I put the registry command in junk3.txt
The other 2 commands are in junk2.txt
-J
Redirects and audio ads in the background
Started by
maverick0987
, Sep 18 2012 04:41 PM
#16
Posted 20 September 2012 - 12:45 PM
maverick0987
- Topic Starter
-
- Member
-
- 48 posts
Member
I put the registry command in junk3.txt
The other 2 commands are in junk2.txt
-J
#17
Posted 20 September 2012 - 01:11 PM
RKinner
-
- Expert
-
- 24,732 posts
Malware Expert
I will see if I can get you another rsvpsp.dll from a 64 bit system. I only have 32 bit so mine probably would not work. I have a friend on the forum with a 64 bit. He's quick to send files if he's not traveling.
#18
Posted 20 September 2012 - 01:12 PM
maverick0987
- Topic Starter
-
- Member
-
- 48 posts
Member
Thank you thank you!
You rock!
You rock!
#19
Posted 20 September 2012 - 01:15 PM
RKinner
-
- Expert
-
- 24,732 posts
Malware Expert
I see he is monitoring this topic right now so if he has the file it won't be long. Were you able to get the netsh winsock reset catalog command to run?
#20
Posted 20 September 2012 - 01:19 PM
RKinner
-
- Expert
-
- 24,732 posts
Malware Expert
He says the file is not on his system which means it should be something we can live without. Did the reset command work?
#21
Posted 20 September 2012 - 01:55 PM
maverick0987
- Topic Starter
-
- Member
-
- 48 posts
Member
The reset command still says access denied...
#22
Posted 20 September 2012 - 02:24 PM
RKinner
-
- Expert
-
- 24,732 posts
Malware Expert
Let's try resetting the registry permissions to the defaults.
Download SubInACL.exe
http://www.microsoft...&displaylang=en
By default it installs the tool in C:\Program Files\Windows Resource Kits\Tools\
Please allow it to do so.
Download and Save the attached file, reset.zip, right click on it and Extract all and copy the reset.cmd file to C:\Program Files\Windows Resource Kits\Tools\.
Start, Run, cmd, OK Type with an ENter after each line:
Then reboot and try the netsh winsock reset catalog again.
Download SubInACL.exe
http://www.microsoft...&displaylang=en
By default it installs the tool in C:\Program Files\Windows Resource Kits\Tools\
Please allow it to do so.
Download and Save the attached file, reset.zip, right click on it and Extract all and copy the reset.cmd file to C:\Program Files\Windows Resource Kits\Tools\.
Start, Run, cmd, OK Type with an ENter after each line:
cd "\Program Files\Windows Resource Kits\Tools" reset.cmd
Then reboot and try the netsh winsock reset catalog again.
#23
Posted 20 September 2012 - 03:19 PM
maverick0987
- Topic Starter
-
- Member
-
- 48 posts
Member
Winsock catalog reset still says access denied. Also I got a few error messages during the process
This came up at the end of running reset.cmd. a file under system volume information - access denied
recycle bin corrupt upon restart - would you like to empty it now
From what I can tell everything went fine though. There were some that were modified and some that failed to change permissions. Could re-installing the driver help at all?
This came up at the end of running reset.cmd. a file under system volume information - access denied
recycle bin corrupt upon restart - would you like to empty it now
From what I can tell everything went fine though. There were some that were modified and some that failed to change permissions. Could re-installing the driver help at all?
#24
Posted 20 September 2012 - 04:41 PM
RKinner
-
- Expert
-
- 24,732 posts
Malware Expert
I don't like the corrupt recycle bin. May mean there is some hard drive damage. I think we had better first run the disk check:
1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, and then restart.
The disk check will run and will probably take an hour or more to finish.
After it finishes with that, it will boot to windows. Verify that you still do not have Internet access and then:
It looks to me like your winsock2 registry entry is all wrong. Besides having entries for obsolete protocols it is also missing about 10 entries for 64 bit services.
Let's replace it with one from a good 64 bit Win 7.
Download, Save and Move the attached winsock2.reg file to the sick PC's desktop.
First go into regedit and navigate to [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2] then right click on Winsock2 and Export, (to your desktop) call it oldwinsock2. This should create a file oldwinsock2.reg on your desktop. We want to make sure we can put it back the way it was.
Then back in regedit and right click on WinSock2 and Delete. OK. Close regedit.
Now back on your desktop, right click on the winsock2.reg file you downloaded and Merge. Do you get an error? If not, reboot and let's see what happens now.
Note. There is an entry for Kaspersky in the oldwinsock2.reg that is not in the new so you may need to reinstall Kasperky or we can try just adding it to the winsock2 but let's first see if this makes things better.
1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, and then restart.
The disk check will run and will probably take an hour or more to finish.
After it finishes with that, it will boot to windows. Verify that you still do not have Internet access and then:
It looks to me like your winsock2 registry entry is all wrong. Besides having entries for obsolete protocols it is also missing about 10 entries for 64 bit services.
Let's replace it with one from a good 64 bit Win 7.
Download, Save and Move the attached winsock2.reg file to the sick PC's desktop.
First go into regedit and navigate to [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2] then right click on Winsock2 and Export, (to your desktop) call it oldwinsock2. This should create a file oldwinsock2.reg on your desktop. We want to make sure we can put it back the way it was.
Then back in regedit and right click on WinSock2 and Delete. OK. Close regedit.
Now back on your desktop, right click on the winsock2.reg file you downloaded and Merge. Do you get an error? If not, reboot and let's see what happens now.
Note. There is an entry for Kaspersky in the oldwinsock2.reg that is not in the new so you may need to reinstall Kasperky or we can try just adding it to the winsock2 but let's first see if this makes things better.
#25
Posted 20 September 2012 - 08:13 PM
maverick0987
- Topic Starter
-
- Member
-
- 48 posts
Member
So,
No disk errors were found but after replacing winsock in the registry it still connects to router but no internet access.
I'm going to resend you the ipconfig and winsock registry reports in a sec so you can double check that everything changed over properly
-J
No disk errors were found but after replacing winsock in the registry it still connects to router but no internet access.
I'm going to resend you the ipconfig and winsock registry reports in a sec so you can double check that everything changed over properly
-J
#26
Posted 20 September 2012 - 08:23 PM
maverick0987
- Topic Starter
-
- Member
-
- 48 posts
Member
#27
Posted 20 September 2012 - 08:28 PM
RKinner
-
- Expert
-
- 24,732 posts
Malware Expert
OK. That will help.
What happens now if you try and do the netsh winsock reset catalog?
Kaspersky has a firewall. Could it be blocking the DHCP traffic by mistake? Can you drop the firewall then do
Is Kaspersky able to update?
Does
get any replies?
Are you trying to connect with wireless or wired? (Generally wired is easier)
What happens now if you try and do the netsh winsock reset catalog?
Kaspersky has a firewall. Could it be blocking the DHCP traffic by mistake? Can you drop the firewall then do
ipconfig /release ipconfig /renew
Is Kaspersky able to update?
Does
ping 8.8.8.8
get any replies?
Are you trying to connect with wireless or wired? (Generally wired is easier)
#28
Posted 20 September 2012 - 08:29 PM
RKinner
-
- Expert
-
- 24,732 posts
Malware Expert
Also run an OTL quickscan and let's see what it looks like now.
#29
Posted 20 September 2012 - 08:41 PM
maverick0987
- Topic Starter
-
- Member
-
- 48 posts
Member
Here's everything the command prompt spit out:
Microsoft Windows [Version 6.1.7601]
Copyright © 2009 Microsoft Corporation. All rights reserved.
C:\windows\system32>netsh winsock reset catalog
The system cannot find the file specified.
C:\windows\system32>ipconfig /release
Windows IP Configuration
No operation can be performed on Local Area Connection while it has its media di
sconnected.
An error occurred while releasing interface Wireless Network Connection : An add
ress has not yet been associated with the network endpoint.
C:\windows\system32>ipconfig /renew
Windows IP Configuration
No operation can be performed on Local Area Connection while it has its media di
sconnected.
An error occurred while renewing interface Wireless Network Connection : The sup
port for the specified socket type does not exist in this address family.
C:\windows\system32>ping 8.8.8.8
Pinging with 32 bytes of data:
PING: transmit failed. General failure.
PING: transmit failed. General failure.
PING: transmit failed. General failure.
PING: transmit failed. General failure.
Ping statistics for D+2:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
C:\windows\system32>
OTL Scan on the way
I'm trying to connect wirelessly. Shall I try wired?
Microsoft Windows [Version 6.1.7601]
Copyright © 2009 Microsoft Corporation. All rights reserved.
C:\windows\system32>netsh winsock reset catalog
The system cannot find the file specified.
C:\windows\system32>ipconfig /release
Windows IP Configuration
No operation can be performed on Local Area Connection while it has its media di
sconnected.
An error occurred while releasing interface Wireless Network Connection : An add
ress has not yet been associated with the network endpoint.
C:\windows\system32>ipconfig /renew
Windows IP Configuration
No operation can be performed on Local Area Connection while it has its media di
sconnected.
An error occurred while renewing interface Wireless Network Connection : The sup
port for the specified socket type does not exist in this address family.
C:\windows\system32>ping 8.8.8.8
Pinging with 32 bytes of data:
PING: transmit failed. General failure.
PING: transmit failed. General failure.
PING: transmit failed. General failure.
PING: transmit failed. General failure.
Ping statistics for D+2:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
C:\windows\system32>
OTL Scan on the way
I'm trying to connect wirelessly. Shall I try wired?
#30
Posted 20 September 2012 - 08:44 PM
maverick0987
- Topic Starter
-
- Member
-
- 48 posts
Member
OTL LOG:
OTL logfile created on: 20/09/2012 10:39:33 PM - Run 5
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Owner\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd/MM/yyyy
4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 68.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 282.96 Gb Total Space | 240.31 Gb Free Space | 84.93% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 118.48 Mb Total Space | 69.36 Mb Free Space | 58.54% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: OWNER-PC
Current User Name: Owner
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2012/09/18 18:14:36 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Downloads\OTL (1).exe
PRC - [2012/01/04 15:22:40 | 000,822,624 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
PRC - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/07/19 11:59:30 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
PRC - [2011/04/24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
PRC - [2011/02/01 17:20:48 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011/02/01 17:20:46 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
========== Modules (SafeList) ==========
MOD - [2012/09/18 18:14:36 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Downloads\OTL (1).exe
MOD - [2010/11/20 23:23:55 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
MOD - [2009/07/13 21:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2011/06/10 00:10:00 | 000,138,152 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2011/05/17 18:34:18 | 000,574,896 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2011/03/29 00:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV:64bit: - [2010/10/20 18:41:00 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/09/13 15:18:49 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/01/04 15:22:40 | 000,822,624 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE -- (cvhsvc)
SRV - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/07/19 11:59:30 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe -- (PCCUJobMgr)
SRV - [2011/07/11 21:16:06 | 000,057,216 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2011/04/24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe -- (AVP)
SRV - [2011/02/01 17:20:48 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2011/02/01 17:20:46 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2010/10/12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/03/18 15:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012/09/14 09:51:48 | 000,615,728 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2011/10/01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/08/01 16:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/07/28 19:37:10 | 000,052,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV:64bit: - [2011/04/05 00:10:14 | 012,262,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/10 21:01:40 | 001,581,184 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2011/03/10 18:36:24 | 000,029,488 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2011/03/04 13:23:28 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2)
DRV:64bit: - [2011/03/04 13:23:24 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1)
DRV:64bit: - [2011/02/09 15:29:08 | 000,077,424 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2011/02/08 23:07:00 | 000,038,096 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2011/01/05 05:08:58 | 001,109,096 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/06 03:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/10/19 20:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel®
DRV:64bit: - [2010/10/08 15:49:08 | 000,243,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/03/10 22:51:32 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/11/02 20:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2009/07/31 00:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 19:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/07 13:51:42 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FwLnk.sys -- (FwLnk)
DRV:64bit: - [2009/06/24 19:36:48 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
========== FireFox ==========
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:3.9.1.14019
FF - prefs.js..keyword.URL: "http://websearch.ask...=YYYYYYYYUS&q="
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\[email protected] [2012/09/14 13:28:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\[email protected] [2012/09/14 13:28:57 | 000,000,000 | ---D | M]
[2012/08/16 22:31:22 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
[2012/08/21 19:19:26 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tavqn14x.default\extensions
[2012/08/21 19:19:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tavqn14x.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/08/16 22:08:51 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tavqn14x.default\extensions\dealcabby@jetpack
[2012/08/21 19:19:26 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tavqn14x.default\extensions\[email protected]
[2012/08/21 19:17:44 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tavqn14x.default\extensions\[email protected]
[2012/08/21 19:19:26 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tavqn14x.default\extensions\[email protected]
[2012/08/21 17:51:23 | 000,002,566 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tavqn14x.default\searchplugins\askcom.xml
[2012/08/16 22:32:01 | 000,002,339 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tavqn14x.default\searchplugins\Search.xml
[2012/08/16 22:30:31 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/06/01 11:39:16 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml
[2012/06/01 11:39:16 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\twitter.xml
O1 HOSTS File: ([2011/12/22 16:11:00 | 000,000,833 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe (Conexant systems, Inc.)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe (Kaspersky Lab ZAO)
O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MRI_DISABLED [2012/09/12 20:29:25 | 000,000,000 | ---D | M]
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\klogon: DllName - Reg Error: Key error. - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O30:64bit: - LSA: Security Packages - (livessp) - C:\windows\SysNative\livessp.dll (Microsoft Corp.)
O30 - LSA: Security Packages - (livessp) - C:\windows\SysWow64\livessp.dll (Microsoft Corp.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 90 Days ==========
[2012/09/20 16:35:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Resource Kits
[2012/09/20 09:11:19 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/09/20 09:06:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xirrus
[2012/09/20 09:05:06 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Xirrus
[2012/09/20 01:36:09 | 000,061,440 | ---- | C] ( ) -- C:\Users\Owner\Desktop\VEW.exe
[2012/09/19 17:32:58 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/09/19 17:16:33 | 000,000,000 | ---D | C] -- C:\windows\temp
[2012/09/19 12:44:52 | 000,000,000 | ---D | C] -- C:\Users\Public\Desktop\CC Support
[2012/09/19 03:24:25 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/09/19 02:56:48 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2012/09/19 02:56:48 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2012/09/19 02:50:02 | 002,212,440 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Owner\Desktop\tdsskiller.exe
[2012/09/19 02:48:54 | 004,752,754 | R--- | C] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe
[2012/09/19 02:37:34 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Owner\Desktop\aswMBR.exe
[2012/09/19 02:37:00 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\OTL
[2012/09/19 02:32:24 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/09/18 02:16:07 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\RK_Quarantine
[2012/09/14 09:51:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012/09/14 09:51:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2012/09/14 09:51:48 | 000,615,728 | ---- | C] (Kaspersky Lab) -- C:\windows\SysNative\drivers\klif.sys
[2012/09/12 20:29:25 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MRI_DISABLED
[2012/09/10 15:58:03 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Webroot
[2012/08/21 18:29:24 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\PCSpeedUp
[2012/08/21 18:29:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Speed Up
[2012/08/21 18:06:17 | 000,000,000 | ---D | C] -- C:\windows\pss
[2012/08/19 15:20:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools
[2012/08/19 15:18:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2012/08/19 15:17:44 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012/08/19 15:17:33 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2012/08/19 15:17:29 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\TestApp
[2012/08/19 15:14:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yontoo
[2012/08/19 15:14:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2012/08/16 23:48:53 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\security files data1a
[2012/08/16 22:35:51 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Macromedia
[2012/08/16 22:30:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/08/16 22:30:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/08/16 22:08:50 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\dealcabby
[2012/08/15 15:16:25 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2012/08/15 15:10:21 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/08/15 15:09:21 | 000,000,000 | ---D | C] -- C:\windows\erdnt
[2012/08/15 14:58:56 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/08/14 14:45:25 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2012/08/14 14:45:25 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012/08/14 14:44:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2012/08/14 14:36:55 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Malwarebytes
[2012/08/14 14:36:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/08/14 14:36:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/08/14 11:57:16 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\ElevatedDiagnostics
[2012/08/13 16:48:56 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{B414D441-AAE9-181F-98B5-691E76895DF3}
[2012/08/01 12:30:48 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Chromium
[2012/06/23 18:34:11 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\PCCUStubInstaller
[3 C:\Users\Owner\Desktop\*.tmp files -> C:\Users\Owner\Desktop\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
========== Files - Modified Within 90 Days ==========
[2012/09/20 22:42:05 | 004,456,448 | --S- | M] () -- C:\Users\Owner\ntuser.dat
[2012/09/20 22:05:55 | 000,727,374 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/09/20 22:05:55 | 000,624,856 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/09/20 22:05:55 | 000,106,942 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/09/20 22:01:40 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/09/20 21:29:00 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/20 21:29:00 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/20 21:21:39 | 000,000,006 | -H-- | M] () -- C:\windows\tasks\SA.DAT
[2012/09/20 21:21:26 | 3180,220,416 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/20 21:20:49 | 002,862,455 | -H-- | M] () -- C:\Users\Owner\AppData\Local\IconCache.db
[2012/09/20 21:19:28 | 000,021,006 | ---- | M] () -- C:\Users\Owner\Desktop\oldwinsock2.reg
[2012/09/20 20:13:01 | 000,003,544 | ---- | M] () -- C:\bootsqm.dat
[2012/09/20 18:47:06 | 000,142,508 | ---- | M] () -- C:\Users\Owner\Desktop\WINSOCK2.reg
[2012/09/20 17:13:26 | 000,369,320 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012/09/19 17:12:48 | 000,000,215 | ---- | M] () -- C:\windows\system.ini
[2012/09/19 11:08:14 | 000,061,440 | ---- | M] ( ) -- C:\Users\Owner\Desktop\VEW.exe
[2012/09/19 03:06:26 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts.old
[2012/09/19 02:50:02 | 002,212,440 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Owner\Desktop\tdsskiller.exe
[2012/09/19 02:48:55 | 004,752,754 | R--- | M] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe
[2012/09/19 02:43:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/09/19 02:37:40 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Owner\Desktop\aswMBR.exe
[2012/09/19 02:36:06 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/19 02:36:00 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/14 15:21:14 | 000,010,640 | ---- | M] () -- C:\Users\Owner\Desktop\cc_20120914_152111.reg
[2012/09/14 15:20:43 | 000,077,616 | ---- | M] () -- C:\Users\Owner\Desktop\cc_20120914_151930.reg
[2012/09/14 13:28:54 | 000,153,053 | ---- | M] () -- C:\windows\SysNative\drivers\klin.dat
[2012/09/14 13:28:54 | 000,107,384 | ---- | M] () -- C:\windows\SysNative\drivers\klick.dat
[2012/09/14 12:51:34 | 000,017,408 | ---- | M] () -- C:\Users\Owner\AppData\Local\WebpageIcons.db
[2012/09/14 09:51:48 | 000,615,728 | ---- | M] (Kaspersky Lab) -- C:\windows\SysNative\drivers\klif.sys
[2012/09/13 14:47:33 | 005,507,000 | ---- | M] () -- C:\Users\Owner\Desktop\tc10124500a.exe
[2012/09/12 20:29:05 | 000,001,945 | ---- | M] () -- C:\windows\epplauncher.mif
[2012/09/12 20:24:17 | 000,233,193 | ---- | M] () -- C:\Users\Owner\Desktop\OWNER-PC_FinalScan.mht
[2012/09/10 16:05:53 | 000,232,804 | ---- | M] () -- C:\Users\Owner\Desktop\OWNER-PC_1st scan.mht
[2012/09/05 07:43:27 | 000,007,605 | ---- | M] () -- C:\Users\Owner\AppData\Local\Resmon.ResmonCfg
[2012/08/21 19:21:57 | 000,524,288 | -HS- | M] () -- C:\Users\Owner\ntuser.dat{34450c31-ebdf-11e1-83c3-00266ce85d45}.TMContainer00000000000000000002.regtrans-ms
[2012/08/21 19:21:57 | 000,524,288 | -HS- | M] () -- C:\Users\Owner\ntuser.dat{34450c31-ebdf-11e1-83c3-00266ce85d45}.TMContainer00000000000000000001.regtrans-ms
[2012/08/21 19:21:57 | 000,065,536 | -HS- | M] () -- C:\Users\Owner\ntuser.dat{34450c31-ebdf-11e1-83c3-00266ce85d45}.TM.blf
[2012/08/16 23:32:17 | 000,524,288 | --S- | M] () -- C:\Users\Owner\ntuser.dat{9680c35b-e80f-11e1-9dc5-e0ca949c005d}.TMContainer00000000000000000002.regtrans-ms
[2012/08/16 23:32:17 | 000,524,288 | --S- | M] () -- C:\Users\Owner\ntuser.dat{9680c35b-e80f-11e1-9dc5-e0ca949c005d}.TMContainer00000000000000000001.regtrans-ms
[2012/08/16 23:32:17 | 000,065,536 | --S- | M] () -- C:\Users\Owner\ntuser.dat{9680c35b-e80f-11e1-9dc5-e0ca949c005d}.TM.blf
[2012/08/07 14:39:12 | 000,389,067 | ---- | M] () -- C:\Users\Owner\Desktop\Diane Shinn Resume 8-2-12.pdf
[2012/08/07 14:28:16 | 000,030,720 | ---- | M] () -- C:\Users\Owner\Desktop\d.shinn_resume_20120803 (Word Doc).doc
[2012/08/06 17:51:04 | 000,034,816 | ---- | M] () -- C:\Users\Owner\Desktop\Diane+Shinn+Resume.20120802.doc
[2012/08/02 11:14:56 | 000,034,304 | ---- | M] () -- C:\Users\Owner\Desktop\Diane+Shinn+Resume.20120802+B.doc
[2012/08/02 08:31:39 | 000,034,816 | ---- | M] () -- C:\Users\Owner\Desktop\Diane+Shinn+Resume.2012319+B.doc
[2012/08/02 07:56:12 | 000,030,720 | ---- | M] () -- C:\Users\Owner\Desktop\d.shinn_resume_20120711.doc
[2012/07/17 19:26:17 | 000,000,162 | ---- | M] () -- C:\Users\Owner\Desktop\~$shinn_resume_20120711 (Word Doc).doc
[2012/07/10 15:50:08 | 000,017,353 | ---- | M] () -- C:\Users\Owner\Desktop\Cover Letter Suggestions.docx
[2012/07/06 15:41:47 | 000,022,016 | ---- | M] () -- C:\Users\Owner\Documents\New Microsoft Word Document (7).doc
[2012/07/06 09:27:56 | 000,024,064 | ---- | M] () -- C:\Users\Owner\Desktop\Hardship Letter.doc
[2012/06/26 18:00:56 | 000,022,528 | ---- | M] () -- C:\Users\Owner\Documents\Hardship Letter.doc
[2012/06/26 11:06:30 | 000,097,700 | ---- | M] () -- C:\Users\Owner\Desktop\Shinn Parcel ID.pdf
[2012/06/26 11:04:23 | 000,075,405 | ---- | M] () -- C:\Users\Owner\Desktop\tax bill.pdf
[3 C:\Users\Owner\Desktop\*.tmp files -> C:\Users\Owner\Desktop\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/09/20 21:19:28 | 000,021,006 | ---- | C] () -- C:\Users\Owner\Desktop\oldwinsock2.reg
[2012/09/20 21:17:46 | 000,142,508 | ---- | C] () -- C:\Users\Owner\Desktop\WINSOCK2.reg
[2012/09/20 20:13:01 | 000,003,544 | ---- | C] () -- C:\bootsqm.dat
[2012/09/19 02:56:48 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2012/09/19 02:56:48 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2012/09/19 02:56:48 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2012/09/19 02:56:48 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2012/09/19 02:56:48 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2012/09/14 15:21:13 | 000,010,640 | ---- | C] () -- C:\Users\Owner\Desktop\cc_20120914_152111.reg
[2012/09/14 15:20:40 | 000,077,616 | ---- | C] () -- C:\Users\Owner\Desktop\cc_20120914_151930.reg
[2012/09/14 12:51:34 | 000,017,408 | ---- | C] () -- C:\Users\Owner\AppData\Local\WebpageIcons.db
[2012/09/14 09:53:56 | 000,153,053 | ---- | C] () -- C:\windows\SysNative\drivers\klin.dat
[2012/09/14 09:53:56 | 000,107,384 | ---- | C] () -- C:\windows\SysNative\drivers\klick.dat
[2012/09/13 15:18:49 | 000,000,830 | ---- | C] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/09/13 14:47:33 | 005,507,000 | ---- | C] () -- C:\Users\Owner\Desktop\tc10124500a.exe
[2012/09/12 20:24:17 | 000,233,193 | ---- | C] () -- C:\Users\Owner\Desktop\OWNER-PC_FinalScan.mht
[2012/09/10 16:05:53 | 000,232,804 | ---- | C] () -- C:\Users\Owner\Desktop\OWNER-PC_1st scan.mht
[2012/09/05 07:43:20 | 000,007,605 | ---- | C] () -- C:\Users\Owner\AppData\Local\Resmon.ResmonCfg
[2012/08/21 19:21:57 | 000,524,288 | -HS- | C] () -- C:\Users\Owner\ntuser.dat{34450c31-ebdf-11e1-83c3-00266ce85d45}.TMContainer00000000000000000002.regtrans-ms
[2012/08/21 19:21:57 | 000,524,288 | -HS- | C] () -- C:\Users\Owner\ntuser.dat{34450c31-ebdf-11e1-83c3-00266ce85d45}.TMContainer00000000000000000001.regtrans-ms
[2012/08/21 19:21:57 | 000,065,536 | -HS- | C] () -- C:\Users\Owner\ntuser.dat{34450c31-ebdf-11e1-83c3-00266ce85d45}.TM.blf
[2012/08/16 22:02:49 | 000,524,288 | --S- | C] () -- C:\Users\Owner\ntuser.dat{9680c35b-e80f-11e1-9dc5-e0ca949c005d}.TMContainer00000000000000000002.regtrans-ms
[2012/08/16 22:02:49 | 000,524,288 | --S- | C] () -- C:\Users\Owner\ntuser.dat{9680c35b-e80f-11e1-9dc5-e0ca949c005d}.TMContainer00000000000000000001.regtrans-ms
[2012/08/16 22:02:49 | 000,065,536 | --S- | C] () -- C:\Users\Owner\ntuser.dat{9680c35b-e80f-11e1-9dc5-e0ca949c005d}.TM.blf
[2012/08/07 14:39:12 | 000,389,067 | ---- | C] () -- C:\Users\Owner\Desktop\Diane Shinn Resume 8-2-12.pdf
[2012/08/07 14:28:15 | 000,030,720 | ---- | C] () -- C:\Users\Owner\Desktop\d.shinn_resume_20120803 (Word Doc).doc
[2012/08/06 17:51:03 | 000,034,816 | ---- | C] () -- C:\Users\Owner\Desktop\Diane+Shinn+Resume.20120802.doc
[2012/08/02 11:14:55 | 000,034,304 | ---- | C] () -- C:\Users\Owner\Desktop\Diane+Shinn+Resume.20120802+B.doc
[2012/08/02 08:31:38 | 000,034,816 | ---- | C] () -- C:\Users\Owner\Desktop\Diane+Shinn+Resume.2012319+B.doc
[2012/07/23 16:46:28 | 000,030,720 | ---- | C] () -- C:\Users\Owner\Desktop\d.shinn_resume_20120711.doc
[2012/07/17 19:26:17 | 000,000,162 | ---- | C] () -- C:\Users\Owner\Desktop\~$shinn_resume_20120711 (Word Doc).doc
[2012/07/10 15:47:58 | 000,017,353 | ---- | C] () -- C:\Users\Owner\Desktop\Cover Letter Suggestions.docx
[2012/06/26 18:01:12 | 000,024,064 | ---- | C] () -- C:\Users\Owner\Desktop\Hardship Letter.doc
[2012/06/26 18:00:55 | 000,022,528 | ---- | C] () -- C:\Users\Owner\Documents\Hardship Letter.doc
[2012/06/26 11:06:29 | 000,097,700 | ---- | C] () -- C:\Users\Owner\Desktop\Shinn Parcel ID.pdf
[2012/06/26 11:04:19 | 000,075,405 | ---- | C] () -- C:\Users\Owner\Desktop\tax bill.pdf
[2012/01/16 14:18:56 | 000,744,880 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
========== LOP Check ==========
[2012/05/27 16:49:29 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Babylon
[2012/01/16 14:56:24 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Book Place
[2012/08/21 19:05:57 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\OpenOffice.org
[2012/08/21 19:19:26 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PCCUStubInstaller
[2012/05/27 17:38:46 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PDFlite
[2012/08/21 19:05:57 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\SoftGrid Client
[2012/08/19 15:17:29 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TestApp
[2011/12/29 22:16:08 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Tific
[2011/12/29 21:40:51 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Toshiba
[2012/01/16 14:19:50 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TP
[2011/12/29 17:36:01 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\WinBatch
[2012/02/19 14:49:09 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Windows Live Writer
[2012/09/20 09:05:06 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Xirrus
[2012/09/20 21:21:39 | 000,026,544 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:DFC5A2B2
< End of report >
OTL logfile created on: 20/09/2012 10:39:33 PM - Run 5
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Owner\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd/MM/yyyy
4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 68.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 282.96 Gb Total Space | 240.31 Gb Free Space | 84.93% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 118.48 Mb Total Space | 69.36 Mb Free Space | 58.54% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: OWNER-PC
Current User Name: Owner
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2012/09/18 18:14:36 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Downloads\OTL (1).exe
PRC - [2012/01/04 15:22:40 | 000,822,624 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
PRC - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/07/19 11:59:30 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
PRC - [2011/04/24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
PRC - [2011/02/01 17:20:48 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011/02/01 17:20:46 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
========== Modules (SafeList) ==========
MOD - [2012/09/18 18:14:36 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Downloads\OTL (1).exe
MOD - [2010/11/20 23:23:55 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
MOD - [2009/07/13 21:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2011/06/10 00:10:00 | 000,138,152 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2011/05/17 18:34:18 | 000,574,896 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2011/03/29 00:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV:64bit: - [2010/10/20 18:41:00 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/09/13 15:18:49 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/01/04 15:22:40 | 000,822,624 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE -- (cvhsvc)
SRV - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/07/19 11:59:30 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe -- (PCCUJobMgr)
SRV - [2011/07/11 21:16:06 | 000,057,216 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2011/04/24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe -- (AVP)
SRV - [2011/02/01 17:20:48 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2011/02/01 17:20:46 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2010/10/12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/03/18 15:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012/09/14 09:51:48 | 000,615,728 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2011/10/01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/08/01 16:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/07/28 19:37:10 | 000,052,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV:64bit: - [2011/04/05 00:10:14 | 012,262,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/10 21:01:40 | 001,581,184 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2011/03/10 18:36:24 | 000,029,488 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2011/03/04 13:23:28 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2)
DRV:64bit: - [2011/03/04 13:23:24 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1)
DRV:64bit: - [2011/02/09 15:29:08 | 000,077,424 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2011/02/08 23:07:00 | 000,038,096 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2011/01/05 05:08:58 | 001,109,096 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/06 03:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/10/19 20:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel®
DRV:64bit: - [2010/10/08 15:49:08 | 000,243,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/03/10 22:51:32 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/11/02 20:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2009/07/31 00:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 19:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/07 13:51:42 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FwLnk.sys -- (FwLnk)
DRV:64bit: - [2009/06/24 19:36:48 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
========== FireFox ==========
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:3.9.1.14019
FF - prefs.js..keyword.URL: "http://websearch.ask...=YYYYYYYYUS&q="
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\[email protected] [2012/09/14 13:28:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\[email protected] [2012/09/14 13:28:57 | 000,000,000 | ---D | M]
[2012/08/16 22:31:22 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
[2012/08/21 19:19:26 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tavqn14x.default\extensions
[2012/08/21 19:19:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tavqn14x.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/08/16 22:08:51 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tavqn14x.default\extensions\dealcabby@jetpack
[2012/08/21 19:19:26 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tavqn14x.default\extensions\[email protected]
[2012/08/21 19:17:44 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tavqn14x.default\extensions\[email protected]
[2012/08/21 19:19:26 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tavqn14x.default\extensions\[email protected]
[2012/08/21 17:51:23 | 000,002,566 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tavqn14x.default\searchplugins\askcom.xml
[2012/08/16 22:32:01 | 000,002,339 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tavqn14x.default\searchplugins\Search.xml
[2012/08/16 22:30:31 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/06/01 11:39:16 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml
[2012/06/01 11:39:16 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\twitter.xml
O1 HOSTS File: ([2011/12/22 16:11:00 | 000,000,833 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe (Conexant systems, Inc.)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe (Kaspersky Lab ZAO)
O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MRI_DISABLED [2012/09/12 20:29:25 | 000,000,000 | ---D | M]
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\klogon: DllName - Reg Error: Key error. - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O30:64bit: - LSA: Security Packages - (livessp) - C:\windows\SysNative\livessp.dll (Microsoft Corp.)
O30 - LSA: Security Packages - (livessp) - C:\windows\SysWow64\livessp.dll (Microsoft Corp.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 90 Days ==========
[2012/09/20 16:35:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Resource Kits
[2012/09/20 09:11:19 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/09/20 09:06:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xirrus
[2012/09/20 09:05:06 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Xirrus
[2012/09/20 01:36:09 | 000,061,440 | ---- | C] ( ) -- C:\Users\Owner\Desktop\VEW.exe
[2012/09/19 17:32:58 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/09/19 17:16:33 | 000,000,000 | ---D | C] -- C:\windows\temp
[2012/09/19 12:44:52 | 000,000,000 | ---D | C] -- C:\Users\Public\Desktop\CC Support
[2012/09/19 03:24:25 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/09/19 02:56:48 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2012/09/19 02:56:48 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2012/09/19 02:50:02 | 002,212,440 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Owner\Desktop\tdsskiller.exe
[2012/09/19 02:48:54 | 004,752,754 | R--- | C] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe
[2012/09/19 02:37:34 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Owner\Desktop\aswMBR.exe
[2012/09/19 02:37:00 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\OTL
[2012/09/19 02:32:24 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/09/18 02:16:07 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\RK_Quarantine
[2012/09/14 09:51:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012/09/14 09:51:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2012/09/14 09:51:48 | 000,615,728 | ---- | C] (Kaspersky Lab) -- C:\windows\SysNative\drivers\klif.sys
[2012/09/12 20:29:25 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MRI_DISABLED
[2012/09/10 15:58:03 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Webroot
[2012/08/21 18:29:24 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\PCSpeedUp
[2012/08/21 18:29:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Speed Up
[2012/08/21 18:06:17 | 000,000,000 | ---D | C] -- C:\windows\pss
[2012/08/19 15:20:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools
[2012/08/19 15:18:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2012/08/19 15:17:44 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012/08/19 15:17:33 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2012/08/19 15:17:29 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\TestApp
[2012/08/19 15:14:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yontoo
[2012/08/19 15:14:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2012/08/16 23:48:53 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\security files data1a
[2012/08/16 22:35:51 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Macromedia
[2012/08/16 22:30:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/08/16 22:30:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/08/16 22:08:50 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\dealcabby
[2012/08/15 15:16:25 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2012/08/15 15:10:21 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/08/15 15:09:21 | 000,000,000 | ---D | C] -- C:\windows\erdnt
[2012/08/15 14:58:56 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/08/14 14:45:25 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2012/08/14 14:45:25 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012/08/14 14:44:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2012/08/14 14:36:55 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Malwarebytes
[2012/08/14 14:36:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/08/14 14:36:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/08/14 11:57:16 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\ElevatedDiagnostics
[2012/08/13 16:48:56 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{B414D441-AAE9-181F-98B5-691E76895DF3}
[2012/08/01 12:30:48 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Chromium
[2012/06/23 18:34:11 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\PCCUStubInstaller
[3 C:\Users\Owner\Desktop\*.tmp files -> C:\Users\Owner\Desktop\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
========== Files - Modified Within 90 Days ==========
[2012/09/20 22:42:05 | 004,456,448 | --S- | M] () -- C:\Users\Owner\ntuser.dat
[2012/09/20 22:05:55 | 000,727,374 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/09/20 22:05:55 | 000,624,856 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/09/20 22:05:55 | 000,106,942 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/09/20 22:01:40 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/09/20 21:29:00 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/20 21:29:00 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/20 21:21:39 | 000,000,006 | -H-- | M] () -- C:\windows\tasks\SA.DAT
[2012/09/20 21:21:26 | 3180,220,416 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/20 21:20:49 | 002,862,455 | -H-- | M] () -- C:\Users\Owner\AppData\Local\IconCache.db
[2012/09/20 21:19:28 | 000,021,006 | ---- | M] () -- C:\Users\Owner\Desktop\oldwinsock2.reg
[2012/09/20 20:13:01 | 000,003,544 | ---- | M] () -- C:\bootsqm.dat
[2012/09/20 18:47:06 | 000,142,508 | ---- | M] () -- C:\Users\Owner\Desktop\WINSOCK2.reg
[2012/09/20 17:13:26 | 000,369,320 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012/09/19 17:12:48 | 000,000,215 | ---- | M] () -- C:\windows\system.ini
[2012/09/19 11:08:14 | 000,061,440 | ---- | M] ( ) -- C:\Users\Owner\Desktop\VEW.exe
[2012/09/19 03:06:26 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts.old
[2012/09/19 02:50:02 | 002,212,440 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Owner\Desktop\tdsskiller.exe
[2012/09/19 02:48:55 | 004,752,754 | R--- | M] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe
[2012/09/19 02:43:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/09/19 02:37:40 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Owner\Desktop\aswMBR.exe
[2012/09/19 02:36:06 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/19 02:36:00 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/14 15:21:14 | 000,010,640 | ---- | M] () -- C:\Users\Owner\Desktop\cc_20120914_152111.reg
[2012/09/14 15:20:43 | 000,077,616 | ---- | M] () -- C:\Users\Owner\Desktop\cc_20120914_151930.reg
[2012/09/14 13:28:54 | 000,153,053 | ---- | M] () -- C:\windows\SysNative\drivers\klin.dat
[2012/09/14 13:28:54 | 000,107,384 | ---- | M] () -- C:\windows\SysNative\drivers\klick.dat
[2012/09/14 12:51:34 | 000,017,408 | ---- | M] () -- C:\Users\Owner\AppData\Local\WebpageIcons.db
[2012/09/14 09:51:48 | 000,615,728 | ---- | M] (Kaspersky Lab) -- C:\windows\SysNative\drivers\klif.sys
[2012/09/13 14:47:33 | 005,507,000 | ---- | M] () -- C:\Users\Owner\Desktop\tc10124500a.exe
[2012/09/12 20:29:05 | 000,001,945 | ---- | M] () -- C:\windows\epplauncher.mif
[2012/09/12 20:24:17 | 000,233,193 | ---- | M] () -- C:\Users\Owner\Desktop\OWNER-PC_FinalScan.mht
[2012/09/10 16:05:53 | 000,232,804 | ---- | M] () -- C:\Users\Owner\Desktop\OWNER-PC_1st scan.mht
[2012/09/05 07:43:27 | 000,007,605 | ---- | M] () -- C:\Users\Owner\AppData\Local\Resmon.ResmonCfg
[2012/08/21 19:21:57 | 000,524,288 | -HS- | M] () -- C:\Users\Owner\ntuser.dat{34450c31-ebdf-11e1-83c3-00266ce85d45}.TMContainer00000000000000000002.regtrans-ms
[2012/08/21 19:21:57 | 000,524,288 | -HS- | M] () -- C:\Users\Owner\ntuser.dat{34450c31-ebdf-11e1-83c3-00266ce85d45}.TMContainer00000000000000000001.regtrans-ms
[2012/08/21 19:21:57 | 000,065,536 | -HS- | M] () -- C:\Users\Owner\ntuser.dat{34450c31-ebdf-11e1-83c3-00266ce85d45}.TM.blf
[2012/08/16 23:32:17 | 000,524,288 | --S- | M] () -- C:\Users\Owner\ntuser.dat{9680c35b-e80f-11e1-9dc5-e0ca949c005d}.TMContainer00000000000000000002.regtrans-ms
[2012/08/16 23:32:17 | 000,524,288 | --S- | M] () -- C:\Users\Owner\ntuser.dat{9680c35b-e80f-11e1-9dc5-e0ca949c005d}.TMContainer00000000000000000001.regtrans-ms
[2012/08/16 23:32:17 | 000,065,536 | --S- | M] () -- C:\Users\Owner\ntuser.dat{9680c35b-e80f-11e1-9dc5-e0ca949c005d}.TM.blf
[2012/08/07 14:39:12 | 000,389,067 | ---- | M] () -- C:\Users\Owner\Desktop\Diane Shinn Resume 8-2-12.pdf
[2012/08/07 14:28:16 | 000,030,720 | ---- | M] () -- C:\Users\Owner\Desktop\d.shinn_resume_20120803 (Word Doc).doc
[2012/08/06 17:51:04 | 000,034,816 | ---- | M] () -- C:\Users\Owner\Desktop\Diane+Shinn+Resume.20120802.doc
[2012/08/02 11:14:56 | 000,034,304 | ---- | M] () -- C:\Users\Owner\Desktop\Diane+Shinn+Resume.20120802+B.doc
[2012/08/02 08:31:39 | 000,034,816 | ---- | M] () -- C:\Users\Owner\Desktop\Diane+Shinn+Resume.2012319+B.doc
[2012/08/02 07:56:12 | 000,030,720 | ---- | M] () -- C:\Users\Owner\Desktop\d.shinn_resume_20120711.doc
[2012/07/17 19:26:17 | 000,000,162 | ---- | M] () -- C:\Users\Owner\Desktop\~$shinn_resume_20120711 (Word Doc).doc
[2012/07/10 15:50:08 | 000,017,353 | ---- | M] () -- C:\Users\Owner\Desktop\Cover Letter Suggestions.docx
[2012/07/06 15:41:47 | 000,022,016 | ---- | M] () -- C:\Users\Owner\Documents\New Microsoft Word Document (7).doc
[2012/07/06 09:27:56 | 000,024,064 | ---- | M] () -- C:\Users\Owner\Desktop\Hardship Letter.doc
[2012/06/26 18:00:56 | 000,022,528 | ---- | M] () -- C:\Users\Owner\Documents\Hardship Letter.doc
[2012/06/26 11:06:30 | 000,097,700 | ---- | M] () -- C:\Users\Owner\Desktop\Shinn Parcel ID.pdf
[2012/06/26 11:04:23 | 000,075,405 | ---- | M] () -- C:\Users\Owner\Desktop\tax bill.pdf
[3 C:\Users\Owner\Desktop\*.tmp files -> C:\Users\Owner\Desktop\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/09/20 21:19:28 | 000,021,006 | ---- | C] () -- C:\Users\Owner\Desktop\oldwinsock2.reg
[2012/09/20 21:17:46 | 000,142,508 | ---- | C] () -- C:\Users\Owner\Desktop\WINSOCK2.reg
[2012/09/20 20:13:01 | 000,003,544 | ---- | C] () -- C:\bootsqm.dat
[2012/09/19 02:56:48 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2012/09/19 02:56:48 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2012/09/19 02:56:48 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2012/09/19 02:56:48 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2012/09/19 02:56:48 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2012/09/14 15:21:13 | 000,010,640 | ---- | C] () -- C:\Users\Owner\Desktop\cc_20120914_152111.reg
[2012/09/14 15:20:40 | 000,077,616 | ---- | C] () -- C:\Users\Owner\Desktop\cc_20120914_151930.reg
[2012/09/14 12:51:34 | 000,017,408 | ---- | C] () -- C:\Users\Owner\AppData\Local\WebpageIcons.db
[2012/09/14 09:53:56 | 000,153,053 | ---- | C] () -- C:\windows\SysNative\drivers\klin.dat
[2012/09/14 09:53:56 | 000,107,384 | ---- | C] () -- C:\windows\SysNative\drivers\klick.dat
[2012/09/13 15:18:49 | 000,000,830 | ---- | C] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/09/13 14:47:33 | 005,507,000 | ---- | C] () -- C:\Users\Owner\Desktop\tc10124500a.exe
[2012/09/12 20:24:17 | 000,233,193 | ---- | C] () -- C:\Users\Owner\Desktop\OWNER-PC_FinalScan.mht
[2012/09/10 16:05:53 | 000,232,804 | ---- | C] () -- C:\Users\Owner\Desktop\OWNER-PC_1st scan.mht
[2012/09/05 07:43:20 | 000,007,605 | ---- | C] () -- C:\Users\Owner\AppData\Local\Resmon.ResmonCfg
[2012/08/21 19:21:57 | 000,524,288 | -HS- | C] () -- C:\Users\Owner\ntuser.dat{34450c31-ebdf-11e1-83c3-00266ce85d45}.TMContainer00000000000000000002.regtrans-ms
[2012/08/21 19:21:57 | 000,524,288 | -HS- | C] () -- C:\Users\Owner\ntuser.dat{34450c31-ebdf-11e1-83c3-00266ce85d45}.TMContainer00000000000000000001.regtrans-ms
[2012/08/21 19:21:57 | 000,065,536 | -HS- | C] () -- C:\Users\Owner\ntuser.dat{34450c31-ebdf-11e1-83c3-00266ce85d45}.TM.blf
[2012/08/16 22:02:49 | 000,524,288 | --S- | C] () -- C:\Users\Owner\ntuser.dat{9680c35b-e80f-11e1-9dc5-e0ca949c005d}.TMContainer00000000000000000002.regtrans-ms
[2012/08/16 22:02:49 | 000,524,288 | --S- | C] () -- C:\Users\Owner\ntuser.dat{9680c35b-e80f-11e1-9dc5-e0ca949c005d}.TMContainer00000000000000000001.regtrans-ms
[2012/08/16 22:02:49 | 000,065,536 | --S- | C] () -- C:\Users\Owner\ntuser.dat{9680c35b-e80f-11e1-9dc5-e0ca949c005d}.TM.blf
[2012/08/07 14:39:12 | 000,389,067 | ---- | C] () -- C:\Users\Owner\Desktop\Diane Shinn Resume 8-2-12.pdf
[2012/08/07 14:28:15 | 000,030,720 | ---- | C] () -- C:\Users\Owner\Desktop\d.shinn_resume_20120803 (Word Doc).doc
[2012/08/06 17:51:03 | 000,034,816 | ---- | C] () -- C:\Users\Owner\Desktop\Diane+Shinn+Resume.20120802.doc
[2012/08/02 11:14:55 | 000,034,304 | ---- | C] () -- C:\Users\Owner\Desktop\Diane+Shinn+Resume.20120802+B.doc
[2012/08/02 08:31:38 | 000,034,816 | ---- | C] () -- C:\Users\Owner\Desktop\Diane+Shinn+Resume.2012319+B.doc
[2012/07/23 16:46:28 | 000,030,720 | ---- | C] () -- C:\Users\Owner\Desktop\d.shinn_resume_20120711.doc
[2012/07/17 19:26:17 | 000,000,162 | ---- | C] () -- C:\Users\Owner\Desktop\~$shinn_resume_20120711 (Word Doc).doc
[2012/07/10 15:47:58 | 000,017,353 | ---- | C] () -- C:\Users\Owner\Desktop\Cover Letter Suggestions.docx
[2012/06/26 18:01:12 | 000,024,064 | ---- | C] () -- C:\Users\Owner\Desktop\Hardship Letter.doc
[2012/06/26 18:00:55 | 000,022,528 | ---- | C] () -- C:\Users\Owner\Documents\Hardship Letter.doc
[2012/06/26 11:06:29 | 000,097,700 | ---- | C] () -- C:\Users\Owner\Desktop\Shinn Parcel ID.pdf
[2012/06/26 11:04:19 | 000,075,405 | ---- | C] () -- C:\Users\Owner\Desktop\tax bill.pdf
[2012/01/16 14:18:56 | 000,744,880 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
========== LOP Check ==========
[2012/05/27 16:49:29 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Babylon
[2012/01/16 14:56:24 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Book Place
[2012/08/21 19:05:57 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\OpenOffice.org
[2012/08/21 19:19:26 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PCCUStubInstaller
[2012/05/27 17:38:46 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PDFlite
[2012/08/21 19:05:57 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\SoftGrid Client
[2012/08/19 15:17:29 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TestApp
[2011/12/29 22:16:08 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Tific
[2011/12/29 21:40:51 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Toshiba
[2012/01/16 14:19:50 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TP
[2011/12/29 17:36:01 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\WinBatch
[2012/02/19 14:49:09 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Windows Live Writer
[2012/09/20 09:05:06 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Xirrus
[2012/09/20 21:21:39 | 000,026,544 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:DFC5A2B2
< End of report >
Similar Topics
1 user(s) are reading this topic
0 members, 1 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
