OTL logfile created on: 3/16/2014 7:30:20 AM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Natasha\Downloads 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.16521) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.89 Gb Total Physical Memory | 2.10 Gb Available Physical Memory | 53.98% Memory free 7.78 Gb Paging File | 5.61 Gb Available in Paging File | 72.13% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 450.93 Gb Total Space | 343.14 Gb Free Space | 76.10% Space Free | Partition Type: NTFS Drive E: | 14.63 Gb Total Space | 1.72 Gb Free Space | 11.74% Space Free | Partition Type: NTFS Drive F: | 53.63 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: NATASHA-HP | User Name: Natasha | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - C:\Users\Natasha\Downloads\OTL (1).exe (OldTimer Tools) PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) PRC - C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe (Google Inc.) PRC - C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google) PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software) PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software) PRC - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccsvchst.exe (Symantec Corporation) PRC - C:\Program Files (x86)\PDF Complete\pdfsvc.exe (PDF Complete Inc) PRC - C:\Users\Natasha\AppData\Roaming\KaiJet\WormholeSwitch1117\FunctModules\{8AEC7F86-B5F4-499b-9ACE-203F46E4469D}\Wormhole.exe (KaiJet) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE (Hewlett-Packard) PRC - C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe () PRC - C:\Program Files (x86)\Microsoft Office\Office\FINDFAST.EXE () PRC - C:\Program Files (x86)\Microsoft Office\Office\OSA.EXE () [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - C:\Users\Natasha\AppData\Local\Temp\_MEI34562\_ssl.pyd () MOD - C:\Users\Natasha\AppData\Local\Temp\_MEI34562\wx._controls_.pyd () MOD - C:\Users\Natasha\AppData\Local\Temp\_MEI34562\wx._windows_.pyd () MOD - C:\Users\Natasha\AppData\Local\Temp\_MEI34562\wx._gdi_.pyd () MOD - C:\Users\Natasha\AppData\Local\Temp\_MEI34562\_hashlib.pyd () MOD - C:\Users\Natasha\AppData\Local\Temp\_MEI34562\PyWinTypes27.dll () MOD - C:\Users\Natasha\AppData\Local\Temp\_MEI34562\_ctypes.pyd () MOD - C:\Users\Natasha\AppData\Local\Temp\_MEI34562\wx._html2.pyd () MOD - C:\Users\Natasha\AppData\Local\Temp\_MEI34562\win32inet.pyd () MOD - C:\Users\Natasha\AppData\Local\Temp\_MEI34562\win32process.pyd () MOD - C:\Users\Natasha\AppData\Local\Temp\_MEI34562\_multiprocessing.pyd () MOD - C:\Users\Natasha\AppData\Local\Temp\_MEI34562\win32pdh.pyd () MOD - C:\Users\Natasha\AppData\Local\Temp\_MEI34562\win32pipe.pyd () MOD - C:\Users\Natasha\AppData\Local\Temp\_MEI34562\wx._core_.pyd () MOD - C:\Users\Natasha\AppData\Local\Temp\_MEI34562\wx._misc_.pyd () MOD - C:\Users\Natasha\AppData\Local\Temp\_MEI34562\unicodedata.pyd () MOD - C:\Users\Natasha\AppData\Local\Temp\_MEI34562\pysqlite2._sqlite.pyd () MOD - C:\Users\Natasha\AppData\Local\Temp\_MEI34562\windows._lib_cacheinvalidation.pyd () MOD - C:\Users\Natasha\AppData\Local\Temp\_MEI34562\pythoncom27.dll () MOD - C:\Users\Natasha\AppData\Local\Temp\_MEI34562\win32com.shell.shell.pyd () MOD - C:\Users\Natasha\AppData\Local\Temp\_MEI34562\_elementtree.pyd () MOD - C:\Users\Natasha\AppData\Local\Temp\_MEI34562\pyexpat.pyd () MOD - C:\Users\Natasha\AppData\Local\Temp\_MEI34562\wx._wizard.pyd () MOD - C:\Users\Natasha\AppData\Local\Temp\_MEI34562\win32file.pyd () MOD - C:\Users\Natasha\AppData\Local\Temp\_MEI34562\win32security.pyd () MOD - C:\Users\Natasha\AppData\Local\Temp\_MEI34562\win32api.pyd () MOD - C:\Users\Natasha\AppData\Local\Temp\_MEI34562\_socket.pyd () MOD - C:\Users\Natasha\AppData\Local\Temp\_MEI34562\win32ts.pyd () MOD - C:\Users\Natasha\AppData\Local\Temp\_MEI34562\win32event.pyd () MOD - C:\Users\Natasha\AppData\Local\Temp\_MEI34562\win32profile.pyd () MOD - C:\Users\Natasha\AppData\Local\Temp\_MEI34562\win32crypt.pyd () MOD - C:\Users\Natasha\AppData\Local\Temp\_MEI34562\select.pyd () MOD - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppgooglenaclpluginchrome.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libglesv2.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libegl.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll () MOD - C:\Program Files\AVAST Software\Avast\libcef.dll () MOD - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\wincfi39.dll () MOD - C:\Users\Natasha\AppData\Roaming\KaiJet\WormholeSwitch1117\FunctModules\{8AEC7F86-B5F4-499b-9ACE-203F46E4469D}\OSW08.dll () MOD - C:\Users\Natasha\AppData\Roaming\KaiJet\WormholeSwitch1117\FunctModules\{8AEC7F86-B5F4-499b-9ACE-203F46E4469D}\2208KM_HID.dll () MOD - C:\Users\Natasha\AppData\Roaming\KaiJet\WormholeSwitch1117\FunctModules\{8AEC7F86-B5F4-499b-9ACE-203F46E4469D}\ProdLic.DLL () MOD - C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe () MOD - C:\Program Files (x86)\Microsoft Office\Office\MSO97.DLL () MOD - C:\Program Files (x86)\Microsoft Office\Office\FINDFAST.EXE () MOD - C:\Program Files (x86)\Microsoft Office\Office\OSA.EXE () [color=#E56717]========== Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation) SRV:[b]64bit:[/b] - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software) SRV:[b]64bit:[/b] - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV:[b]64bit:[/b] - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (NIS) -- C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe (Symantec Corporation) SRV - (pdfcDispatcher) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe (PDF Complete Inc) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation) SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software) DRV:[b]64bit:[/b] - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software) DRV:[b]64bit:[/b] - (aswVmm) -- C:\Windows\SysNative\drivers\aswVmm.sys () DRV:[b]64bit:[/b] - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software) DRV:[b]64bit:[/b] - (aswStm) -- C:\Windows\SysNative\drivers\aswStm.sys (AVAST Software) DRV:[b]64bit:[/b] - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software) DRV:[b]64bit:[/b] - (aswRvrt) -- C:\Windows\SysNative\drivers\aswRvrt.sys () DRV:[b]64bit:[/b] - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation) DRV:[b]64bit:[/b] - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:[b]64bit:[/b] - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:[b]64bit:[/b] - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (SymEFA) -- C:\Windows\SysNative\drivers\NISx64\1404000.028\symefa64.sys (Symantec Corporation) DRV:[b]64bit:[/b] - (SymDS) -- C:\Windows\SysNative\drivers\NISx64\1404000.028\symds64.sys (Symantec Corporation) DRV:[b]64bit:[/b] - (SRTSP) -- C:\Windows\SysNative\drivers\NISx64\1404000.028\srtsp64.sys (Symantec Corporation) DRV:[b]64bit:[/b] - (SymNetS) -- C:\Windows\SysNative\drivers\NISx64\1404000.028\symnets.sys (Symantec Corporation) DRV:[b]64bit:[/b] - (ccSet_NIS) -- C:\Windows\SysNative\drivers\NISx64\1404000.028\ccsetx64.sys (Symantec Corporation) DRV:[b]64bit:[/b] - (AmUStor) -- C:\Windows\SysNative\drivers\AmUStor.sys (Alcor Micro, Corp.) DRV:[b]64bit:[/b] - (SymIRON) -- C:\Windows\SysNative\drivers\NISx64\1404000.028\ironx64.sys (Symantec Corporation) DRV:[b]64bit:[/b] - (SRTSPX) -- C:\Windows\SysNative\drivers\NISx64\1404000.028\srtspx64.sys (Symantec Corporation) DRV:[b]64bit:[/b] - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV:[b]64bit:[/b] - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:[b]64bit:[/b] - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:[b]64bit:[/b] - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:[b]64bit:[/b] - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:[b]64bit:[/b] - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (athur) -- C:\Windows\SysNative\drivers\athurx.sys (Atheros Communications, Inc.) DRV:[b]64bit:[/b] - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:[b]64bit:[/b] - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:[b]64bit:[/b] - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:[b]64bit:[/b] - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:[b]64bit:[/b] - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:[b]64bit:[/b] - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:[b]64bit:[/b] - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\VirusDefs\20130520.003\ex64.sys (Symantec Corporation) DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\VirusDefs\20130520.003\eng64.sys (Symantec Corporation) DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\BASHDefs\20130107.001\BHDrvx64.sys (Symantec Corporation) DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\IPSDefs\20130113.001\IDSviA64.sys (Symantec Corporation) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/ IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://toolbar.inbox.com/help/sa_customize.aspx?tbid=80572 IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr8/*http://www.yahoo.com/ext/search/search.html IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://toolbar.inbox.com/search/ie.aspx?tbid=80572&lng=en IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {BB0E6D1F-A6BA-45D0-BB88-A490D31B370A} IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=CMDTDFJS IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{20E109DE-D9B4-4CA2-8C3D-55CF1CD2205A}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us3-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{34e26447-bf30-4c78-a5b9-61dfa8a55e67}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^XM^xdm003^S01272^us&si=CMCH_s20_a8CFUOo4Aoddif6FQ&ptb=369A1DE1-3761-4F9A-B939-1DF700D4C783&psa=&ind=2012051309&st=sb&n=77ed776d&searchfor={searchTerms} IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{BB0E6D1F-A6BA-45D0-BB88-A490D31B370A}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex}&startPage={startPage} IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-25/4?satitle={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCOM13/19 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCOM13/19 IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=CMDTDFJS IE - HKLM\..\SearchScopes\{20E109DE-D9B4-4CA2-8C3D-55CF1CD2205A}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us3-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-25/4?satitle={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCOM13/19 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.live.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.mywebsearch.com/index.jhtml?n=77DE8857&p2=^XM^xdm003^S01272^us&ptb=369A1DE1-3761-4F9A-B939-1DF700D4C783&si=CMCH_s20_a8CFUOo4Aoddif6FQ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\SearchScopes,DefaultScope = {BB0E6D1F-A6BA-45D0-BB88-A490D31B370A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=CMDTDFJS IE - HKCU\..\SearchScopes\{20E109DE-D9B4-4CA2-8C3D-55CF1CD2205A}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us3-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} IE - HKCU\..\SearchScopes\{34e26447-bf30-4c78-a5b9-61dfa8a55e67}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^XM^xdm003^S01272^us&si=CMCH_s20_a8CFUOo4Aoddif6FQ&ptb=369A1DE1-3761-4F9A-B939-1DF700D4C783&psa=&ind=2012051309&st=sb&n=77ed776d&searchfor={searchTerms} IE - HKCU\..\SearchScopes\{BB0E6D1F-A6BA-45D0-BB88-A490D31B370A}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex}&startPage={startPage}&rlz=1I7ADRA_en IE - HKCU\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = http://toolbar.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80572&lng=en IE - HKCU\..\SearchScopes\{CAC6D6DF-9A88-40A5-A8A1-A59A63281CB6}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GWYE IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-25/4?satitle={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = [color=#E56717]========== FireFox ==========[/color] FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\coFFPlgn\ [2014/03/16 03:20:24 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\IPSFFPlgn\ [2013/11/21 01:25:09 | 000,000,000 | ---D | M] [color=#E56717]========== Chrome ==========[/color] CHR - default_search_provider: Conduit Search (Enabled) CHR - default_search_provider: search_url = http://search.conduit.com/Results.aspx?ctid=CT3322287&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP13D4E3ED-4710-4A22-AC23-023B39BD9E43&q={searchTerms}&SSPV= CHR - default_search_provider: suggest_url = , CHR - homepage: http://search.conduit.com/?ctid=CT3322287&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP13D4E3ED-4710-4A22-AC23-023B39BD9E43&SSPV= CHR - plugin: Error reading preferences file CHR - Extension: File Converter = C:\Users\Natasha\AppData\Local\Google\Chrome\User Data\Default\Extensions\alblmaecejifbilchdofkdanifpmnmfk\1.0.0.0_0\ CHR - Extension: Google Docs = C:\Users\Natasha\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\ CHR - Extension: Google Drive = C:\Users\Natasha\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Users\Natasha\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Google Search = C:\Users\Natasha\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: Common Core Math 1-6 by Sokikom = C:\Users\Natasha\AppData\Local\Google\Chrome\User Data\Default\Extensions\eombmpplkjplkhbgaochnmgkhlnkmomb\0.0.0.8_0\ CHR - Extension: Google Wallet = C:\Users\Natasha\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\ CHR - Extension: Gmail = C:\Users\Natasha\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:[b]64bit:[/b] - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2:[b]64bit:[/b] - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard) O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation) O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) O3:[b]64bit:[/b] - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [MFNetworkScanUtility] C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUT6.EXE (CANON INC.) O4:[b]64bit:[/b] - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software) O4 - HKLM..\Run: [HP KEYBOARDx] C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE (Hewlett-Packard) O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc) O4 - HKCU..\Run: [cdloader] C:\Users\Natasha\AppData\Roaming\mjusbsp\cdloader2.exe (magicJack L.P.) O4 - HKCU..\Run: [CS Dispatch] C:\Users\Natasha\AppData\Roaming\KaiJet\WormholeSwitch1117\FunctModules\{8AEC7F86-B5F4-499b-9ACE-203F46E4469D}\Wormhole.exe (KaiJet) O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google) O4:[b]64bit:[/b] - HKLM..\RunOnce: [NCPluginUpdater] C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe (Hewlett-Packard) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9:[b]64bit:[/b] - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard) O9:[b]64bit:[/b] - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard) O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard) O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard) O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13[b]64bit:[/b] - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: realtytools.com ([]http in Trusted sites) O15 - HKCU\..Trusted Domains: toolkitcma.com ([]http in Trusted sites) O15 - HKCU\..Trusted Domains: toolkitcma2.com ([]http in Trusted sites) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2B0B0526-0CA3-46EB-B6BC-FD3401FA519C}: DhcpNameServer = 75.75.75.75 75.75.76.76 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FE879B5F-FBC1-4B93-A4BC-4E6CA691AD9C}: DhcpNameServer = 75.75.75.75 75.75.76.76 O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\wlpg - No CLSID value found O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:[b]64bit:[/b] - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008/02/21 20:43:08 | 000,358,248 | R--- | M] (NETGEAR Inc.) - F:\Autorun.exe -- [ CDFS ] O32 - AutoRun File - [2006/05/29 04:27:40 | 000,000,047 | R--- | M] () - F:\autorun.inf -- [ CDFS ] O33 - MountPoints2\{2e96fbfe-5c51-11e3-9c22-d4c9eff0caba}\Shell - "" = AutoRun O33 - MountPoints2\{2e96fbfe-5c51-11e3-9c22-d4c9eff0caba}\Shell\AutoRun\command - "" = D:\WHLoader.exe O33 - MountPoints2\{83a1d04b-23cb-11e3-b9e1-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{83a1d04b-23cb-11e3-b9e1-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Autorun.exe -- [2008/02/21 20:43:08 | 000,358,248 | R--- | M] (NETGEAR Inc.) O33 - MountPoints2\D\Shell - "" = AutoRun O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\WHLoader.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %* O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2014/03/15 16:29:15 | 000,000,000 | ---D | C] -- C:\Users\Natasha\Desktop\PDF'd Photos [2014/03/15 16:20:30 | 000,000,000 | ---D | C] -- C:\Users\Natasha\AppData\Local\PDF-TIFF-Tools.com [2014/03/15 16:20:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JPG to PDF Converter [2014/03/15 16:20:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JPG to PDF Converter [2014/03/15 14:12:19 | 001,924,096 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysNative\drivers\athurx.sys [2014/03/15 11:10:29 | 000,000,000 | ---D | C] -- C:\Users\Natasha\AppData\Local\SearchProtect [2014/03/15 11:10:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SearchProtect [2014/03/15 11:10:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SuperGeek Free JPG to PDF Converter [2014/03/15 11:10:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SuperGeek Free JPG to PDF Converter [2014/03/15 11:05:35 | 000,000,000 | ---D | C] -- C:\Users\Natasha\AppData\Local\Programs [2014/03/14 08:32:06 | 000,000,000 | ---D | C] -- C:\Users\Natasha\AppData\Roaming\InstallShield [2014/03/13 01:41:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Recovery [2014/03/07 07:51:25 | 000,000,000 | ---D | C] -- C:\Users\Natasha\AppData\Local\Diagnostics [2014/03/05 21:16:54 | 000,000,000 | ---D | C] -- C:\Windows\SendTo [2014/03/05 21:16:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Reference [2014/03/05 21:15:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Messaging [2014/03/05 21:15:48 | 000,000,000 | ---D | C] -- C:\Windows\forms [2014/02/26 21:12:43 | 000,000,000 | ---D | C] -- C:\Users\Natasha\AppData\Roaming\Canon [2014/02/25 07:01:31 | 000,000,000 | ---D | C] -- C:\Windows\Migration [2014/02/23 22:15:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Canon [2014/02/23 22:14:51 | 000,000,000 | -H-D | C] -- C:\Windows\SysNative\CanonMF Uninstaller Information [2014/02/23 22:14:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon [2014/02/23 22:14:45 | 000,000,000 | ---D | C] -- C:\Program Files\Canon [2014/02/23 17:24:51 | 000,000,000 | ---D | C] -- C:\Users\Natasha\AppData\Roaming\Real [3 C:\Users\Natasha\Desktop\*.tmp files -> C:\Users\Natasha\Desktop\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2014/03/16 06:41:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2014/03/16 06:40:42 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2014/03/16 06:34:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2014/03/16 03:23:19 | 000,027,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2014/03/16 03:23:19 | 000,027,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2014/03/16 03:22:27 | 000,782,470 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2014/03/16 03:22:27 | 000,662,384 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2014/03/16 03:22:27 | 000,122,252 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2014/03/16 03:18:11 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForNatasha.job [2014/03/16 03:18:08 | 000,281,032 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2014/03/16 03:17:59 | 3132,780,544 | -HS- | M] () -- C:\hiberfil.sys [2014/03/15 19:43:06 | 000,002,185 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2014/03/15 16:47:24 | 000,476,795 | ---- | M] () -- C:\Users\Natasha\Desktop\140 Creekside Court. problems 003 18.pdf [2014/03/15 16:20:31 | 000,002,115 | ---- | M] () -- C:\Users\Natasha\Application Data\Microsoft\Internet Explorer\Quick Launch\JPG to PDF Converter.lnk [2014/03/15 16:20:31 | 000,001,165 | ---- | M] () -- C:\Users\Natasha\Desktop\JPG to PDF Converter.lnk [2014/03/15 11:59:18 | 000,001,968 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2014/03/07 17:37:10 | 000,001,240 | ---- | M] () -- C:\Users\Natasha\Desktop\Forms & Tools - Shortcut (2).lnk [2014/03/05 21:17:03 | 000,000,791 | ---- | M] () -- C:\Users\Public\Desktop\Setup for Microsoft Internet Explorer 3.02.lnk [2014/03/05 21:17:02 | 000,001,104 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Find Fast.lnk [2014/03/05 21:16:54 | 000,001,079 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Outlook.lnk [2014/03/05 21:16:51 | 000,001,104 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office Shortcut Bar.lnk [2014/03/05 21:16:50 | 000,001,079 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Office Startup.lnk [2014/03/05 21:16:48 | 000,006,712 | ---- | M] () -- C:\Windows\SysWow64\mapisvc.inf [2014/03/05 21:16:48 | 000,000,035 | ---- | M] () -- C:\Users\Natasha\Documents\MS Access 97 Database (not sharable).dsn [2014/03/05 21:16:48 | 000,000,032 | ---- | M] () -- C:\Users\Natasha\Documents\MS Access Database (not sharable).dsn [2014/03/05 21:16:48 | 000,000,026 | ---- | M] () -- C:\Users\Natasha\Documents\FoxPro Files (not sharable).dsn [2014/03/05 21:16:48 | 000,000,025 | ---- | M] () -- C:\Users\Natasha\Documents\Excel Files (not sharable).dsn [2014/03/05 21:16:48 | 000,000,025 | ---- | M] () -- C:\Users\Natasha\Documents\dBASE Files (not sharable).dsn [2014/03/05 21:16:48 | 000,000,024 | ---- | M] () -- C:\Users\Natasha\Documents\Text Files (not sharable).dsn [2014/03/05 21:16:48 | 000,000,022 | ---- | M] () -- C:\Windows\exchng.ini [2014/03/05 21:16:47 | 000,000,957 | ---- | M] () -- C:\Windows\ODBCINST.INI [2014/03/05 21:16:47 | 000,000,611 | ---- | M] () -- C:\Windows\ODBC.INI [2014/03/05 21:16:45 | 000,069,632 | ---- | M] () -- C:\Windows\SysWow64\system.mdw [2014/02/26 07:01:38 | 000,774,592 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2014/02/23 22:15:10 | 000,001,168 | ---- | M] () -- C:\Users\Public\Desktop\Canon MF Toolbox 4.9.lnk [2014/02/23 20:35:20 | 000,000,612 | RHS- | M] () -- C:\ProgramData\ntuser.pol [2014/02/23 19:47:48 | 000,032,632 | ---- | M] () -- C:\Windows\SysNative\emptyregdb.dat [2014/02/20 19:06:11 | 000,121,230 | ---- | M] () -- C:\Users\Natasha\Desktop\Inv_FC_1256_from_Linden_Green_Condominium_Association_4120.pdf [2014/02/20 14:43:06 | 000,002,044 | ---- | M] () -- C:\Users\Public\Desktop\Google Slides.lnk [2014/02/20 14:43:06 | 000,002,032 | ---- | M] () -- C:\Users\Public\Desktop\Google Docs.lnk [2014/02/20 14:43:05 | 000,002,042 | ---- | M] () -- C:\Users\Public\Desktop\Google Sheets.lnk [2014/02/19 15:27:58 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [3 C:\Users\Natasha\Desktop\*.tmp files -> C:\Users\Natasha\Desktop\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2014/03/15 16:47:24 | 000,476,795 | ---- | C] () -- C:\Users\Natasha\Desktop\140 Creekside Court. problems 003 18.pdf [2014/03/15 16:20:31 | 000,002,115 | ---- | C] () -- C:\Users\Natasha\Application Data\Microsoft\Internet Explorer\Quick Launch\JPG to PDF Converter.lnk [2014/03/07 17:37:10 | 000,001,240 | ---- | C] () -- C:\Users\Natasha\Desktop\Forms & Tools - Shortcut (2).lnk [2014/03/05 21:17:03 | 000,000,791 | ---- | C] () -- C:\Users\Public\Desktop\Setup for Microsoft Internet Explorer 3.02.lnk [2014/03/05 21:17:02 | 000,001,104 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Find Fast.lnk [2014/03/05 21:16:54 | 000,001,091 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Outlook.lnk [2014/03/05 21:16:54 | 000,001,079 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Outlook.lnk [2014/03/05 21:16:52 | 000,001,192 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft PowerPoint.lnk [2014/03/05 21:16:51 | 000,001,104 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office Shortcut Bar.lnk [2014/03/05 21:16:50 | 000,001,091 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Word.lnk [2014/03/05 21:16:50 | 000,001,086 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Binder.lnk [2014/03/05 21:16:50 | 000,001,079 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Office Startup.lnk [2014/03/05 21:16:48 | 000,000,035 | ---- | C] () -- C:\Users\Natasha\Documents\MS Access 97 Database (not sharable).dsn [2014/03/05 21:16:48 | 000,000,032 | ---- | C] () -- C:\Users\Natasha\Documents\MS Access Database (not sharable).dsn [2014/03/05 21:16:48 | 000,000,026 | ---- | C] () -- C:\Users\Natasha\Documents\FoxPro Files (not sharable).dsn [2014/03/05 21:16:48 | 000,000,025 | ---- | C] () -- C:\Users\Natasha\Documents\Excel Files (not sharable).dsn [2014/03/05 21:16:48 | 000,000,025 | ---- | C] () -- C:\Users\Natasha\Documents\dBASE Files (not sharable).dsn [2014/03/05 21:16:48 | 000,000,024 | ---- | C] () -- C:\Users\Natasha\Documents\Text Files (not sharable).dsn [2014/03/05 21:16:48 | 000,000,022 | ---- | C] () -- C:\Windows\exchng.ini [2014/03/05 21:16:47 | 000,001,079 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Excel.lnk [2014/03/05 21:16:47 | 000,000,957 | ---- | C] () -- C:\Windows\ODBCINST.INI [2014/03/05 21:16:47 | 000,000,611 | ---- | C] () -- C:\Windows\ODBC.INI [2014/03/05 21:16:45 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\system.mdw [2014/03/05 21:16:45 | 000,001,192 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Access.lnk [2014/02/23 22:15:10 | 000,001,168 | ---- | C] () -- C:\Users\Public\Desktop\Canon MF Toolbox 4.9.lnk [2014/02/23 22:14:14 | 000,017,879 | ---- | C] () -- C:\Windows\SysNative\CNCENPMU.chm [2014/02/23 20:35:20 | 000,000,612 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2014/02/23 19:47:48 | 000,032,632 | ---- | C] () -- C:\Windows\SysNative\emptyregdb.dat [2014/02/20 19:06:12 | 000,121,230 | ---- | C] () -- C:\Users\Natasha\Desktop\Inv_FC_1256_from_Linden_Green_Condominium_Association_4120.pdf [2014/02/19 15:27:58 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2012/04/04 22:57:30 | 000,755,188 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin [2012/04/04 22:51:57 | 000,561,508 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin [2012/04/04 22:49:06 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012/04/04 22:48:00 | 013,024,256 | ---- | C] () -- C:\Windows\SysWow64\ig7icd32.dll [2009/08/04 15:21:05 | 000,000,000 | ---- | C] () -- C:\Users\Natasha\.JavaPowUpload.properties [2009/06/25 17:29:37 | 000,824,275 | ---- | C] () -- C:\Users\Natasha\Thomas.Ferry.birth.certificate.pdf [2009/06/23 11:13:58 | 000,039,776 | ---- | C] () -- C:\Users\Natasha\Albatammy061509.pdf [color=#E56717]========== ZeroAccess Check ==========[/color] [2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 22:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 21:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] [color=#E56717]========== LOP Check ==========[/color] [2014/01/26 09:08:34 | 000,000,000 | ---D | M] -- C:\Users\Natasha\AppData\Roaming\AVAST Software [2014/02/26 21:12:43 | 000,000,000 | ---D | M] -- C:\Users\Natasha\AppData\Roaming\Canon [2013/12/01 01:56:01 | 000,000,000 | ---D | M] -- C:\Users\Natasha\AppData\Roaming\KaiJet [2014/02/09 16:26:32 | 000,000,000 | ---D | M] -- C:\Users\Natasha\AppData\Roaming\mjusbsp [2013/11/23 03:44:16 | 000,000,000 | ---D | M] -- C:\Users\Natasha\AppData\Roaming\Windows Live Writer [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Files - Unicode (All) ==========[/color] [2011/12/07 18:04:17 | 000,010,595 | ---- | M] ()(C:\Users\Natasha\Documents\??????.docx) -- C:\Users\Natasha\Documents\Россия.docx [2011/12/07 18:04:15 | 000,010,595 | ---- | C] ()(C:\Users\Natasha\Documents\??????.docx) -- C:\Users\Natasha\Documents\Россия.docx [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 825 bytes -> C:\Users\Natasha\Documents\Password for ToolkitCMA_com.eml:OECustomProperty @Alternate Data Stream - 740 bytes -> C:\Users\Natasha\Documents\Re_ 110-112 Foxfire.eml:OECustomProperty @Alternate Data Stream - 676 bytes -> C:\Users\Natasha\Documents\Suzi Orman.eml:OECustomProperty @Alternate Data Stream - 652 bytes -> C:\Users\Natasha\Documents\password and log-in on 103 Wilson.eml:OECustomProperty @Alternate Data Stream - 646 bytes -> C:\Users\Natasha\Documents\Fw_ Drummond Farms Lane.eml:OECustomProperty @Alternate Data Stream - 622 bytes -> C:\Users\Natasha\Documents\Drummond Farms Lane.eml:OECustomProperty @Alternate Data Stream - 1065 bytes -> C:\Users\Natasha\Documents\Kristina sent you an Amazon_com e-Card and Gift Certificate! for Jeff.eml:OECustomProperty @Alternate Data Stream - 1052 bytes -> C:\Users\Natasha\Documents\the full neighborhood report of the Odessa National area_ 200 Camerton Lane.eml:OECustomProperty @Alternate Data Stream - 1037 bytes -> C:\Users\Natasha\Documents\American Nutrition's Piracetam _ Brain Sale.eml:OECustomProperty < End of report >