Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Reformatted PC and still lag. Is it hardware or strong virus?


  • Please log in to reply

#31
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,799 posts
  • MVP
OK. I'm thinking that's probably not it anyway. It's more likely the
Windows Management Instrumentation (WMI) that I see running is causing the delay. This is often used by installed program software and sometimes they get it wrong.

This is sort of hard to troubleshoot. You can't stop it easily. You have to go into the services menu and first stop:

Internet Connection Sharing (ICS)
IP Helper
Security Center

then I think it will let you stop Windows Management Instrumentation.

Then run VLC and see if you still get a lag.

You can go back in and restart them in the reverse order or just reboot to put things back the way they were.

Have a nice vacation.
  • 0

Advertisements


#32
evolnomis

evolnomis

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
I was able to complete the steps mentioned and still noticed the lag while performing those tasks, in firefox, and again on VLC. i emailed you the log for when i was using VLC.
  • 0

#33
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,799 posts
  • MVP
Next time please close Firefox and disconnect from the internet. This will simplify and shorten the log.

What I am seeing now is mostly the Intel Management junk and an attempt to activate the modem. Do you even have a modem?

Can you uninstall the Intel Management Engine? If not see if it will let you stop these services:

Intel Management and Security Application Local Management Service
Intel Management and Security Application User Notification Service

Then run OTL quickscan and post the log.

Then create a new procmon log while watching a video with only vlc running and no internet and send it to me. Are you still getting a lag?
  • 0

#34
evolnomis

evolnomis

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
I don't have a phone line modem on my laptop. just an ethernet port and wifi....

and i did not have any problem uninstalling Intel Management Engine

OTL logfile created on: 3/4/2013 6:31:55 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\LuvNamie\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.95 Gb Total Physical Memory | 2.70 Gb Available Physical Memory | 68.36% Memory free
7.90 Gb Paging File | 6.71 Gb Available in Paging File | 85.04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 60.00 Gb Total Space | 19.78 Gb Free Space | 32.97% Space Free | Partition Type: NTFS
Drive D: | 222.90 Gb Total Space | 142.33 Gb Free Space | 63.85% Space Free | Partition Type: NTFS
Drive G: | 7.16 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: LUVNAMIE-PC | User Name: LuvNamie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/03/04 18:30:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\LuvNamie\Desktop\OTL.exe
PRC - [2013/01/21 04:29:18 | 028,539,272 | ---- | M] (Dropbox, Inc.) -- C:\Users\LuvNamie\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/12/19 04:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/05/30 15:08:28 | 001,842,384 | ---- | M] (Gadwin Systems, Inc) -- C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe
PRC - [2009/02/23 19:43:12 | 000,576,000 | ---- | M] (MagicISO, Inc.) -- C:\Program Files (x86)\MagicDisc\MagicDisc.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV:64bit: - [2013/01/27 11:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/01/27 11:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/12/21 11:30:30 | 000,822,704 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\Toshiba\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2010/12/10 10:45:26 | 000,489,384 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2010/12/09 07:42:54 | 000,137,632 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2010/10/21 06:41:00 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2009/07/14 10:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/03/02 03:24:13 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/02/27 11:06:57 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/01/08 13:23:22 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/12/19 04:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/11 06:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/03/03 14:01:40 | 000,141,848 | ---- | M] (Kings Information & Network) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\kcrtx64.sys -- (kcrtx64)
DRV:64bit: - [2013/01/20 15:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/01 15:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/04/05 13:10:14 | 012,262,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/03/11 15:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 15:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/09 12:07:00 | 000,038,096 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2011/02/04 12:59:06 | 001,413,680 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/01/28 05:34:12 | 001,577,088 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2011/01/13 10:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/01/05 18:08:58 | 001,109,096 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)
DRV:64bit: - [2010/12/02 09:12:06 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/12/01 07:40:04 | 000,307,304 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2010/11/21 12:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 12:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 12:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/09 05:44:40 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010/10/20 09:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/15 18:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2009/07/31 13:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/15 08:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/14 10:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 10:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 10:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/25 08:36:48 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2009/06/20 12:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009/06/16 05:58:50 | 000,012,800 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\QIOMem.sys -- (QIOMem)
DRV:64bit: - [2009/06/11 06:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/11 06:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/11 06:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/11 05:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 05:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 05:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 05:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
DRV - [2009/07/14 10:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE:64bit: - HKLM\..\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}: "URL" = http://www.google.co...ng}&rlz=1I7TSNJ
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}: "URL" = http://www.google.co...ng}&rlz=1I7TSNJ

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.toshiba.com/g/
IE - HKCU\..\SearchScopes,DefaultScope = {58F0EA2A-D4D6-4A5A-941D-40D0AD436A78}
IE - HKCU\..\SearchScopes\{58F0EA2A-D4D6-4A5A-941D-40D0AD436A78}: "URL" = http://www.google.co...ng}&rlz=1I7TSNJ
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://finance.yahoo.com/"
FF - prefs.js..extensions.enabledAddons: support%40lastpass.com:2.0.0
FF - prefs.js..extensions.enabledAddons: gmailnoads%40mywebber.com:3.9.1
FF - prefs.js..extensions.enabledAddons: foxmarks%40kei.com:4.1.3
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130129
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll File not found
FF - HKLM\Software\MozillaPlugins\@interezen.co.kr/npi3gmanager: C:\Program Files (x86)\Interezen\Plugins\NPI3GManager.dll (Interezen © Interezen.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@softforum.com/npKeyPro: C:\windows\system32\npKeyPro.dll (Softsecurity Co., Ltd.)
FF - HKLM\Software\MozillaPlugins\@softforum.com/npxwebplugins: C:\Program Files (x86)\SoftForum\XecureWeb\ActiveX\npxwebplugin.dll (SoftForum Co., Ltd.)
FF - HKLM\Software\MozillaPlugins\@softforum.com/npxwebplugins_file: C:\Program Files (x86)\SoftForum\XecureWeb\ActiveX\npxwebplugin_file.dll (SoftForum Co., Ltd.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@softforum.com/npxwebplugins: C:\Program Files (x86)\SoftForum\XecureWeb\ActiveX\npxwebplugin.dll (SoftForum Co., Ltd.)
FF - HKCU\Software\MozillaPlugins\@softforum.com/npxwebplugins_file: C:\Program Files (x86)\SoftForum\XecureWeb\ActiveX\npxwebplugin_file.dll (SoftForum Co., Ltd.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/02/27 11:07:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/02/27 11:07:01 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2013/01/13 00:29:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\LuvNamie\AppData\Roaming\Mozilla\Extensions
[2013/03/04 18:25:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\LuvNamie\AppData\Roaming\Mozilla\Firefox\Profiles\ps2yaq9o.default\extensions
[2013/01/13 01:35:45 | 000,000,000 | ---D | M] (IE Tab) -- C:\Users\LuvNamie\AppData\Roaming\Mozilla\Firefox\Profiles\ps2yaq9o.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2013/02/16 01:53:41 | 000,000,000 | ---D | M] (WOT) -- C:\Users\LuvNamie\AppData\Roaming\Mozilla\Firefox\Profiles\ps2yaq9o.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2013/02/16 01:53:45 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\LuvNamie\AppData\Roaming\Mozilla\Firefox\Profiles\ps2yaq9o.default\extensions\foxma[email protected]
[2013/01/13 01:35:45 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\LuvNamie\AppData\Roaming\Mozilla\Firefox\Profiles\ps2yaq9o.default\extensions\[email protected]
[2013/01/13 12:36:35 | 000,637,327 | ---- | M] () (No name found) -- C:\Users\LuvNamie\AppData\Roaming\Mozilla\Firefox\Profiles\ps2yaq9o.default\extensions\[email protected]
[2013/02/16 01:53:41 | 000,021,861 | ---- | M] () (No name found) -- C:\Users\LuvNamie\AppData\Roaming\Mozilla\Firefox\Profiles\ps2yaq9o.default\extensions\[email protected]
[2013/01/13 01:35:41 | 000,177,357 | ---- | M] () (No name found) -- C:\Users\LuvNamie\AppData\Roaming\Mozilla\Firefox\Profiles\ps2yaq9o.default\extensions\{c36177c0-224a-11da-8cd6-0800200c9a91}.xpi
[2013/02/15 01:11:39 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\LuvNamie\AppData\Roaming\Mozilla\Firefox\Profiles\ps2yaq9o.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/02/27 11:05:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/02/27 11:06:59 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013/01/05 12:45:12 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013/02/27 11:06:23 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://start.toshiba.com/?cid=C001B2Y
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\8.0.552.224\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\8.0.552.224\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\8.0.552.224\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U20 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Best Buy pc app Detector (Enabled) = C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2013/02/17 13:22:06 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (MP3 Rocket Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (MP3 Rocket Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\Toshiba\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe (Conexant systems, Inc.)
O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\Toshiba\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\Toshiba\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" File not found
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [Gadwin PrintScreen] C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe (Gadwin Systems, Inc)
O4 - Startup: C:\Users\LuvNamie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\LuvNamie\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\LuvNamie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O13 - gopher Prefix: missing
O16:64bit: - DPF: {6CE20149-ABE3-462E-A1B4-5B549971AA38} Reg Error: Key error. (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {967386A1-409E-431A-A93A-FB5FEFF86A58} http://bank.keb.co.k...rt/veraport.cab (AXMObjectCtl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.13.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 168.126.63.1 168.126.63.2 192.168.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2CA4C9ED-F005-424A-8141-EB4BC5926ACF}: DhcpNameServer = 168.126.63.1 168.126.63.2 192.168.10.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/03/04 18:30:16 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\LuvNamie\Desktop\OTL.exe
[2013/03/04 17:48:11 | 000,000,000 | ---D | C] -- C:\Users\LuvNamie\AppData\Local\CrashDumps
[2013/03/03 14:01:40 | 000,137,128 | R--- | C] (SoftSecurity Co., Ltd.) -- C:\windows\SysNative\CKAgent.exe
[2013/03/03 14:01:37 | 000,138,320 | R--- | C] (SoftSecurity Co., Ltd.) -- C:\windows\SysWow64\CKAgent.exe
[2013/03/02 22:43:38 | 000,000,000 | ---D | C] -- C:\Users\LuvNamie\Documents\Adobe
[2013/02/27 11:05:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/02/27 03:53:18 | 000,000,000 | ---D | C] -- C:\Users\LuvNamie\Incomplete
[2013/02/27 03:53:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com
[2013/02/27 03:53:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Ask
[2013/02/27 03:52:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP3 Rocket
[2013/02/27 03:52:46 | 000,000,000 | ---D | C] -- C:\Users\LuvNamie\AppData\Roaming\MP3Rocket
[2013/02/27 03:52:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MP3 Rocket
[2013/02/22 20:45:37 | 000,000,000 | ---D | C] -- C:\Users\LuvNamie\Desktop\Arick Poster
[2013/02/17 15:27:59 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/02/17 14:55:52 | 000,138,320 | R--- | C] (SoftSecurity Co., Ltd.) -- C:\windows\SysWow64\CKAgent.dat
[2013/02/17 13:25:03 | 000,000,000 | ---D | C] -- C:\windows\temp
[2013/02/17 13:14:42 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2013/02/17 13:14:42 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2013/02/17 13:14:42 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2013/02/17 13:14:34 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/02/17 13:14:20 | 000,000,000 | ---D | C] -- C:\windows\erdnt
[2013/02/17 13:13:22 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\LuvNamie\Desktop\tdsskiller.exe
[2013/02/17 13:04:39 | 005,033,715 | R--- | C] (Swearware) -- C:\Users\LuvNamie\Desktop\ComboFix.exe
[2013/02/17 12:58:14 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\LuvNamie\Desktop\aswMBR.exe
[2013/02/16 21:01:52 | 000,000,000 | ---D | C] -- C:\Users\LuvNamie\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2013/02/16 20:56:52 | 000,000,000 | ---D | C] -- C:\ProgramData\ALM
[2013/02/16 20:37:10 | 000,000,000 | ---D | C] -- C:\Users\LuvNamie\Desktop\Adobe Illustrator CS6
[2013/02/16 18:59:12 | 002,474,608 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\LuvNamie\Desktop\Procmon.exe
[2013/02/16 04:19:32 | 000,000,000 | ---D | C] -- C:\Users\LuvNamie\AppData\Roaming\Media Player Classic
[2013/02/16 04:18:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC
[2013/02/16 04:18:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MPC-HC
[2013/02/13 19:46:21 | 000,000,000 | ---D | C] -- C:\ProgramData\NovaTech Network
[2013/02/13 19:45:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NovaBench
[2013/02/13 19:44:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Novawave
[2013/02/11 23:29:45 | 000,000,000 | ---D | C] -- C:\Users\LuvNamie\AppData\Roaming\calibre
[2013/02/11 23:29:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Calibre2
[2013/02/11 23:29:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
[2013/02/11 14:50:40 | 000,000,000 | ---D | C] -- C:\Users\LuvNamie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MagicDisc
[2013/02/11 14:50:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicDisc
[2013/02/11 14:50:07 | 000,255,552 | ---- | C] (MagicISO, Inc.) -- C:\windows\SysWow64\drivers\mcdbus.sys
[2013/02/11 14:50:07 | 000,255,552 | ---- | C] (MagicISO, Inc.) -- C:\windows\SysNative\drivers\mcdbus.sys
[2013/02/11 14:50:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MagicDisc
[2013/02/11 14:49:48 | 000,000,000 | ---D | C] -- C:\Users\LuvNamie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MagicISO
[2013/02/11 14:49:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicISO
[2013/02/11 14:49:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MagicISO
[2013/02/11 02:02:54 | 000,000,000 | ---D | C] -- C:\Users\LuvNamie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
[2013/02/11 02:02:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan
[2013/02/11 02:02:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpeedFan
[2013/02/10 16:36:23 | 000,000,000 | ---D | C] -- C:\Users\LuvNamie\AppData\Local\ElevatedDiagnostics
[2013/02/10 16:24:24 | 000,000,000 | ---D | C] -- C:\windows\pss
[2013/02/10 01:16:17 | 000,000,000 | ---D | C] -- C:\Users\LuvNamie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2013/02/09 16:00:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/02/08 17:24:01 | 002,738,264 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\LuvNamie\Desktop\procexp.exe
[2013/02/05 21:06:30 | 000,000,000 | ---D | C] -- C:\Users\LuvNamie\AppData\Roaming\BitTorrent
[2013/02/04 23:42:57 | 000,000,000 | R--D | C] -- C:\Users\LuvNamie\Dropbox
[2013/02/04 23:41:08 | 000,000,000 | ---D | C] -- C:\Users\LuvNamie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2013/02/04 23:39:13 | 000,000,000 | ---D | C] -- C:\Users\LuvNamie\AppData\Roaming\Dropbox
[2013/02/04 22:39:19 | 000,000,000 | ---D | C] -- C:\Users\LuvNamie\.swt
[2013/02/04 22:32:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\thinkorswim from TD AMERITRADE
[2013/02/04 22:32:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\thinkTDA
[2013/02/03 01:09:36 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2013/02/03 01:07:42 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2013/02/03 01:03:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2013/02/03 00:55:18 | 000,000,000 | ---D | C] -- C:\Users\LuvNamie\AppData\Local\Adobe
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/03/04 18:31:20 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/04 18:31:20 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/04 18:30:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\LuvNamie\Desktop\OTL.exe
[2013/03/04 18:23:45 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/03/04 18:23:43 | 3180,220,416 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/04 18:23:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/03/03 14:01:40 | 000,141,848 | ---- | M] (Kings Information & Network) -- C:\windows\SysNative\kcrtx64.sys
[2013/03/03 14:01:40 | 000,138,320 | R--- | M] (SoftSecurity Co., Ltd.) -- C:\windows\SysWow64\CKAgent.exe
[2013/03/03 14:01:40 | 000,137,128 | R--- | M] (SoftSecurity Co., Ltd.) -- C:\windows\SysNative\CKAgent.exe
[2013/03/03 14:01:40 | 000,019,016 | ---- | M] (Soft Security Corporation) -- C:\windows\SysNative\JRSUKD25.SYS
[2013/03/02 22:44:23 | 000,726,316 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/03/02 22:44:23 | 000,624,178 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/03/02 22:44:23 | 000,106,522 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/03/02 17:24:44 | 000,369,249 | ---- | M] () -- C:\Users\LuvNamie\Desktop\stacy - bamboo-edit.jpg
[2013/03/02 17:23:13 | 000,199,441 | ---- | M] () -- C:\Users\LuvNamie\Desktop\stacy - bamboo-edit plus crop.jpg
[2013/03/02 16:55:09 | 000,002,066 | ---- | M] () -- C:\Users\Public\Desktop\Lightroom 4.3 64-bit.lnk
[2013/03/02 15:28:28 | 000,782,283 | ---- | M] () -- C:\Users\LuvNamie\Desktop\stacy - bamboo.jpg
[2013/02/27 04:00:50 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_Kernel_WinUsb_01009.Wdf
[2013/02/27 03:11:16 | 000,024,576 | ---- | M] () -- C:\windows\SysNative\umstartup.etl
[2013/02/19 23:41:55 | 005,037,960 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013/02/17 14:55:52 | 000,138,320 | R--- | M] (SoftSecurity Co., Ltd.) -- C:\windows\SysWow64\CKAgent.dat
[2013/02/17 13:22:06 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2013/02/17 13:13:29 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\LuvNamie\Desktop\tdsskiller.exe
[2013/02/17 13:05:12 | 005,033,715 | R--- | M] (Swearware) -- C:\Users\LuvNamie\Desktop\ComboFix.exe
[2013/02/17 12:59:27 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\LuvNamie\Desktop\aswMBR.exe
[2013/02/16 18:59:20 | 002,474,608 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Users\LuvNamie\Desktop\Procmon.exe
[2013/02/15 13:15:46 | 000,002,155 | ---- | M] () -- C:\windows\epplauncher.mif
[2013/02/13 19:47:49 | 000,000,990 | ---- | M] () -- C:\Users\LuvNamie\Desktop\13-0213 novabench.nbr
[2013/02/11 14:50:41 | 000,001,004 | ---- | M] () -- C:\Users\LuvNamie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
[2013/02/11 02:02:48 | 000,000,045 | ---- | M] () -- C:\windows\SysWow64\initdebug.nfo
[2013/02/10 01:16:19 | 000,001,279 | ---- | M] () -- C:\Users\LuvNamie\Desktop\Revo Uninstaller.lnk
[2013/02/08 18:36:05 | 000,061,440 | ---- | M] ( ) -- C:\Users\LuvNamie\Desktop\VEW.exe
[2013/02/08 17:24:11 | 002,738,264 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Users\LuvNamie\Desktop\procexp.exe
[2013/02/05 21:08:43 | 000,000,869 | ---- | M] () -- C:\Users\LuvNamie\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk
[2013/02/04 23:42:57 | 000,001,057 | ---- | M] () -- C:\Users\LuvNamie\Desktop\Dropbox.lnk
[2013/02/04 23:41:23 | 000,001,067 | ---- | M] () -- C:\Users\LuvNamie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/03/02 17:24:44 | 000,369,249 | ---- | C] () -- C:\Users\LuvNamie\Desktop\stacy - bamboo-edit.jpg
[2013/03/02 17:23:12 | 000,199,441 | ---- | C] () -- C:\Users\LuvNamie\Desktop\stacy - bamboo-edit plus crop.jpg
[2013/03/02 16:55:09 | 000,002,086 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Lightroom 4.3 64-bit.lnk
[2013/03/02 16:55:09 | 000,002,066 | ---- | C] () -- C:\Users\Public\Desktop\Lightroom 4.3 64-bit.lnk
[2013/03/02 15:28:27 | 000,782,283 | ---- | C] () -- C:\Users\LuvNamie\Desktop\stacy - bamboo.jpg
[2013/02/27 04:00:50 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_Kernel_WinUsb_01009.Wdf
[2013/02/17 13:14:42 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2013/02/17 13:14:42 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2013/02/17 13:14:42 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2013/02/17 13:14:42 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2013/02/17 13:14:42 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2013/02/16 20:57:03 | 000,001,529 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CS6 (64 Bit).lnk
[2013/02/16 20:56:10 | 000,001,008 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2013/02/13 19:47:46 | 000,000,990 | ---- | C] () -- C:\Users\LuvNamie\Desktop\13-0213 novabench.nbr
[2013/02/11 14:50:40 | 000,001,004 | ---- | C] () -- C:\Users\LuvNamie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
[2013/02/11 02:02:48 | 000,000,045 | ---- | C] () -- C:\windows\SysWow64\initdebug.nfo
[2013/02/10 16:36:22 | 000,001,067 | ---- | C] () -- C:\Users\LuvNamie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013/02/08 18:36:03 | 000,061,440 | ---- | C] ( ) -- C:\Users\LuvNamie\Desktop\VEW.exe
[2013/02/05 21:08:43 | 000,000,869 | ---- | C] () -- C:\Users\LuvNamie\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk
[2013/02/04 23:42:57 | 000,001,057 | ---- | C] () -- C:\Users\LuvNamie\Desktop\Dropbox.lnk
[2013/02/03 01:09:30 | 000,001,086 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6 (64 Bit).lnk
[2013/02/03 01:08:08 | 000,001,048 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6 (64bit).lnk
[2013/02/03 01:06:11 | 000,001,368 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS6.lnk
[2013/02/03 01:06:07 | 000,001,534 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS6.lnk
[2013/01/20 00:18:05 | 000,072,272 | ---- | C] () -- C:\windows\SysWow64\cosa.dll
[2013/01/20 00:18:05 | 000,015,512 | ---- | C] () -- C:\windows\SysWow64\IRTrace.dll
[2013/01/13 11:28:16 | 000,451,072 | ---- | C] () -- C:\windows\SysWow64\ISSRemoveSP.exe
[2011/04/05 13:07:00 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin
[2011/04/05 13:06:58 | 000,963,116 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin
[2011/04/05 13:06:58 | 000,216,876 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin

========== ZeroAccess Check ==========

[2009/07/14 13:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 14:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 13:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 10:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 12:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 10:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/03/04 18:31:25 | 000,000,000 | ---D | M] -- C:\Users\LuvNamie\AppData\Roaming\BitTorrent
[2013/02/11 23:30:45 | 000,000,000 | ---D | M] -- C:\Users\LuvNamie\AppData\Roaming\calibre
[2013/03/04 18:24:17 | 000,000,000 | ---D | M] -- C:\Users\LuvNamie\AppData\Roaming\Dropbox
[2013/02/27 04:12:15 | 000,000,000 | ---D | M] -- C:\Users\LuvNamie\AppData\Roaming\MP3Rocket
[2013/02/16 21:01:52 | 000,000,000 | ---D | M] -- C:\Users\LuvNamie\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2013/01/13 00:08:21 | 000,000,000 | ---D | M] -- C:\Users\LuvNamie\AppData\Roaming\Toshiba
[2013/01/12 00:04:44 | 000,000,000 | ---D | M] -- C:\Users\LuvNamie\AppData\Roaming\WinBatch

========== Purity Check ==========



< End of report >


and I will email you the ProcMon log.

The lag is still similar to before.

Thanks!
  • 0

#35
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,799 posts
  • MVP
Try turning off Windows Media Player Network Sharing Service

http://www.addictive...e-in-windows-7/

It's not something you need and it does seem to be eating up some time.
  • 0

#36
evolnomis

evolnomis

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
I uninstalled JAVA programs and the ASK toolbar

I downloaded adwcleaner but was unable to understand what to do with:

  • Run the Tool
    Windows Vista and Windows 7 users:
    Right click in the adwCleaner.exe and select the option
    Posted Image
  • Select the Delete button.
  • When the scan completes, it will open a notepad windows.
  • Please, copy the content of this file in your next reply.


here is my OTL log:

OTL logfile created on: 4/21/2013 2:06:13 AM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\LuvNamie\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.95 Gb Total Physical Memory | 1.79 Gb Available Physical Memory | 45.44% Memory free
7.90 Gb Paging File | 5.44 Gb Available in Paging File | 68.85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 60.00 Gb Total Space | 17.90 Gb Free Space | 29.83% Space Free | Partition Type: NTFS
Drive D: | 222.90 Gb Total Space | 50.72 Gb Free Space | 22.75% Space Free | Partition Type: NTFS

Computer Name: LUVNAMIE-PC | User Name: LuvNamie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/04/13 02:02:23 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/03/14 00:13:59 | 001,822,424 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
PRC - [2013/03/04 18:30:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\LuvNamie\Desktop\OTL.exe
PRC - [2012/12/19 04:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/05/30 15:08:28 | 001,842,384 | ---- | M] (Gadwin Systems, Inc) -- C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe
PRC - [2009/02/23 19:43:12 | 000,576,000 | ---- | M] (MagicISO, Inc.) -- C:\Program Files (x86)\MagicDisc\MagicDisc.exe


========== Modules (No Company Name) ==========

MOD - [2013/04/13 02:01:58 | 003,133,336 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/03/14 00:13:58 | 014,717,144 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
MOD - [2012/07/18 05:02:20 | 000,970,240 | ---- | M] () -- C:\Users\LuvNamie\AppData\Roaming\Mozilla\Firefox\Profiles\ps2yaq9o.default\extensions\[email protected]\platform\WINNT_x86-msvc\components\lpxpcom.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/01/27 11:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/01/27 11:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/12/21 11:30:30 | 000,822,704 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\Toshiba\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2010/12/10 10:45:26 | 000,489,384 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2010/12/09 07:42:54 | 000,137,632 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2010/10/21 06:41:00 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2009/07/14 10:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/04/18 23:40:25 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2013/04/13 02:02:22 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/03/14 00:14:01 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/01/08 13:23:22 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/12/19 04:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/11 06:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/04/21 00:16:27 | 000,141,848 | ---- | M] (Kings Information & Network) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\kcrtx64.sys -- (kcrtx64)
DRV:64bit: - [2013/01/20 15:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/01 15:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/04/05 13:10:14 | 012,262,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/03/11 15:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 15:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/09 12:07:00 | 000,038,096 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2011/02/04 12:59:06 | 001,413,680 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/01/28 05:34:12 | 001,577,088 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2011/01/13 10:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/01/05 18:08:58 | 001,109,096 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)
DRV:64bit: - [2010/12/02 09:12:06 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/12/01 07:40:04 | 000,307,304 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2010/11/21 12:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 12:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 12:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/09 05:44:40 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010/10/20 09:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/15 18:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2009/07/31 13:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/15 08:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/14 10:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 10:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 10:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/25 08:36:48 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2009/06/20 12:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009/06/16 05:58:50 | 000,012,800 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\QIOMem.sys -- (QIOMem)
DRV:64bit: - [2009/06/11 06:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/11 06:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/11 06:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/11 05:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 05:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 05:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 05:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
DRV - [2009/07/14 10:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE:64bit: - HKLM\..\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}: "URL" = http://www.google.co...ng}&rlz=1I7TSNJ
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}: "URL" = http://www.google.co...ng}&rlz=1I7TSNJ

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\SearchScopes,DefaultScope = {58F0EA2A-D4D6-4A5A-941D-40D0AD436A78}
IE - HKCU\..\SearchScopes\{58F0EA2A-D4D6-4A5A-941D-40D0AD436A78}: "URL" = http://www.google.co...ng}&rlz=1I7TSNJ
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://finance.yahoo...asp?Order=Freq"
FF - prefs.js..extensions.enabledAddons: support%40lastpass.com:2.0.0
FF - prefs.js..extensions.enabledAddons: gmailnoads%40mywebber.com:3.9.1
FF - prefs.js..extensions.enabledAddons: foxmarks%40kei.com:4.1.3
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130402
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll File not found
FF - HKLM\Software\MozillaPlugins\@interezen.co.kr/npi3gmanager: C:\Program Files (x86)\Interezen\Plugins\NPI3GManager.dll (Interezen © Interezen.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@softforum.com/npKeyPro: C:\windows\system32\npKeyPro.dll (Softsecurity Co., Ltd.)
FF - HKLM\Software\MozillaPlugins\@softforum.com/npxwebplugins: C:\Program Files (x86)\SoftForum\XecureWeb\ActiveX\npxwebplugin.dll (SoftForum Co., Ltd.)
FF - HKLM\Software\MozillaPlugins\@softforum.com/npxwebplugins_file: C:\Program Files (x86)\SoftForum\XecureWeb\ActiveX\npxwebplugin_file.dll (SoftForum Co., Ltd.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@wizvera.com/npVeraport20: C:\Program Files (x86)\Wizvera\Veraport20\npveraport20.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@softforum.com/npxwebplugins: C:\Program Files (x86)\SoftForum\XecureWeb\ActiveX\npxwebplugin.dll (SoftForum Co., Ltd.)
FF - HKCU\Software\MozillaPlugins\@softforum.com/npxwebplugins_file: C:\Program Files (x86)\SoftForum\XecureWeb\ActiveX\npxwebplugin_file.dll (SoftForum Co., Ltd.)
FF - HKCU\Software\MozillaPlugins\tdameritrade.com/tossc: C:\Program Files (x86)\thinkTDA\tossc32.dll (TD Ameritrade)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/04/13 02:02:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2013/01/13 00:29:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\LuvNamie\AppData\Roaming\Mozilla\Extensions
[2013/04/17 18:49:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\LuvNamie\AppData\Roaming\Mozilla\Firefox\Profiles\ps2yaq9o.default\extensions
[2013/01/13 01:35:45 | 000,000,000 | ---D | M] (IE Tab) -- C:\Users\LuvNamie\AppData\Roaming\Mozilla\Firefox\Profiles\ps2yaq9o.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2013/04/13 01:19:57 | 000,000,000 | ---D | M] (WOT) -- C:\Users\LuvNamie\AppData\Roaming\Mozilla\Firefox\Profiles\ps2yaq9o.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2013/02/16 01:53:45 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\LuvNamie\AppData\Roaming\Mozilla\Firefox\Profiles\ps2yaq9o.default\extensions\[email protected]
[2013/01/13 01:35:45 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\LuvNamie\AppData\Roaming\Mozilla\Firefox\Profiles\ps2yaq9o.default\extensions\[email protected]
[2013/04/17 18:49:55 | 000,686,247 | ---- | M] () (No name found) -- C:\Users\LuvNamie\AppData\Roaming\Mozilla\Firefox\Profiles\ps2yaq9o.default\extensions\[email protected]
[2013/02/16 01:53:41 | 000,021,861 | ---- | M] () (No name found) -- C:\Users\LuvNamie\AppData\Roaming\Mozilla\Firefox\Profiles\ps2yaq9o.default\extensions\[email protected]
[2013/01/13 01:35:41 | 000,177,357 | ---- | M] () (No name found) -- C:\Users\LuvNamie\AppData\Roaming\Mozilla\Firefox\Profiles\ps2yaq9o.default\extensions\{c36177c0-224a-11da-8cd6-0800200c9a91}.xpi
[2013/02/15 01:11:39 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\LuvNamie\AppData\Roaming\Mozilla\Firefox\Profiles\ps2yaq9o.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/04/13 02:01:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/04/13 02:02:23 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013/01/05 12:45:12 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013/02/27 11:06:23 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://start.toshiba.com/?cid=C001B2Y
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\8.0.552.224\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\8.0.552.224\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\8.0.552.224\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U20 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Best Buy pc app Detector (Enabled) = C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2013/02/17 13:22:06 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\Toshiba\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe (Conexant systems, Inc.)
O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\Toshiba\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\Toshiba\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [Gadwin PrintScreen] C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe (Gadwin Systems, Inc)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_Plugin.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Users\LuvNamie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\LuvNamie\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\LuvNamie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O13 - gopher Prefix: missing
O16:64bit: - DPF: {6CE20149-ABE3-462E-A1B4-5B549971AA38} Reg Error: Key error. (Reg Error: Key error.)
O16 - DPF: {477D5B9A-6479-44F8-9718-9340119B0308} http://bank.keb.co.k.../veraport20.cab (Veraport20Ctl Class)
O16 - DPF: {967386A1-409E-431A-A93A-FB5FEFF86A58} http://bank.keb.co.k...rt/veraport.cab (AXMObjectCtl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 168.126.63.1 168.126.63.2 192.168.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2CA4C9ED-F005-424A-8141-EB4BC5926ACF}: DhcpNameServer = 168.126.63.1 168.126.63.2 192.168.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5F4FB25D-DBB1-49E2-944D-DFE067572678}: DhcpNameServer = 192.168.10.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/04/21 00:16:26 | 000,138,320 | R--- | C] (SoftSecurity Co., Ltd.) -- C:\windows\SysWow64\CKAgent.exe
[2013/04/21 00:16:26 | 000,137,128 | R--- | C] (SoftSecurity Co., Ltd.) -- C:\windows\SysNative\CKAgent.exe
[2013/04/21 00:15:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wizvera
[2013/04/18 23:40:34 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2013/04/18 23:40:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Macrovision Shared
[2013/04/18 23:40:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rosetta Stone
[2013/04/18 23:40:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rosetta Stone
[2013/04/18 23:40:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Rosetta Stone
[2013/04/16 20:52:17 | 000,000,000 | ---D | C] -- C:\Users\LuvNamie\.thinkorswim
[2013/04/14 02:14:21 | 000,000,000 | ---D | C] -- C:\Users\LuvNamie\AppData\Roaming\Foxit Software
[2013/04/13 02:01:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/04/12 03:01:14 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2013/04/12 03:01:13 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2013/04/12 03:01:12 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe
[2013/04/12 03:01:11 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll
[2013/04/12 03:01:11 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll
[2013/04/12 03:01:11 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll
[2013/04/12 03:01:10 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2013/04/12 03:01:10 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesysprep.dll
[2013/04/12 03:01:10 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesysprep.dll
[2013/04/12 03:01:10 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\RegisterIEPKEYs.exe
[2013/04/12 03:01:10 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\RegisterIEPKEYs.exe
[2013/04/12 03:01:10 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll
[2013/04/12 03:01:06 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2013/04/12 03:01:06 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2013/04/12 03:01:05 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2013/04/12 00:17:32 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe
[2013/04/12 00:17:32 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe
[2013/04/12 00:17:31 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe
[2013/04/12 00:17:31 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\smss.exe
[2013/04/12 00:17:31 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\csrsrv.dll
[2013/04/12 00:17:31 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\apisetschema.dll
[2013/04/12 00:17:23 | 003,717,632 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mstscax.dll
[2013/04/12 00:17:22 | 003,217,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mstscax.dll
[2013/04/12 00:17:18 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\aaclient.dll
[2013/04/12 00:17:18 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\aaclient.dll
[2013/04/12 00:17:18 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\tsgqec.dll
[2013/04/12 00:17:15 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\tsgqec.dll
[2013/04/03 17:34:19 | 001,054,720 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MsSpellCheckingFacility.exe
[2013/04/03 17:34:18 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmlmedia.dll
[2013/04/03 17:34:18 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\elshyph.dll
[2013/04/03 17:34:18 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\elshyph.dll
[2013/04/03 17:34:18 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msrating.dll
[2013/04/03 17:34:18 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iexpress.exe
[2013/04/03 17:34:18 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wextract.exe
[2013/04/03 17:34:18 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inseng.dll
[2013/04/03 17:34:18 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2013/04/03 17:34:17 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2013/04/03 17:34:17 | 000,125,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\occache.dll
[2013/04/03 17:34:17 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iepeers.dll
[2013/04/03 17:34:17 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\IEAdvpack.dll
[2013/04/03 17:34:17 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\SetIEInstalledDate.exe
[2013/04/03 17:34:17 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\pngfilt.dll
[2013/04/03 17:34:17 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmler.dll
[2013/04/03 17:34:17 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msfeedssync.exe
[2013/04/03 17:34:16 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2013/04/03 17:34:16 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dat
[2013/04/03 17:34:16 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dll
[2013/04/03 17:34:16 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\html.iec
[2013/04/03 17:34:16 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2013/04/03 17:34:16 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msrating.dll
[2013/04/03 17:34:16 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\icardie.dll
[2013/04/03 17:34:16 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\tdc.ocx
[2013/04/03 17:34:16 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\licmgr10.dll
[2013/04/03 17:34:15 | 001,509,376 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2013/04/03 17:34:15 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dat
[2013/04/03 17:34:15 | 000,905,728 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmlmedia.dll
[2013/04/03 17:34:15 | 000,762,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dll
[2013/04/03 17:34:15 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll
[2013/04/03 17:34:15 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dxtmsft.dll
[2013/04/03 17:34:15 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\html.iec
[2013/04/03 17:34:15 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dxtrans.dll
[2013/04/03 17:34:15 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2013/04/03 17:34:15 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msls31.dll
[2013/04/03 17:34:15 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2013/04/03 17:34:15 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iexpress.exe
[2013/04/03 17:34:15 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\occache.dll
[2013/04/03 17:34:15 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wextract.exe
[2013/04/03 17:34:15 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inseng.dll
[2013/04/03 17:34:15 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2013/04/03 17:34:15 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\icardie.dll
[2013/04/03 17:34:15 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\pngfilt.dll
[2013/04/03 17:34:15 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\imgutil.dll
[2013/04/03 17:34:15 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\licmgr10.dll
[2013/04/03 17:34:15 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshta.exe
[2013/04/03 17:34:14 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iepeers.dll
[2013/04/03 17:34:14 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\IEAdvpack.dll
[2013/04/03 17:34:14 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\SetIEInstalledDate.exe
[2013/04/03 17:34:14 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\tdc.ocx
[2013/04/03 17:34:14 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmler.dll
[2013/04/03 17:34:14 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeedssync.exe
[2013/04/03 17:32:09 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XpsPrint.dll
[2013/04/03 17:32:09 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XpsPrint.dll
[2013/04/03 17:32:09 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XpsGdiConverter.dll
[2013/04/03 17:32:09 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WMPhoto.dll
[2013/04/03 17:32:09 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XpsGdiConverter.dll
[2013/04/03 17:32:09 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013/04/03 17:32:09 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013/04/03 17:32:09 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013/04/03 17:32:09 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013/04/03 17:32:09 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013/04/03 17:32:09 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013/04/03 17:32:09 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013/04/03 17:32:09 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013/04/03 17:32:09 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
[2013/04/03 17:32:09 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll
[2013/04/03 17:32:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013/04/03 17:32:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013/04/03 17:32:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
[2013/04/03 17:32:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll
[2013/04/03 17:32:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013/04/03 17:32:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013/04/03 17:32:09 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013/04/03 17:32:09 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013/04/03 17:32:08 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d2d1.dll
[2013/04/03 17:32:08 | 002,776,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msmpeg2vdec.dll
[2013/04/03 17:32:08 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3d10warp.dll
[2013/04/03 17:32:08 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msmpeg2vdec.dll
[2013/04/03 17:32:08 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3d11.dll
[2013/04/03 17:32:08 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\DWrite.dll
[2013/04/03 17:32:08 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3d11.dll
[2013/04/03 17:32:08 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WindowsCodecs.dll
[2013/04/03 17:32:08 | 001,238,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3d10.dll
[2013/04/03 17:32:08 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3d10level9.dll
[2013/04/03 17:32:08 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WMPhoto.dll
[2013/04/03 17:32:08 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dxgi.dll
[2013/04/03 17:32:08 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3d10_1core.dll
[2013/04/03 17:32:08 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3d10core.dll
[2013/04/03 17:32:08 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WindowsCodecsExt.dll
[2013/04/03 17:32:08 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3d10_1.dll
[2013/04/03 17:32:07 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\UIAnimation.dll
[2013/04/03 17:32:07 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\UIAnimation.dll
[2013/03/31 23:58:53 | 000,976,384 | ---- | C] (Quick And Easy Software) -- C:\Users\LuvNamie\Desktop\USB_Disk_Eject.exe
[2013/03/24 21:55:14 | 000,659,456 | ---- | C] (http://mikelab.kiev.ua/) -- C:\vmt.exe
[2013/03/24 21:19:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
[2013/03/24 21:19:34 | 000,000,000 | ---D | C] -- C:\Program Files\CPUID
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/04/21 01:23:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/04/21 00:16:27 | 000,141,848 | ---- | M] (Kings Information & Network) -- C:\windows\SysNative\kcrtx64.sys
[2013/04/21 00:16:27 | 000,019,016 | ---- | M] (Soft Security Corporation) -- C:\windows\SysNative\JRSUKD25.SYS
[2013/04/21 00:16:26 | 000,138,320 | R--- | M] (SoftSecurity Co., Ltd.) -- C:\windows\SysWow64\CKAgent.exe
[2013/04/21 00:16:26 | 000,137,128 | R--- | M] (SoftSecurity Co., Ltd.) -- C:\windows\SysNative\CKAgent.exe
[2013/04/20 13:48:22 | 000,726,316 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/04/20 13:48:22 | 000,624,178 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/04/20 13:48:22 | 000,106,522 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/04/20 13:46:15 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/04/18 18:45:58 | 000,001,119 | ---- | M] () -- C:\Users\LuvNamie\Desktop\mind movie - present future v3 - Shortcut.lnk
[2013/04/18 18:45:58 | 000,001,063 | ---- | M] () -- C:\Users\LuvNamie\Desktop\Mind Movie - wealth v2 - Shortcut.lnk
[2013/04/18 18:45:06 | 000,020,888 | ---- | M] () -- C:\Users\LuvNamie\Desktop\13-04 - CSX.png
[2013/04/18 18:44:09 | 000,019,064 | ---- | M] () -- C:\Users\LuvNamie\Desktop\13-03 - AAPL.png
[2013/04/18 18:43:09 | 000,019,225 | ---- | M] () -- C:\Users\LuvNamie\Desktop\13-02- ABT.png
[2013/04/15 19:26:59 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/04/15 19:26:59 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/04/14 22:35:58 | 000,613,083 | ---- | M] () -- C:\Users\LuvNamie\Desktop\adwcleaner.exe
[2013/04/14 14:43:41 | 000,001,067 | ---- | M] () -- C:\Users\LuvNamie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013/04/14 14:43:34 | 000,001,041 | ---- | M] () -- C:\Users\LuvNamie\Desktop\Dropbox.lnk
[2013/04/14 14:39:08 | 3180,220,416 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/14 14:33:12 | 001,706,127 | ---- | M] () -- C:\Users\LuvNamie\Desktop\Logfile norm.CSV
[2013/04/14 14:30:12 | 001,706,127 | ---- | M] () -- C:\Users\LuvNamie\Desktop\Logfile w prof events.CSV
[2013/04/12 03:22:26 | 005,037,960 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013/04/04 23:31:59 | 000,010,240 | ---- | M] () -- C:\Users\LuvNamie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/04/03 17:34:19 | 001,054,720 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\MsSpellCheckingFacility.exe
[2013/04/03 17:34:18 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmlmedia.dll
[2013/04/03 17:34:18 | 000,226,304 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\elshyph.dll
[2013/04/03 17:34:18 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\elshyph.dll
[2013/04/03 17:34:18 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\msrating.dll
[2013/04/03 17:34:18 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iexpress.exe
[2013/04/03 17:34:18 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\wextract.exe
[2013/04/03 17:34:18 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\inseng.dll
[2013/04/03 17:34:18 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2013/04/03 17:34:18 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\pngfilt.dll
[2013/04/03 17:34:17 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2013/04/03 17:34:17 | 000,125,440 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\occache.dll
[2013/04/03 17:34:17 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iepeers.dll
[2013/04/03 17:34:17 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\IEAdvpack.dll
[2013/04/03 17:34:17 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\SetIEInstalledDate.exe
[2013/04/03 17:34:17 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmler.dll
[2013/04/03 17:34:17 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\msfeedssync.exe
[2013/04/03 17:34:16 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2013/04/03 17:34:16 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dat
[2013/04/03 17:34:16 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dll
[2013/04/03 17:34:16 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\html.iec
[2013/04/03 17:34:16 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2013/04/03 17:34:16 | 000,216,064 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msls31.dll
[2013/04/03 17:34:16 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msrating.dll
[2013/04/03 17:34:16 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\icardie.dll
[2013/04/03 17:34:16 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\tdc.ocx
[2013/04/03 17:34:16 | 000,025,185 | ---- | M] () -- C:\windows\SysWow64\ieuinit.inf
[2013/04/03 17:34:16 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\licmgr10.dll
[2013/04/03 17:34:15 | 001,509,376 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2013/04/03 17:34:15 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dat
[2013/04/03 17:34:15 | 000,905,728 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mshtmlmedia.dll
[2013/04/03 17:34:15 | 000,762,368 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dll
[2013/04/03 17:34:15 | 000,599,552 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll
[2013/04/03 17:34:15 | 000,452,096 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\dxtmsft.dll
[2013/04/03 17:34:15 | 000,441,856 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\html.iec
[2013/04/03 17:34:15 | 000,281,600 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\dxtrans.dll
[2013/04/03 17:34:15 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2013/04/03 17:34:15 | 000,173,568 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2013/04/03 17:34:15 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iexpress.exe
[2013/04/03 17:34:15 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\occache.dll
[2013/04/03 17:34:15 | 000,144,896 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wextract.exe
[2013/04/03 17:34:15 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iepeers.dll
[2013/04/03 17:34:15 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\inseng.dll
[2013/04/03 17:34:15 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2013/04/03 17:34:15 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\icardie.dll
[2013/04/03 17:34:15 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\pngfilt.dll
[2013/04/03 17:34:15 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\imgutil.dll
[2013/04/03 17:34:15 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\licmgr10.dll
[2013/04/03 17:34:15 | 000,025,185 | ---- | M] () -- C:\windows\SysNative\ieuinit.inf
[2013/04/03 17:34:15 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mshta.exe
[2013/04/03 17:34:14 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\IEAdvpack.dll
[2013/04/03 17:34:14 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\SetIEInstalledDate.exe
[2013/04/03 17:34:14 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\tdc.ocx
[2013/04/03 17:34:14 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mshtmler.dll
[2013/04/03 17:34:14 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msfeedssync.exe
[2013/04/03 17:32:09 | 002,284,544 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\msmpeg2vdec.dll
[2013/04/03 17:32:09 | 001,682,432 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\XpsPrint.dll
[2013/04/03 17:32:09 | 001,158,144 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\XpsPrint.dll
[2013/04/03 17:32:09 | 000,522,752 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\XpsGdiConverter.dll
[2013/04/03 17:32:09 | 000,465,920 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\WMPhoto.dll
[2013/04/03 17:32:09 | 000,364,544 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\XpsGdiConverter.dll
[2013/04/03 17:32:09 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013/04/03 17:32:09 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013/04/03 17:32:09 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013/04/03 17:32:09 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013/04/03 17:32:09 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013/04/03 17:32:09 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013/04/03 17:32:09 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013/04/03 17:32:09 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013/04/03 17:32:09 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
[2013/04/03 17:32:09 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll
[2013/04/03 17:32:09 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013/04/03 17:32:09 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013/04/03 17:32:09 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
[2013/04/03 17:32:09 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll
[2013/04/03 17:32:09 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013/04/03 17:32:09 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013/04/03 17:32:09 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013/04/03 17:32:09 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013/04/03 17:32:08 | 003,928,064 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\d2d1.dll
[2013/04/03 17:32:08 | 002,776,576 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msmpeg2vdec.dll
[2013/04/03 17:32:08 | 002,565,120 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\d3d10warp.dll
[2013/04/03 17:32:08 | 001,887,232 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\d3d11.dll
[2013/04/03 17:32:08 | 001,643,520 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\DWrite.dll
[2013/04/03 17:32:08 | 001,504,768 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\d3d11.dll
[2013/04/03 17:32:08 | 001,424,384 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\WindowsCodecs.dll
[2013/04/03 17:32:08 | 001,238,528 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\d3d10.dll
[2013/04/03 17:32:08 | 000,648,192 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\d3d10level9.dll
[2013/04/03 17:32:08 | 000,417,792 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\WMPhoto.dll
[2013/04/03 17:32:08 | 000,363,008 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\dxgi.dll
[2013/04/03 17:32:08 | 000,333,312 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\d3d10_1core.dll
[2013/04/03 17:32:08 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\d3d10core.dll
[2013/04/03 17:32:08 | 000,245,248 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\WindowsCodecsExt.dll
[2013/04/03 17:32:08 | 000,194,560 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\d3d10_1.dll
[2013/04/03 17:32:08 | 000,187,392 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\UIAnimation.dll
[2013/04/03 17:32:07 | 000,221,184 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\UIAnimation.dll
[2013/03/26 19:12:57 | 000,000,045 | ---- | M] () -- C:\Users\LuvNamie\Documents\- XLF - financials.csv
[2013/03/26 19:12:52 | 000,000,050 | ---- | M] () -- C:\Users\LuvNamie\Documents\- XLE - energy.csv
[2013/03/26 19:12:48 | 000,000,048 | ---- | M] () -- C:\Users\LuvNamie\Documents\- XLB - materials.csv
[2013/03/24 22:04:25 | 000,039,093 | ---- | M] () -- C:\Users\LuvNamie\Desktop\video test.png
[2013/03/24 21:20:41 | 000,001,037 | ---- | M] () -- C:\Users\Public\Desktop\CPUID CPU-Z.lnk
[2013/03/24 21:05:59 | 001,688,976 | ---- | M] ( ) -- C:\Users\LuvNamie\Desktop\cpu-z_1.63-setup-en.exe
[2013/03/22 21:04:20 | 000,001,779 | ---- | M] () -- C:\Users\Public\Desktop\Defraggler.lnk
[2013/03/22 21:04:20 | 000,000,877 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/03/22 20:54:25 | 000,027,168 | ---- | M] () -- C:\Users\LuvNamie\Desktop\Intel Driver - before rollback.png
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/04/18 18:45:02 | 000,020,888 | ---- | C] () -- C:\Users\LuvNamie\Desktop\13-04 - CSX.png
[2013/04/18 18:44:09 | 000,019,064 | ---- | C] () -- C:\Users\LuvNamie\Desktop\13-03 - AAPL.png
[2013/04/18 18:43:08 | 000,019,225 | ---- | C] () -- C:\Users\LuvNamie\Desktop\13-02- ABT.png
[2013/04/14 22:35:49 | 000,613,083 | ---- | C] () -- C:\Users\LuvNamie\Desktop\adwcleaner.exe
[2013/04/14 14:33:12 | 001,706,127 | ---- | C] () -- C:\Users\LuvNamie\Desktop\Logfile norm.CSV
[2013/04/14 14:30:12 | 001,706,127 | ---- | C] () -- C:\Users\LuvNamie\Desktop\Logfile w prof events.CSV
[2013/04/03 17:34:16 | 000,025,185 | ---- | C] () -- C:\windows\SysWow64\ieuinit.inf
[2013/04/03 17:34:15 | 000,025,185 | ---- | C] () -- C:\windows\SysNative\ieuinit.inf
[2013/03/26 19:12:57 | 000,000,045 | ---- | C] () -- C:\Users\LuvNamie\Documents\- XLF - financials.csv
[2013/03/26 19:12:52 | 000,000,050 | ---- | C] () -- C:\Users\LuvNamie\Documents\- XLE - energy.csv
[2013/03/26 19:12:48 | 000,000,048 | ---- | C] () -- C:\Users\LuvNamie\Documents\- XLB - materials.csv
[2013/03/24 22:04:25 | 000,039,093 | ---- | C] () -- C:\Users\LuvNamie\Desktop\video test.png
[2013/03/24 21:19:35 | 000,001,037 | ---- | C] () -- C:\Users\Public\Desktop\CPUID CPU-Z.lnk
[2013/03/24 21:05:45 | 001,688,976 | ---- | C] ( ) -- C:\Users\LuvNamie\Desktop\cpu-z_1.63-setup-en.exe
[2013/03/24 18:21:17 | 000,001,119 | ---- | C] () -- C:\Users\LuvNamie\Desktop\mind movie - present future v3 - Shortcut.lnk
[2013/03/24 18:21:17 | 000,001,063 | ---- | C] () -- C:\Users\LuvNamie\Desktop\Mind Movie - wealth v2 - Shortcut.lnk
[2013/03/22 20:54:25 | 000,027,168 | ---- | C] () -- C:\Users\LuvNamie\Desktop\Intel Driver - before rollback.png
[2013/03/17 01:14:17 | 000,010,240 | ---- | C] () -- C:\Users\LuvNamie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/02/17 13:14:42 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2013/02/17 13:14:42 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2013/02/17 13:14:42 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2013/02/17 13:14:42 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2013/02/17 13:14:42 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2013/01/20 00:18:05 | 000,072,272 | ---- | C] () -- C:\windows\SysWow64\cosa.dll
[2013/01/20 00:18:05 | 000,015,512 | ---- | C] () -- C:\windows\SysWow64\IRTrace.dll
[2013/01/13 11:28:16 | 000,451,072 | ---- | C] () -- C:\windows\SysWow64\ISSRemoveSP.exe

========== ZeroAccess Check ==========

[2009/07/14 13:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 14:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 13:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 10:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 12:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 10:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
  • 0

#37
evolnomis

evolnomis

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
ok...after pasting your instructions on geekstogo, i finally understood what you wanted me to do...below is my ADWcleaner log

# AdwCleaner v2.200 - Logfile created 04/21/2013 at 02:22:09
# Updated 02/04/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : LuvNamie - LUVNAMIE-PC
# Boot Mode : Normal
# Running from : C:\Users\LuvNamie\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Program Files (x86)\Ask.com
Folder Deleted : C:\ProgramData\APN
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\Users\LuvNamie\AppData\LocalLow\AskToolbar
Folder Deleted : C:\windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registry] *****

Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\Software\APN
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Software
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16537

[OK] Registry is clean.

-\\ Mozilla Firefox v20.0.1 (en-US)

File : C:\Users\LuvNamie\AppData\Roaming\Mozilla\Firefox\Profiles\ps2yaq9o.default\prefs.js

Deleted : user_pref("extensions.asktb.InstallDir", "C:\\Program Files (x86)\\Ask.com\\");
Deleted : user_pref("extensions.asktb.apn_dbr", "ff_18.0.2");
Deleted : user_pref("extensions.asktb.autofill-competitor-query-enabled", true);
Deleted : user_pref("extensions.asktb.cbid", "^RV");
Deleted : user_pref("extensions.asktb.config-updated", false);
Deleted : user_pref("extensions.asktb.crumb", "2013.02.26+10.53.07-toolbar005iad-KR-U2VvdWwsIEtvcmVh");
Deleted : user_pref("extensions.asktb.default-channel-url-mask", "hxxp://www.ask.com/web?q={query}&o={o}&l={l}[...]
Deleted : user_pref("extensions.asktb.displaybehavior", "");
Deleted : user_pref("extensions.asktb.displaytext", "");
Deleted : user_pref("extensions.asktb.dtid", "^YYYYYY^YY^KR");
Deleted : user_pref("extensions.asktb.dyn-weather-do-locid-lookup-weatherWidget", false);
Deleted : user_pref("extensions.asktb.dyn-weather-locid-weatherWidget", "KSXX0037");
Deleted : user_pref("extensions.asktb.dyn-weather-tempunit-weatherWidget", "C");
Deleted : user_pref("extensions.asktb.fresh-install", false);
Deleted : user_pref("extensions.asktb.guid", "cf458764-9aba-4d95-b5a2-fa44481814de");
Deleted : user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com[...]
Deleted : user_pref("extensions.asktb.if", "first");
Deleted : user_pref("extensions.asktb.keyword-toggled-in-session", false);
Deleted : user_pref("extensions.asktb.l", "dis");
Deleted : user_pref("extensions.asktb.last-config-req", "1361928548318");
Deleted : user_pref("extensions.asktb.locale", "en_US");
Deleted : user_pref("extensions.asktb.location", "Seoul, Korea");
Deleted : user_pref("extensions.asktb.lstation", "");
Deleted : user_pref("extensions.asktb.new-tab-opt-out", true);
Deleted : user_pref("extensions.asktb.news-native-on", true);
Deleted : user_pref("extensions.asktb.o", "15863");
Deleted : user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
Deleted : user_pref("extensions.asktb.pstate", "");
Deleted : user_pref("extensions.asktb.qsrc", "2871");
Deleted : user_pref("extensions.asktb.r", "19");
Deleted : user_pref("extensions.asktb.sa", "NO");
Deleted : user_pref("extensions.asktb.search-suggestions-enabled", true);
Deleted : user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", false);
Deleted : user_pref("extensions.asktb.socialmini-first", true);
Deleted : user_pref("extensions.asktb.socialmini-interval", "1200000");
Deleted : user_pref("extensions.asktb.socialmini-max-char-ticker", "33");
Deleted : user_pref("extensions.asktb.socialmini-max-items", "30");
Deleted : user_pref("extensions.asktb.socialmini-native-on", true);
Deleted : user_pref("extensions.asktb.socialmini-speed", "10000");
Deleted : user_pref("extensions.asktb.socialmini-transition-first-open", false);
Deleted : user_pref("extensions.asktb.themeid", "");
Deleted : user_pref("extensions.asktb.timeinstalled", "2/27/2013 3:53:21 AM");
Deleted : user_pref("extensions.asktb.to", "");
Deleted : user_pref("extensions.asktb.v", "3.17.3.100013");
Deleted : user_pref("extensions.asktb.version", "5.17.3.36670");
Deleted : user_pref("extensions.asktb.volume", "");

-\\ Google Chrome v [Unable to get version]

File : C:\Users\LuvNamie\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [5697 octets] - [21/04/2013 02:07:46]
AdwCleaner[S1].txt - [5780 octets] - [21/04/2013 02:22:09]

########## EOF - C:\AdwCleaner[S1].txt - [5840 octets] ##########
  • 0

#38
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,799 posts
  • MVP
Download RogueKiller to your desktop

  • Quit all running programs
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • When prompted, type 1 and validate
  • The RKreport.txt shall be generated next to the executable.
  • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
Please post the contents of the RKreport.txt in your next Reply.
  • 0

#39
evolnomis

evolnomis

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : LuvNamie [Admin rights]
Mode : Scan -- Date : 04/21/2013 15:01:48
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 8 ¤¤¤
[STARTUP][SUSP PATH] Best Buy pc app.lnk @Default : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe [x] -> FOUND
[STARTUP][SUSP PATH] Best Buy pc app.lnk @Default User : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe [x] -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK3265GSXN +++++
--- User ---
[MBR] 009231e4d18291531500ff704795d4cb
[BSP] 515e9b5aac8581177205d512355e9b89 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 61440 Mo
2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 128903168 | Size: 228246 Mo
3 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 596350976 | Size: 14058 Mo
Error reading LL1 MBR!
User = LL2 ... OK!

Finished : << RKreport[1]_S_04212013_02d1501.txt >>
RKreport[1]_S_04212013_02d1501.txt
  • 0

#40
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,799 posts
  • MVP
Quit all running programs and run RogueKiller once again.

  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • When prompted, type 2 and validate
  • The RKreport.txt shall be generated next to the executable.
  • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe

Please post the contents of the RKreport.txt in your next Reply.

Rename the MBR.dat you got from running aswMBR to MBR.txt and ATTACH it to your reply. If you can't find it then run aswMBR again. It will tell you where it created it.
  • 0

Advertisements


#41
evolnomis

evolnomis

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
I ran it again with no programs running, and it looks exactly the same: ( i believe i ran it the first time with all programs off as well...if there a program you see open that i am neglecting to close first?)

RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : LuvNamie [Admin rights]
Mode : Scan -- Date : 04/22/2013 01:07:14
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 8 ¤¤¤
[STARTUP][SUSP PATH] Best Buy pc app.lnk @Default : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe [x] -> FOUND
[STARTUP][SUSP PATH] Best Buy pc app.lnk @Default User : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe [x] -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK3265GSXN +++++
--- User ---
[MBR] 009231e4d18291531500ff704795d4cb
[BSP] 515e9b5aac8581177205d512355e9b89 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 61440 Mo
2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 128903168 | Size: 228246 Mo
3 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 596350976 | Size: 14058 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_S_04222013_02d0107.txt >>
RKreport[1]_S_04212013_02d1501.txt ; RKreport[2]_S_04222013_02d0107.txt

Attached Files


  • 0

#42
evolnomis

evolnomis

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
oops...didn't understand about MBR.dat until after i realized u didn't want the log and sent the wrong file...

Attached Files

  • Attached File  MBR.txt   512bytes   44 downloads

Edited by evolnomis, 27 April 2013 - 08:56 AM.

  • 0

#43
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,799 posts
  • MVP
The second run of RogueKiller you should have told it "2" so that it could correct the stuff it found. The close all programs is just part of the canned instructions.

Your mbr looks a bit odd. Do you know what partition 3 is?

23:37:00.401 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
23:37:00.401 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 61440 MB offset 3074048
23:37:00.401 Disk 0 Partition - 00 0F Extended LBA 228246 MB offset 128903168
23:37:00.432 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 14058 MB offset 596350976
23:37:00.463 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 228245 MB offset 128905216

Usually we do not see a type 17 partition on a clean system. It's not trying to boot from it so I don't think it can hurt anything but it looks strange and is hidden for some reason.


Have we tried this yet?

Try creating a bootable CD using Hiren's Boot CD:

http://www.hirensboo...BootCD.15.2.zip

Download, save and then right click on it and Extract All. Click on BurnToCD.cmd and follow the instructions to burn the CD. Then move the CD to the sick PC and boot off the CD. (You may need to change the boot order so the CD drive comes before the hard drive. See: http://www.hirensboo...-order-in-bios/ )
Boot into MiniXP. This will give you a fake Windows XP desktop. Do you still see a lag?
  • 0

#44
evolnomis

evolnomis

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
In all the times that i did Rogue Killer, never once did it ask me to type any number. I just ran it again to make sure and in the prescan and after i hit the "scan" button to scan, it asked to type 2...i tried to press "2" anyway just on the default screen and nothing happened....there is a menu i have to open up to have this option to type 2?

and i have no idea what the 3rd partition is. may it be the backup windows system files that were placed in my computer at purchase?

i haven't tried to boot up cd yet..i will try that soon.

Thanks!
  • 0

#45
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,799 posts
  • MVP
I was going by the canned stuff on our internal website for Rogue killer. I'll run Rogue Killer on my PC and see if I can figure out what you have to do and get back to you.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP