10 14:31:55 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent) DRV:[b]64bit:[/b] - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:[b]64bit:[/b] - [2012/01/17 17:46:01 | 000,405,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1306020.00A\symnets.sys -- (SymNetS) DRV:[b]64bit:[/b] - [2012/01/17 17:45:57 | 001,092,728 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NAVx64\1306020.00A\symefa64.sys -- (SymEFA) DRV:[b]64bit:[/b] - [2012/01/17 17:35:24 | 000,190,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1306020.00A\ironx64.sys -- (SymIRON) DRV:[b]64bit:[/b] - [2012/01/17 17:33:51 | 000,738,936 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NAVx64\1306020.00A\srtsp64.sys -- (SRTSP) DRV:[b]64bit:[/b] - [2012/01/17 17:33:51 | 000,037,496 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1306020.00A\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL) DRV:[b]64bit:[/b] - [2011/11/29 17:44:29 | 000,167,048 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1306020.00A\ccsetx64.sys -- (ccSet_NAV) DRV:[b]64bit:[/b] - [2011/11/24 23:23:32 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.) DRV:[b]64bit:[/b] - [2011/11/24 23:23:28 | 000,098,616 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.) DRV:[b]64bit:[/b] - [2011/07/25 21:18:35 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NAVx64\1306020.00A\symds64.sys -- (SymDS) DRV:[b]64bit:[/b] - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:[b]64bit:[/b] - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:[b]64bit:[/b] - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:[b]64bit:[/b] - [2011/02/16 18:23:46 | 000,074,240 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb) DRV:[b]64bit:[/b] - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:[b]64bit:[/b] - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:[b]64bit:[/b] - [2010/11/20 04:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:[b]64bit:[/b] - [2010/09/02 17:54:06 | 000,039,552 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\windows\SysNative\drivers\tcpipBM.sys -- (tcpipBM) DRV:[b]64bit:[/b] - [2010/09/02 17:54:06 | 000,016,512 | ---- | M] (Bytemobile, Inc.) [Kernel | Boot | Unknown] -- C:\Windows\SysNative\drivers\BMLoad.sys -- (BMLoad) DRV:[b]64bit:[/b] - [2010/09/02 17:46:38 | 000,043,032 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\PCTINDIS5X64.sys -- (PCTINDIS5X64) DRV:[b]64bit:[/b] - [2010/08/03 02:23:04 | 000,100,472 | ---- | M] (Juniper Networks) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NEOFLTR_650_16339.SYS -- (NEOFLTR_650_16339) Juniper Networks TDI Filter Driver (NEOFLTR_650_16339) DRV:[b]64bit:[/b] - [2010/04/26 17:23:08 | 001,103,904 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se) DRV:[b]64bit:[/b] - [2010/04/26 16:04:46 | 000,050,008 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\swmsflt.sys -- (swmsflt) DRV:[b]64bit:[/b] - [2010/03/19 04:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:[b]64bit:[/b] - [2009/12/28 10:37:44 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort) DRV:[b]64bit:[/b] - [2009/11/06 12:00:36 | 000,135,280 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ssidrv.sys -- (ssidrv) DRV:[b]64bit:[/b] - [2009/11/06 12:00:34 | 000,037,488 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ssfs0bbc.sys -- (ssfs0bbc) DRV:[b]64bit:[/b] - [2009/10/30 14:23:16 | 007,770,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:[b]64bit:[/b] - [2009/10/30 09:56:34 | 000,244,736 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R) DRV:[b]64bit:[/b] - [2009/10/26 15:39:44 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:[b]64bit:[/b] - [2009/10/15 23:11:26 | 000,307,760 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:[b]64bit:[/b] - [2009/10/02 15:58:58 | 000,537,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:[b]64bit:[/b] - [2009/09/17 15:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R) DRV:[b]64bit:[/b] - [2009/08/12 15:52:54 | 000,280,064 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\swnc8ua3.sys -- (SWNC8UA3) Sierra Wireless MUX NDIS Driver (UMTSA3) DRV:[b]64bit:[/b] - [2009/07/30 23:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst) DRV:[b]64bit:[/b] - [2009/07/28 21:24:12 | 000,081,408 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdpe64.sys -- (risdpcie) DRV:[b]64bit:[/b] - [2009/07/24 18:57:08 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64) DRV:[b]64bit:[/b] - [2009/07/22 16:47:06 | 000,199,552 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\swumxa3.sys -- (SWUMXA3) Sierra Wireless USB MUX Driver (UMTSA3) DRV:[b]64bit:[/b] - [2009/07/14 18:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ) DRV:[b]64bit:[/b] - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:[b]64bit:[/b] - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:[b]64bit:[/b] - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:[b]64bit:[/b] - [2009/07/13 20:18:06 | 000,281,088 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrSerIb.sys -- (BrSerIb) Brother MFC Serial Interface Driver(WDM) DRV:[b]64bit:[/b] - [2009/07/13 19:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV:[b]64bit:[/b] - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam) DRV:[b]64bit:[/b] - [2009/07/13 19:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM) DRV:[b]64bit:[/b] - [2009/07/07 11:51:42 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FwLnk.sys -- (FwLnk) DRV:[b]64bit:[/b] - [2009/07/04 22:27:02 | 000,055,808 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpe64.sys -- (rixdpcie) DRV:[b]64bit:[/b] - [2009/07/02 11:54:52 | 000,060,416 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspe64.sys -- (rimspci) DRV:[b]64bit:[/b] - [2009/06/29 19:16:20 | 000,014,784 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Thpevm.sys -- (Thpevm) DRV:[b]64bit:[/b] - [2009/06/29 13:25:22 | 000,034,880 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\thpdrv.sys -- (Thpdrv) DRV:[b]64bit:[/b] - [2009/06/22 20:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect) DRV:[b]64bit:[/b] - [2009/06/19 22:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL) DRV:[b]64bit:[/b] - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92) DRV:[b]64bit:[/b] - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac) DRV:[b]64bit:[/b] - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA) DRV:[b]64bit:[/b] - [2009/06/10 15:41:10 | 000,015,360 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrUsbSIb.sys -- (BrUsbSIb) Brother MFC Serial USB Driver(WDM) DRV:[b]64bit:[/b] - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:[b]64bit:[/b] - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:[b]64bit:[/b] - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:[b]64bit:[/b] - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:[b]64bit:[/b] - [2009/02/13 12:02:52 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM) DRV:[b]64bit:[/b] - [2007/04/09 11:09:46 | 000,012,288 | ---- | M] (Waytech Development, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UsbFltr.sys -- (UsbFltr) DRV - [2012/04/16 09:09:08 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\VirusDefs\20120415.016\ex64.sys -- (NAVEX15) DRV - [2012/04/16 09:09:08 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\VirusDefs\20120415.016\eng64.sys -- (NAVENG) DRV - [2012/04/10 14:07:51 | 000,482,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl) DRV - [2012/04/10 14:07:51 | 000,138,360 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2012/04/06 23:33:42 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\IPSDefs\20120413.001\IDSviA64.sys -- (IDSVia64) DRV - [2012/04/02 23:39:56 | 001,160,824 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\BASHDefs\20120402.001\BHDrvx64.sys -- (BHDrvx64) DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {34E4D7B0-A090-4ED0-9E5B-733A3D2611A8} IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{34E4D7B0-A090-4ED0-9E5B-733A3D2611A8}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {A3BF5015-B555-4F7E-B5A3-02AEB6AA69BE} IE - HKLM\..\SearchScopes\{A3BF5015-B555-4F7E-B5A3-02AEB6AA69BE}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-21-3052806113-3384940399-32596223-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-3052806113-3384940399-32596223-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKU\S-1-5-21-3052806113-3384940399-32596223-1000\..\SearchScopes,DefaultScope = {47FE613F-A83F-46A7-B1D4-1DBA1B657307} IE - HKU\S-1-5-21-3052806113-3384940399-32596223-1000\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://supertoolbar.ask.com/redirect?client=ie&tb=WBR&o=&src=crm&q={searchTerms}&locale={locale.underscore} IE - HKU\S-1-5-21-3052806113-3384940399-32596223-1000\..\SearchScopes\{47FE613F-A83F-46A7-B1D4-1DBA1B657307}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA_enUS370 IE - HKU\S-1-5-21-3052806113-3384940399-32596223-1000\..\SearchScopes\{A3BF5015-B555-4F7E-B5A3-02AEB6AA69BE}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA IE - HKU\S-1-5-21-3052806113-3384940399-32596223-1000\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=NIS&chn=retail&geo=US&ver=19 IE - HKU\S-1-5-21-3052806113-3384940399-32596223-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3052806113-3384940399-32596223-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = [color=#E56717]========== FireFox ==========[/color] FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll () FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ClickPotatoLite@ClickPotatoLite.com: C:\Program Files (x86)\ClickPotatoLite\bin\10.0.630.0\firefox\extensions FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\IPSFFPlgn\ [2012/04/10 14:29:06 | 000,000,000 | ---D | M] [2011/05/13 14:05:14 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll [2011/05/13 14:05:14 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol500.dll O1 HOSTS File: ([2012/04/15 16:38:55 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:[b]64bit:[/b] - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\19.6.2.10\ips\ipsbho.dll (Symantec Corporation) O3:[b]64bit:[/b] - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3:[b]64bit:[/b] - HKU\S-1-5-21-3052806113-3384940399-32596223-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:[b]64bit:[/b] - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [HotKeysCmds] C:\windows\SysNative\hkcmd.exe (Intel Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [IgfxTray] C:\windows\SysNative\igfxtray.exe (Intel Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [Persistence] C:\windows\SysNative\igfxpers.exe (Intel Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [ThpSrv] C:\windows\SysNative\thpsrv.exe (TOSHIBA Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [The Assistant] C:\Program Files (x86)\a la mode\Sched\eSched.exe (a la mode, inc.) O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3052806113-3384940399-32596223-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3052806113-3384940399-32596223-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1 O7 - HKU\S-1-5-21-3052806113-3384940399-32596223-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:[b]64bit:[/b] - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found O8:[b]64bit:[/b] - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000 File not found O8:[b]64bit:[/b] - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found O15 - HKU\S-1-5-21-3052806113-3384940399-32596223-1000\..Trusted Domains: atmprof.com ([www] https in Trusted sites) O15 - HKU\S-1-5-21-3052806113-3384940399-32596223-1000\..Trusted Domains: parlogic.com ([vgsdelivery] https in Trusted sites) O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab (DLM Control) O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab (Reg Error: Key error.) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} http://floridakeysmedia.tv/axiscam/Codebase/AxisCamControl.ocx (CamImage Class) O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://bhcportal.ebaptisthealthcare.org/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class) O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} http://www.mobile-propertytaxapps.com/taxmaps/acgm/acgm.cab (ActiveCGM Control) O16 - DPF: {F9CD2233-6744-47C1-A6AE-00C30A35F73D} https://myaccount.cox.net/internettools/scripts/Inspector.cab (CAssessmentCtl Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 97.64.209.36 97.64.168.13 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{15AB1454-D1AB-4F5D-9EFC-5E638271EDF4}: NameServer = 209.183.35.23 209.183.33.23 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7B674403-F997-44CB-A927-2069618EAC04}: DhcpNameServer = 97.64.209.36 97.64.168.13 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EB346950-D8C1-41EA-8736-EC1C85CB8476}: NameServer = 209.183.35.23 209.183.33.23 O18:[b]64bit:[/b] - Protocol\Handler\intu-help-qb3 - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\ipp - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\ipp\0x00000001 - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\msdaipp - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\ms-itss - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\qbwc - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\intu-help-qb3 {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files (x86)\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:[b]64bit:[/b] - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %* O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...com [@ = ComFile] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color] [2012/04/20 08:27:51 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{DFAB96B8-22DB-481F-BF11-789574E712CD} [2012/04/19 09:36:59 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{B6E32139-8402-4CD0-8359-5B60F299D86B} [2012/04/18 10:57:23 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{1778566C-318C-4297-AA96-BA1EB946B866} [2012/04/18 10:57:00 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{27A75131-6250-40EA-AB12-ABD0A5763F21} [2012/04/17 07:03:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012/04/17 07:03:07 | 000,000,000 | -H-D | C] -- C:\windows\AxInstSV [2012/04/16 21:25:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Keyboard [2012/04/16 21:24:46 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliType Pro [2012/04/15 16:44:36 | 000,000,000 | ---D | C] -- C:\windows\temp [2012/04/15 16:38:56 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN [2012/04/15 15:39:21 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe [2012/04/15 15:39:21 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe [2012/04/15 15:39:21 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe [2012/04/15 15:39:11 | 000,000,000 | ---D | C] -- C:\windows\ERDNT [2012/04/15 15:36:09 | 000,000,000 | ---D | C] -- C:\Qoobox [2012/04/15 15:35:25 | 004,463,836 | R--- | C] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe [2012/04/13 20:13:02 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe [2012/04/13 14:12:50 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live [2012/04/13 13:50:37 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{28DDC948-FE89-4517-B621-BC804120AD6B} [2012/04/12 22:10:32 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{CF1EE33B-5855-4A78-A7DF-ACA0E22D03FE} [2012/04/12 06:52:36 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{0FBCA756-F5FA-4579-805E-BFA3DA1B43A8} [2012/04/12 06:30:38 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{FC62BDD3-9FC7-44A0-8830-7127DAE8E5AD} [2012/04/11 10:59:49 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{9250E0FB-7AA5-4463-85EF-8061266AC753} [2012/04/11 10:53:58 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll [2012/04/11 10:53:58 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll [2012/04/11 10:53:57 | 002,311,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll [2012/04/11 10:53:57 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll [2012/04/11 10:53:57 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll [2012/04/11 10:53:57 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll [2012/04/11 10:53:57 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll [2012/04/11 10:53:56 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl [2012/04/11 10:53:56 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl [2012/04/11 10:53:56 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll [2012/04/11 10:53:56 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll [2012/04/11 10:53:40 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe [2012/04/11 10:53:40 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe [2012/04/11 10:53:39 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe [2012/04/11 10:51:18 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\imagehlp.dll [2012/04/11 10:51:18 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\fs_rec.sys [2012/04/11 10:51:15 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wintrust.dll [2012/04/10 22:57:59 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{2704036B-512C-43E4-B6E4-6772D35161D6} [2012/04/10 14:31:45 | 001,092,728 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NAVx64\1306020.00A\symefa64.sys [2012/04/10 14:31:45 | 000,405,624 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NAVx64\1306020.00A\symnets.sys [2012/04/10 14:31:44 | 000,738,936 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NAVx64\1306020.00A\srtsp64.sys [2012/04/10 14:31:44 | 000,451,192 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NAVx64\1306020.00A\symds64.sys [2012/04/10 14:31:44 | 000,190,072 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NAVx64\1306020.00A\ironx64.sys [2012/04/10 14:31:44 | 000,167,048 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NAVx64\1306020.00A\ccsetx64.sys [2012/04/10 14:31:44 | 000,037,496 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NAVx64\1306020.00A\srtspx64.sys [2012/04/10 14:31:13 | 000,000,000 | ---D | C] -- C:\windows\SysNative\drivers\NAVx64\1306020.00A [2012/04/10 14:06:04 | 000,175,736 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\SYMEVENT64x86.SYS [2012/04/10 14:06:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared [2012/04/10 14:06:04 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec [2012/04/10 14:04:56 | 000,000,000 | ---D | C] -- C:\windows\SysNative\drivers\NAVx64 [2012/04/10 14:04:53 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton AntiVirus [2012/04/10 14:04:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton AntiVirus [2012/04/10 14:01:22 | 000,000,000 | ---D | C] -- C:\ProgramData\PCSettings [2012/04/10 13:59:28 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Norton AntiVirus 2012 3User [2012/04/10 13:39:41 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton [2012/04/10 12:51:52 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\NPE [2012/04/10 12:44:46 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\Symantec [2012/04/10 12:40:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller [2012/04/10 12:39:18 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Norton Internet Security 2012 3User [2012/04/10 10:22:17 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{D38D9644-C36C-4661-9014-BD82E5435570} [2012/04/10 08:53:28 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{D641C3C5-C7B1-4900-9C61-869149CAAB6B} [2012/04/05 07:18:19 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{CEBA918C-889F-447F-87E3-46754E480850} [2012/04/04 19:00:29 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{F184A5D3-0E89-4ABC-B5B4-368411DD1E80} [2012/04/04 07:00:38 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{CF8B4E8D-DA23-4BE6-B9FD-BF47D165384A} [2012/04/03 06:49:10 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{882198E2-B805-4F34-BFF9-9F1A7F4AEEE0} [2012/04/02 10:22:14 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{D0D01F4E-4716-4276-BD29-5993856448A6} [2012/04/01 22:22:20 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{3B63251B-6BF4-45CC-99AB-D08723C67BFB} [2012/04/01 09:28:24 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{566D3157-CDFF-471F-B2DF-CB0C5F40FCD4} [2012/03/31 13:06:43 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\Mom [2012/03/31 12:48:49 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{94DC985C-E61E-47AB-93B8-F7EB448154C0} [2012/03/30 13:22:07 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{94C0415E-67C8-4026-B449-7E935AAD04F8} [2012/03/29 09:28:03 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{D3878139-C1A8-44F3-BC8A-6BE3C7BCCFC5} [2012/03/28 21:27:40 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{9AFAFCAF-326E-4E58-8EC3-95DF0C7DDA64} [2012/03/28 09:27:27 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{7BF38181-9D0B-4483-8A23-56D8C65784B1} [2012/03/28 09:26:11 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{BC8DD0A4-65A3-4725-A56D-81A31D5F692B} [2012/03/27 07:33:19 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{4FBADC44-D095-4987-82A0-6FCBF8AB72AB} [2012/03/27 07:32:57 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{E26203C2-69C9-4D91-A127-6A01928A3343} [2012/03/26 21:26:45 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\iSite [2012/03/26 21:26:44 | 000,000,000 | ---D | C] -- C:\iSiteLogs [2012/03/26 21:12:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Philips [2012/03/26 21:12:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Philips [2012/03/26 21:11:08 | 000,000,000 | ---D | C] -- C:\Users\Owner\HODCCbaptistphysicians.bhcpns.org [2012/03/26 20:58:35 | 000,100,472 | ---- | C] (Juniper Networks) -- C:\windows\SysNative\drivers\NEOFLTR_650_16339.SYS [2012/03/26 20:58:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Juniper Networks [2012/03/26 20:58:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Juniper Networks [2012/03/26 20:17:33 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Juniper Networks [2012/03/26 19:32:31 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{7B12AC41-8C02-4A42-9A07-10D5798F7D5A} [2012/03/26 19:31:11 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{21E1DCDB-430B-4F52-8C60-45B8A0BD9FAA} [2012/03/26 06:30:40 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{7E8D4E74-B253-4B9C-AC81-E1296F884E6E} [2012/03/26 06:30:13 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{E4FD8B05-E0CE-45B8-AB6F-4D05CAC85CF4} [2012/03/25 16:37:51 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{9A39B783-18D6-4F94-8180-8EDE49B91614} [2012/03/25 16:35:45 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{B7509367-BB58-4739-A8F4-21F04A5B1AB4} [2012/03/23 17:05:35 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{223B8414-64EA-41B4-AC8E-827E232C23B1} [2012/03/22 16:10:46 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{0439E331-5B67-49FD-86E3-9868CCE00F0D} [2012/03/21 08:11:06 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{9BBDAF63-4FA1-43E3-96D5-CF0858882003} [2012/03/21 08:07:58 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{A8D080DD-E3E4-46C6-82BA-43B1B02BCCC2} [2012/03/20 18:42:58 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{A47E546A-E4E4-4AF4-B134-C32DC0201AE3} [2012/03/20 18:42:36 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{8E8D2111-5CCF-46DF-8D95-CCD922E1BF42} [2012/03/20 06:42:24 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{D79DFEF0-3025-4085-803D-CFCD660A3F75} [2012/03/20 06:42:02 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{4FF72BDA-2944-41A7-A5C8-2BBF1F26474B} [2012/03/19 18:41:50 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{5DE780FB-F479-4789-BC2E-720963FD697E} [2012/03/19 18:41:28 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{4BA5033A-C730-4C1B-8549-0F9D3FED9128} [2012/03/19 06:41:01 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{0D04603E-A471-4BCC-88FC-C5A114C7D535} [2012/03/19 06:39:47 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{896ACB56-366F-4B12-9BB0-AF1A56255A6D} [2012/03/18 07:36:42 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{DFCB11BC-F637-414B-B1F9-87C6DFA7A20A} [2012/03/18 07:34:55 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{2EC8BF42-B2AF-47B8-93CB-674CC5C58650} [2012/03/17 17:40:40 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{1FF5E126-801B-473A-9F73-7C10D79A2C29} [2012/03/17 17:40:29 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{6770C071-B5E9-46F7-A642-564A9020FA9A} [2012/03/16 08:15:47 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{94382D45-F076-41B1-9D85-DDA9ACA2F2E0} [2012/03/16 08:15:14 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{579614C2-1E59-4C59-9EB1-262C9025EAD9} [2012/03/15 22:37:42 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{57481DEA-1D14-4660-A316-EC8BC5FE8163} [2012/03/15 07:10:30 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{3E268375-126D-4B2E-B0B6-6B399F71DF71} [2012/03/15 07:10:17 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{25C73233-230C-43A1-9D7F-D8DCF4FE4593} [2012/03/15 07:02:27 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{FA1483AF-66D4-43FB-B80A-DBF8A8DFD8F3} [2012/03/14 08:56:47 | 001,544,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\DWrite.dll [2012/03/14 08:56:20 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpcorekmts.dll [2012/03/14 08:56:20 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpwsx.dll [2012/03/14 08:56:20 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdrmemptylst.exe [2012/03/14 08:56:19 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpcore.dll [2012/03/14 08:56:19 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\rdpcore.dll [2012/03/14 08:47:58 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{2304E8B9-8E14-47DB-A17B-02E6F09FDAEA} [2012/03/14 08:45:14 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{6D695B35-066C-4FB0-A5E8-E6C2F6CB358C} [2012/03/13 11:52:26 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{535E5143-F3E5-4192-B97D-E75AE00CFB06} [2012/03/13 11:51:15 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{9101DC87-A00E-492F-B5A3-3F3A9A93EBDE} [2012/03/12 21:47:03 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{D10FB192-C75D-46F5-9191-CEAC1D95A3E3} [2012/03/12 21:43:47 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{298E7CB5-2C78-4E37-AC0F-7F8FFCC839DC} [2012/03/12 14:19:42 | 000,000,000 | ---D | C] -- C:\windows\CheckSur [2012/03/12 08:42:02 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{11494478-12C8-452E-A452-B86927AE652B} [2012/03/12 08:41:24 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{3C31C918-EAEE-43F6-A626-89E16785576D} [2012/03/03 06:38:04 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{AC4CEB12-BFCA-493E-8E4D-59F40E782366} [2012/02/29 23:07:21 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{9DB5B7EC-185D-4653-BBB6-49D33C94F999} [2012/02/29 10:12:16 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{DC144614-68A4-4685-AABA-2971268DB207} [2012/02/28 22:13:58 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{ADCC0DB5-047F-42A8-8922-9C4564C377FF} [2012/02/28 10:13:45 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{64989BE3-0E3C-4FD8-87D5-E32030A09D28} [2012/02/28 10:12:24 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{55638B8F-D908-4224-B487-C5A3B0F794B5} [2012/02/27 10:25:44 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{DCA67749-472C-4FAD-8A72-B6A3FEEFF6DC} [2012/02/27 10:22:37 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{54DE2FE0-04D6-428C-95F5-D38AB9A9BC0D} [2012/02/26 11:58:57 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{65088C08-820A-4158-8C21-F4905CBBAC2B} [2012/02/25 07:46:33 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{1308094B-F1C3-4B75-94F7-89FC7BA041D2} [2012/02/25 07:46:11 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{548EE270-3815-40AE-8D16-712289AF0B3A} [2012/02/24 19:45:59 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{06EC6258-E725-4440-B971-52CFA7C1EE30} [2012/02/24 19:45:36 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{1EF709CD-3DB3-4368-8DDE-E2634E83F985} [2012/02/24 07:45:44 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{A6CEC3D7-6705-4B1C-918F-970CC1F5B3C8} [2012/02/23 10:19:09 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{9DBE7AE6-90EB-418B-8BD2-4A8FCA06029C} [2012/02/22 16:11:36 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{9C521F43-ACD1-47D0-8786-E0971759B44D} [2012/02/22 16:10:18 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{378C00D1-B91B-475B-9DBA-A112781E83E5} [2012/02/21 10:32:07 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{78583605-BC28-424A-8DB0-C2E348E9AAF0} [2012/02/21 10:30:49 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{783408C8-CC1C-4C94-84E4-B8D229ABCF32} [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] [color=#E56717]========== Files - Modified Within 60 Days ==========[/color] [2012/04/20 15:16:01 | 000,000,898 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2012/04/20 12:00:30 | 000,021,184 | ---- | M] () -- C:\Users\Owner\Desktop\Baldwin Marinas.pdf [2012/04/20 11:56:14 | 000,073,528 | ---- | M] () -- C:\Users\Owner\Desktop\Escambia Sales.pdf [2012/04/20 09:16:00 | 000,000,894 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2012/04/20 08:27:35 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2012/04/18 10:26:16 | 000,015,792 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/04/18 10:26:16 | 000,015,792 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/04/18 10:19:53 | 000,053,066 | ---- | M] () -- C:\windows\alaredun.ini [2012/04/18 10:19:29 | 000,003,111 | ---- | M] () -- C:\windows\alamode.ini [2012/04/18 10:18:22 | 000,377,864 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT [2012/04/18 10:18:07 | 3063,029,760 | -HS- | M] () -- C:\hiberfil.sys [2012/04/18 10:13:04 | 000,000,375 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts.ics [2012/04/18 09:23:06 | 000,792,066 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2012/04/18 09:23:06 | 000,671,120 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2012/04/18 09:23:06 | 000,124,218 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2012/04/17 09:47:43 | 000,001,630 | ---- | M] () -- C:\Users\Owner\Desktop\log - Shortcut.lnk [2012/04/17 08:50:43 | 000,171,747 | ---- | M] () -- C:\Users\Owner\Desktop\123.pdf [2012/04/16 21:24:58 | 002,121,681 | ---- | M] () -- C:\windows\SysNative\drivers\NAVx64\1306020.00A\Cat.DB [2012/04/15 16:38:55 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts [2012/04/15 15:35:35 | 004,463,836 | R--- | M] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe [2012/04/15 13:17:05 | 000,012,287 | ---- | M] () -- C:\Users\Owner\Desktop\Eating 2011.pdf [2012/04/15 13:09:39 | 000,013,157 | ---- | M] () -- C:\Users\Owner\Desktop\Auto & Gas 2011.pdf [2012/04/13 20:14:36 | 000,000,512 | ---- | M] () -- C:\Users\Owner\Desktop\MBR.dat [2012/04/13 20:13:02 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe [2012/04/12 07:10:52 | 000,008,942 | ---- | M] () -- C:\windows\SysNative\drivers\NAVx64\1306020.00A\VT20120410.034 [2012/04/10 14:39:54 | 000,002,408 | ---- | M] () -- C:\Users\Public\Desktop\Norton AntiVirus.lnk [2012/04/10 14:31:55 | 000,175,736 | ---- | M] (Symantec Corporation) -- C:\windows\SysNative\drivers\SYMEVENT64x86.SYS [2012/04/10 14:31:55 | 000,007,488 | ---- | M] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.CAT [2012/04/10 14:31:55 | 000,000,855 | ---- | M] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.INF [2012/04/10 13:50:15 | 000,001,267 | ---- | M] () -- C:\Users\Owner\Desktop\Norton Installation Files.lnk [2012/04/04 21:04:56 | 470,041,551 | ---- | M] () -- C:\windows\MEMORY.DMP [2012/03/19 23:45:38 | 000,000,172 | ---- | M] () -- C:\windows\SysNative\drivers\NAVx64\1306020.00A\isolate.ini [2012/03/12 17:00:29 | 000,000,242 | ---- | M] () -- C:\windows\MercuryWT.ini [2012/03/12 16:15:06 | 000,000,400 | ---- | M] () -- C:\windows\alafile.dmp [2012/03/06 01:53:37 | 005,559,152 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe [2012/03/06 00:59:47 | 003,968,368 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe [2012/03/06 00:59:41 | 003,913,072 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\drivers\fs_rec.sys [2012/03/01 01:38:27 | 000,220,672 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wintrust.dll [2012/03/01 01:33:50 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\imagehlp.dll [2012/02/28 01:56:48 | 002,311,168 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll [2012/02/28 01:48:57 | 001,493,504 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl [2012/02/28 01:48:36 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\url.dll [2012/02/28 01:45:47 | 000,818,688 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll [2012/02/28 01:43:16 | 000,096,256 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll [2012/02/28 01:39:50 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll [2012/02/27 20:11:21 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl [2012/02/27 20:09:51 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll [2012/02/27 20:06:48 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll [2012/02/27 20:03:31 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll [2012/02/27 19:59:59 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2012/04/20 12:00:30 | 000,021,184 | ---- | C] () -- C:\Users\Owner\Desktop\Baldwin Marinas.pdf [2012/04/20 11:56:14 | 000,073,528 | ---- | C] () -- C:\Users\Owner\Desktop\Escambia Sales.pdf [2012/04/17 09:47:42 | 000,001,630 | ---- | C] () -- C:\Users\Owner\Desktop\log - Shortcut.lnk [2012/04/16 12:39:30 | 000,171,747 | ---- | C] () -- C:\Users\Owner\Desktop\123.pdf [2012/04/15 15:39:21 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe [2012/04/15 15:39:21 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe [2012/04/15 15:39:21 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe [2012/04/15 15:39:21 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe [2012/04/15 15:39:21 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe [2012/04/15 13:17:05 | 000,012,287 | ---- | C] () -- C:\Users\Owner\Desktop\Eating 2011.pdf [2012/04/15 13:09:38 | 000,013,157 | ---- | C] () -- C:\Users\Owner\Desktop\Auto & Gas 2011.pdf [2012/04/13 20:14:36 | 000,000,512 | ---- | C] () -- C:\Users\Owner\Desktop\MBR.dat [2012/04/12 07:11:08 | 000,008,942 | ---- | C] () -- C:\windows\SysNative\drivers\NAVx64\1306020.00A\VT20120410.034 [2012/04/10 23:46:59 | 000,053,066 | ---- | C] () -- C:\windows\alaredun.ini [2012/04/10 14:38:46 | 002,121,681 | ---- | C] () -- C:\windows\SysNative\drivers\NAVx64\1306020.00A\Cat.DB [2012/04/10 14:31:45 | 000,007,460 | ---- | C] () -- C:\windows\SysNative\drivers\NAVx64\1306020.00A\symefa64.cat [2012/04/10 14:31:45 | 000,007,458 | ---- | C] () -- C:\windows\SysNative\drivers\NAVx64\1306020.00A\symnet64.cat [2012/04/10 14:31:45 | 000,003,434 | ---- | C] () -- C:\windows\SysNative\drivers\NAVx64\1306020.00A\symefa.inf [2012/04/10 14:31:45 | 000,001,441 | ---- | C] () -- C:\windows\SysNative\drivers\NAVx64\1306020.00A\symnet.inf [2012/04/10 14:31:44 | 000,007,496 | R--- | C] () -- C:\windows\SysNative\drivers\NAVx64\1306020.00A\symds64.cat [2012/04/10 14:31:44 | 000,007,468 | ---- | C] () -- C:\windows\SysNative\drivers\NAVx64\1306020.00A\ccsetx64.cat [2012/04/10 14:31:44 | 000,007,462 | ---- | C] () -- C:\windows\SysNative\drivers\NAVx64\1306020.00A\srtspx64.cat [2012/04/10 14:31:44 | 000,007,458 | ---- | C] () -- C:\windows\SysNative\drivers\NAVx64\1306020.00A\srtsp64.cat [2012/04/10 14:31:44 | 000,007,450 | ---- | C] () -- C:\windows\SysNative\drivers\NAVx64\1306020.00A\iron.cat [2012/04/10 14:31:44 | 000,002,852 | R--- | C] () -- C:\windows\SysNative\drivers\NAVx64\1306020.00A\symds.inf [2012/04/10 14:31:44 | 000,001,438 | ---- | C] () -- C:\windows\SysNative\drivers\NAVx64\1306020.00A\srtsp64.inf [2012/04/10 14:31:44 | 000,001,420 | ---- | C] () -- C:\windows\SysNative\drivers\NAVx64\1306020.00A\srtspx64.inf [2012/04/10 14:31:44 | 000,000,853 | ---- | C] () -- C:\windows\SysNative\drivers\NAVx64\1306020.00A\ccsetx64.inf [2012/04/10 14:31:44 | 000,000,772 | ---- | C] () -- C:\windows\SysNative\drivers\NAVx64\1306020.00A\iron.inf [2012/04/10 14:31:13 | 000,004,782 | ---- | C] () -- C:\windows\SysNative\drivers\NAVx64\1306020.00A\symvtcer.dat [2012/04/10 14:31:13 | 000,000,172 | ---- | C] () -- C:\windows\SysNative\drivers\NAVx64\1306020.00A\isolate.ini [2012/04/10 14:06:04 | 000,007,488 | ---- | C] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.CAT [2012/04/10 14:06:04 | 000,000,855 | ---- | C] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.INF [2012/04/10 14:05:57 | 000,002,408 | ---- | C] () -- C:\Users\Public\Desktop\Norton AntiVirus.lnk [2012/04/10 13:39:41 | 000,001,267 | ---- | C] () -- C:\Users\Owner\Desktop\Norton Installation Files.lnk [2012/03/27 06:08:47 | 470,041,551 | ---- | C] () -- C:\windows\MEMORY.DMP [2012/02/07 18:59:34 | 000,000,059 | ---- | C] () -- C:\windows\Ltdlgfileu.INI [2011/07/27 09:50:39 | 000,000,286 | ---- | C] () -- C:\windows\reimage.ini [2011/07/26 14:05:05 | 000,007,597 | ---- | C] () -- C:\Users\Owner\AppData\Local\Resmon.ResmonCfg [2011/06/20 12:00:53 | 000,000,161 | ---- | C] () -- C:\windows\WININIT.INI [2011/05/01 13:46:05 | 000,000,222 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\wklnhst.dat [2011/04/30 09:13:41 | 000,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Local\{5E676928-84ED-4182-A646-2FCA3052F7E2} [2011/02/18 17:25:20 | 000,005,632 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/09/19 18:31:16 | 000,000,771 | ---- | C] () -- C:\windows\Brpfx04a.ini [2010/09/19 18:31:16 | 000,000,093 | ---- | C] () -- C:\windows\brpcfx.ini [2010/09/19 18:30:14 | 000,000,426 | ---- | C] () -- C:\windows\BRWMARK.INI [2010/09/19 18:28:37 | 000,106,496 | ---- | C] () -- C:\windows\SysWow64\BrMuSNMP.dll [2010/09/19 18:28:37 | 000,000,066 | ---- | C] () -- C:\windows\Brfaxrx.ini [2010/09/19 18:28:36 | 000,000,000 | ---- | C] () -- C:\windows\brdfxspd.dat [2010/09/19 18:27:49 | 000,045,056 | ---- | C] () -- C:\windows\SysWow64\BRTCPCON.DLL [2010/09/19 18:27:44 | 000,000,114 | ---- | C] () -- C:\windows\SysWow64\BRLMW03A.INI [2010/07/19 10:55:29 | 000,000,242 | ---- | C] () -- C:\windows\MercuryWT.ini [2010/07/19 10:55:29 | 000,000,000 | ---- | C] () -- C:\windows\Mercury.ini [2010/07/19 10:50:55 | 000,577,536 | ---- | C] () -- C:\windows\SysWow64\PAXMeta.dll [2010/07/19 10:50:55 | 000,495,616 | ---- | C] () -- C:\windows\SysWow64\TX32.dll [2010/07/19 10:50:55 | 000,327,680 | ---- | C] () -- C:\windows\SysWow64\SmaRTEng.dll [2010/07/19 10:50:55 | 000,053,248 | ---- | C] () -- C:\windows\SysWow64\P2kDesk.dll [2010/07/19 10:50:55 | 000,034,304 | ---- | C] () -- C:\windows\SysWow64\UnlockFile.exe [2010/07/19 10:50:55 | 000,000,530 | ---- | C] () -- C:\windows\SysWow64\tx14_ic.ini [2010/07/19 10:50:53 | 000,338,944 | ---- | C] () -- C:\windows\SysWow64\LFfpx7.dll [2010/07/19 10:50:53 | 000,118,784 | ---- | C] () -- C:\windows\SysWow64\LFKodak.dll [2010/07/19 10:50:53 | 000,000,313 | ---- | C] () -- C:\windows\SysWow64\ic32.ini [2010/07/19 10:50:52 | 000,040,960 | ---- | C] () -- C:\windows\SysWow64\DeskSkt.dll [2010/07/19 10:50:52 | 000,036,864 | ---- | C] () -- C:\windows\SysWow64\DP2kFrms.dll [2010/07/19 10:50:52 | 000,024,576 | ---- | C] () -- C:\windows\SysWow64\fmt_jb2.dll [2010/07/19 10:50:52 | 000,018,944 | ---- | C] () -- C:\windows\SysWow64\fmt_xcx.dll [2010/07/19 10:50:52 | 000,011,264 | ---- | C] () -- C:\windows\SysWow64\fmt_xmf.dll [2010/07/19 10:50:51 | 001,159,168 | ---- | C] () -- C:\windows\SysWow64\alaMFC2.dll [2010/07/19 10:50:51 | 000,401,408 | ---- | C] () -- C:\windows\SysWow64\AXF_AXS.dll [2010/07/19 10:50:51 | 000,220,160 | ---- | C] () -- C:\windows\SysWow64\Carcla30.dll [2010/07/19 10:50:51 | 000,204,864 | ---- | C] () -- C:\windows\SysWow64\AtxWrap.dll [2010/07/19 10:50:51 | 000,151,552 | ---- | C] () -- C:\windows\SysWow64\alaMapi.dll [2010/07/19 10:50:51 | 000,122,880 | ---- | C] ( ) -- C:\windows\SysWow64\alauploader.exe [2010/07/19 10:50:51 | 000,098,304 | ---- | C] ( ) -- C:\windows\SysWow64\AutoLicense.dll [2010/07/19 10:50:51 | 000,086,016 | ---- | C] () -- C:\windows\SysWow64\alaLaunch2.dll [2010/07/19 10:50:51 | 000,073,728 | ---- | C] () -- C:\windows\SysWow64\alaLaunch.dll [2010/07/19 10:50:51 | 000,045,056 | ---- | C] ( ) -- C:\windows\SysWow64\AutoPAX.dll [2010/07/19 10:50:51 | 000,018,432 | ---- | C] () -- C:\windows\SysWow64\alavistautils.dll [2010/07/19 10:50:51 | 000,001,597 | ---- | C] () -- C:\windows\SysWow64\alaUploader.exe.config [2010/07/19 10:50:50 | 000,122,880 | ---- | C] () -- C:\windows\SysWow64\ala32.dll [2010/07/19 10:48:54 | 000,003,111 | ---- | C] () -- C:\windows\alamode.ini [2010/07/19 10:46:07 | 000,809,652 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI < End of report >