Need Help Removing Google Redirect Virus Win7 64 bit [Solved]
Started by
hellooomcfly
, Oct 25 2012 01:25 PM
This topic is locked
#31
Posted 01 November 2012 - 02:31 PM
hellooomcfly
- Topic Starter
-
- Member
-
- 48 posts
Member
#33
Posted 03 November 2012 - 07:16 AM
hellooomcfly
- Topic Starter
-
- Member
-
- 48 posts
Member
Ok, I just completely uninstalled Mozilla Firefox using the instructions posted in your last reply. I could not find the profile folder mentioned toward the end of the uninstall instructions, but I did check the box to remove all bookmarks, cookies, etc. as well as the program and manually deleted all remaining Firefox files/folders on the C: drive.
Edited by hellooomcfly, 03 November 2012 - 07:18 AM.
#34
Posted 03 November 2012 - 07:42 AM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
Could you now check for redirects after I delete the miscreant folder
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
Run OTL
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
:Files C:\users\User\Application Data\Mozilla :Commands [resethosts] [emptytemp] [CREATERESTOREPOINT] [Reboot]
- Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
#35
Posted 03 November 2012 - 11:21 AM
hellooomcfly
- Topic Starter
-
- Member
-
- 48 posts
Member
OTL Run Fix Log:
All processes killed
========== FILES ==========
File\Folder C:\users\User\Application Data\Mozilla not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
User: User
->Temp folder emptied: 1833434 bytes
->Temporary Internet Files folder emptied: 1314070 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 374014236 bytes
->Flash cache emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 32202329 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 1913224 bytes
Total Files Cleaned = 392.00 mb
Restore point Set: OTL Restore Point
OTL by OldTimer - Version 3.2.69.0 log created on 11032012_123958
Files\Folders moved on Reboot...
C:\Users\User\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
All processes killed
========== FILES ==========
File\Folder C:\users\User\Application Data\Mozilla not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
User: User
->Temp folder emptied: 1833434 bytes
->Temporary Internet Files folder emptied: 1314070 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 374014236 bytes
->Flash cache emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 32202329 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 1913224 bytes
Total Files Cleaned = 392.00 mb
Restore point Set: OTL Restore Point
OTL by OldTimer - Version 3.2.69.0 log created on 11032012_123958
Files\Folders moved on Reboot...
C:\Users\User\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
#36
Posted 03 November 2012 - 11:30 AM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
Any further redirects ?
#37
Posted 03 November 2012 - 11:40 AM
hellooomcfly
- Topic Starter
-
- Member
-
- 48 posts
Member
OTL Quick Scan Log after Fix:
OTL logfile created on: 11/3/2012 1:22:10 PM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\User\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.96 Gb Total Physical Memory | 2.28 Gb Available Physical Memory | 57.56% Memory free
7.92 Gb Paging File | 6.12 Gb Available in Paging File | 77.32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 218.20 Gb Total Space | 51.94 Gb Free Space | 23.80% Space Free | Partition Type: NTFS
Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/10/27 09:24:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
PRC - [2012/08/30 22:26:56 | 000,202,328 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe
PRC - [2012/06/19 13:44:22 | 000,777,728 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
PRC - [2012/06/18 21:13:46 | 000,394,712 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
PRC - [2010/02/15 12:26:42 | 000,025,256 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5300 Series\lxdkamon.exe
PRC - [2010/02/15 12:26:40 | 000,455,336 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5300 Series\lxdkmon.exe
PRC - [2009/12/21 17:34:38 | 000,743,992 | ---- | M] (Infowatch) -- C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
========== Modules (No Company Name) ==========
MOD - [2012/10/10 06:06:15 | 000,460,312 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\Application\22.0.1229.94\ppgooglenaclpluginchrome.dll
MOD - [2012/10/10 06:06:12 | 004,005,912 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\Application\22.0.1229.94\pdf.dll
MOD - [2012/10/10 06:04:57 | 000,578,072 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\Application\22.0.1229.94\libglesv2.dll
MOD - [2012/10/10 06:04:55 | 000,123,928 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\Application\22.0.1229.94\libegl.dll
MOD - [2012/10/10 06:04:44 | 000,156,712 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\Application\22.0.1229.94\avutil-51.dll
MOD - [2012/10/10 06:04:43 | 000,275,496 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\Application\22.0.1229.94\avformat-54.dll
MOD - [2012/10/10 06:04:42 | 002,168,360 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\Application\22.0.1229.94\avcodec-54.dll
MOD - [2012/08/30 22:24:20 | 007,422,392 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\qtgui4.dll
MOD - [2012/08/30 22:24:18 | 001,270,200 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\qtscript4.dll
MOD - [2012/08/30 22:24:18 | 000,192,952 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\qtsql4.dll
MOD - [2012/08/30 22:24:16 | 002,453,944 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\qtdeclarative4.dll
MOD - [2012/08/30 22:24:16 | 002,126,264 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\qtcore4.dll
MOD - [2012/08/30 22:24:16 | 000,795,064 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\qtnetwork4.dll
MOD - [2012/08/30 22:23:02 | 000,459,192 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\dblite.dll
MOD - [2012/06/14 10:21:08 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012/06/14 10:20:59 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012/05/12 08:22:09 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/05/12 08:22:04 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/05/12 08:22:03 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/12 08:21:26 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/09/05 19:36:52 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\imageformats\qgif4.dll
MOD - [2011/09/05 19:36:50 | 000,180,224 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\imageformats\qjpeg4.dll
MOD - [2010/06/01 11:17:46 | 000,929,792 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
MOD - [2010/02/15 12:26:42 | 000,025,256 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5300 Series\lxdkamon.exe
MOD - [2010/02/15 12:26:40 | 000,455,336 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5300 Series\lxdkmon.exe
MOD - [2010/02/09 07:41:50 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5300 Series\app4r.monitor.core.dll
MOD - [2010/02/09 07:41:50 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5300 Series\app4r.monitor.common.dll
MOD - [2010/02/09 07:40:56 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5300 Series\app4r.devmons.mcmdevmon.dll
MOD - [2008/06/06 06:45:50 | 000,011,776 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5300 Series\app4r.devmons.mcmdevmon.autoplayutil.dll
MOD - [2007/05/22 16:19:24 | 000,278,528 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5300 Series\lxdkscw.dll
MOD - [2007/05/03 10:39:32 | 000,589,824 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5300 Series\lxdkdatr.dll
MOD - [2006/12/28 10:47:42 | 000,073,728 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5300 Series\lxdkcats.dll
========== Services (SafeList) ==========
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2007/06/14 07:15:50 | 001,053,104 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxdkcoms.exe -- (lxdk_device)
SRV:64bit: - [2007/06/14 07:15:40 | 000,033,712 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxdkserv.exe -- (lxdkCATSCustConnectService)
SRV:64bit: - [2005/07/06 12:04:44 | 000,414,208 | ---- | M] (Lexmark International, Inc.) [On_Demand | Stopped] -- C:\Windows\SysNative\lxcccoms.exe -- (lxcc_device)
SRV - [2012/08/30 22:26:56 | 000,202,328 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe -- (AVP)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/06/19 13:44:22 | 000,777,728 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe -- (Kodak AiO Status Monitor Service)
SRV - [2012/06/18 21:13:46 | 000,394,712 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe -- (Kodak AiO Network Discovery Service)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/21 17:34:38 | 000,743,992 | ---- | M] (Infowatch) [Auto | Running] -- C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe -- (CSObjectsSrv)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/06/14 07:15:40 | 000,033,712 | ---- | M] () [Auto | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\\lxdkserv.exe -- (lxdkCATSCustConnectService)
SRV - [2007/06/14 07:15:34 | 000,598,960 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxdkcoms.exe -- (lxdk_device)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012/10/23 21:02:39 | 000,636,760 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/20 11:48:00 | 000,458,032 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1)
DRV:64bit: - [2011/10/20 11:48:00 | 000,013,616 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2)
DRV:64bit: - [2011/06/15 10:10:14 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/10 18:36:24 | 000,029,488 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2011/02/11 20:16:38 | 010,628,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 07:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2009/12/14 12:44:24 | 000,085,048 | ---- | M] (Infowatch) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\CSCrySec.sys -- (CSCrySec)
DRV:64bit: - [2009/12/14 12:44:24 | 000,066,104 | ---- | M] (Infowatch) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\CSVirtualDiskDrv.sys -- (CSVirtualDiskDrv)
DRV:64bit: - [2009/11/02 20:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2009/09/28 10:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/08 01:45:50 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/02/17 13:11:25 | 000,031,400 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\User\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\User\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\User\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected] [2012/10/23 21:03:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected] [2012/10/23 21:03:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected] [2012/10/23 21:03:10 | 000,000,000 | ---D | M]
========== Chrome ==========
CHR - homepage: http://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\22.0.1229.94\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\22.0.1229.94\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\User\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.5.0.7280_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U30 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\plugins\npMozCouponPrinter.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\User\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\User\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Kaspersky URL Advisor = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.2.733_0\
CHR - Extension: Virtual Keyboard = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.2.733_0\
CHR - Extension: Skype Extension = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.5.0.7280_0\
CHR - Extension: Gmail = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Anti-Banner = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.2.733_0\
O1 HOSTS File: ([2012/11/03 12:39:58 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [lxdkamon] C:\Program Files (x86)\Lexmark 5300 Series\lxdkamon.exe ()
O4:64bit: - HKLM..\Run: [lxdkmon.exe] C:\Program Files (x86)\Lexmark 5300 Series\lxdkmon.exe ()
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [Conime] %windir%\system32\conime.exe File not found
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ie_banner_deny.htm ()
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ie_banner_deny.htm ()
O9:64bit: - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\ievkbd.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\klwtbbho.dll (Kaspersky Lab ZAO)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A2D6B9BB-4084-4035-A1C6-FEB527AA9A3A}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012/10/31 16:54:51 | 000,000,000 | ---D | C] -- C:\Users\User\New folder
[2012/10/29 07:30:41 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/10/28 19:40:12 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/10/28 19:19:48 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/10/28 10:53:10 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/10/28 10:05:52 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/10/28 10:05:52 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/10/28 10:05:52 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/10/28 10:05:45 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/10/28 10:05:27 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/10/28 10:04:11 | 004,989,309 | R--- | C] (Swearware) -- C:\Users\User\Desktop\ComboFix.exe
[2012/10/27 15:11:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/10/27 14:02:44 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{BA33728A-6A86-4621-9DD8-C5B763852CD4}
[2012/10/27 12:43:33 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/10/27 09:23:49 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2012/10/26 09:45:40 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{ADA81C03-782F-4B4F-8A0C-E1C3AE304FF6}
[2012/10/25 21:45:14 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{5B403C6A-E557-4A2E-98C1-308394D5BC8C}
[2012/10/25 05:32:13 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{A2C68AE0-90FD-44CF-AB28-97C6C88F9371}
[2012/10/23 21:07:32 | 000,000,000 | R--D | C] -- C:\Backup
[2012/10/23 21:06:22 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{27AAE9B6-21FC-4F1E-A210-75BE59B31DAD}
[2012/10/23 21:04:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky PURE 2.0
[2012/10/23 21:03:49 | 000,085,048 | ---- | C] (Infowatch) -- C:\Windows\SysNative\drivers\CSCrySec.sys
[2012/10/23 21:03:49 | 000,066,104 | ---- | C] (Infowatch) -- C:\Windows\SysNative\drivers\CSVirtualDiskDrv.sys
[2012/10/23 21:03:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InfoWatch
[2012/10/23 21:03:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2012/10/23 21:03:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012/10/23 21:02:39 | 000,636,760 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2012/10/23 20:24:53 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2012/10/22 21:16:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos
[2012/10/22 09:05:31 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{765D74CE-8B36-4E6C-9D2B-693BB2EDCF45}
[2012/10/21 09:04:54 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{2D152C3F-F984-424E-945F-872505753375}
[2012/10/20 09:04:22 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{9991A9D4-1FBE-4242-8BC7-B89B670643E6}
[2012/10/19 21:03:58 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{3B5EA071-0DF6-4EDF-BCD2-523763E21662}
[2012/10/19 07:47:20 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{F8FEE630-8975-45C7-AB32-CB71968D1CB6}
[2012/10/18 19:46:54 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{48FBFEE6-AE58-49F0-BF5F-7A9D40072BDC}
[2012/10/18 07:46:14 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{DAC43719-1E41-48C0-BE81-FDF5BC830570}
[2012/10/17 07:45:36 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{BEC684CD-00DA-443F-ABC3-20F36DE13F4C}
[2012/10/15 07:44:36 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{6BF81F53-C7B1-4092-9683-A0D3595BBED3}
[2012/10/14 10:52:40 | 000,000,000 | ---D | C] -- C:\SNOW_WHITE_AND_THE_HUNTSMAN
[2012/10/14 07:01:27 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{B915AE48-3EF9-4C21-A43A-CD7ABDAB48B5}
[2012/10/13 07:00:54 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{8B7F5874-F6CC-491E-87FF-E43C29696A4B}
[2012/10/12 05:45:45 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{4312F491-DF38-400F-A76D-1C51D569D45B}
[2012/10/11 05:45:09 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{CE0B1F43-B37B-4F2F-A6D5-EB379C258333}
[2012/10/10 05:44:32 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{1781C365-41E1-46F9-811F-9E89A6EB5C5B}
[2012/10/09 05:43:53 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{771D728F-8BE2-411E-B1F1-3E8A88D05DBA}
[2012/10/08 05:43:15 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{B22D03F9-A5A4-49A5-BE54-F9379D4A75C8}
[2012/10/07 17:42:50 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{356108A0-88AE-4467-BA0E-A1FB0036AB84}
[2012/10/06 05:15:57 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{BB3B69D0-3D56-4160-9BA7-EA1176026888}
[2012/10/05 04:19:26 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{C471D91A-5579-4E52-83D2-99B1508C0E77}
========== Files - Modified Within 30 Days ==========
[2012/11/03 13:26:09 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/03 13:26:09 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/03 13:18:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/03 13:18:31 | 3190,050,816 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/03 13:11:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1736551342-4217978772-3593102293-1000UA.job
[2012/11/03 12:39:58 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2012/11/03 07:11:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1736551342-4217978772-3593102293-1000Core.job
[2012/11/01 04:41:33 | 000,009,512 | ---- | M] () -- C:\Users\User\.recently-used.xbel
[2012/10/31 17:00:34 | 005,290,493 | ---- | M] () -- C:\Users\User\Desktop\vsq_flightlessbird.mp3
[2012/10/30 19:20:29 | 000,087,889 | ---- | M] () -- C:\Users\User\Desktop\num - Copy.jpg
[2012/10/28 10:04:53 | 004,989,309 | R--- | M] (Swearware) -- C:\Users\User\Desktop\ComboFix.exe
[2012/10/27 09:24:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2012/10/27 07:07:50 | 000,016,958 | ---- | M] () -- C:\Users\User\Desktop\il_fullxfull.174067210.jpg
[2012/10/27 07:07:22 | 000,057,307 | ---- | M] () -- C:\Users\User\Desktop\il_570xN.340363817.jpg
[2012/10/27 07:01:50 | 000,053,151 | ---- | M] () -- C:\Users\User\Desktop\block.jpg
[2012/10/27 06:59:36 | 000,100,302 | ---- | M] () -- C:\Users\User\Desktop\il_570xN.317436470.jpg
[2012/10/27 06:57:15 | 000,084,041 | ---- | M] () -- C:\Users\User\Desktop\num2.jpg
[2012/10/27 06:54:46 | 000,104,445 | ---- | M] () -- C:\Users\User\Desktop\num.jpg
[2012/10/26 07:41:38 | 000,097,685 | ---- | M] () -- C:\Users\User\Desktop\STATIONERYCARD_FOLDED_3x5-30201-5548-MERCHLARGE_FRONT-v133546688100097685.jpg
[2012/10/26 07:41:12 | 000,066,280 | ---- | M] () -- C:\Users\User\Desktop\il_570xN.350946046.jpg
[2012/10/26 07:38:29 | 000,107,105 | ---- | M] () -- C:\Users\User\Desktop\il_570xN.386653431_m4u8.jpg
[2012/10/26 07:37:22 | 000,177,962 | ---- | M] () -- C:\Users\User\Desktop\il_fullxfull.372455837_ityu.jpg
[2012/10/26 07:29:17 | 000,017,921 | ---- | M] () -- C:\Users\User\Desktop\blankbirds.jpg
[2012/10/26 07:29:17 | 000,017,921 | ---- | M] () -- C:\Users\User\Desktop\blankbirds - Copy.jpg
[2012/10/26 07:28:29 | 000,022,429 | ---- | M] () -- C:\Users\User\Desktop\birds2.jpg
[2012/10/26 07:27:29 | 000,051,073 | ---- | M] () -- C:\Users\User\Desktop\birds1.jpg
[2012/10/26 07:17:46 | 000,058,277 | ---- | M] () -- C:\Users\User\Desktop\birds.jpg
[2012/10/26 06:55:56 | 000,062,039 | ---- | M] () -- C:\Users\User\Desktop\us.jpg
[2012/10/26 06:42:40 | 000,055,196 | ---- | M] () -- C:\Users\User\Desktop\STATIONERYCARD_A2-24004-4997-MERCHLARGE_FRONT-v131906950000055196.jpg
[2012/10/26 06:18:14 | 000,100,803 | ---- | M] () -- C:\Users\User\Desktop\date.jpg
[2012/10/23 21:07:34 | 000,017,408 | ---- | M] () -- C:\Users\User\AppData\Local\WebpageIcons.db
[2012/10/23 21:04:31 | 000,153,053 | ---- | M] () -- C:\Windows\SysNative\drivers\klin.dat
[2012/10/23 21:04:31 | 000,107,384 | ---- | M] () -- C:\Windows\SysNative\drivers\klick.dat
[2012/10/23 21:02:39 | 000,636,760 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2012/10/23 20:58:56 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/10/15 20:48:15 | 000,012,183 | ---- | M] () -- C:\Users\User\Desktop\pitcher01-240x240.jpg
[2012/10/11 06:41:09 | 000,002,288 | ---- | M] () -- C:\Users\User\Desktop\eng.GIF
[2012/10/10 19:13:09 | 000,002,481 | ---- | M] () -- C:\Users\User\Desktop\Google Chrome.lnk
[2012/10/10 13:05:17 | 000,730,448 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/10/10 13:05:17 | 000,627,316 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/10/10 13:05:17 | 000,107,600 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/10/08 12:55:24 | 000,063,376 | ---- | M] () -- C:\Users\User\Desktop\edilhr 358.jpg
[2012/10/08 12:55:24 | 000,063,376 | ---- | M] () -- C:\Users\User\Desktop\edilhr 358 - Copy.jpg
[2012/10/07 19:03:23 | 000,018,117 | ---- | M] () -- C:\Users\User\Desktop\Capture.GIF
[2012/10/05 21:24:50 | 000,035,276 | ---- | M] () -- C:\Users\User\Desktop\draft_lens18983966module155781753photo_1_1323813840twilight_wedding_invitation.jpg
[2012/10/05 05:33:27 | 003,816,802 | ---- | M] () -- C:\Users\User\Desktop\fltbirdinstrumental.mp3
========== Files Created - No Company Name ==========
[2012/11/01 04:41:33 | 000,009,512 | ---- | C] () -- C:\Users\User\.recently-used.xbel
[2012/10/31 17:00:27 | 005,290,493 | ---- | C] () -- C:\Users\User\Desktop\vsq_flightlessbird.mp3
[2012/10/30 19:05:09 | 000,087,889 | ---- | C] () -- C:\Users\User\Desktop\num - Copy.jpg
[2012/10/29 07:35:03 | 000,063,376 | ---- | C] () -- C:\Users\User\Desktop\edilhr 358 - Copy.jpg
[2012/10/28 10:05:52 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/10/28 10:05:52 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/10/28 10:05:52 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/10/28 10:05:52 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/10/28 10:05:52 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/10/27 07:07:49 | 000,016,958 | ---- | C] () -- C:\Users\User\Desktop\il_fullxfull.174067210.jpg
[2012/10/27 07:07:17 | 000,057,307 | ---- | C] () -- C:\Users\User\Desktop\il_570xN.340363817.jpg
[2012/10/27 07:01:47 | 000,053,151 | ---- | C] () -- C:\Users\User\Desktop\block.jpg
[2012/10/27 06:59:28 | 000,100,302 | ---- | C] () -- C:\Users\User\Desktop\il_570xN.317436470.jpg
[2012/10/27 06:57:10 | 000,084,041 | ---- | C] () -- C:\Users\User\Desktop\num2.jpg
[2012/10/27 06:54:41 | 000,104,445 | ---- | C] () -- C:\Users\User\Desktop\num.jpg
[2012/10/26 07:41:38 | 000,097,685 | ---- | C] () -- C:\Users\User\Desktop\STATIONERYCARD_FOLDED_3x5-30201-5548-MERCHLARGE_FRONT-v133546688100097685.jpg
[2012/10/26 07:41:12 | 000,066,280 | ---- | C] () -- C:\Users\User\Desktop\il_570xN.350946046.jpg
[2012/10/26 07:38:29 | 000,107,105 | ---- | C] () -- C:\Users\User\Desktop\il_570xN.386653431_m4u8.jpg
[2012/10/26 07:37:21 | 000,177,962 | ---- | C] () -- C:\Users\User\Desktop\il_fullxfull.372455837_ityu.jpg
[2012/10/26 07:29:33 | 000,017,921 | ---- | C] () -- C:\Users\User\Desktop\blankbirds - Copy.jpg
[2012/10/26 07:29:17 | 000,017,921 | ---- | C] () -- C:\Users\User\Desktop\blankbirds.jpg
[2012/10/26 07:28:29 | 000,022,429 | ---- | C] () -- C:\Users\User\Desktop\birds2.jpg
[2012/10/26 07:27:29 | 000,051,073 | ---- | C] () -- C:\Users\User\Desktop\birds1.jpg
[2012/10/26 07:17:45 | 000,058,277 | ---- | C] () -- C:\Users\User\Desktop\birds.jpg
[2012/10/26 06:55:55 | 000,062,039 | ---- | C] () -- C:\Users\User\Desktop\us.jpg
[2012/10/26 06:42:40 | 000,055,196 | ---- | C] () -- C:\Users\User\Desktop\STATIONERYCARD_A2-24004-4997-MERCHLARGE_FRONT-v131906950000055196.jpg
[2012/10/26 06:18:13 | 000,100,803 | ---- | C] () -- C:\Users\User\Desktop\date.jpg
[2012/10/23 21:07:34 | 000,017,408 | ---- | C] () -- C:\Users\User\AppData\Local\WebpageIcons.db
[2012/10/23 21:04:31 | 000,153,053 | ---- | C] () -- C:\Windows\SysNative\drivers\klin.dat
[2012/10/23 21:04:31 | 000,107,384 | ---- | C] () -- C:\Windows\SysNative\drivers\klick.dat
[2012/10/15 20:48:15 | 000,012,183 | ---- | C] () -- C:\Users\User\Desktop\pitcher01-240x240.jpg
[2012/10/11 06:41:08 | 000,002,288 | ---- | C] () -- C:\Users\User\Desktop\eng.GIF
[2012/10/08 09:53:28 | 000,063,376 | ---- | C] () -- C:\Users\User\Desktop\edilhr 358.jpg
[2012/10/07 19:03:23 | 000,018,117 | ---- | C] () -- C:\Users\User\Desktop\Capture.GIF
[2012/10/05 21:24:49 | 000,035,276 | ---- | C] () -- C:\Users\User\Desktop\draft_lens18983966module155781753photo_1_1323813840twilight_wedding_invitation.jpg
[2012/10/05 05:33:19 | 003,816,802 | ---- | C] () -- C:\Users\User\Desktop\fltbirdinstrumental.mp3
[2012/08/21 20:05:21 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\lxdkcomx.dll
[2012/08/21 20:05:21 | 000,356,352 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdkinpa.dll
[2012/08/21 20:05:21 | 000,348,160 | ---- | C] () -- C:\Windows\SysWow64\lxdkinst.dll
[2012/08/21 20:05:20 | 001,200,128 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdkserv.dll
[2012/08/21 20:05:20 | 000,950,272 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdkusb1.dll
[2012/08/21 20:05:20 | 000,647,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdkpmui.dll
[2012/08/21 20:05:20 | 000,339,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdkiesc.dll
[2012/08/21 20:05:19 | 000,663,552 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdkhbn3.dll
[2012/08/21 20:05:19 | 000,598,960 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdkcoms.exe
[2012/08/21 20:05:19 | 000,565,248 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdklmpm.dll
[2012/08/21 20:05:19 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdkcomm.dll
[2012/08/21 20:05:19 | 000,320,432 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdkih.exe
[2012/08/21 20:05:19 | 000,053,248 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdkprox.dll
[2012/08/21 20:05:18 | 000,860,160 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdkcomc.dll
[2012/08/21 20:05:18 | 000,365,488 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdkcfg.exe
[2011/12/21 12:00:50 | 000,000,016 | ---- | C] () -- C:\Windows\popcinfo.dat
[2011/12/17 10:18:17 | 000,748,034 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/06/08 11:27:41 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/03/06 15:07:59 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011/01/16 14:59:38 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011/01/15 13:47:42 | 000,000,135 | ---- | C] () -- C:\Windows\AutoKMS.ini
========== ZeroAccess Check ==========
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2011/11/02 08:30:27 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Amazon
[2012/11/01 04:41:33 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\gtk-2.0
[2012/08/21 20:11:34 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Lexmark Productivity Studio
[2012/09/21 19:56:49 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Temp
[2012/10/19 12:53:30 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\uTorrent
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:A3E39C6A
< End of report >
OTL logfile created on: 11/3/2012 1:22:10 PM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\User\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.96 Gb Total Physical Memory | 2.28 Gb Available Physical Memory | 57.56% Memory free
7.92 Gb Paging File | 6.12 Gb Available in Paging File | 77.32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 218.20 Gb Total Space | 51.94 Gb Free Space | 23.80% Space Free | Partition Type: NTFS
Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/10/27 09:24:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
PRC - [2012/08/30 22:26:56 | 000,202,328 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe
PRC - [2012/06/19 13:44:22 | 000,777,728 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
PRC - [2012/06/18 21:13:46 | 000,394,712 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
PRC - [2010/02/15 12:26:42 | 000,025,256 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5300 Series\lxdkamon.exe
PRC - [2010/02/15 12:26:40 | 000,455,336 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5300 Series\lxdkmon.exe
PRC - [2009/12/21 17:34:38 | 000,743,992 | ---- | M] (Infowatch) -- C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
========== Modules (No Company Name) ==========
MOD - [2012/10/10 06:06:15 | 000,460,312 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\Application\22.0.1229.94\ppgooglenaclpluginchrome.dll
MOD - [2012/10/10 06:06:12 | 004,005,912 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\Application\22.0.1229.94\pdf.dll
MOD - [2012/10/10 06:04:57 | 000,578,072 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\Application\22.0.1229.94\libglesv2.dll
MOD - [2012/10/10 06:04:55 | 000,123,928 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\Application\22.0.1229.94\libegl.dll
MOD - [2012/10/10 06:04:44 | 000,156,712 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\Application\22.0.1229.94\avutil-51.dll
MOD - [2012/10/10 06:04:43 | 000,275,496 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\Application\22.0.1229.94\avformat-54.dll
MOD - [2012/10/10 06:04:42 | 002,168,360 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\Application\22.0.1229.94\avcodec-54.dll
MOD - [2012/08/30 22:24:20 | 007,422,392 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\qtgui4.dll
MOD - [2012/08/30 22:24:18 | 001,270,200 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\qtscript4.dll
MOD - [2012/08/30 22:24:18 | 000,192,952 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\qtsql4.dll
MOD - [2012/08/30 22:24:16 | 002,453,944 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\qtdeclarative4.dll
MOD - [2012/08/30 22:24:16 | 002,126,264 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\qtcore4.dll
MOD - [2012/08/30 22:24:16 | 000,795,064 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\qtnetwork4.dll
MOD - [2012/08/30 22:23:02 | 000,459,192 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\dblite.dll
MOD - [2012/06/14 10:21:08 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012/06/14 10:20:59 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012/05/12 08:22:09 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/05/12 08:22:04 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/05/12 08:22:03 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/12 08:21:26 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/09/05 19:36:52 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\imageformats\qgif4.dll
MOD - [2011/09/05 19:36:50 | 000,180,224 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\imageformats\qjpeg4.dll
MOD - [2010/06/01 11:17:46 | 000,929,792 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
MOD - [2010/02/15 12:26:42 | 000,025,256 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5300 Series\lxdkamon.exe
MOD - [2010/02/15 12:26:40 | 000,455,336 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5300 Series\lxdkmon.exe
MOD - [2010/02/09 07:41:50 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5300 Series\app4r.monitor.core.dll
MOD - [2010/02/09 07:41:50 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5300 Series\app4r.monitor.common.dll
MOD - [2010/02/09 07:40:56 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5300 Series\app4r.devmons.mcmdevmon.dll
MOD - [2008/06/06 06:45:50 | 000,011,776 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5300 Series\app4r.devmons.mcmdevmon.autoplayutil.dll
MOD - [2007/05/22 16:19:24 | 000,278,528 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5300 Series\lxdkscw.dll
MOD - [2007/05/03 10:39:32 | 000,589,824 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5300 Series\lxdkdatr.dll
MOD - [2006/12/28 10:47:42 | 000,073,728 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5300 Series\lxdkcats.dll
========== Services (SafeList) ==========
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2007/06/14 07:15:50 | 001,053,104 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxdkcoms.exe -- (lxdk_device)
SRV:64bit: - [2007/06/14 07:15:40 | 000,033,712 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxdkserv.exe -- (lxdkCATSCustConnectService)
SRV:64bit: - [2005/07/06 12:04:44 | 000,414,208 | ---- | M] (Lexmark International, Inc.) [On_Demand | Stopped] -- C:\Windows\SysNative\lxcccoms.exe -- (lxcc_device)
SRV - [2012/08/30 22:26:56 | 000,202,328 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe -- (AVP)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/06/19 13:44:22 | 000,777,728 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe -- (Kodak AiO Status Monitor Service)
SRV - [2012/06/18 21:13:46 | 000,394,712 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe -- (Kodak AiO Network Discovery Service)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/21 17:34:38 | 000,743,992 | ---- | M] (Infowatch) [Auto | Running] -- C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe -- (CSObjectsSrv)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/06/14 07:15:40 | 000,033,712 | ---- | M] () [Auto | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\\lxdkserv.exe -- (lxdkCATSCustConnectService)
SRV - [2007/06/14 07:15:34 | 000,598,960 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxdkcoms.exe -- (lxdk_device)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012/10/23 21:02:39 | 000,636,760 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/20 11:48:00 | 000,458,032 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1)
DRV:64bit: - [2011/10/20 11:48:00 | 000,013,616 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2)
DRV:64bit: - [2011/06/15 10:10:14 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/10 18:36:24 | 000,029,488 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2011/02/11 20:16:38 | 010,628,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 07:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2009/12/14 12:44:24 | 000,085,048 | ---- | M] (Infowatch) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\CSCrySec.sys -- (CSCrySec)
DRV:64bit: - [2009/12/14 12:44:24 | 000,066,104 | ---- | M] (Infowatch) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\CSVirtualDiskDrv.sys -- (CSVirtualDiskDrv)
DRV:64bit: - [2009/11/02 20:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2009/09/28 10:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/08 01:45:50 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/02/17 13:11:25 | 000,031,400 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\User\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\User\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\User\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected] [2012/10/23 21:03:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected] [2012/10/23 21:03:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected] [2012/10/23 21:03:10 | 000,000,000 | ---D | M]
========== Chrome ==========
CHR - homepage: http://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\22.0.1229.94\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\22.0.1229.94\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\User\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.5.0.7280_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U30 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\plugins\npMozCouponPrinter.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\User\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\User\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Kaspersky URL Advisor = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.2.733_0\
CHR - Extension: Virtual Keyboard = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.2.733_0\
CHR - Extension: Skype Extension = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.5.0.7280_0\
CHR - Extension: Gmail = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Anti-Banner = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.2.733_0\
O1 HOSTS File: ([2012/11/03 12:39:58 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [lxdkamon] C:\Program Files (x86)\Lexmark 5300 Series\lxdkamon.exe ()
O4:64bit: - HKLM..\Run: [lxdkmon.exe] C:\Program Files (x86)\Lexmark 5300 Series\lxdkmon.exe ()
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [Conime] %windir%\system32\conime.exe File not found
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ie_banner_deny.htm ()
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ie_banner_deny.htm ()
O9:64bit: - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\ievkbd.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\klwtbbho.dll (Kaspersky Lab ZAO)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A2D6B9BB-4084-4035-A1C6-FEB527AA9A3A}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012/10/31 16:54:51 | 000,000,000 | ---D | C] -- C:\Users\User\New folder
[2012/10/29 07:30:41 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/10/28 19:40:12 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/10/28 19:19:48 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/10/28 10:53:10 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/10/28 10:05:52 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/10/28 10:05:52 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/10/28 10:05:52 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/10/28 10:05:45 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/10/28 10:05:27 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/10/28 10:04:11 | 004,989,309 | R--- | C] (Swearware) -- C:\Users\User\Desktop\ComboFix.exe
[2012/10/27 15:11:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/10/27 14:02:44 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{BA33728A-6A86-4621-9DD8-C5B763852CD4}
[2012/10/27 12:43:33 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/10/27 09:23:49 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2012/10/26 09:45:40 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{ADA81C03-782F-4B4F-8A0C-E1C3AE304FF6}
[2012/10/25 21:45:14 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{5B403C6A-E557-4A2E-98C1-308394D5BC8C}
[2012/10/25 05:32:13 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{A2C68AE0-90FD-44CF-AB28-97C6C88F9371}
[2012/10/23 21:07:32 | 000,000,000 | R--D | C] -- C:\Backup
[2012/10/23 21:06:22 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{27AAE9B6-21FC-4F1E-A210-75BE59B31DAD}
[2012/10/23 21:04:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky PURE 2.0
[2012/10/23 21:03:49 | 000,085,048 | ---- | C] (Infowatch) -- C:\Windows\SysNative\drivers\CSCrySec.sys
[2012/10/23 21:03:49 | 000,066,104 | ---- | C] (Infowatch) -- C:\Windows\SysNative\drivers\CSVirtualDiskDrv.sys
[2012/10/23 21:03:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InfoWatch
[2012/10/23 21:03:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2012/10/23 21:03:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012/10/23 21:02:39 | 000,636,760 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2012/10/23 20:24:53 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2012/10/22 21:16:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos
[2012/10/22 09:05:31 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{765D74CE-8B36-4E6C-9D2B-693BB2EDCF45}
[2012/10/21 09:04:54 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{2D152C3F-F984-424E-945F-872505753375}
[2012/10/20 09:04:22 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{9991A9D4-1FBE-4242-8BC7-B89B670643E6}
[2012/10/19 21:03:58 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{3B5EA071-0DF6-4EDF-BCD2-523763E21662}
[2012/10/19 07:47:20 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{F8FEE630-8975-45C7-AB32-CB71968D1CB6}
[2012/10/18 19:46:54 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{48FBFEE6-AE58-49F0-BF5F-7A9D40072BDC}
[2012/10/18 07:46:14 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{DAC43719-1E41-48C0-BE81-FDF5BC830570}
[2012/10/17 07:45:36 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{BEC684CD-00DA-443F-ABC3-20F36DE13F4C}
[2012/10/15 07:44:36 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{6BF81F53-C7B1-4092-9683-A0D3595BBED3}
[2012/10/14 10:52:40 | 000,000,000 | ---D | C] -- C:\SNOW_WHITE_AND_THE_HUNTSMAN
[2012/10/14 07:01:27 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{B915AE48-3EF9-4C21-A43A-CD7ABDAB48B5}
[2012/10/13 07:00:54 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{8B7F5874-F6CC-491E-87FF-E43C29696A4B}
[2012/10/12 05:45:45 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{4312F491-DF38-400F-A76D-1C51D569D45B}
[2012/10/11 05:45:09 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{CE0B1F43-B37B-4F2F-A6D5-EB379C258333}
[2012/10/10 05:44:32 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{1781C365-41E1-46F9-811F-9E89A6EB5C5B}
[2012/10/09 05:43:53 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{771D728F-8BE2-411E-B1F1-3E8A88D05DBA}
[2012/10/08 05:43:15 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{B22D03F9-A5A4-49A5-BE54-F9379D4A75C8}
[2012/10/07 17:42:50 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{356108A0-88AE-4467-BA0E-A1FB0036AB84}
[2012/10/06 05:15:57 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{BB3B69D0-3D56-4160-9BA7-EA1176026888}
[2012/10/05 04:19:26 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{C471D91A-5579-4E52-83D2-99B1508C0E77}
========== Files - Modified Within 30 Days ==========
[2012/11/03 13:26:09 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/03 13:26:09 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/03 13:18:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/03 13:18:31 | 3190,050,816 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/03 13:11:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1736551342-4217978772-3593102293-1000UA.job
[2012/11/03 12:39:58 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2012/11/03 07:11:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1736551342-4217978772-3593102293-1000Core.job
[2012/11/01 04:41:33 | 000,009,512 | ---- | M] () -- C:\Users\User\.recently-used.xbel
[2012/10/31 17:00:34 | 005,290,493 | ---- | M] () -- C:\Users\User\Desktop\vsq_flightlessbird.mp3
[2012/10/30 19:20:29 | 000,087,889 | ---- | M] () -- C:\Users\User\Desktop\num - Copy.jpg
[2012/10/28 10:04:53 | 004,989,309 | R--- | M] (Swearware) -- C:\Users\User\Desktop\ComboFix.exe
[2012/10/27 09:24:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2012/10/27 07:07:50 | 000,016,958 | ---- | M] () -- C:\Users\User\Desktop\il_fullxfull.174067210.jpg
[2012/10/27 07:07:22 | 000,057,307 | ---- | M] () -- C:\Users\User\Desktop\il_570xN.340363817.jpg
[2012/10/27 07:01:50 | 000,053,151 | ---- | M] () -- C:\Users\User\Desktop\block.jpg
[2012/10/27 06:59:36 | 000,100,302 | ---- | M] () -- C:\Users\User\Desktop\il_570xN.317436470.jpg
[2012/10/27 06:57:15 | 000,084,041 | ---- | M] () -- C:\Users\User\Desktop\num2.jpg
[2012/10/27 06:54:46 | 000,104,445 | ---- | M] () -- C:\Users\User\Desktop\num.jpg
[2012/10/26 07:41:38 | 000,097,685 | ---- | M] () -- C:\Users\User\Desktop\STATIONERYCARD_FOLDED_3x5-30201-5548-MERCHLARGE_FRONT-v133546688100097685.jpg
[2012/10/26 07:41:12 | 000,066,280 | ---- | M] () -- C:\Users\User\Desktop\il_570xN.350946046.jpg
[2012/10/26 07:38:29 | 000,107,105 | ---- | M] () -- C:\Users\User\Desktop\il_570xN.386653431_m4u8.jpg
[2012/10/26 07:37:22 | 000,177,962 | ---- | M] () -- C:\Users\User\Desktop\il_fullxfull.372455837_ityu.jpg
[2012/10/26 07:29:17 | 000,017,921 | ---- | M] () -- C:\Users\User\Desktop\blankbirds.jpg
[2012/10/26 07:29:17 | 000,017,921 | ---- | M] () -- C:\Users\User\Desktop\blankbirds - Copy.jpg
[2012/10/26 07:28:29 | 000,022,429 | ---- | M] () -- C:\Users\User\Desktop\birds2.jpg
[2012/10/26 07:27:29 | 000,051,073 | ---- | M] () -- C:\Users\User\Desktop\birds1.jpg
[2012/10/26 07:17:46 | 000,058,277 | ---- | M] () -- C:\Users\User\Desktop\birds.jpg
[2012/10/26 06:55:56 | 000,062,039 | ---- | M] () -- C:\Users\User\Desktop\us.jpg
[2012/10/26 06:42:40 | 000,055,196 | ---- | M] () -- C:\Users\User\Desktop\STATIONERYCARD_A2-24004-4997-MERCHLARGE_FRONT-v131906950000055196.jpg
[2012/10/26 06:18:14 | 000,100,803 | ---- | M] () -- C:\Users\User\Desktop\date.jpg
[2012/10/23 21:07:34 | 000,017,408 | ---- | M] () -- C:\Users\User\AppData\Local\WebpageIcons.db
[2012/10/23 21:04:31 | 000,153,053 | ---- | M] () -- C:\Windows\SysNative\drivers\klin.dat
[2012/10/23 21:04:31 | 000,107,384 | ---- | M] () -- C:\Windows\SysNative\drivers\klick.dat
[2012/10/23 21:02:39 | 000,636,760 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2012/10/23 20:58:56 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/10/15 20:48:15 | 000,012,183 | ---- | M] () -- C:\Users\User\Desktop\pitcher01-240x240.jpg
[2012/10/11 06:41:09 | 000,002,288 | ---- | M] () -- C:\Users\User\Desktop\eng.GIF
[2012/10/10 19:13:09 | 000,002,481 | ---- | M] () -- C:\Users\User\Desktop\Google Chrome.lnk
[2012/10/10 13:05:17 | 000,730,448 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/10/10 13:05:17 | 000,627,316 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/10/10 13:05:17 | 000,107,600 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/10/08 12:55:24 | 000,063,376 | ---- | M] () -- C:\Users\User\Desktop\edilhr 358.jpg
[2012/10/08 12:55:24 | 000,063,376 | ---- | M] () -- C:\Users\User\Desktop\edilhr 358 - Copy.jpg
[2012/10/07 19:03:23 | 000,018,117 | ---- | M] () -- C:\Users\User\Desktop\Capture.GIF
[2012/10/05 21:24:50 | 000,035,276 | ---- | M] () -- C:\Users\User\Desktop\draft_lens18983966module155781753photo_1_1323813840twilight_wedding_invitation.jpg
[2012/10/05 05:33:27 | 003,816,802 | ---- | M] () -- C:\Users\User\Desktop\fltbirdinstrumental.mp3
========== Files Created - No Company Name ==========
[2012/11/01 04:41:33 | 000,009,512 | ---- | C] () -- C:\Users\User\.recently-used.xbel
[2012/10/31 17:00:27 | 005,290,493 | ---- | C] () -- C:\Users\User\Desktop\vsq_flightlessbird.mp3
[2012/10/30 19:05:09 | 000,087,889 | ---- | C] () -- C:\Users\User\Desktop\num - Copy.jpg
[2012/10/29 07:35:03 | 000,063,376 | ---- | C] () -- C:\Users\User\Desktop\edilhr 358 - Copy.jpg
[2012/10/28 10:05:52 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/10/28 10:05:52 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/10/28 10:05:52 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/10/28 10:05:52 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/10/28 10:05:52 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/10/27 07:07:49 | 000,016,958 | ---- | C] () -- C:\Users\User\Desktop\il_fullxfull.174067210.jpg
[2012/10/27 07:07:17 | 000,057,307 | ---- | C] () -- C:\Users\User\Desktop\il_570xN.340363817.jpg
[2012/10/27 07:01:47 | 000,053,151 | ---- | C] () -- C:\Users\User\Desktop\block.jpg
[2012/10/27 06:59:28 | 000,100,302 | ---- | C] () -- C:\Users\User\Desktop\il_570xN.317436470.jpg
[2012/10/27 06:57:10 | 000,084,041 | ---- | C] () -- C:\Users\User\Desktop\num2.jpg
[2012/10/27 06:54:41 | 000,104,445 | ---- | C] () -- C:\Users\User\Desktop\num.jpg
[2012/10/26 07:41:38 | 000,097,685 | ---- | C] () -- C:\Users\User\Desktop\STATIONERYCARD_FOLDED_3x5-30201-5548-MERCHLARGE_FRONT-v133546688100097685.jpg
[2012/10/26 07:41:12 | 000,066,280 | ---- | C] () -- C:\Users\User\Desktop\il_570xN.350946046.jpg
[2012/10/26 07:38:29 | 000,107,105 | ---- | C] () -- C:\Users\User\Desktop\il_570xN.386653431_m4u8.jpg
[2012/10/26 07:37:21 | 000,177,962 | ---- | C] () -- C:\Users\User\Desktop\il_fullxfull.372455837_ityu.jpg
[2012/10/26 07:29:33 | 000,017,921 | ---- | C] () -- C:\Users\User\Desktop\blankbirds - Copy.jpg
[2012/10/26 07:29:17 | 000,017,921 | ---- | C] () -- C:\Users\User\Desktop\blankbirds.jpg
[2012/10/26 07:28:29 | 000,022,429 | ---- | C] () -- C:\Users\User\Desktop\birds2.jpg
[2012/10/26 07:27:29 | 000,051,073 | ---- | C] () -- C:\Users\User\Desktop\birds1.jpg
[2012/10/26 07:17:45 | 000,058,277 | ---- | C] () -- C:\Users\User\Desktop\birds.jpg
[2012/10/26 06:55:55 | 000,062,039 | ---- | C] () -- C:\Users\User\Desktop\us.jpg
[2012/10/26 06:42:40 | 000,055,196 | ---- | C] () -- C:\Users\User\Desktop\STATIONERYCARD_A2-24004-4997-MERCHLARGE_FRONT-v131906950000055196.jpg
[2012/10/26 06:18:13 | 000,100,803 | ---- | C] () -- C:\Users\User\Desktop\date.jpg
[2012/10/23 21:07:34 | 000,017,408 | ---- | C] () -- C:\Users\User\AppData\Local\WebpageIcons.db
[2012/10/23 21:04:31 | 000,153,053 | ---- | C] () -- C:\Windows\SysNative\drivers\klin.dat
[2012/10/23 21:04:31 | 000,107,384 | ---- | C] () -- C:\Windows\SysNative\drivers\klick.dat
[2012/10/15 20:48:15 | 000,012,183 | ---- | C] () -- C:\Users\User\Desktop\pitcher01-240x240.jpg
[2012/10/11 06:41:08 | 000,002,288 | ---- | C] () -- C:\Users\User\Desktop\eng.GIF
[2012/10/08 09:53:28 | 000,063,376 | ---- | C] () -- C:\Users\User\Desktop\edilhr 358.jpg
[2012/10/07 19:03:23 | 000,018,117 | ---- | C] () -- C:\Users\User\Desktop\Capture.GIF
[2012/10/05 21:24:49 | 000,035,276 | ---- | C] () -- C:\Users\User\Desktop\draft_lens18983966module155781753photo_1_1323813840twilight_wedding_invitation.jpg
[2012/10/05 05:33:19 | 003,816,802 | ---- | C] () -- C:\Users\User\Desktop\fltbirdinstrumental.mp3
[2012/08/21 20:05:21 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\lxdkcomx.dll
[2012/08/21 20:05:21 | 000,356,352 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdkinpa.dll
[2012/08/21 20:05:21 | 000,348,160 | ---- | C] () -- C:\Windows\SysWow64\lxdkinst.dll
[2012/08/21 20:05:20 | 001,200,128 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdkserv.dll
[2012/08/21 20:05:20 | 000,950,272 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdkusb1.dll
[2012/08/21 20:05:20 | 000,647,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdkpmui.dll
[2012/08/21 20:05:20 | 000,339,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdkiesc.dll
[2012/08/21 20:05:19 | 000,663,552 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdkhbn3.dll
[2012/08/21 20:05:19 | 000,598,960 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdkcoms.exe
[2012/08/21 20:05:19 | 000,565,248 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdklmpm.dll
[2012/08/21 20:05:19 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdkcomm.dll
[2012/08/21 20:05:19 | 000,320,432 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdkih.exe
[2012/08/21 20:05:19 | 000,053,248 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdkprox.dll
[2012/08/21 20:05:18 | 000,860,160 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdkcomc.dll
[2012/08/21 20:05:18 | 000,365,488 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdkcfg.exe
[2011/12/21 12:00:50 | 000,000,016 | ---- | C] () -- C:\Windows\popcinfo.dat
[2011/12/17 10:18:17 | 000,748,034 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/06/08 11:27:41 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/03/06 15:07:59 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011/01/16 14:59:38 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011/01/15 13:47:42 | 000,000,135 | ---- | C] () -- C:\Windows\AutoKMS.ini
========== ZeroAccess Check ==========
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2011/11/02 08:30:27 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Amazon
[2012/11/01 04:41:33 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\gtk-2.0
[2012/08/21 20:11:34 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Lexmark Productivity Studio
[2012/09/21 19:56:49 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Temp
[2012/10/19 12:53:30 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\uTorrent
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:A3E39C6A
< End of report >
#38
Posted 03 November 2012 - 11:41 AM
hellooomcfly
- Topic Starter
-
- Member
-
- 48 posts
Member
Yep, still doing it...grrr
#39
Posted 03 November 2012 - 11:51 AM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
Is this in IE.. Firefox, or Chrome
As you have Kaspersky I would like you to run an analysis scan for me
Details are here
In order to save files on your computer, perform the following actions:
open the main application window
click the Support link in the down left part of the window
click Support tools in the down left part of the Support window
click the button Upload information for Technical Support Service to the server
expand all branches
check the report which need to be saved
click the Send button
in the Enter request number window click the Cancel button
select the folder into which you would like to save the archive with reports
By default, log and trace files are saved into the folder My Documents (for OS Windows XP) or in the folder Documents (for OS Windows Vista/7).
enter the name of the archive
click Save
wait until the archive is created and saved on the hard drive
close all windows
THEN
Attach the Zip file here
As you have Kaspersky I would like you to run an analysis scan for me
Details are here
In order to save files on your computer, perform the following actions:
open the main application window
click the Support link in the down left part of the window
click Support tools in the down left part of the Support window
click the button Upload information for Technical Support Service to the server
expand all branches
check the report which need to be saved
click the Send button
in the Enter request number window click the Cancel button
select the folder into which you would like to save the archive with reports
By default, log and trace files are saved into the folder My Documents (for OS Windows XP) or in the folder Documents (for OS Windows Vista/7).
enter the name of the archive
click Save
wait until the archive is created and saved on the hard drive
close all windows
THEN
Attach the Zip file here
#40
Posted 03 November 2012 - 05:37 PM
hellooomcfly
- Topic Starter
-
- Member
-
- 48 posts
Member
Mozilla Firefox has been completely uninstalled and deleted to my knowledge, IE appears to be ok, but Chrome is seriously misbehaving. I created the ZIP file you requested in Kaspersky and is attached in this reply.
Kaspsersky Analysis Scan.zip 87.82KB
68 downloads
Kaspsersky Analysis Scan.zip 87.82KB
68 downloads
#41
Posted 04 November 2012 - 05:02 AM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
OK lets now remove all registry data for Firefox
Could you then run Chrome in incognito mode and see if that is still messing around
The problem with both Chrome and Firefox is that there are so many nooks and crannies where the malware can hide, and they share folders
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
Run OTL
Could you then run Chrome in incognito mode and see if that is still messing around
The problem with both Chrome and Firefox is that there are so many nooks and crannies where the malware can hide, and they share folders
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
:OTL FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\User\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\User\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\User\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected] [2012/10/23 21:03:45 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected] [2012/10/23 21:03:44 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected] [2012/10/23 21:03:10 | 000,000,000 | ---D | M] :Commands [resethosts] [emptytemp] [CREATERESTOREPOINT] [Reboot]
- Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
#42
Posted 04 November 2012 - 08:26 PM
hellooomcfly
- Topic Starter
-
- Member
-
- 48 posts
Member
Google Chrome seems to be functioning properly when incognito. Here's the latest OTL Fix Log:
All processes killed
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0\ deleted successfully.
c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0\ deleted successfully.
C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0\ deleted successfully.
C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37\ deleted successfully.
C:\Windows\SysWOW64\npdeployJava1.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@java.com/JavaPlugin\ deleted successfully.
C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6\ deleted successfully.
C:\Program Files (x86)\Yahoo!\Shared\npYState.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0\ deleted successfully.
c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0\ deleted successfully.
C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0\ deleted successfully.
C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\Adobe Reader\ deleted successfully.
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll moved successfully.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.
C:\Users\User\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll moved successfully.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.
File C:\Users\User\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll not found.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8\ deleted successfully.
C:\Users\User\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected] deleted successfully.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\skin scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\locale\en scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\locale scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\content scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff9 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff8 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff7 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff6 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff5 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff4 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff15 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff14 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff13 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff12 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff11 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff10 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected] scheduled to be moved on reboot.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected] deleted successfully.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\skin scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\locale\en scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\locale scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\content scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff9 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff8 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff7 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff6 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff5 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff4 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff15 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff14 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff13 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff12 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff11 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff10 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected] scheduled to be moved on reboot.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected] deleted successfully.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\skin scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\locale\en scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\locale scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\content scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff9 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff8 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff7 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff6 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff5 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff4 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff15 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff14 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff13 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff12 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff11 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff10 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected] scheduled to be moved on reboot.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
User: User
->Temp folder emptied: 3874 bytes
->Temporary Internet Files folder emptied: 4651330 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 173112672 bytes
->Flash cache emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1216 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 187031 bytes
Total Files Cleaned = 170.00 mb
Restore point Set: OTL Restore Point
OTL by OldTimer - Version 3.2.69.0 log created on 11042012_210508
Files\Folders moved on Reboot...
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\skin scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\locale\en scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\locale\en scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\locale scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\content scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff9 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff8 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff7 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff6 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff5 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff4 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff15 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff14 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff13 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff12 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff11 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff10 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff9 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff8 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff7 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff6 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff5 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff4 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff15 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff14 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff13 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff12 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff11 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff10 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\skin scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\locale\en scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\locale scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\content scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff9 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff8 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff7 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff6 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff5 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff4 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff15 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff14 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff13 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff12 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff11 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff10 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected] scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\skin scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\locale\en scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\locale\en scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\locale scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\content scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff9 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff8 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff7 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff6 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff5 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff4 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff15 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff14 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff13 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff12 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff11 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff10 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff9 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff8 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff7 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff6 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff5 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff4 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff15 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff14 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff13 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff12 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff11 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff10 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\skin scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\locale\en scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\locale scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\content scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff9 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff8 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff7 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff6 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff5 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff4 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff15 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff14 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff13 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff12 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff11 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff10 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected] scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\skin scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\locale\en scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\locale\en scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\locale scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\content scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff9 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff8 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff7 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff6 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff5 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff4 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff15 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff14 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff13 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff12 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff11 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff10 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff9 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff8 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff7 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff6 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff5 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff4 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff15 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff14 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff13 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff12 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff11 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff10 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\skin scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\locale\en scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\locale scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\content scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff9 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff8 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff7 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff6 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff5 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff4 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff15 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff14 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff13 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff12 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff11 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff10 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected] scheduled to be moved on reboot.
C:\Users\User\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
All processes killed
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0\ deleted successfully.
c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0\ deleted successfully.
C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0\ deleted successfully.
C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37\ deleted successfully.
C:\Windows\SysWOW64\npdeployJava1.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@java.com/JavaPlugin\ deleted successfully.
C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6\ deleted successfully.
C:\Program Files (x86)\Yahoo!\Shared\npYState.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0\ deleted successfully.
c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0\ deleted successfully.
C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0\ deleted successfully.
C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\Adobe Reader\ deleted successfully.
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll moved successfully.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.
C:\Users\User\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll moved successfully.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.
File C:\Users\User\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll not found.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8\ deleted successfully.
C:\Users\User\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected] deleted successfully.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\skin scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\locale\en scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\locale scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\content scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff9 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff8 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff7 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff6 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff5 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff4 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff15 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff14 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff13 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff12 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff11 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff10 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected] scheduled to be moved on reboot.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected] deleted successfully.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\skin scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\locale\en scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\locale scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\content scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff9 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff8 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff7 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff6 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff5 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff4 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff15 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff14 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff13 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff12 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff11 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff10 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected] scheduled to be moved on reboot.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected] deleted successfully.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\skin scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\locale\en scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\locale scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\content scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff9 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff8 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff7 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff6 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff5 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff4 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff15 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff14 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff13 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff12 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff11 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff10 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected] scheduled to be moved on reboot.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
User: User
->Temp folder emptied: 3874 bytes
->Temporary Internet Files folder emptied: 4651330 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 173112672 bytes
->Flash cache emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1216 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 187031 bytes
Total Files Cleaned = 170.00 mb
Restore point Set: OTL Restore Point
OTL by OldTimer - Version 3.2.69.0 log created on 11042012_210508
Files\Folders moved on Reboot...
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\skin scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\locale\en scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\locale\en scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\locale scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\content scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff9 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff8 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff7 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff6 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff5 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff4 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff15 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff14 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff13 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff12 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff11 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff10 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff9 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff8 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff7 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff6 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff5 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff4 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff15 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff14 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff13 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff12 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff11 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff10 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\skin scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\locale\en scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\locale scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\content scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff9 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff8 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff7 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff6 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff5 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff4 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff15 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff14 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff13 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff12 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff11 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff10 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected] scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\skin scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\locale\en scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\locale\en scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\locale scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\content scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff9 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff8 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff7 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff6 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff5 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff4 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff15 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff14 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff13 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff12 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff11 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff10 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff9 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff8 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff7 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff6 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff5 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff4 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff15 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff14 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff13 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff12 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff11 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff10 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\skin scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\locale\en scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\locale scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\content scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff9 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff8 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff7 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff6 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff5 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff4 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff15 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff14 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff13 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff12 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff11 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff10 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected] scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\skin scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\locale\en scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\locale\en scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\locale scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\content scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff9 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff8 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff7 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff6 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff5 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff4 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff15 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff14 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff13 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff12 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff11 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff10 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff9 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff8 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff7 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff6 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff5 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff4 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff15 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff14 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff13 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff12 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff11 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff10 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\skin scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\locale\en scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\locale scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\content scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff9 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff8 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff7 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff6 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff5 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff4 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff15 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff14 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff13 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff12 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff11 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components\ff10 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected]\components scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected] scheduled to be moved on reboot.
C:\Users\User\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
#43
Posted 04 November 2012 - 08:45 PM
hellooomcfly
- Topic Starter
-
- Member
-
- 48 posts
Member
OTL Quick Scan Log:
OTL logfile created on: 11/4/2012 9:27:01 PM - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\User\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.96 Gb Total Physical Memory | 2.58 Gb Available Physical Memory | 65.11% Memory free
7.92 Gb Paging File | 6.29 Gb Available in Paging File | 79.41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 218.20 Gb Total Space | 58.97 Gb Free Space | 27.03% Space Free | Partition Type: NTFS
Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/10/27 08:24:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
PRC - [2012/10/19 14:51:08 | 000,395,200 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
PRC - [2012/10/15 11:58:22 | 000,779,200 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
PRC - [2012/08/30 21:26:56 | 000,202,328 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe
PRC - [2010/02/15 11:26:42 | 000,025,256 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5300 Series\lxdkamon.exe
PRC - [2010/02/15 11:26:40 | 000,455,336 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5300 Series\lxdkmon.exe
PRC - [2009/12/21 16:34:38 | 000,743,992 | ---- | M] (Infowatch) -- C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
========== Modules (No Company Name) ==========
MOD - [2012/10/10 05:06:15 | 000,460,312 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\Application\22.0.1229.94\ppgooglenaclpluginchrome.dll
MOD - [2012/10/10 05:06:12 | 004,005,912 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\Application\22.0.1229.94\pdf.dll
MOD - [2012/10/10 05:04:57 | 000,578,072 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\Application\22.0.1229.94\libglesv2.dll
MOD - [2012/10/10 05:04:55 | 000,123,928 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\Application\22.0.1229.94\libegl.dll
MOD - [2012/10/10 05:04:44 | 000,156,712 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\Application\22.0.1229.94\avutil-51.dll
MOD - [2012/10/10 05:04:43 | 000,275,496 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\Application\22.0.1229.94\avformat-54.dll
MOD - [2012/10/10 05:04:42 | 002,168,360 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\Application\22.0.1229.94\avcodec-54.dll
MOD - [2012/08/30 21:24:20 | 007,422,392 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\qtgui4.dll
MOD - [2012/08/30 21:24:18 | 001,270,200 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\qtscript4.dll
MOD - [2012/08/30 21:24:18 | 000,192,952 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\qtsql4.dll
MOD - [2012/08/30 21:24:16 | 002,453,944 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\qtdeclarative4.dll
MOD - [2012/08/30 21:24:16 | 002,126,264 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\qtcore4.dll
MOD - [2012/08/30 21:24:16 | 000,795,064 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\qtnetwork4.dll
MOD - [2012/08/30 21:23:02 | 000,459,192 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\dblite.dll
MOD - [2012/06/14 09:21:08 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012/06/14 09:20:59 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012/05/12 07:22:09 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/05/12 07:22:04 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/05/12 07:22:03 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/12 07:21:26 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/09/05 18:36:52 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\imageformats\qgif4.dll
MOD - [2011/09/05 18:36:50 | 000,180,224 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\imageformats\qjpeg4.dll
MOD - [2010/06/01 10:17:46 | 000,929,792 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
MOD - [2010/02/15 11:26:42 | 000,025,256 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5300 Series\lxdkamon.exe
MOD - [2010/02/15 11:26:40 | 000,455,336 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5300 Series\lxdkmon.exe
MOD - [2010/02/09 06:41:50 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5300 Series\app4r.monitor.core.dll
MOD - [2010/02/09 06:41:50 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5300 Series\app4r.monitor.common.dll
MOD - [2010/02/09 06:40:56 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5300 Series\app4r.devmons.mcmdevmon.dll
MOD - [2008/06/06 05:45:50 | 000,011,776 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5300 Series\app4r.devmons.mcmdevmon.autoplayutil.dll
MOD - [2007/05/22 15:19:24 | 000,278,528 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5300 Series\lxdkscw.dll
MOD - [2007/05/03 09:39:32 | 000,589,824 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5300 Series\lxdkdatr.dll
MOD - [2006/12/28 09:47:42 | 000,073,728 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5300 Series\lxdkcats.dll
========== Services (SafeList) ==========
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2007/06/14 06:15:50 | 001,053,104 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxdkcoms.exe -- (lxdk_device)
SRV:64bit: - [2007/06/14 06:15:40 | 000,033,712 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxdkserv.exe -- (lxdkCATSCustConnectService)
SRV:64bit: - [2005/07/06 11:04:44 | 000,414,208 | ---- | M] (Lexmark International, Inc.) [On_Demand | Stopped] -- C:\Windows\SysNative\lxcccoms.exe -- (lxcc_device)
SRV - [2012/10/19 14:51:08 | 000,395,200 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe -- (Kodak AiO Network Discovery Service)
SRV - [2012/10/15 11:58:22 | 000,779,200 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe -- (Kodak AiO Status Monitor Service)
SRV - [2012/08/30 21:26:56 | 000,202,328 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe -- (AVP)
SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/21 16:34:38 | 000,743,992 | ---- | M] (Infowatch) [Auto | Running] -- C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe -- (CSObjectsSrv)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/06/14 06:15:40 | 000,033,712 | ---- | M] () [Auto | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\\lxdkserv.exe -- (lxdkCATSCustConnectService)
SRV - [2007/06/14 06:15:34 | 000,598,960 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxdkcoms.exe -- (lxdk_device)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012/10/23 20:02:39 | 000,636,760 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/20 10:48:00 | 000,458,032 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1)
DRV:64bit: - [2011/10/20 10:48:00 | 000,013,616 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2)
DRV:64bit: - [2011/06/15 09:10:14 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/10 17:36:24 | 000,029,488 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2011/02/11 19:16:38 | 010,628,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 06:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2009/12/14 11:44:24 | 000,085,048 | ---- | M] (Infowatch) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\CSCrySec.sys -- (CSCrySec)
DRV:64bit: - [2009/12/14 11:44:24 | 000,066,104 | ---- | M] (Infowatch) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\CSVirtualDiskDrv.sys -- (CSVirtualDiskDrv)
DRV:64bit: - [2009/11/02 19:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2009/09/28 09:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/08 00:45:50 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/02/17 12:11:25 | 000,031,400 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== Chrome ==========
CHR - homepage: http://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\22.0.1229.94\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\22.0.1229.94\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\User\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.5.0.7280_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U30 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\plugins\npMozCouponPrinter.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\User\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\User\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Kaspersky URL Advisor = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.2.733_0\
CHR - Extension: Virtual Keyboard = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.2.733_0\
CHR - Extension: Skype Extension = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.5.0.7280_0\
CHR - Extension: Gmail = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Anti-Banner = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.2.733_0\
O1 HOSTS File: ([2012/11/04 21:06:06 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [lxdkamon] C:\Program Files (x86)\Lexmark 5300 Series\lxdkamon.exe ()
O4:64bit: - HKLM..\Run: [lxdkmon.exe] C:\Program Files (x86)\Lexmark 5300 Series\lxdkmon.exe ()
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [Conime] %windir%\system32\conime.exe File not found
O4 - HKLM..\Run: [EKStatusMonitor] C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe (Eastman Kodak Company)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ie_banner_deny.htm ()
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ie_banner_deny.htm ()
O9:64bit: - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\ievkbd.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\klwtbbho.dll (Kaspersky Lab ZAO)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A2D6B9BB-4084-4035-A1C6-FEB527AA9A3A}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012/11/04 09:28:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrintProjects
[2012/11/04 09:28:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Visan
[2012/11/04 09:28:26 | 000,000,000 | ---D | C] -- C:\ProgramData\PrintProjects
[2012/11/04 09:28:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PrintProjects
[2012/11/04 09:18:16 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\kodak
[2012/10/31 15:54:51 | 000,000,000 | ---D | C] -- C:\Users\User\New folder
[2012/10/29 06:30:41 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/10/28 18:40:12 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/10/28 18:19:48 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/10/28 09:53:10 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/10/28 09:05:52 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/10/28 09:05:52 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/10/28 09:05:52 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/10/28 09:05:45 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/10/28 09:05:27 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/10/28 09:04:11 | 004,989,309 | R--- | C] (Swearware) -- C:\Users\User\Desktop\ComboFix.exe
[2012/10/27 14:11:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/10/27 13:02:44 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{BA33728A-6A86-4621-9DD8-C5B763852CD4}
[2012/10/27 11:43:33 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/10/27 08:23:49 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2012/10/26 08:45:40 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{ADA81C03-782F-4B4F-8A0C-E1C3AE304FF6}
[2012/10/25 20:45:14 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{5B403C6A-E557-4A2E-98C1-308394D5BC8C}
[2012/10/25 04:32:13 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{A2C68AE0-90FD-44CF-AB28-97C6C88F9371}
[2012/10/23 20:07:32 | 000,000,000 | R--D | C] -- C:\Backup
[2012/10/23 20:06:22 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{27AAE9B6-21FC-4F1E-A210-75BE59B31DAD}
[2012/10/23 20:04:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky PURE 2.0
[2012/10/23 20:03:49 | 000,085,048 | ---- | C] (Infowatch) -- C:\Windows\SysNative\drivers\CSCrySec.sys
[2012/10/23 20:03:49 | 000,066,104 | ---- | C] (Infowatch) -- C:\Windows\SysNative\drivers\CSVirtualDiskDrv.sys
[2012/10/23 20:03:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InfoWatch
[2012/10/23 20:03:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2012/10/23 20:03:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012/10/23 20:02:39 | 000,636,760 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2012/10/23 19:24:53 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2012/10/22 20:16:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos
[2012/10/22 08:05:31 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{765D74CE-8B36-4E6C-9D2B-693BB2EDCF45}
[2012/10/21 08:04:54 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{2D152C3F-F984-424E-945F-872505753375}
[2012/10/20 08:04:22 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{9991A9D4-1FBE-4242-8BC7-B89B670643E6}
[2012/10/19 20:03:58 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{3B5EA071-0DF6-4EDF-BCD2-523763E21662}
[2012/10/19 06:47:20 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{F8FEE630-8975-45C7-AB32-CB71968D1CB6}
[2012/10/18 18:46:54 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{48FBFEE6-AE58-49F0-BF5F-7A9D40072BDC}
[2012/10/18 06:46:14 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{DAC43719-1E41-48C0-BE81-FDF5BC830570}
[2012/10/17 06:45:36 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{BEC684CD-00DA-443F-ABC3-20F36DE13F4C}
[2012/10/15 06:44:36 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{6BF81F53-C7B1-4092-9683-A0D3595BBED3}
[2012/10/14 09:52:40 | 000,000,000 | ---D | C] -- C:\SNOW_WHITE_AND_THE_HUNTSMAN
[2012/10/14 06:01:27 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{B915AE48-3EF9-4C21-A43A-CD7ABDAB48B5}
[2012/10/13 06:00:54 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{8B7F5874-F6CC-491E-87FF-E43C29696A4B}
[2012/10/12 04:45:45 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{4312F491-DF38-400F-A76D-1C51D569D45B}
[2012/10/11 04:45:09 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{CE0B1F43-B37B-4F2F-A6D5-EB379C258333}
[2012/10/10 04:44:32 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{1781C365-41E1-46F9-811F-9E89A6EB5C5B}
[2012/10/09 04:43:53 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{771D728F-8BE2-411E-B1F1-3E8A88D05DBA}
[2012/10/08 04:43:15 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{B22D03F9-A5A4-49A5-BE54-F9379D4A75C8}
[2012/10/07 16:42:50 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{356108A0-88AE-4467-BA0E-A1FB0036AB84}
[2012/10/06 04:15:57 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{BB3B69D0-3D56-4160-9BA7-EA1176026888}
========== Files - Modified Within 30 Days ==========
[2012/11/04 21:23:56 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/04 21:23:56 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/04 21:20:58 | 000,730,448 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/11/04 21:20:58 | 000,627,316 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/11/04 21:20:58 | 000,107,600 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/11/04 21:16:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/04 21:16:07 | 3190,050,816 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/04 21:11:05 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1736551342-4217978772-3593102293-1000UA.job
[2012/11/04 21:06:06 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2012/11/04 09:28:28 | 000,001,874 | ---- | M] () -- C:\Users\Public\Desktop\PrintProjects.lnk
[2012/11/04 09:27:38 | 000,002,156 | ---- | M] () -- C:\Users\Public\Desktop\KODAK AiO Home Center.lnk
[2012/11/04 09:22:51 | 000,002,075 | ---- | M] () -- C:\Users\Public\Desktop\Get CleanPrint.lnk
[2012/11/04 07:11:01 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1736551342-4217978772-3593102293-1000Core.job
[2012/11/01 03:41:33 | 000,009,512 | ---- | M] () -- C:\Users\User\.recently-used.xbel
[2012/10/31 16:00:34 | 005,290,493 | ---- | M] () -- C:\Users\User\Desktop\vsq_flightlessbird.mp3
[2012/10/30 18:20:29 | 000,087,889 | ---- | M] () -- C:\Users\User\Desktop\num - Copy.jpg
[2012/10/28 09:04:53 | 004,989,309 | R--- | M] (Swearware) -- C:\Users\User\Desktop\ComboFix.exe
[2012/10/27 08:24:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2012/10/27 06:07:50 | 000,016,958 | ---- | M] () -- C:\Users\User\Desktop\il_fullxfull.174067210.jpg
[2012/10/27 06:07:22 | 000,057,307 | ---- | M] () -- C:\Users\User\Desktop\il_570xN.340363817.jpg
[2012/10/27 06:01:50 | 000,053,151 | ---- | M] () -- C:\Users\User\Desktop\block.jpg
[2012/10/27 05:59:36 | 000,100,302 | ---- | M] () -- C:\Users\User\Desktop\il_570xN.317436470.jpg
[2012/10/27 05:57:15 | 000,084,041 | ---- | M] () -- C:\Users\User\Desktop\num2.jpg
[2012/10/27 05:54:46 | 000,104,445 | ---- | M] () -- C:\Users\User\Desktop\num.jpg
[2012/10/26 06:41:38 | 000,097,685 | ---- | M] () -- C:\Users\User\Desktop\STATIONERYCARD_FOLDED_3x5-30201-5548-MERCHLARGE_FRONT-v133546688100097685.jpg
[2012/10/26 06:41:12 | 000,066,280 | ---- | M] () -- C:\Users\User\Desktop\il_570xN.350946046.jpg
[2012/10/26 06:38:29 | 000,107,105 | ---- | M] () -- C:\Users\User\Desktop\il_570xN.386653431_m4u8.jpg
[2012/10/26 06:37:22 | 000,177,962 | ---- | M] () -- C:\Users\User\Desktop\il_fullxfull.372455837_ityu.jpg
[2012/10/26 06:29:17 | 000,017,921 | ---- | M] () -- C:\Users\User\Desktop\blankbirds.jpg
[2012/10/26 06:29:17 | 000,017,921 | ---- | M] () -- C:\Users\User\Desktop\blankbirds - Copy.jpg
[2012/10/26 06:28:29 | 000,022,429 | ---- | M] () -- C:\Users\User\Desktop\birds2.jpg
[2012/10/26 06:27:29 | 000,051,073 | ---- | M] () -- C:\Users\User\Desktop\birds1.jpg
[2012/10/26 06:17:46 | 000,058,277 | ---- | M] () -- C:\Users\User\Desktop\birds.jpg
[2012/10/26 05:55:56 | 000,062,039 | ---- | M] () -- C:\Users\User\Desktop\us.jpg
[2012/10/26 05:42:40 | 000,055,196 | ---- | M] () -- C:\Users\User\Desktop\STATIONERYCARD_A2-24004-4997-MERCHLARGE_FRONT-v131906950000055196.jpg
[2012/10/26 05:18:14 | 000,100,803 | ---- | M] () -- C:\Users\User\Desktop\date.jpg
[2012/10/23 20:07:34 | 000,017,408 | ---- | M] () -- C:\Users\User\AppData\Local\WebpageIcons.db
[2012/10/23 20:04:31 | 000,153,053 | ---- | M] () -- C:\Windows\SysNative\drivers\klin.dat
[2012/10/23 20:04:31 | 000,107,384 | ---- | M] () -- C:\Windows\SysNative\drivers\klick.dat
[2012/10/23 20:02:39 | 000,636,760 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2012/10/23 19:58:56 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/10/15 19:48:15 | 000,012,183 | ---- | M] () -- C:\Users\User\Desktop\pitcher01-240x240.jpg
[2012/10/11 05:41:09 | 000,002,288 | ---- | M] () -- C:\Users\User\Desktop\eng.GIF
[2012/10/10 18:13:09 | 000,002,481 | ---- | M] () -- C:\Users\User\Desktop\Google Chrome.lnk
[2012/10/08 11:55:24 | 000,063,376 | ---- | M] () -- C:\Users\User\Desktop\edilhr 358.jpg
[2012/10/08 11:55:24 | 000,063,376 | ---- | M] () -- C:\Users\User\Desktop\edilhr 358 - Copy.jpg
[2012/10/07 18:03:23 | 000,018,117 | ---- | M] () -- C:\Users\User\Desktop\Capture.GIF
========== Files Created - No Company Name ==========
[2012/11/04 09:28:28 | 000,001,874 | ---- | C] () -- C:\Users\Public\Desktop\PrintProjects.lnk
[2012/11/04 09:27:38 | 000,002,156 | ---- | C] () -- C:\Users\Public\Desktop\KODAK AiO Home Center.lnk
[2012/11/04 09:22:51 | 000,002,075 | ---- | C] () -- C:\Users\Public\Desktop\Get CleanPrint.lnk
[2012/11/01 03:41:33 | 000,009,512 | ---- | C] () -- C:\Users\User\.recently-used.xbel
[2012/10/31 16:00:27 | 005,290,493 | ---- | C] () -- C:\Users\User\Desktop\vsq_flightlessbird.mp3
[2012/10/30 18:05:09 | 000,087,889 | ---- | C] () -- C:\Users\User\Desktop\num - Copy.jpg
[2012/10/29 06:35:03 | 000,063,376 | ---- | C] () -- C:\Users\User\Desktop\edilhr 358 - Copy.jpg
[2012/10/28 09:05:52 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/10/28 09:05:52 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/10/28 09:05:52 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/10/28 09:05:52 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/10/28 09:05:52 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/10/27 06:07:49 | 000,016,958 | ---- | C] () -- C:\Users\User\Desktop\il_fullxfull.174067210.jpg
[2012/10/27 06:07:17 | 000,057,307 | ---- | C] () -- C:\Users\User\Desktop\il_570xN.340363817.jpg
[2012/10/27 06:01:47 | 000,053,151 | ---- | C] () -- C:\Users\User\Desktop\block.jpg
[2012/10/27 05:59:28 | 000,100,302 | ---- | C] () -- C:\Users\User\Desktop\il_570xN.317436470.jpg
[2012/10/27 05:57:10 | 000,084,041 | ---- | C] () -- C:\Users\User\Desktop\num2.jpg
[2012/10/27 05:54:41 | 000,104,445 | ---- | C] () -- C:\Users\User\Desktop\num.jpg
[2012/10/26 06:41:38 | 000,097,685 | ---- | C] () -- C:\Users\User\Desktop\STATIONERYCARD_FOLDED_3x5-30201-5548-MERCHLARGE_FRONT-v133546688100097685.jpg
[2012/10/26 06:41:12 | 000,066,280 | ---- | C] () -- C:\Users\User\Desktop\il_570xN.350946046.jpg
[2012/10/26 06:38:29 | 000,107,105 | ---- | C] () -- C:\Users\User\Desktop\il_570xN.386653431_m4u8.jpg
[2012/10/26 06:37:21 | 000,177,962 | ---- | C] () -- C:\Users\User\Desktop\il_fullxfull.372455837_ityu.jpg
[2012/10/26 06:29:33 | 000,017,921 | ---- | C] () -- C:\Users\User\Desktop\blankbirds - Copy.jpg
[2012/10/26 06:29:17 | 000,017,921 | ---- | C] () -- C:\Users\User\Desktop\blankbirds.jpg
[2012/10/26 06:28:29 | 000,022,429 | ---- | C] () -- C:\Users\User\Desktop\birds2.jpg
[2012/10/26 06:27:29 | 000,051,073 | ---- | C] () -- C:\Users\User\Desktop\birds1.jpg
[2012/10/26 06:17:45 | 000,058,277 | ---- | C] () -- C:\Users\User\Desktop\birds.jpg
[2012/10/26 05:55:55 | 000,062,039 | ---- | C] () -- C:\Users\User\Desktop\us.jpg
[2012/10/26 05:42:40 | 000,055,196 | ---- | C] () -- C:\Users\User\Desktop\STATIONERYCARD_A2-24004-4997-MERCHLARGE_FRONT-v131906950000055196.jpg
[2012/10/26 05:18:13 | 000,100,803 | ---- | C] () -- C:\Users\User\Desktop\date.jpg
[2012/10/23 20:07:34 | 000,017,408 | ---- | C] () -- C:\Users\User\AppData\Local\WebpageIcons.db
[2012/10/23 20:04:31 | 000,153,053 | ---- | C] () -- C:\Windows\SysNative\drivers\klin.dat
[2012/10/23 20:04:31 | 000,107,384 | ---- | C] () -- C:\Windows\SysNative\drivers\klick.dat
[2012/10/15 19:48:15 | 000,012,183 | ---- | C] () -- C:\Users\User\Desktop\pitcher01-240x240.jpg
[2012/10/11 05:41:08 | 000,002,288 | ---- | C] () -- C:\Users\User\Desktop\eng.GIF
[2012/10/08 08:53:28 | 000,063,376 | ---- | C] () -- C:\Users\User\Desktop\edilhr 358.jpg
[2012/10/07 18:03:23 | 000,018,117 | ---- | C] () -- C:\Users\User\Desktop\Capture.GIF
[2012/08/21 19:05:21 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\lxdkcomx.dll
[2012/08/21 19:05:21 | 000,356,352 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdkinpa.dll
[2012/08/21 19:05:21 | 000,348,160 | ---- | C] () -- C:\Windows\SysWow64\lxdkinst.dll
[2012/08/21 19:05:20 | 001,200,128 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdkserv.dll
[2012/08/21 19:05:20 | 000,950,272 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdkusb1.dll
[2012/08/21 19:05:20 | 000,647,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdkpmui.dll
[2012/08/21 19:05:20 | 000,339,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdkiesc.dll
[2012/08/21 19:05:19 | 000,663,552 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdkhbn3.dll
[2012/08/21 19:05:19 | 000,598,960 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdkcoms.exe
[2012/08/21 19:05:19 | 000,565,248 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdklmpm.dll
[2012/08/21 19:05:19 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdkcomm.dll
[2012/08/21 19:05:19 | 000,320,432 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdkih.exe
[2012/08/21 19:05:19 | 000,053,248 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdkprox.dll
[2012/08/21 19:05:18 | 000,860,160 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdkcomc.dll
[2012/08/21 19:05:18 | 000,365,488 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdkcfg.exe
[2011/12/21 11:00:50 | 000,000,016 | ---- | C] () -- C:\Windows\popcinfo.dat
[2011/12/17 09:18:17 | 000,748,034 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/06/08 10:27:41 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/03/06 14:07:59 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011/01/16 13:59:38 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011/01/15 12:47:42 | 000,000,135 | ---- | C] () -- C:\Windows\AutoKMS.ini
========== ZeroAccess Check ==========
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2011/11/02 07:30:27 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Amazon
[2012/11/01 03:41:33 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\gtk-2.0
[2012/08/21 19:11:34 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Lexmark Productivity Studio
[2012/09/21 18:56:49 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Temp
[2012/10/19 11:53:30 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\uTorrent
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:A3E39C6A
< End of report >
OTL logfile created on: 11/4/2012 9:27:01 PM - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\User\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.96 Gb Total Physical Memory | 2.58 Gb Available Physical Memory | 65.11% Memory free
7.92 Gb Paging File | 6.29 Gb Available in Paging File | 79.41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 218.20 Gb Total Space | 58.97 Gb Free Space | 27.03% Space Free | Partition Type: NTFS
Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/10/27 08:24:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
PRC - [2012/10/19 14:51:08 | 000,395,200 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
PRC - [2012/10/15 11:58:22 | 000,779,200 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
PRC - [2012/08/30 21:26:56 | 000,202,328 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe
PRC - [2010/02/15 11:26:42 | 000,025,256 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5300 Series\lxdkamon.exe
PRC - [2010/02/15 11:26:40 | 000,455,336 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5300 Series\lxdkmon.exe
PRC - [2009/12/21 16:34:38 | 000,743,992 | ---- | M] (Infowatch) -- C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
========== Modules (No Company Name) ==========
MOD - [2012/10/10 05:06:15 | 000,460,312 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\Application\22.0.1229.94\ppgooglenaclpluginchrome.dll
MOD - [2012/10/10 05:06:12 | 004,005,912 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\Application\22.0.1229.94\pdf.dll
MOD - [2012/10/10 05:04:57 | 000,578,072 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\Application\22.0.1229.94\libglesv2.dll
MOD - [2012/10/10 05:04:55 | 000,123,928 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\Application\22.0.1229.94\libegl.dll
MOD - [2012/10/10 05:04:44 | 000,156,712 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\Application\22.0.1229.94\avutil-51.dll
MOD - [2012/10/10 05:04:43 | 000,275,496 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\Application\22.0.1229.94\avformat-54.dll
MOD - [2012/10/10 05:04:42 | 002,168,360 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\Application\22.0.1229.94\avcodec-54.dll
MOD - [2012/08/30 21:24:20 | 007,422,392 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\qtgui4.dll
MOD - [2012/08/30 21:24:18 | 001,270,200 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\qtscript4.dll
MOD - [2012/08/30 21:24:18 | 000,192,952 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\qtsql4.dll
MOD - [2012/08/30 21:24:16 | 002,453,944 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\qtdeclarative4.dll
MOD - [2012/08/30 21:24:16 | 002,126,264 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\qtcore4.dll
MOD - [2012/08/30 21:24:16 | 000,795,064 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\qtnetwork4.dll
MOD - [2012/08/30 21:23:02 | 000,459,192 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\dblite.dll
MOD - [2012/06/14 09:21:08 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012/06/14 09:20:59 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012/05/12 07:22:09 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/05/12 07:22:04 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/05/12 07:22:03 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/12 07:21:26 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/09/05 18:36:52 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\imageformats\qgif4.dll
MOD - [2011/09/05 18:36:50 | 000,180,224 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\imageformats\qjpeg4.dll
MOD - [2010/06/01 10:17:46 | 000,929,792 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
MOD - [2010/02/15 11:26:42 | 000,025,256 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5300 Series\lxdkamon.exe
MOD - [2010/02/15 11:26:40 | 000,455,336 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5300 Series\lxdkmon.exe
MOD - [2010/02/09 06:41:50 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5300 Series\app4r.monitor.core.dll
MOD - [2010/02/09 06:41:50 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5300 Series\app4r.monitor.common.dll
MOD - [2010/02/09 06:40:56 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5300 Series\app4r.devmons.mcmdevmon.dll
MOD - [2008/06/06 05:45:50 | 000,011,776 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5300 Series\app4r.devmons.mcmdevmon.autoplayutil.dll
MOD - [2007/05/22 15:19:24 | 000,278,528 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5300 Series\lxdkscw.dll
MOD - [2007/05/03 09:39:32 | 000,589,824 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5300 Series\lxdkdatr.dll
MOD - [2006/12/28 09:47:42 | 000,073,728 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5300 Series\lxdkcats.dll
========== Services (SafeList) ==========
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2007/06/14 06:15:50 | 001,053,104 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxdkcoms.exe -- (lxdk_device)
SRV:64bit: - [2007/06/14 06:15:40 | 000,033,712 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxdkserv.exe -- (lxdkCATSCustConnectService)
SRV:64bit: - [2005/07/06 11:04:44 | 000,414,208 | ---- | M] (Lexmark International, Inc.) [On_Demand | Stopped] -- C:\Windows\SysNative\lxcccoms.exe -- (lxcc_device)
SRV - [2012/10/19 14:51:08 | 000,395,200 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe -- (Kodak AiO Network Discovery Service)
SRV - [2012/10/15 11:58:22 | 000,779,200 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe -- (Kodak AiO Status Monitor Service)
SRV - [2012/08/30 21:26:56 | 000,202,328 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe -- (AVP)
SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/21 16:34:38 | 000,743,992 | ---- | M] (Infowatch) [Auto | Running] -- C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe -- (CSObjectsSrv)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/06/14 06:15:40 | 000,033,712 | ---- | M] () [Auto | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\\lxdkserv.exe -- (lxdkCATSCustConnectService)
SRV - [2007/06/14 06:15:34 | 000,598,960 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxdkcoms.exe -- (lxdk_device)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012/10/23 20:02:39 | 000,636,760 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/20 10:48:00 | 000,458,032 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1)
DRV:64bit: - [2011/10/20 10:48:00 | 000,013,616 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2)
DRV:64bit: - [2011/06/15 09:10:14 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/10 17:36:24 | 000,029,488 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2011/02/11 19:16:38 | 010,628,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 06:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2009/12/14 11:44:24 | 000,085,048 | ---- | M] (Infowatch) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\CSCrySec.sys -- (CSCrySec)
DRV:64bit: - [2009/12/14 11:44:24 | 000,066,104 | ---- | M] (Infowatch) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\CSVirtualDiskDrv.sys -- (CSVirtualDiskDrv)
DRV:64bit: - [2009/11/02 19:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2009/09/28 09:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/08 00:45:50 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/02/17 12:11:25 | 000,031,400 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== Chrome ==========
CHR - homepage: http://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\22.0.1229.94\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\22.0.1229.94\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\User\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.5.0.7280_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U30 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\plugins\npMozCouponPrinter.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\User\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\User\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Kaspersky URL Advisor = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.2.733_0\
CHR - Extension: Virtual Keyboard = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.2.733_0\
CHR - Extension: Skype Extension = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.5.0.7280_0\
CHR - Extension: Gmail = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Anti-Banner = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.2.733_0\
O1 HOSTS File: ([2012/11/04 21:06:06 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [lxdkamon] C:\Program Files (x86)\Lexmark 5300 Series\lxdkamon.exe ()
O4:64bit: - HKLM..\Run: [lxdkmon.exe] C:\Program Files (x86)\Lexmark 5300 Series\lxdkmon.exe ()
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [Conime] %windir%\system32\conime.exe File not found
O4 - HKLM..\Run: [EKStatusMonitor] C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe (Eastman Kodak Company)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ie_banner_deny.htm ()
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ie_banner_deny.htm ()
O9:64bit: - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\ievkbd.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\klwtbbho.dll (Kaspersky Lab ZAO)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A2D6B9BB-4084-4035-A1C6-FEB527AA9A3A}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012/11/04 09:28:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrintProjects
[2012/11/04 09:28:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Visan
[2012/11/04 09:28:26 | 000,000,000 | ---D | C] -- C:\ProgramData\PrintProjects
[2012/11/04 09:28:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PrintProjects
[2012/11/04 09:18:16 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\kodak
[2012/10/31 15:54:51 | 000,000,000 | ---D | C] -- C:\Users\User\New folder
[2012/10/29 06:30:41 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/10/28 18:40:12 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/10/28 18:19:48 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/10/28 09:53:10 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/10/28 09:05:52 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/10/28 09:05:52 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/10/28 09:05:52 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/10/28 09:05:45 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/10/28 09:05:27 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/10/28 09:04:11 | 004,989,309 | R--- | C] (Swearware) -- C:\Users\User\Desktop\ComboFix.exe
[2012/10/27 14:11:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/10/27 13:02:44 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{BA33728A-6A86-4621-9DD8-C5B763852CD4}
[2012/10/27 11:43:33 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/10/27 08:23:49 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2012/10/26 08:45:40 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{ADA81C03-782F-4B4F-8A0C-E1C3AE304FF6}
[2012/10/25 20:45:14 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{5B403C6A-E557-4A2E-98C1-308394D5BC8C}
[2012/10/25 04:32:13 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{A2C68AE0-90FD-44CF-AB28-97C6C88F9371}
[2012/10/23 20:07:32 | 000,000,000 | R--D | C] -- C:\Backup
[2012/10/23 20:06:22 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{27AAE9B6-21FC-4F1E-A210-75BE59B31DAD}
[2012/10/23 20:04:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky PURE 2.0
[2012/10/23 20:03:49 | 000,085,048 | ---- | C] (Infowatch) -- C:\Windows\SysNative\drivers\CSCrySec.sys
[2012/10/23 20:03:49 | 000,066,104 | ---- | C] (Infowatch) -- C:\Windows\SysNative\drivers\CSVirtualDiskDrv.sys
[2012/10/23 20:03:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InfoWatch
[2012/10/23 20:03:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2012/10/23 20:03:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012/10/23 20:02:39 | 000,636,760 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2012/10/23 19:24:53 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2012/10/22 20:16:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos
[2012/10/22 08:05:31 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{765D74CE-8B36-4E6C-9D2B-693BB2EDCF45}
[2012/10/21 08:04:54 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{2D152C3F-F984-424E-945F-872505753375}
[2012/10/20 08:04:22 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{9991A9D4-1FBE-4242-8BC7-B89B670643E6}
[2012/10/19 20:03:58 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{3B5EA071-0DF6-4EDF-BCD2-523763E21662}
[2012/10/19 06:47:20 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{F8FEE630-8975-45C7-AB32-CB71968D1CB6}
[2012/10/18 18:46:54 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{48FBFEE6-AE58-49F0-BF5F-7A9D40072BDC}
[2012/10/18 06:46:14 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{DAC43719-1E41-48C0-BE81-FDF5BC830570}
[2012/10/17 06:45:36 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{BEC684CD-00DA-443F-ABC3-20F36DE13F4C}
[2012/10/15 06:44:36 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{6BF81F53-C7B1-4092-9683-A0D3595BBED3}
[2012/10/14 09:52:40 | 000,000,000 | ---D | C] -- C:\SNOW_WHITE_AND_THE_HUNTSMAN
[2012/10/14 06:01:27 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{B915AE48-3EF9-4C21-A43A-CD7ABDAB48B5}
[2012/10/13 06:00:54 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{8B7F5874-F6CC-491E-87FF-E43C29696A4B}
[2012/10/12 04:45:45 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{4312F491-DF38-400F-A76D-1C51D569D45B}
[2012/10/11 04:45:09 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{CE0B1F43-B37B-4F2F-A6D5-EB379C258333}
[2012/10/10 04:44:32 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{1781C365-41E1-46F9-811F-9E89A6EB5C5B}
[2012/10/09 04:43:53 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{771D728F-8BE2-411E-B1F1-3E8A88D05DBA}
[2012/10/08 04:43:15 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{B22D03F9-A5A4-49A5-BE54-F9379D4A75C8}
[2012/10/07 16:42:50 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{356108A0-88AE-4467-BA0E-A1FB0036AB84}
[2012/10/06 04:15:57 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{BB3B69D0-3D56-4160-9BA7-EA1176026888}
========== Files - Modified Within 30 Days ==========
[2012/11/04 21:23:56 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/04 21:23:56 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/04 21:20:58 | 000,730,448 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/11/04 21:20:58 | 000,627,316 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/11/04 21:20:58 | 000,107,600 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/11/04 21:16:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/04 21:16:07 | 3190,050,816 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/04 21:11:05 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1736551342-4217978772-3593102293-1000UA.job
[2012/11/04 21:06:06 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2012/11/04 09:28:28 | 000,001,874 | ---- | M] () -- C:\Users\Public\Desktop\PrintProjects.lnk
[2012/11/04 09:27:38 | 000,002,156 | ---- | M] () -- C:\Users\Public\Desktop\KODAK AiO Home Center.lnk
[2012/11/04 09:22:51 | 000,002,075 | ---- | M] () -- C:\Users\Public\Desktop\Get CleanPrint.lnk
[2012/11/04 07:11:01 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1736551342-4217978772-3593102293-1000Core.job
[2012/11/01 03:41:33 | 000,009,512 | ---- | M] () -- C:\Users\User\.recently-used.xbel
[2012/10/31 16:00:34 | 005,290,493 | ---- | M] () -- C:\Users\User\Desktop\vsq_flightlessbird.mp3
[2012/10/30 18:20:29 | 000,087,889 | ---- | M] () -- C:\Users\User\Desktop\num - Copy.jpg
[2012/10/28 09:04:53 | 004,989,309 | R--- | M] (Swearware) -- C:\Users\User\Desktop\ComboFix.exe
[2012/10/27 08:24:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2012/10/27 06:07:50 | 000,016,958 | ---- | M] () -- C:\Users\User\Desktop\il_fullxfull.174067210.jpg
[2012/10/27 06:07:22 | 000,057,307 | ---- | M] () -- C:\Users\User\Desktop\il_570xN.340363817.jpg
[2012/10/27 06:01:50 | 000,053,151 | ---- | M] () -- C:\Users\User\Desktop\block.jpg
[2012/10/27 05:59:36 | 000,100,302 | ---- | M] () -- C:\Users\User\Desktop\il_570xN.317436470.jpg
[2012/10/27 05:57:15 | 000,084,041 | ---- | M] () -- C:\Users\User\Desktop\num2.jpg
[2012/10/27 05:54:46 | 000,104,445 | ---- | M] () -- C:\Users\User\Desktop\num.jpg
[2012/10/26 06:41:38 | 000,097,685 | ---- | M] () -- C:\Users\User\Desktop\STATIONERYCARD_FOLDED_3x5-30201-5548-MERCHLARGE_FRONT-v133546688100097685.jpg
[2012/10/26 06:41:12 | 000,066,280 | ---- | M] () -- C:\Users\User\Desktop\il_570xN.350946046.jpg
[2012/10/26 06:38:29 | 000,107,105 | ---- | M] () -- C:\Users\User\Desktop\il_570xN.386653431_m4u8.jpg
[2012/10/26 06:37:22 | 000,177,962 | ---- | M] () -- C:\Users\User\Desktop\il_fullxfull.372455837_ityu.jpg
[2012/10/26 06:29:17 | 000,017,921 | ---- | M] () -- C:\Users\User\Desktop\blankbirds.jpg
[2012/10/26 06:29:17 | 000,017,921 | ---- | M] () -- C:\Users\User\Desktop\blankbirds - Copy.jpg
[2012/10/26 06:28:29 | 000,022,429 | ---- | M] () -- C:\Users\User\Desktop\birds2.jpg
[2012/10/26 06:27:29 | 000,051,073 | ---- | M] () -- C:\Users\User\Desktop\birds1.jpg
[2012/10/26 06:17:46 | 000,058,277 | ---- | M] () -- C:\Users\User\Desktop\birds.jpg
[2012/10/26 05:55:56 | 000,062,039 | ---- | M] () -- C:\Users\User\Desktop\us.jpg
[2012/10/26 05:42:40 | 000,055,196 | ---- | M] () -- C:\Users\User\Desktop\STATIONERYCARD_A2-24004-4997-MERCHLARGE_FRONT-v131906950000055196.jpg
[2012/10/26 05:18:14 | 000,100,803 | ---- | M] () -- C:\Users\User\Desktop\date.jpg
[2012/10/23 20:07:34 | 000,017,408 | ---- | M] () -- C:\Users\User\AppData\Local\WebpageIcons.db
[2012/10/23 20:04:31 | 000,153,053 | ---- | M] () -- C:\Windows\SysNative\drivers\klin.dat
[2012/10/23 20:04:31 | 000,107,384 | ---- | M] () -- C:\Windows\SysNative\drivers\klick.dat
[2012/10/23 20:02:39 | 000,636,760 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2012/10/23 19:58:56 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/10/15 19:48:15 | 000,012,183 | ---- | M] () -- C:\Users\User\Desktop\pitcher01-240x240.jpg
[2012/10/11 05:41:09 | 000,002,288 | ---- | M] () -- C:\Users\User\Desktop\eng.GIF
[2012/10/10 18:13:09 | 000,002,481 | ---- | M] () -- C:\Users\User\Desktop\Google Chrome.lnk
[2012/10/08 11:55:24 | 000,063,376 | ---- | M] () -- C:\Users\User\Desktop\edilhr 358.jpg
[2012/10/08 11:55:24 | 000,063,376 | ---- | M] () -- C:\Users\User\Desktop\edilhr 358 - Copy.jpg
[2012/10/07 18:03:23 | 000,018,117 | ---- | M] () -- C:\Users\User\Desktop\Capture.GIF
========== Files Created - No Company Name ==========
[2012/11/04 09:28:28 | 000,001,874 | ---- | C] () -- C:\Users\Public\Desktop\PrintProjects.lnk
[2012/11/04 09:27:38 | 000,002,156 | ---- | C] () -- C:\Users\Public\Desktop\KODAK AiO Home Center.lnk
[2012/11/04 09:22:51 | 000,002,075 | ---- | C] () -- C:\Users\Public\Desktop\Get CleanPrint.lnk
[2012/11/01 03:41:33 | 000,009,512 | ---- | C] () -- C:\Users\User\.recently-used.xbel
[2012/10/31 16:00:27 | 005,290,493 | ---- | C] () -- C:\Users\User\Desktop\vsq_flightlessbird.mp3
[2012/10/30 18:05:09 | 000,087,889 | ---- | C] () -- C:\Users\User\Desktop\num - Copy.jpg
[2012/10/29 06:35:03 | 000,063,376 | ---- | C] () -- C:\Users\User\Desktop\edilhr 358 - Copy.jpg
[2012/10/28 09:05:52 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/10/28 09:05:52 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/10/28 09:05:52 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/10/28 09:05:52 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/10/28 09:05:52 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/10/27 06:07:49 | 000,016,958 | ---- | C] () -- C:\Users\User\Desktop\il_fullxfull.174067210.jpg
[2012/10/27 06:07:17 | 000,057,307 | ---- | C] () -- C:\Users\User\Desktop\il_570xN.340363817.jpg
[2012/10/27 06:01:47 | 000,053,151 | ---- | C] () -- C:\Users\User\Desktop\block.jpg
[2012/10/27 05:59:28 | 000,100,302 | ---- | C] () -- C:\Users\User\Desktop\il_570xN.317436470.jpg
[2012/10/27 05:57:10 | 000,084,041 | ---- | C] () -- C:\Users\User\Desktop\num2.jpg
[2012/10/27 05:54:41 | 000,104,445 | ---- | C] () -- C:\Users\User\Desktop\num.jpg
[2012/10/26 06:41:38 | 000,097,685 | ---- | C] () -- C:\Users\User\Desktop\STATIONERYCARD_FOLDED_3x5-30201-5548-MERCHLARGE_FRONT-v133546688100097685.jpg
[2012/10/26 06:41:12 | 000,066,280 | ---- | C] () -- C:\Users\User\Desktop\il_570xN.350946046.jpg
[2012/10/26 06:38:29 | 000,107,105 | ---- | C] () -- C:\Users\User\Desktop\il_570xN.386653431_m4u8.jpg
[2012/10/26 06:37:21 | 000,177,962 | ---- | C] () -- C:\Users\User\Desktop\il_fullxfull.372455837_ityu.jpg
[2012/10/26 06:29:33 | 000,017,921 | ---- | C] () -- C:\Users\User\Desktop\blankbirds - Copy.jpg
[2012/10/26 06:29:17 | 000,017,921 | ---- | C] () -- C:\Users\User\Desktop\blankbirds.jpg
[2012/10/26 06:28:29 | 000,022,429 | ---- | C] () -- C:\Users\User\Desktop\birds2.jpg
[2012/10/26 06:27:29 | 000,051,073 | ---- | C] () -- C:\Users\User\Desktop\birds1.jpg
[2012/10/26 06:17:45 | 000,058,277 | ---- | C] () -- C:\Users\User\Desktop\birds.jpg
[2012/10/26 05:55:55 | 000,062,039 | ---- | C] () -- C:\Users\User\Desktop\us.jpg
[2012/10/26 05:42:40 | 000,055,196 | ---- | C] () -- C:\Users\User\Desktop\STATIONERYCARD_A2-24004-4997-MERCHLARGE_FRONT-v131906950000055196.jpg
[2012/10/26 05:18:13 | 000,100,803 | ---- | C] () -- C:\Users\User\Desktop\date.jpg
[2012/10/23 20:07:34 | 000,017,408 | ---- | C] () -- C:\Users\User\AppData\Local\WebpageIcons.db
[2012/10/23 20:04:31 | 000,153,053 | ---- | C] () -- C:\Windows\SysNative\drivers\klin.dat
[2012/10/23 20:04:31 | 000,107,384 | ---- | C] () -- C:\Windows\SysNative\drivers\klick.dat
[2012/10/15 19:48:15 | 000,012,183 | ---- | C] () -- C:\Users\User\Desktop\pitcher01-240x240.jpg
[2012/10/11 05:41:08 | 000,002,288 | ---- | C] () -- C:\Users\User\Desktop\eng.GIF
[2012/10/08 08:53:28 | 000,063,376 | ---- | C] () -- C:\Users\User\Desktop\edilhr 358.jpg
[2012/10/07 18:03:23 | 000,018,117 | ---- | C] () -- C:\Users\User\Desktop\Capture.GIF
[2012/08/21 19:05:21 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\lxdkcomx.dll
[2012/08/21 19:05:21 | 000,356,352 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdkinpa.dll
[2012/08/21 19:05:21 | 000,348,160 | ---- | C] () -- C:\Windows\SysWow64\lxdkinst.dll
[2012/08/21 19:05:20 | 001,200,128 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdkserv.dll
[2012/08/21 19:05:20 | 000,950,272 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdkusb1.dll
[2012/08/21 19:05:20 | 000,647,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdkpmui.dll
[2012/08/21 19:05:20 | 000,339,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdkiesc.dll
[2012/08/21 19:05:19 | 000,663,552 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdkhbn3.dll
[2012/08/21 19:05:19 | 000,598,960 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdkcoms.exe
[2012/08/21 19:05:19 | 000,565,248 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdklmpm.dll
[2012/08/21 19:05:19 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdkcomm.dll
[2012/08/21 19:05:19 | 000,320,432 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdkih.exe
[2012/08/21 19:05:19 | 000,053,248 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdkprox.dll
[2012/08/21 19:05:18 | 000,860,160 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdkcomc.dll
[2012/08/21 19:05:18 | 000,365,488 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdkcfg.exe
[2011/12/21 11:00:50 | 000,000,016 | ---- | C] () -- C:\Windows\popcinfo.dat
[2011/12/17 09:18:17 | 000,748,034 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/06/08 10:27:41 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/03/06 14:07:59 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011/01/16 13:59:38 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011/01/15 12:47:42 | 000,000,135 | ---- | C] () -- C:\Windows\AutoKMS.ini
========== ZeroAccess Check ==========
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2011/11/02 07:30:27 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Amazon
[2012/11/01 03:41:33 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\gtk-2.0
[2012/08/21 19:11:34 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Lexmark Productivity Studio
[2012/09/21 18:56:49 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Temp
[2012/10/19 11:53:30 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\uTorrent
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:A3E39C6A
< End of report >
#44
Posted 05 November 2012 - 07:51 AM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
OK so it is definitely an addon within Chrome. All the ones I can see appear legitimate with maybe the exception of this one Coupon Printer Manager
Time for the boring bit now..
Restart Chrome normally
Disable the extensions one at a time and check for redirects in between, once the bad boy has been located then delete it.. Could you let me know which one it is
Disable Chrome extensions
Time for the boring bit now..
Restart Chrome normally
Disable the extensions one at a time and check for redirects in between, once the bad boy has been located then delete it.. Could you let me know which one it is
Disable Chrome extensions
#45
Posted 06 November 2012 - 09:47 AM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
Disable this one first in Chrome YouTube
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
