[code] OTS logfile created on: 1/6/2012 8:58:53 PM - Run 2 OTS by OldTimer - Version 3.1.46.0 Folder = C:\Users\Angela\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 63.00% Memory free 5.00 Gb Paging File | 4.00 Gb Available in Paging File | 73.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 285.29 Gb Total Space | 252.71 Gb Free Space | 88.58% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: LYDIA Current User Name: Angela Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 90 Days [Processes - Safe List] ots.exe -> C:\Users\Angela\Desktop\OTS.exe -> [2012/01/06 20:54:55 | 000,646,144 | ---- | M] (OldTimer Tools) armsvc.exe -> C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -> [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) avp.exe -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe -> [2010/11/02 21:06:06 | 000,365,336 | ---- | M] (Kaspersky Lab ZAO) sftvsa.exe -> C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -> [2010/09/14 04:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) sftlist.exe -> C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -> [2010/09/14 04:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) [Modules - No Company Name] [Win32 Services - Safe List] 64bit-(AMD External Events Utility) [Auto | Running] -> C:\Windows\SysNative\atiesrxx.exe -> [2011/02/10 14:52:04 | 000,203,776 | ---- | M] (AMD) 64bit-(TODDSrv) [Auto | Stopped] -> C:\windows\SysNative\TODDSrv.exe -> [2010/10/20 16:41:50 | 000,138,656 | ---- | M] (TOSHIBA Corporation) 64bit-(TosCoSrv) [Auto | Running] -> C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -> [2010/09/28 14:30:28 | 000,489,384 | ---- | M] (TOSHIBA Corporation) 64bit-(wlcrasvc) [Disabled | Stopped] -> C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -> [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) 64bit-(TOSHIBA HDD SSD Alert Service) [On_Demand | Running] -> C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -> [2010/02/05 19:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) 64bit-(WinDefend) [Auto | Running] -> C:\Program Files\Windows Defender\MpSvc.dll -> [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) 64bit-(Pml Driver HPZ12) [Auto | Stopped] -> C:\Windows\SysNative\svchost.exe -> [2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) 64bit-(Net Driver HPZ12) [Auto | Stopped] -> C:\Windows\SysNative\svchost.exe -> [2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) (AdobeARMservice) Adobe Acrobat Update Service [Auto | Running] -> C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -> [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) (TMachInfo) TMachInfo [On_Demand | Running] -> C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe -> [2011/02/11 13:45:52 | 000,054,136 | ---- | M] (TOSHIBA Corporation) (AVP) Kaspersky Anti-Virus Service [Auto | Running] -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe -> [2010/11/02 21:06:06 | 000,365,336 | ---- | M] (Kaspersky Lab ZAO) (sftvsa) Application Virtualization Service Agent [On_Demand | Running] -> C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -> [2010/09/14 04:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) (sftlist) Application Virtualization Client [Auto | Running] -> C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -> [2010/09/14 04:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) (clr_optimization_v4.0.30319_32) Microsoft .NET Framework NGEN v4.0.30319_X86 [Auto | Stopped] -> C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -> [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) (clr_optimization_v2.0.50727_32) Microsoft .NET Framework NGEN v2.0.50727_X86 [Disabled | Stopped] -> C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Driver Services - Safe List] 64bit-(KeyScrambler) KeyScrambler [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\keyscrambler.sys -> [2011/09/14 08:58:46 | 000,274,616 | ---- | M] (QFX Software Corporation) 64bit-(KLIF) Kaspersky Lab Driver [File_System | System | Running] -> C:\Windows\SysNative\drivers\klif.sys -> [2011/08/07 14:45:38 | 000,556,120 | ---- | M] (Kaspersky Lab) 64bit-(L1C) NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\L1C62x64.sys -> [2011/04/20 08:24:56 | 000,169,584 | ---- | M] (Atheros Communications, Inc.) 64bit-(amdsata) amdsata [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\amdsata.sys -> [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) 64bit-(amdxata) amdxata [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\amdxata.sys -> [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) 64bit-(CnxtHdAudService) Conexant UAA Function Driver for High Definition Audio Service [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\CHDRT64.sys -> [2011/02/14 14:43:00 | 001,581,184 | ---- | M] (Conexant Systems Inc.) 64bit-(amdkmdag) amdkmdag [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\atikmdag.sys -> [2011/02/10 15:22:00 | 008,283,136 | ---- | M] (ATI Technologies Inc.) 64bit-(amdkmdap) amdkmdap [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\atikmpag.sys -> [2011/02/10 14:15:08 | 000,294,400 | ---- | M] (Advanced Micro Devices, Inc.) 64bit-(PGEffect) Pangu effect driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\PGEffect.sys -> [2011/02/08 21:07:00 | 000,038,096 | ---- | M] (TOSHIBA Corporation) 64bit-(RTL8192Ce) Realtek Wireless LAN 802.11n PCI-E NIC Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\rtl8192ce.sys -> [2011/01/05 03:08:58 | 001,109,096 | ---- | M] (Realtek Semiconductor Corporation ) 64bit-(TsUsbFlt) TsUsbFlt [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\TsUsbFlt.sys -> [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) 64bit-(HpSAMD) HpSAMD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\HpSAMD.sys -> [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) 64bit-(TsUsbGD) Remote Desktop Generic USB Device [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\TsUsbGD.sys -> [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) 64bit-(ETD) ELAN PS/2 Port Input Device [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\ETD.sys -> [2010/11/11 14:58:54 | 000,137,512 | ---- | M] (ELAN Microelectronics Corp.) 64bit-(pbfilter) pbfilter [Kernel | On_Demand | Running] -> C:\Program Files\PeerBlock\pbfilter.sys -> [2010/11/06 21:24:34 | 000,024,176 | ---- | M] () 64bit-(amd_xata) amd_xata [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\amd_xata.sys -> [2010/11/05 09:52:54 | 000,038,016 | ---- | M] (Advanced Micro Devices) 64bit-(amd_sata) amd_sata [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\amd_sata.sys -> [2010/11/05 09:52:52 | 000,075,904 | ---- | M] (Advanced Micro Devices) 64bit-(RSUSBSTOR) RtsUStor.Sys Realtek USB Card Reader [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\RtsUStor.sys -> [2010/10/08 13:49:08 | 000,243,712 | ---- | M] (Realtek Semiconductor Corp.) 64bit-(Sftvol) Sftvol [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\Sftvollh.sys -> [2010/09/14 04:45:52 | 000,022,376 | ---- | M] (Microsoft Corporation) 64bit-(Sftredir) Sftredir [File_System | On_Demand | Running] -> C:\Windows\SysNative\drivers\Sftredirlh.sys -> [2010/09/14 04:45:50 | 000,025,960 | ---- | M] (Microsoft Corporation) 64bit-(Sftplay) Sftplay [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\Sftplaylh.sys -> [2010/09/14 04:45:48 | 000,268,648 | ---- | M] (Microsoft Corporation) 64bit-(Sftfs) Sftfs [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\Sftfslh.sys -> [2010/09/14 04:45:44 | 000,760,168 | ---- | M] (Microsoft Corporation) 64bit-(kl2) kl2 [Kernel | System | Running] -> C:\Windows\SysNative\drivers\kl2.sys -> [2010/06/09 15:44:00 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) 64bit-(KL1) KL1 [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\kl1.sys -> [2010/06/09 15:43:56 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) 64bit-(KLIM6) Kaspersky Anti-Virus NDIS 6 Filter [Kernel | System | Running] -> C:\Windows\SysNative\drivers\klim6.sys -> [2010/04/22 17:07:36 | 000,027,736 | ---- | M] (Kaspersky Lab ZAO) 64bit-(klmouflt) Kaspersky Lab KLMOUFLT [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\klmouflt.sys -> [2009/11/02 18:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) 64bit-(tdcmdpst) TOSHIBA Writing Engine Filter Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\tdcmdpst.sys -> [2009/07/30 22:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) 64bit-(TVALZ) TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\TVALZ_O.SYS -> [2009/07/14 17:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) 64bit-(amdsbs) amdsbs [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\amdsbs.sys -> [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) 64bit-(LSI_SAS2) LSI_SAS2 [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\lsi_sas2.sys -> [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) 64bit-(stexstor) stexstor [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\stexstor.sys -> [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) 64bit-(FwLnk) FwLnk Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\FwLnk.sys -> [2009/07/07 11:51:42 | 000,009,216 | ---- | M] (TOSHIBA Corporation) 64bit-(ebdrv) Broadcom NetXtreme II 10 GigE VBD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\evbda.sys -> [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) 64bit-(b06bdrv) Broadcom NetXtreme II VBD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\bxvbda.sys -> [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) 64bit-(b57nd60a) Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0 [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\b57nd60a.sys -> [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) 64bit-(hcw85cir) Hauppauge Consumer Infrared Receiver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\hcw85cir.sys -> [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) 64bit-(SynTP) Synaptics TouchPad Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\SynTP.sys -> [2008/08/14 09:40:44 | 000,260,144 | ---- | M] (Synaptics, Inc.) (WIMMount) WIMMount [File_System | On_Demand | Stopped] -> C:\Windows\SysWOW64\drivers\wimmount.sys -> [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [Registry - Safe List] < 64bit-Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://www.msn.com -> HKEY_LOCAL_MACHINE\: SearchURL\\"" -> http://home.microsoft.com/access/autosearch.asp?p=%s -> < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-21-2340025526-1877037402-2767268562-1000\] > -> -> HKEY_USERS\S-1-5-21-2340025526-1877037402-2767268562-1000\: Main\\"Default_Search_URL" -> http://home.microsoft.com/search/search.asp -> HKEY_USERS\S-1-5-21-2340025526-1877037402-2767268562-1000\: Main\\"SearchDefaultBranded" -> 1 -> HKEY_USERS\S-1-5-21-2340025526-1877037402-2767268562-1000\: Main\\"Start Page" -> http://www.msn.com -> HKEY_USERS\S-1-5-21-2340025526-1877037402-2767268562-1000\: SearchURL\\"" -> http://home.microsoft.com/access/autosearch.asp?p=%s -> HKEY_USERS\S-1-5-21-2340025526-1877037402-2767268562-1000\: "ProxyEnable" -> 0 -> HKEY_USERS\S-1-5-21-2340025526-1877037402-2767268562-1000\: "ProxyOverride" -> -> < FireFox Settings [Prefs.js] > -> C:\Users\Angela\AppData\Roaming\Mozilla\FireFox\Profiles\81d8y8d2.default\prefs.js -> browser.search.selectedEngine -> "Yahoo" -> network.proxy.no_proxies_on -> "localhost,127.0.0.1" -> network.proxy.type -> 0 -> < FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla HKLM\software\mozilla\Firefox\Extensions -> -> HKLM\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\virtualKeyboard@kaspersky.ru [C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY ANTI-VIRUS 2011\FFEXT\VIRTUALKEYBOARD@KASPERSKY.RU] -> [2011/08/07 15:14:59 | 000,000,000 | ---D | M] HKLM\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\linkfilter@kaspersky.ru [C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY ANTI-VIRUS 2011\FFEXT\LINKFILTER@KASPERSKY.RU] -> [2011/08/07 15:14:59 | 000,000,000 | ---D | M] HKLM\software\mozilla\Mozilla Firefox 9.0.1\extensions -> -> HKLM\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components -> C:\Program Files (x86)\Mozilla Firefox\components [C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\COMPONENTS] -> [2011/12/29 21:00:50 | 000,000,000 | ---D | M] < FireFox Extensions [User Folders] > -> -> C:\Users\Angela\AppData\Roaming\mozilla\Extensions -> [2011/08/07 14:49:52 | 000,000,000 | ---D | M] -> C:\Users\Angela\AppData\Roaming\mozilla\Firefox\Profiles\81d8y8d2.default\extensions -> [2012/01/06 19:01:12 | 000,000,000 | ---D | M] -> C:\Users\Angela\AppData\Roaming\mozilla\Firefox\Profiles\81d8y8d2.default\extensions\keyscrambler@qfx.software.corporation -> [2011/09/25 19:34:01 | 000,000,000 | ---D | M] < FireFox SearchPlugins [User Folders] > -> read-books-online.xml -> C:\Users\Angela\AppData\Roaming\Mozilla\FireFox\Profiles\81d8y8d2.default\searchplugins\read-books-online.xml -> [2012/01/01 23:55:23 | 000,001,620 | ---- | M] () thesaurus---referencecom.xml -> C:\Users\Angela\AppData\Roaming\Mozilla\FireFox\Profiles\81d8y8d2.default\searchplugins\thesaurus---referencecom.xml -> [2012/01/01 23:53:10 | 000,001,539 | ---- | M] () webster.xml -> C:\Users\Angela\AppData\Roaming\Mozilla\FireFox\Profiles\81d8y8d2.default\searchplugins\webster.xml -> [2012/01/01 23:53:26 | 000,000,705 | ---- | M] () < FireFox Extensions [Program Folders] > -> -> C:\Program Files (x86)\Mozilla Firefox\extensions -> [2011/08/07 15:15:07 | 000,000,000 | ---D | M] -> C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak -> [2011/08/07 14:55:44 | 000,000,000 | ---D | M] No name found -> C:\USERS\ANGELA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\81D8Y8D2.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI -> () No name found -> C:\USERS\ANGELA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\81D8Y8D2.DEFAULT\EXTENSIONS\{D40F5E7B-D2CF-4856-B441-CC613EEFFBE3}.XPI -> () No name found -> C:\USERS\ANGELA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\81D8Y8D2.DEFAULT\EXTENSIONS\ELEMHIDEHELPER@ADBLOCKPLUS.ORG.XPI -> () KeyScrambler -> C:\USERS\ANGELA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\81D8Y8D2.DEFAULT\EXTENSIONS\KEYSCRAMBLER@QFX.SOFTWARE.CORPORATION -> [2011/09/25 19:34:01 | 000,000,000 | ---D | M] < FireFox Components [Program Folders] > -> KeyScramblerIE.dll -> C:\USERS\ANGELA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\81D8Y8D2.DEFAULT\EXTENSIONS\KEYSCRAMBLER@QFX.SOFTWARE.CORPORATION\components\KeyScramblerIE.dll -> [2011/09/16 00:16:04 | 000,907,576 | ---- | M] (QFX Software Corporation) < HOSTS File > ([2011/11/02 21:43:42 | 000,000,027 | ---- | M] - 1 lines) -> C:\windows\SysNative\Drivers\etc\hosts -> Reset Hosts 127.0.0.1 localhost < 64bit-BHO's [HKEY_LOCAL_MACHINE] > -> 64bit-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {2B9F5787-88A5-4945-90E7-C4B18563BC5E} [HKLM] -> C:\Program Files (x86)\KeyScrambler\x64\KeyScramblerIE.dll [KeyScramblerBHO Class] -> [2011/09/16 00:16:02 | 001,211,704 | ---- | M] (QFX Software Corporation) {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} [HKLM] -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\ievkbd.dll [IEVkbdBHO Class] -> [2010/10/05 19:27:50 | 000,061,624 | ---- | M] (Kaspersky Lab ZAO) {E33CF602-D945-461A-83F0-819F76A199F8} [HKLM] -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\klwtbbho.dll [FilterBHO Class] -> [2010/10/05 19:27:52 | 000,234,168 | ---- | M] (Kaspersky Lab ZAO) < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {2B9F5787-88A5-4945-90E7-C4B18563BC5E} [HKLM] -> C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll [KeyScramblerBHO Class] -> [2011/09/25 19:33:26 | 000,907,576 | ---- | M] (QFX Software Corporation) {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} [HKLM] -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll [IEVkbdBHO Class] -> [2010/10/05 19:27:00 | 000,068,280 | ---- | M] (Kaspersky Lab ZAO) {E33CF602-D945-461A-83F0-819F76A199F8} [HKLM] -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll [FilterBHO Class] -> [2010/10/05 19:27:06 | 000,191,160 | ---- | M] (Kaspersky Lab ZAO) < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> "Locked" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found < 64bit-Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "00TCrdMain" -> C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [%ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe] -> [2010/05/10 11:20:28 | 000,915,320 | ---- | M] (TOSHIBA Corporation) "ETDCtrl" -> C:\Program Files\Elantech\ETDCtrl.exe [%ProgramFiles%\Elantech\ETDCtrl.exe] -> [2010/11/11 14:59:02 | 002,588,456 | ---- | M] (ELAN Microelectronics Corp.) "SmartAudio" -> C:\Program Files\CONEXANT\SAII\SAIICpl.exe [C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t] -> [2010/12/14 15:07:22 | 000,316,032 | ---- | M] (Conexant systems, Inc.) "SmartFaceVWatcher" -> C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe [%ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe] -> [2009/10/19 20:24:50 | 000,238,080 | ---- | M] (TOSHIBA Corporation) "SmoothView" -> C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe [%ProgramFiles%\Toshiba\SmoothView\SmoothView.exe] -> [2009/07/28 16:01:46 | 000,508,216 | ---- | M] (TOSHIBA Corporation) "TosReelTimeMonitor" -> C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [%ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe] -> [2010/07/09 21:29:48 | 000,038,304 | ---- | M] (TOSHIBA Corporation) "TosSENotify" -> C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe] -> [2010/02/05 19:45:06 | 000,709,976 | ---- | M] (TOSHIBA Corporation) "TosVolRegulator" -> C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe] -> [2009/11/11 16:31:34 | 000,024,376 | ---- | M] (TOSHIBA Corporation) "TPwrMain" -> C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe [%ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE] -> [2010/09/28 14:30:08 | 000,566,184 | ---- | M] (TOSHIBA Corporation) < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "AVP" -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe ["C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe"] -> [2010/11/02 21:06:06 | 000,365,336 | ---- | M] (Kaspersky Lab ZAO) "COMODO System Cleaner SafeDelete" -> ["F:\CSC_SETUP_2.2.335611.5_xp_vista_server2003_win7_32bit\COMODO System-Cleaner\CSC.EXE" //safedeletion] -> File not found "StartCCC" -> C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ["C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun] -> [2011/02/16 09:18:38 | 000,336,384 | ---- | M] (Advanced Micro Devices, Inc.) "ToshibaServiceStation" -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe ["C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60] -> [2011/02/11 13:45:54 | 001,295,736 | ---- | M] (TOSHIBA Corporation) < Run [HKEY_USERS\S-1-5-21-2340025526-1877037402-2767268562-1000\] > -> HKEY_USERS\S-1-5-21-2340025526-1877037402-2767268562-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "PeerBlock" -> C:\Program Files\PeerBlock\peerblock.exe [C:\Program Files\PeerBlock\peerblock.exe] -> [2010/11/06 21:24:36 | 002,646,128 | ---- | M] (PeerBlock, LLC) < Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer -> < Software Policy Settings [HKEY_USERS\S-1-5-21-2340025526-1877037402-2767268562-1000] > -> HKEY_USERS\S-1-5-21-2340025526-1877037402-2767268562-1000\SOFTWARE\Policies\Microsoft\Internet Explorer -> < CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [28] -> File not found \\"NoComputersNearMe" -> [0] -> File not found \\"NoDrives" -> [0] -> File not found < CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System \\"ConsentPromptBehaviorAdmin" -> [5] -> File not found \\"ConsentPromptBehaviorUser" -> [3] -> File not found HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-2340025526-1877037402-2767268562-1000] > -> HKEY_USERS\S-1-5-21-2340025526-1877037402-2767268562-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_USERS\S-1-5-21-2340025526-1877037402-2767268562-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDrives" -> [0] -> File not found \\"NoDriveTypeAutoRun" -> [255] -> File not found \\"NoLowDiskSpaceChecks" -> [1] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-2340025526-1877037402-2767268562-1000] > -> HKEY_USERS\S-1-5-21-2340025526-1877037402-2767268562-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> HKEY_USERS\S-1-5-21-2340025526-1877037402-2767268562-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System < 64bit-Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {4248FE82-7FCB-46AC-B270-339F08212110}:{4248FE82-7FCB-46AC-B270-339F08212110} [HKLM] -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\klwtbbho.dll [Button: &Virtual Keyboard] -> [2010/10/05 19:27:52 | 000,234,168 | ---- | M] (Kaspersky Lab ZAO) {5C106A59-CC3C-4caa-81A4-6D909B5ACE23}:{B745F984-EF2E-40D6-A9AC-D8CED7230E61} [HKLM] -> C:\Program Files (x86)\KeyScrambler\x64\KeyScramblerIE.dll [Menu: &KeyScrambler Options] -> [2011/09/16 00:16:02 | 001,211,704 | ---- | M] (QFX Software Corporation) {CCF151D8-D089-449F-A5A4-D9909053F20F}:{CCF151D8-D089-449F-A5A4-D9909053F20F} [HKLM] -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\klwtbbho.dll [Button: URLs c&heck] -> [2010/10/05 19:27:52 | 000,234,168 | ---- | M] (Kaspersky Lab ZAO) < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {4248FE82-7FCB-46AC-B270-339F08212110}:{4248FE82-7FCB-46AC-B270-339F08212110} [HKLM] -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll [Button: &Virtual Keyboard] -> [2010/10/05 19:27:06 | 000,191,160 | ---- | M] (Kaspersky Lab ZAO) {5C106A59-CC3C-4caa-81A4-6D909B5ACE23}:{B745F984-EF2E-40D6-A9AC-D8CED7230E61} [HKLM] -> C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll [Menu: &KeyScrambler Options] -> [2011/09/25 19:33:26 | 000,907,576 | ---- | M] (QFX Software Corporation) {CCF151D8-D089-449F-A5A4-D9909053F20F}:{CCF151D8-D089-449F-A5A4-D9909053F20F} [HKLM] -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll [Button: URLs c&heck] -> [2010/10/05 19:27:06 | 000,191,160 | ---- | M] (Kaspersky Lab ZAO) < 64bit-Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> < 64bit-Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix "" -> http:// < Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix "" -> http:// < 64bit-Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < 64bit-Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-21-2340025526-1877037402-2767268562-1000\] > -> HKEY_USERS\S-1-5-21-2340025526-1877037402-2767268562-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-21-2340025526-1877037402-2767268562-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-2340025526-1877037402-2767268562-1000\] > -> HKEY_USERS\S-1-5-21-2340025526-1877037402-2767268562-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-21-2340025526-1877037402-2767268562-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab [Java Plug-in 1.6.0_20] -> {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab [Java Plug-in 1.6.0_20] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab [Java Plug-in 1.6.0_20] -> {D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab [Shockwave Flash Object] -> < Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> DhcpNameServer -> 204.111.1.210 204.111.1.195 -> < Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {CFF8FA6A-61A2-46A6-9933-844D82298839}\\DhcpNameServer -> 204.111.1.210 204.111.1.195 (Atheros AR8152/8158 PCI-E Fast Ethernet Controller (NDIS 6.20)) -> < 64bit-Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 64bit-*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> Explorer.exe -> -> File not found *MultiFile Done* -> -> 64bit-*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> C:\windows\system32\userinit.exe -> C:\Windows\SysNative\userinit.exe -> [2010/11/20 22:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) *MultiFile Done* -> -> 64bit-*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> SystemPropertiesPerformance.exe -> -> File not found /pagefile -> -> File not found *MultiFile Done* -> -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> *Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> Explorer.exe -> -> File not found *MultiFile Done* -> -> *UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> C:\windows\system32\userinit.exe -> C:\Windows\SysWOW64\userinit.exe -> [2010/11/20 22:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) *MultiFile Done* -> -> *VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> SystemPropertiesPerformance.exe -> -> File not found /pagefile -> -> File not found *MultiFile Done* -> -> < 64bit-Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> klogon -> C:\Windows\SysNative\klogon.dll -> [2010/10/05 19:27:52 | 000,233,656 | ---- | M] (Kaspersky Lab ZAO) < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 64bit-*SecurityProviders* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> credssp.dll -> -> File not found *MultiFile Done* -> -> *SecurityProviders* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> credssp.dll -> -> File not found *MultiFile Done* -> -> < Vista Public Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\AuthorizedApplications -> < Vista Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications -> < Vista Active Firewall Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules -> < Vista Active Application Exception Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules -> {ED3EE8B0-1895-4C7D-B3F8-815FAA366DE9} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | {EEEF8D48-4191-4E87-8899-E7AD3B5E86D7} -> dir=in | action=allow | name=windows live mesh | app=c:\program files (x86)\windows live\mesh\moe.exe | < Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> < SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> < CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom -> "AutoRun" -> 1 -> "DisplayName" -> CD-ROM Driver -> "ImagePath" -> C:\Windows\SysNative\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> [2010/11/20 22:23:47 | 000,147,456 | ---- | M] (Microsoft Corporation) < MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> < Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command -> 64bit-comfile [open] -> "%1" %* 64bit-exefile [open] -> "%1" %* comfile [open] -> "%1" %* -> exefile [open] -> "%1" %* -> < 64bit-File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\ -> .com [@ = comfile] -> "%1" %* -> .exe [@ = exefile] -> "%1" %* -> < File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\ -> .com [@ = comfile] -> "%1" %* -> .exe [@ = exefile] -> "%1" %* -> [Files/Folders - Created Within 90 Days] OTS.exe -> C:\Users\Angela\Desktop\OTS.exe -> [2012/01/06 20:54:50 | 000,646,144 | ---- | C] (OldTimer Tools) iolo -> C:\ProgramData\iolo -> [2012/01/03 19:36:22 | 000,000,000 | ---D | C] PC_Drivers_Headquarters -> C:\Users\Angela\AppData\Local\PC_Drivers_Headquarters -> [2012/01/03 19:21:27 | 000,000,000 | ---D | C] PC Drivers HeadQuarters -> C:\ProgramData\PC Drivers HeadQuarters -> [2012/01/03 19:21:19 | 000,000,000 | ---D | C] DriverDetective.exe -> C:\Users\Angela\Desktop\DriverDetective.exe -> [2012/01/03 19:12:35 | 001,182,616 | ---- | C] (PC Drivers HeadQuarters ) OpenOffice.org 3.3 (en-US) Installation Files -> C:\Users\Angela\Desktop\OpenOffice.org 3.3 (en-US) Installation Files -> [2012/01/03 13:38:41 | 000,000,000 | ---D | C] Minidump -> C:\windows\Minidump -> [2012/01/02 17:28:54 | 000,000,000 | ---D | C] Free Registry Defrag -> C:\Users\Angela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Registry Defrag -> [2011/12/29 23:42:07 | 000,000,000 | ---D | C] Free Registry Defrag -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Registry Defrag -> [2011/12/29 23:42:07 | 000,000,000 | ---D | C] Eusing Free Registry Defrag -> C:\Program Files (x86)\Eusing Free Registry Defrag -> [2011/12/29 23:42:06 | 000,000,000 | ---D | C] Wise Registry Cleaner -> C:\Users\Angela\AppData\Roaming\Wise Registry Cleaner -> [2011/12/29 22:55:20 | 000,000,000 | ---D | C] Wise Registry Cleaner -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Registry Cleaner -> [2011/12/29 22:54:04 | 000,000,000 | ---D | C] Wise Registry Cleaner -> C:\Program Files (x86)\Wise Registry Cleaner -> [2011/12/29 22:54:04 | 000,000,000 | ---D | C] Malwarebytes' Anti-Malware -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware -> [2011/12/29 20:51:17 | 000,000,000 | ---D | C] Malwarebytes' Anti-Malware -> C:\Program Files (x86)\Malwarebytes' Anti-Malware -> [2011/12/29 20:51:15 | 000,000,000 | ---D | C] Adobe -> C:\Users\Angela\AppData\Local\Adobe -> [2011/12/29 19:36:29 | 000,000,000 | ---D | C] FlashPlayerCPLApp.cpl -> C:\windows\SysWow64\FlashPlayerCPLApp.cpl -> [2011/12/23 18:08:51 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) uninstall_flash_player_64bit.exe -> C:\Users\Angela\Desktop\uninstall_flash_player_64bit.exe -> [2011/12/23 17:47:03 | 000,462,496 | ---- | C] (Adobe Systems, Inc.) msfeeds.dll -> C:\windows\SysNative\msfeeds.dll -> [2011/12/18 20:33:54 | 000,702,464 | ---- | C] (Microsoft Corporation) ieui.dll -> C:\windows\SysNative\ieui.dll -> [2011/12/18 20:33:54 | 000,247,808 | ---- | C] (Microsoft Corporation) ieui.dll -> C:\windows\SysWow64\ieui.dll -> [2011/12/18 20:33:54 | 000,176,640 | ---- | C] (Microsoft Corporation) url.dll -> C:\windows\SysNative\url.dll -> [2011/12/18 20:33:53 | 000,134,144 | ---- | C] (Microsoft Corporation) url.dll -> C:\windows\SysWow64\url.dll -> [2011/12/18 20:33:53 | 000,132,096 | ---- | C] (Microsoft Corporation) mshtmled.dll -> C:\windows\SysNative\mshtmled.dll -> [2011/12/18 20:33:53 | 000,097,280 | ---- | C] (Microsoft Corporation) mshtmled.dll -> C:\windows\SysWow64\mshtmled.dll -> [2011/12/18 20:33:53 | 000,067,072 | ---- | C] (Microsoft Corporation) csrsrv.dll -> C:\windows\SysNative\csrsrv.dll -> [2011/12/18 20:33:22 | 000,043,520 | ---- | C] (Microsoft Corporation) EncDec.dll -> C:\windows\SysNative\EncDec.dll -> [2011/12/18 20:33:21 | 000,723,456 | ---- | C] (Microsoft Corporation) EncDec.dll -> C:\windows\SysWow64\EncDec.dll -> [2011/12/18 20:33:20 | 000,534,528 | ---- | C] (Microsoft Corporation) Revo Uninstaller -> C:\Users\Angela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller -> [2011/12/12 09:20:15 | 000,000,000 | ---D | C] ComodoGroup -> C:\Users\Angela\AppData\Roaming\ComodoGroup -> [2011/12/07 21:46:32 | 000,000,000 | ---D | C] {191FDC27-F411-4BB6-A5EF-1B67D69EE379} -> C:\Users\Angela\AppData\Local\{191FDC27-F411-4BB6-A5EF-1B67D69EE379} -> [2011/12/02 02:00:24 | 000,000,000 | ---D | C] {818D1DD0-D4A6-4E7F-BCC0-260ABE7CBB72} -> C:\Users\Angela\AppData\Local\{818D1DD0-D4A6-4E7F-BCC0-260ABE7CBB72} -> [2011/12/02 01:57:47 | 000,000,000 | ---D | C] pss -> C:\windows\pss -> [2011/12/01 23:08:44 | 000,000,000 | ---D | C] Defraggler -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defraggler -> [2011/11/27 21:10:06 | 000,000,000 | ---D | C] Defraggler -> C:\Program Files\Defraggler -> [2011/11/27 21:10:05 | 000,000,000 | ---D | C] GetRightToGo -> C:\Users\Angela\AppData\Roaming\GetRightToGo -> [2011/11/24 20:42:02 | 000,000,000 | ---D | C] Downloads -> C:\Users\Angela\Documents\Downloads -> [2011/11/24 20:42:02 | 000,000,000 | ---D | C] Macromed -> C:\windows\SysNative\Macromed -> [2011/11/23 20:34:38 | 000,000,000 | ---D | C] 32788R22FWJFW -> C:\32788R22FWJFW -> [2011/11/15 20:23:27 | 000,000,000 | --SD | C] chef -> C:\Users\Angela\Desktop\chef -> [2011/11/13 21:29:41 | 000,000,000 | ---D | C] TOSHIBA Tempro -> C:\ProgramData\TOSHIBA Tempro -> [2011/11/08 19:38:39 | 000,000,000 | ---D | C] InstallShield -> C:\Users\Angela\AppData\Roaming\InstallShield -> [2011/11/06 20:17:13 | 000,000,000 | ---D | C] $RECYCLE.BIN -> C:\$RECYCLE.BIN -> [2011/11/02 22:16:00 | 000,000,000 | -HSD | C] ERDNT -> C:\windows\ERDNT -> [2011/11/02 20:41:30 | 000,000,000 | ---D | C] shows -> C:\Users\Angela\Desktop\shows -> [2011/10/25 05:37:35 | 000,000,000 | ---D | C] Synaptics -> C:\Program Files\Synaptics -> [2011/10/20 09:30:48 | 000,000,000 | ---D | C] Catalyst Control Center -> C:\Users\Angela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center -> [2011/10/17 19:42:01 | 000,000,000 | ---D | C] Iomatic -> C:\Users\Angela\AppData\Roaming\Iomatic -> [2011/10/16 19:51:52 | 000,000,000 | ---D | C] Microsoft.NET -> C:\Program Files (x86)\Microsoft.NET -> [2011/10/11 22:44:37 | 000,000,000 | ---D | C] CCleaner -> C:\Program Files\CCleaner -> [2011/10/11 22:04:22 | 000,000,000 | ---D | C] psisdecd.dll -> C:\windows\SysNative\psisdecd.dll -> [2011/10/11 22:01:35 | 000,613,888 | ---- | C] (Microsoft Corporation) psisdecd.dll -> C:\windows\SysWow64\psisdecd.dll -> [2011/10/11 22:01:35 | 000,465,408 | ---- | C] (Microsoft Corporation) psisrndr.ax -> C:\windows\SysWow64\psisrndr.ax -> [2011/10/11 22:01:35 | 000,075,776 | ---- | C] (Microsoft Corporation) psisrndr.ax -> C:\windows\SysNative\psisrndr.ax -> [2011/10/11 22:01:34 | 000,108,032 | ---- | C] (Microsoft Corporation) oleaut32.dll -> C:\windows\SysNative\oleaut32.dll -> [2011/10/11 22:01:31 | 000,861,696 | ---- | C] (Microsoft Corporation) oleacc.dll -> C:\windows\SysNative\oleacc.dll -> [2011/10/11 22:01:31 | 000,331,776 | ---- | C] (Microsoft Corporation) ElevatedDiagnostics -> C:\Users\Angela\AppData\Local\ElevatedDiagnostics -> [2011/10/10 01:22:19 | 000,000,000 | ---D | C] [Files/Folders - Modified Within 90 Days] OTS.exe -> C:\Users\Angela\Desktop\OTS.exe -> [2012/01/06 20:54:55 | 000,646,144 | ---- | M] (OldTimer Tools) Making Home Affordable.url -> C:\Users\Angela\Desktop\Making Home Affordable.url -> [2012/01/06 19:53:55 | 000,000,230 | ---- | M] () Printable Percentage Chart.url -> C:\Users\Angela\Desktop\Printable Percentage Chart.url -> [2012/01/06 19:51:02 | 000,000,237 | ---- | M] () Alternatives to Foreclosure - Freddie Mac.url -> C:\Users\Angela\Desktop\Alternatives to Foreclosure - Freddie Mac.url -> [2012/01/06 19:23:11 | 000,000,230 | ---- | M] () 7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 -> C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 -> [2012/01/06 18:57:35 | 000,024,608 | -H-- | M] () 7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 -> C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 -> [2012/01/06 18:57:35 | 000,024,608 | -H-- | M] () bootstat.dat -> C:\windows\bootstat.dat -> [2012/01/06 18:49:45 | 000,067,584 | --S- | M] () hiberfil.sys -> C:\hiberfil.sys -> [2012/01/06 18:49:36 | 2094,161,920 | -HS- | M] () PerfStringBackup.INI -> C:\windows\SysNative\PerfStringBackup.INI -> [2012/01/04 19:06:02 | 000,727,182 | ---- | M] () perfh009.dat -> C:\windows\SysNative\perfh009.dat -> [2012/01/04 19:06:02 | 000,624,622 | ---- | M] () perfc009.dat -> C:\windows\SysNative\perfc009.dat -> [2012/01/04 19:06:02 | 000,106,708 | ---- | M] () DriverDetective.exe -> C:\Users\Angela\Desktop\DriverDetective.exe -> [2012/01/03 19:12:47 | 001,182,616 | ---- | M] (PC Drivers HeadQuarters ) FlashPlayerCPLApp.cpl -> C:\windows\SysWow64\FlashPlayerCPLApp.cpl -> [2012/01/03 19:08:12 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) Epitath Angela.rtf -> C:\Users\Angela\Desktop\Epitath Angela.rtf -> [2012/01/03 15:30:12 | 000,031,832 | ---- | M] () FNTCACHE.DAT -> C:\windows\SysNative\FNTCACHE.DAT -> [2012/01/03 12:02:36 | 000,274,320 | ---- | M] () Hyperthymesia - Wikipedia, the free encyclopedia.url -> C:\Users\Angela\Desktop\Hyperthymesia - Wikipedia, the free encyclopedia.url -> [2012/01/02 23:31:21 | 000,000,190 | ---- | M] () Watch Online Person of Interest Season 1 Episode 10 - Number Crunch - Watch Series.url -> C:\Users\Angela\Desktop\Watch Online Person of Interest Season 1 Episode 10 - Number Crunch - Watch Series.url -> [2012/01/02 19:25:19 | 000,000,213 | ---- | M] () Employment Application Lodge At Old Trail.url -> C:\Users\Angela\Desktop\Employment Application Lodge At Old Trail.url -> [2012/01/01 19:40:27 | 000,000,139 | ---- | M] () References.rtf -> C:\Users\Angela\Desktop\References.rtf -> [2012/01/01 19:29:54 | 000,001,306 | ---- | M] () angela resume 11.rtf -> C:\Users\Angela\Desktop\angela resume 11.rtf -> [2012/01/01 19:12:00 | 000,040,819 | ---- | M] () Home Loan Modification or Mortgage Refinance CreditFYI.com.url -> C:\Users\Angela\Desktop\Home Loan Modification or Mortgage Refinance CreditFYI.com.url -> [2012/01/01 17:48:02 | 000,000,183 | ---- | M] () OOo_3.3.0_Win_x86_install-wJRE_en-US.exe -> C:\Users\Angela\Desktop\OOo_3.3.0_Win_x86_install-wJRE_en-US.exe -> [2011/12/30 19:17:49 | 158,067,944 | ---- | M] () Eusing Free Registry Defrag.lnk -> C:\Users\Angela\Desktop\Eusing Free Registry Defrag.lnk -> [2011/12/29 23:42:07 | 000,001,055 | ---- | M] () products.cfm.htm -> C:\Users\Angela\Desktop\products.cfm.htm -> [2011/12/28 12:47:33 | 000,012,805 | ---- | M] () Jobs.net - Jobs, Job Search, Employment Resources and Career Advice.url -> C:\Users\Angela\Desktop\Jobs.net - Jobs, Job Search, Employment Resources and Career Advice.url -> [2011/12/26 22:06:08 | 000,000,164 | ---- | M] () Manager, Dining Services.url -> C:\Users\Angela\Desktop\Manager, Dining Services.url -> [2011/12/26 22:04:29 | 000,000,229 | ---- | M] () samuelslibrary.net - employment opportunities.url -> C:\Users\Angela\Desktop\samuelslibrary.net - employment opportunities.url -> [2011/12/26 22:03:35 | 000,000,267 | ---- | M] () uninstall_flash_player_64bit.exe -> C:\Users\Angela\Desktop\uninstall_flash_player_64bit.exe -> [2011/12/23 17:47:22 | 000,462,496 | ---- | M] (Adobe Systems, Inc.) Local furniture maker gives trees new life Rappahannock News.url -> C:\Users\Angela\Desktop\Local furniture maker gives trees new life Rappahannock News.url -> [2011/12/23 09:42:02 | 000,000,173 | ---- | M] () The Sudarium Trilogy Best Selling Thriller.url -> C:\Users\Angela\Desktop\The Sudarium Trilogy Best Selling Thriller.url -> [2011/12/21 11:36:20 | 000,000,116 | ---- | M] () ITW Member Directory - David Richards's Profile.url -> C:\Users\Angela\Desktop\ITW Member Directory - David Richards's Profile.url -> [2011/12/21 11:35:53 | 000,000,145 | ---- | M] () [PC Support] Frequently Asked Windows Problems with Solutions, Help and Troubleshooting Tips - Tweaking with Vishal.url -> C:\Users\Angela\Desktop\[PC Support] Frequently Asked Windows Problems with Solutions, Help and Troubleshooting Tips - Tweaking with Vishal.url -> [2011/12/18 22:52:03 | 000,000,216 | ---- | M] () shortcut_ex.dat -> C:\windows\SysWow64\shortcut_ex.dat -> [2011/12/18 03:33:21 | 000,000,017 | ---- | M] () Diagnose and fix program installing and uninstalling problems automatically.url -> C:\Users\Angela\Desktop\Diagnose and fix program installing and uninstalling problems automatically.url -> [2011/12/16 01:10:13 | 000,000,216 | ---- | M] () Completely removing Windows Vista-Windows 7 Printer Driver - Brian Jackson's IT Blog.url -> C:\Users\Angela\Desktop\Completely removing Windows Vista-Windows 7 Printer Driver - Brian Jackson's IT Blog.url -> [2011/12/15 22:07:11 | 000,000,178 | ---- | M] () How to cancel printing or to delete a print job that is stuck in the print queue in Windows XP.url -> C:\Users\Angela\Desktop\How to cancel printing or to delete a print job that is stuck in the print queue in Windows XP.url -> [2011/12/15 21:56:06 | 000,000,191 | ---- | M] () Revo Uninstaller.lnk -> C:\Users\Angela\Desktop\Revo Uninstaller.lnk -> [2011/12/12 09:20:16 | 000,001,276 | ---- | M] () mbam.sys -> C:\windows\SysNative\drivers\mbam.sys -> [2011/12/10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) Tennessee Wholesale Nursery Store - Shopping Cart.url -> C:\Users\Angela\Desktop\Tennessee Wholesale Nursery Store - Shopping Cart.url -> [2011/12/09 08:39:53 | 000,000,205 | ---- | M] () Removal Remove-Malware.com.url -> C:\Users\Angela\Desktop\Removal Remove-Malware.com.url -> [2011/12/08 21:42:09 | 000,000,123 | ---- | M] () Drivers Synaptics.url -> C:\Users\Angela\Desktop\Drivers Synaptics.url -> [2011/12/07 22:26:26 | 000,000,196 | ---- | M] () Smoked Salmon Canapes with Lemon, Horseradish and Dill Recipe Leite's Culinaria.url -> C:\Users\Angela\Desktop\Smoked Salmon Canapes with Lemon, Horseradish and Dill Recipe Leite's Culinaria.url -> [2011/12/06 19:53:10 | 000,000,268 | ---- | M] () NEHA Interview with DR. Robert W. Powitz PhD, MPH, RS (2).url -> C:\Users\Angela\Desktop\NEHA Interview with DR. Robert W. Powitz PhD, MPH, RS (2).url -> [2011/12/05 23:45:47 | 000,000,185 | ---- | M] () Affinion.url -> C:\Users\Angela\Desktop\Affinion.url -> [2011/12/04 21:58:44 | 000,000,182 | ---- | M] () Renting the Spruce Knob Mountain Center The Mountain Institute.url -> C:\Users\Angela\Desktop\Renting the Spruce Knob Mountain Center The Mountain Institute.url -> [2011/12/03 00:59:55 | 000,000,238 | ---- | M] () The Elusive Main Entrance to the Sinks of Gandy Cave Near Spruce Knob, West Virginia - YouTube.url -> C:\Users\Angela\Desktop\The Elusive Main Entrance to the Sinks of Gandy Cave Near Spruce Knob, West Virginia - YouTube.url -> [2011/12/03 00:58:53 | 000,000,206 | ---- | M] () Holiday Entertaining Finger Food Recipes - Martha Stewart.url -> C:\Users\Angela\Desktop\Holiday Entertaining Finger Food Recipes - Martha Stewart.url -> [2011/11/30 20:30:49 | 000,000,249 | ---- | M] () Amazon.com Boxwood 'Wintergreen' Fast Growing! ~ 30 shrubs~ -4 inch pot. Patio, Lawn & Garden.url -> C:\Users\Angela\Desktop\Amazon.com Boxwood 'Wintergreen' Fast Growing! ~ 30 shrubs~ -4 inch pot. Patio, Lawn & Garden.url -> [2011/11/29 17:20:54 | 000,000,291 | ---- | M] () Trans-Siberian Orchestra’s Music Videos – Free listening, videos, concerts, stats, & pictures at Last.fm.url -> C:\Users\Angela\Desktop\Trans-Siberian Orchestra’s Music Videos – Free listening, videos, concerts, stats, & pictures at Last.fm.url -> [2011/11/28 23:10:29 | 000,000,226 | ---- | M] () Boxwood Buxus Shrubs.url -> C:\Users\Angela\Desktop\Boxwood Buxus Shrubs.url -> [2011/11/20 22:53:45 | 000,000,226 | ---- | M] () index.url -> C:\Users\Angela\Desktop\index.url -> [2011/11/20 22:39:26 | 000,000,120 | ---- | M] () How to Delete Locked Malware Files in Windows.url -> C:\Users\Angela\Desktop\How to Delete Locked Malware Files in Windows.url -> [2011/11/20 19:34:25 | 000,000,216 | ---- | M] () KillBox.Net.url -> C:\Users\Angela\Desktop\KillBox.Net.url -> [2011/11/20 19:34:12 | 000,000,108 | ---- | M] () Using Combofix On Windows Vista and Windows 7 – I wouldn’t Remove-Malware.com.url -> C:\Users\Angela\Desktop\Using Combofix On Windows Vista and Windows 7 – I wouldn’t Remove-Malware.com.url -> [2011/11/16 22:59:49 | 000,000,201 | ---- | M] () How to use the Windows 7 System Recovery Environment Command Prompt.url -> C:\Users\Angela\Desktop\How to use the Windows 7 System Recovery Environment Command Prompt.url -> [2011/11/15 20:52:00 | 000,000,247 | ---- | M] () ieui.dll -> C:\windows\SysNative\ieui.dll -> [2011/11/11 01:49:14 | 000,247,808 | ---- | M] (Microsoft Corporation) ieui.dll -> C:\windows\SysWow64\ieui.dll -> [2011/11/11 00:40:14 | 000,176,640 | ---- | M] (Microsoft Corporation) Toshiba laptop - Windows 7 Forums.url -> C:\Users\Angela\Desktop\Toshiba laptop - Windows 7 Forums.url -> [2011/11/06 20:16:18 | 000,000,224 | ---- | M] () url.dll -> C:\windows\SysNative\url.dll -> [2011/11/05 00:41:28 | 000,134,144 | ---- | M] (Microsoft Corporation) mshtmled.dll -> C:\windows\SysNative\mshtmled.dll -> [2011/11/05 00:38:26 | 000,097,280 | ---- | M] (Microsoft Corporation) msfeeds.dll -> C:\windows\SysNative\msfeeds.dll -> [2011/11/05 00:38:24 | 000,702,464 | ---- | M] (Microsoft Corporation) url.dll -> C:\windows\SysWow64\url.dll -> [2011/11/04 23:34:45 | 000,132,096 | ---- | M] (Microsoft Corporation) mshtmled.dll -> C:\windows\SysWow64\mshtmled.dll -> [2011/11/04 23:31:32 | 000,067,072 | ---- | M] (Microsoft Corporation) hosts -> C:\windows\SysNative\drivers\etc\hosts -> [2011/11/02 21:43:42 | 000,000,027 | ---- | M] () Email Story Form.url -> C:\Users\Angela\Desktop\Email Story Form.url -> [2011/10/26 06:28:32 | 000,000,390 | ---- | M] () csrsrv.dll -> C:\windows\SysNative\csrsrv.dll -> [2011/10/26 00:21:20 | 000,043,520 | ---- | M] (Microsoft Corporation) NEHA Interview with DR. Robert W. Powitz PhD, MPH, RS.url -> C:\Users\Angela\Desktop\NEHA Interview with DR. Robert W. Powitz PhD, MPH, RS.url -> [2011/10/25 08:54:52 | 000,000,185 | ---- | M] () Relax The Back® Foot Rest.url -> C:\Users\Angela\Desktop\Relax The Back® Foot Rest.url -> [2011/10/24 21:21:36 | 000,000,147 | ---- | M] () Windows Services Black Viper's Website www.blackviper.com.url -> C:\Users\Angela\Desktop\Windows Services Black Viper's Website www.blackviper.com.url -> [2011/10/21 05:55:45 | 000,000,207 | ---- | M] () Msft_Kernel_SynTP_01007.Wdf -> C:\windows\SysNative\drivers\Msft_Kernel_SynTP_01007.Wdf -> [2011/10/20 09:31:31 | 000,000,000 | -H-- | M] () Product Upgrades Kaspersky Lab United States.url -> C:\Users\Angela\Desktop\Product Upgrades Kaspersky Lab United States.url -> [2011/10/18 22:48:41 | 000,000,235 | ---- | M] () EncDec.dll -> C:\windows\SysNative\EncDec.dll -> [2011/10/15 01:31:56 | 000,723,456 | ---- | M] (Microsoft Corporation) EncDec.dll -> C:\windows\SysWow64\EncDec.dll -> [2011/10/15 00:38:59 | 000,534,528 | ---- | M] (Microsoft Corporation) Adobe - Flash Player Help - Privacy Settings.url -> C:\Users\Angela\Desktop\Adobe - Flash Player Help - Privacy Settings.url -> [2011/10/13 19:19:11 | 000,000,229 | ---- | M] () Resmon.ResmonCfg -> C:\Users\Angela\AppData\Local\Resmon.ResmonCfg -> [2011/10/11 23:38:44 | 000,007,605 | ---- | M] () [Files - No Company Name] Making Home Affordable.url -> C:\Users\Angela\Desktop\Making Home Affordable.url -> [2012/01/06 19:53:55 | 000,000,230 | ---- | C] () Printable Percentage Chart.url -> C:\Users\Angela\Desktop\Printable Percentage Chart.url -> [2012/01/06 19:51:01 | 000,000,237 | ---- | C] () Alternatives to Foreclosure - Freddie Mac.url -> C:\Users\Angela\Desktop\Alternatives to Foreclosure - Freddie Mac.url -> [2012/01/06 19:23:11 | 000,000,230 | ---- | C] () FNTCACHE.DAT -> C:\windows\SysNative\FNTCACHE.DAT -> [2012/01/03 12:01:56 | 000,274,320 | ---- | C] () Watch Online Person of Interest Season 1 Episode 10 - Number Crunch - Watch Series.url -> C:\Users\Angela\Desktop\Watch Online Person of Interest Season 1 Episode 10 - Number Crunch - Watch Series.url -> [2012/01/02 19:25:18 | 000,000,213 | ---- | C] () Employment Application Lodge At Old Trail.url -> C:\Users\Angela\Desktop\Employment Application Lodge At Old Trail.url -> [2012/01/01 19:40:27 | 000,000,139 | ---- | C] () References.rtf -> C:\Users\Angela\Desktop\References.rtf -> [2012/01/01 19:29:53 | 000,001,306 | ---- | C] () Home Loan Modification or Mortgage Refinance CreditFYI.com.url -> C:\Users\Angela\Desktop\Home Loan Modification or Mortgage Refinance CreditFYI.com.url -> [2012/01/01 17:48:02 | 000,000,183 | ---- | C] () OOo_3.3.0_Win_x86_install-wJRE_en-US.exe -> C:\Users\Angela\Desktop\OOo_3.3.0_Win_x86_install-wJRE_en-US.exe -> [2011/12/30 18:28:09 | 158,067,944 | ---- | C] () Eusing Free Registry Defrag.lnk -> C:\Users\Angela\Desktop\Eusing Free Registry Defrag.lnk -> [2011/12/29 23:42:07 | 000,001,055 | ---- | C] () angela resume 11.rtf -> C:\Users\Angela\Desktop\angela resume 11.rtf -> [2011/12/29 10:49:04 | 000,040,819 | ---- | C] () Epitath Angela.rtf -> C:\Users\Angela\Desktop\Epitath Angela.rtf -> [2011/12/28 20:42:58 | 000,031,832 | ---- | C] () products.cfm.htm -> C:\Users\Angela\Desktop\products.cfm.htm -> [2011/12/28 12:47:25 | 000,012,805 | ---- | C] () Jobs.net - Jobs, Job Search, Employment Resources and Career Advice.url -> C:\Users\Angela\Desktop\Jobs.net - Jobs, Job Search, Employment Resources and Career Advice.url -> [2011/12/26 22:06:08 | 000,000,164 | ---- | C] () Manager, Dining Services.url -> C:\Users\Angela\Desktop\Manager, Dining Services.url -> [2011/12/26 22:04:29 | 000,000,229 | ---- | C] () samuelslibrary.net - employment opportunities.url -> C:\Users\Angela\Desktop\samuelslibrary.net - employment opportunities.url -> [2011/12/26 22:03:35 | 000,000,267 | ---- | C] () Local furniture maker gives trees new life Rappahannock News.url -> C:\Users\Angela\Desktop\Local furniture maker gives trees new life Rappahannock News.url -> [2011/12/23 09:42:02 | 000,000,173 | ---- | C] () The Sudarium Trilogy Best Selling Thriller.url -> C:\Users\Angela\Desktop\The Sudarium Trilogy Best Selling Thriller.url -> [2011/12/21 11:36:20 | 000,000,116 | ---- | C] () ITW Member Directory - David Richards's Profile.url -> C:\Users\Angela\Desktop\ITW Member Directory - David Richards's Profile.url -> [2011/12/21 11:35:53 | 000,000,145 | ---- | C] () [PC Support] Frequently Asked Windows Problems with Solutions, Help and Troubleshooting Tips - Tweaking with Vishal.url -> C:\Users\Angela\Desktop\[PC Support] Frequently Asked Windows Problems with Solutions, Help and Troubleshooting Tips - Tweaking with Vishal.url -> [2011/12/18 22:52:03 | 000,000,216 | ---- | C] () shortcut_ex.dat -> C:\windows\SysWow64\shortcut_ex.dat -> [2011/12/18 03:33:21 | 000,000,017 | ---- | C] () Diagnose and fix program installing and uninstalling problems automatically.url -> C:\Users\Angela\Desktop\Diagnose and fix program installing and uninstalling problems automatically.url -> [2011/12/16 01:10:13 | 000,000,216 | ---- | C] () Completely removing Windows Vista-Windows 7 Printer Driver - Brian Jackson's IT Blog.url -> C:\Users\Angela\Desktop\Completely removing Windows Vista-Windows 7 Printer Driver - Brian Jackson's IT Blog.url -> [2011/12/15 22:07:11 | 000,000,178 | ---- | C] () How to cancel printing or to delete a print job that is stuck in the print queue in Windows XP.url -> C:\Users\Angela\Desktop\How to cancel printing or to delete a print job that is stuck in the print queue in Windows XP.url -> [2011/12/15 21:56:06 | 000,000,191 | ---- | C] () Hyperthymesia - Wikipedia, the free encyclopedia.url -> C:\Users\Angela\Desktop\Hyperthymesia - Wikipedia, the free encyclopedia.url -> [2011/12/13 22:56:30 | 000,000,190 | ---- | C] () Tennessee Wholesale Nursery Store - Shopping Cart.url -> C:\Users\Angela\Desktop\Tennessee Wholesale Nursery Store - Shopping Cart.url -> [2011/12/09 08:39:52 | 000,000,205 | ---- | C] () Removal Remove-Malware.com.url -> C:\Users\Angela\Desktop\Removal Remove-Malware.com.url -> [2011/12/08 21:42:09 | 000,000,123 | ---- | C] () Drivers Synaptics.url -> C:\Users\Angela\Desktop\Drivers Synaptics.url -> [2011/12/07 22:26:26 | 000,000,196 | ---- | C] () Smoked Salmon Canapes with Lemon, Horseradish and Dill Recipe Leite's Culinaria.url -> C:\Users\Angela\Desktop\Smoked Salmon Canapes with Lemon, Horseradish and Dill Recipe Leite's Culinaria.url -> [2011/12/06 19:53:10 | 000,000,268 | ---- | C] () NEHA Interview with DR. Robert W. Powitz PhD, MPH, RS (2).url -> C:\Users\Angela\Desktop\NEHA Interview with DR. Robert W. Powitz PhD, MPH, RS (2).url -> [2011/12/05 23:45:47 | 000,000,185 | ---- | C] () Affinion.url -> C:\Users\Angela\Desktop\Affinion.url -> [2011/12/04 21:58:44 | 000,000,182 | ---- | C] () Renting the Spruce Knob Mountain Center The Mountain Institute.url -> C:\Users\Angela\Desktop\Renting the Spruce Knob Mountain Center The Mountain Institute.url -> [2011/12/03 00:59:55 | 000,000,238 | ---- | C] () The Elusive Main Entrance to the Sinks of Gandy Cave Near Spruce Knob, West Virginia - YouTube.url -> C:\Users\Angela\Desktop\The Elusive Main Entrance to the Sinks of Gandy Cave Near Spruce Knob, West Virginia - YouTube.url -> [2011/12/03 00:58:53 | 000,000,206 | ---- | C] () Holiday Entertaining Finger Food Recipes - Martha Stewart.url -> C:\Users\Angela\Desktop\Holiday Entertaining Finger Food Recipes - Martha Stewart.url -> [2011/11/30 20:30:48 | 000,000,249 | ---- | C] () Trans-Siberian Orchestra’s Music Videos – Free listening, videos, concerts, stats, & pictures at Last.fm.url -> C:\Users\Angela\Desktop\Trans-Siberian Orchestra’s Music Videos – Free listening, videos, concerts, stats, & pictures at Last.fm.url -> [2011/11/28 23:10:28 | 000,000,226 | ---- | C] () Amazon.com Boxwood 'Wintergreen' Fast Growing! ~ 30 shrubs~ -4 inch pot. Patio, Lawn & Garden.url -> C:\Users\Angela\Desktop\Amazon.com Boxwood 'Wintergreen' Fast Growing! ~ 30 shrubs~ -4 inch pot. Patio, Lawn & Garden.url -> [2011/11/22 21:51:10 | 000,000,291 | ---- | C] () Boxwood Buxus Shrubs.url -> C:\Users\Angela\Desktop\Boxwood Buxus Shrubs.url -> [2011/11/20 22:53:45 | 000,000,226 | ---- | C] () index.url -> C:\Users\Angela\Desktop\index.url -> [2011/11/20 22:39:26 | 000,000,120 | ---- | C] () How to Delete Locked Malware Files in Windows.url -> C:\Users\Angela\Desktop\How to Delete Locked Malware Files in Windows.url -> [2011/11/20 19:34:25 | 000,000,216 | ---- | C] () KillBox.Net.url -> C:\Users\Angela\Desktop\KillBox.Net.url -> [2011/11/20 19:34:12 | 000,000,108 | ---- | C] () Using Combofix On Windows Vista and Windows 7 – I wouldn’t Remove-Malware.com.url -> C:\Users\Angela\Desktop\Using Combofix On Windows Vista and Windows 7 – I wouldn’t Remove-Malware.com.url -> [2011/11/16 22:59:49 | 000,000,201 | ---- | C] () How to use the Windows 7 System Recovery Environment Command Prompt.url -> C:\Users\Angela\Desktop\How to use the Windows 7 System Recovery Environment Command Prompt.url -> [2011/11/15 20:52:00 | 000,000,247 | ---- | C] () Toshiba laptop - Windows 7 Forums.url -> C:\Users\Angela\Desktop\Toshiba laptop - Windows 7 Forums.url -> [2011/11/06 20:16:17 | 000,000,224 | ---- | C] () Email Story Form.url -> C:\Users\Angela\Desktop\Email Story Form.url -> [2011/10/26 06:28:32 | 000,000,390 | ---- | C] () NEHA Interview with DR. Robert W. Powitz PhD, MPH, RS.url -> C:\Users\Angela\Desktop\NEHA Interview with DR. Robert W. Powitz PhD, MPH, RS.url -> [2011/10/25 08:54:52 | 000,000,185 | ---- | C] () Relax The Back® Foot Rest.url -> C:\Users\Angela\Desktop\Relax The Back® Foot Rest.url -> [2011/10/24 21:21:36 | 000,000,147 | ---- | C] () Windows Services Black Viper's Website www.blackviper.com.url -> C:\Users\Angela\Desktop\Windows Services Black Viper's Website www.blackviper.com.url -> [2011/10/21 05:55:44 | 000,000,207 | ---- | C] () Msft_Kernel_SynTP_01007.Wdf -> C:\windows\SysNative\drivers\Msft_Kernel_SynTP_01007.Wdf -> [2011/10/20 09:31:31 | 000,000,000 | -H-- | C] () Product Upgrades Kaspersky Lab United States.url -> C:\Users\Angela\Desktop\Product Upgrades Kaspersky Lab United States.url -> [2011/10/18 22:48:41 | 000,000,235 | ---- | C] () Adobe - Flash Player Help - Privacy Settings.url -> C:\Users\Angela\Desktop\Adobe - Flash Player Help - Privacy Settings.url -> [2011/10/13 19:19:11 | 000,000,229 | ---- | C] () Resmon.ResmonCfg -> C:\Users\Angela\AppData\Local\Resmon.ResmonCfg -> [2011/10/11 23:38:44 | 000,007,605 | ---- | C] () PerfStringBackup.INI -> C:\windows\SysWow64\PerfStringBackup.INI -> [2011/08/09 15:28:51 | 000,731,106 | ---- | C] () ISSRemoveSP.exe -> C:\windows\SysWow64\ISSRemoveSP.exe -> [2011/05/21 01:20:52 | 000,451,072 | ---- | C] () ativpsrm.bin -> C:\windows\ativpsrm.bin -> [2011/05/21 01:13:26 | 000,000,000 | ---- | C] () atipblag.dat -> C:\windows\SysWow64\atipblag.dat -> [2011/05/21 01:10:23 | 000,002,975 | ---- | C] () bootstat.dat -> C:\windows\bootstat.dat -> [2009/07/14 00:38:36 | 000,067,584 | --S- | C] () NOISE.DAT -> C:\windows\SysWow64\NOISE.DAT -> [2009/07/13 21:35:51 | 000,000,741 | ---- | C] () dssec.dat -> C:\windows\SysWow64\dssec.dat -> [2009/07/13 21:34:42 | 000,215,943 | ---- | C] () FXSAPI.dll -> C:\windows\SysWow64\FXSAPI.dll -> [2009/07/13 19:15:04 | 000,227,328 | ---- | C] () mib.bin -> C:\windows\mib.bin -> [2009/07/13 19:10:29 | 000,043,131 | ---- | C] () BWContextHandler.dll -> C:\windows\SysWow64\BWContextHandler.dll -> [2009/07/13 18:42:10 | 000,064,000 | ---- | C] () msjetoledb40.dll -> C:\windows\SysWow64\msjetoledb40.dll -> [2009/07/13 16:03:59 | 000,364,544 | ---- | C] () mlang.dat -> C:\windows\SysWow64\mlang.dat -> [2009/06/10 16:26:10 | 000,673,088 | ---- | C] () [File - Lop Check] GetRightToGo -> C:\Users\Angela\AppData\Roaming\GetRightToGo -> [2011/12/11 16:00:06 | 000,000,000 | ---D | M] GlarySoft -> C:\Users\Angela\AppData\Roaming\GlarySoft -> [2011/10/01 21:30:06 | 000,000,000 | ---D | M] Iomatic -> C:\Users\Angela\AppData\Roaming\Iomatic -> [2011/10/16 19:51:52 | 000,000,000 | ---D | M] QFX Software -> C:\Users\Angela\AppData\Roaming\QFX Software -> [2011/09/25 19:34:10 | 000,000,000 | ---D | M] SoftGrid Client -> C:\Users\Angela\AppData\Roaming\SoftGrid Client -> [2012/01/05 01:38:20 | 000,000,000 | ---D | M] Toshiba -> C:\Users\Angela\AppData\Roaming\Toshiba -> [2011/11/27 18:09:01 | 000,000,000 | ---D | M] TP -> C:\Users\Angela\AppData\Roaming\TP -> [2011/08/09 15:30:53 | 000,000,000 | ---D | M] WinBatch -> C:\Users\Angela\AppData\Roaming\WinBatch -> [2011/08/07 14:25:46 | 000,000,000 | ---D | M] Wise Registry Cleaner -> C:\Users\Angela\AppData\Roaming\Wise Registry Cleaner -> [2011/12/29 23:01:49 | 000,000,000 | ---D | M] SCHEDLGU.TXT -> C:\windows\Tasks\SCHEDLGU.TXT -> [2011/12/20 18:31:52 | 000,032,552 | ---- | M] () [File - Purity Scan] < End of report > [/code]