========== Internet Explorer ==========
IE:
64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://toshiba13.msn.com
IE:
64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
http://mystart.toshiba.com [binary data]
IE:
64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages =
http://mystart.toshiba.com [binary data]
IE:
64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://toshiba13.msn.com
IE:
64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:
64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" =
http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
IE:
64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}: "URL" =
http://dts.search-results.com/sr?sr...0646&apn_uid=3102200267094712&q={searchTerms}
IE:
64bit: - HKLM\..\SearchScopes\{C8536E90-9194-487A-95E3-620EABD71CEB}: "URL" =
http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATBJS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://toshiba13.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
http://mystart.toshiba.com [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/?fr=befhp&type=ie-hp
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{5a1d0d31-749c-4186-a295-4106e6e7b26a}: "URL" =
http://search.mywebsearch.com/myweb...n=77ee8d8e&psa=&st=sb&searchfor={searchTerms}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" =
http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}: "URL" =
http://dts.search-results.com/sr?sr...0646&apn_uid=3102200267094712&q={searchTerms}
IE - HKLM\..\SearchScopes\{C8536E90-9194-487A-95E3-620EABD71CEB}: "URL" =
http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATBJS
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://toshiba13.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
http://mystart.toshiba.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/?ilc=17
IE - HKCU\..\SearchScopes,DefaultScope = {39B3CDEA-15F2-43A9-82AF-6468FE48C100}
IE - HKCU\..\SearchScopes\{39B3CDEA-15F2-43A9-82AF-6468FE48C100}: "URL" =
http://websearch.shopathome.com?user_id=%guid&q={searchTerms}
IE - HKCU\..\SearchScopes\{4F792DE0-CDD8-46A4-87F5-ABF38F575713}: "URL" =
http://www.mysearchresults.com/search?&c=2652&t=03&q={searchTerms}
IE - HKCU\..\SearchScopes\{5a1d0d31-749c-4186-a295-4106e6e7b26a}: "URL" =
http://search.mywebsearch.com/myweb...n=77ee8d8e&psa=&st=sb&searchfor={searchTerms}
IE - HKCU\..\SearchScopes\{643D3DC5-E0B3-4A86-ABE7-DB0A649F2340}: "URL" =
http://safesearchr.lavasoft.com/?so...1B16B3204439B10A35C50ED9F81F7&q={searchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" =
http://www.google.com/search?q={sea...putEncoding}&sourceid=ie7&rlz=1I7GGHP_enUS516
IE - HKCU\..\SearchScopes\{93B90315-E525-4B5A-B0F3-B1D39F716BAC}: "URL" =
http://search.yahoo.com/search?ei=utf-8&fr=befds&p={searchTerms}&type=ie-ds
IE - HKCU\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" =
http://search.coupons.com/search.asp?p=df&q={searchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}: "URL" =
http://dts.search-results.com/sr?sr...0646&apn_uid=3102200267094712&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF:
64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@CouponXplorer_5z.com/Plugin: File not found
FF - HKLM\Software\MozillaPlugins\@ei.CouponAlert_2p.com/Plugin: File not found
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\5zffxtbr@CouponXplorer_5z.com: C:\Program Files (x86)\CouponXplorer_5z\bar\2.bin [2013/01/23 19:19:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\IPSFFPlgn\ [2013/01/23 22:01:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\coFFPlgn\ [2013/01/24 11:23:42 | 000,000,000 | ---D | M]
========== Chrome ==========
CHR - homepage:
http://www.searchnu.com/102
CHR - default_search_provider: Search Results (Enabled)
CHR - default_search_provider: search_url =
http://dts.search-results.com/sr?sr...0646&apn_uid=3102200267094712&q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - homepage:
http://www.searchnu.com/102
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\pdf.dll
CHR - plugin: Norton Identity Safe (Enabled) = C:\Users\Davia Ward\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.2.0.18_0\npcoplgn.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\plugins\npMozCouponPrinter.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Coupon Alert Installer Plugin Stub (Enabled) = C:\Program Files (x86)\CouponAlert_2pEI\Installr\1.bin\NP2pEISB.dll
CHR - plugin: MindSpark Toolbar Platform Plugin Stub (Enabled) = C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\NP5zStub.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - plugin: Java(TM) Platform SE 7 U10 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Java Deployment Toolkit 7.0.100.18 (Enabled) = C:\windows\SysWOW64\npDeployJava1.dll
O1 HOSTS File: ([2012/07/26 00:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O2:
64bit: - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files (x86)\SR Toolbar\Datamngr\x64\BrowserConnection.dll (Bandoo Media, inc)
O2:
64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (BeFrugalIEHelper) - {2335A057-CBA6-40F6-A712-C6A7C98F7813} - C:\Program Files (x86)\Common Files\BeFrugal.com\Toolbar\BFTB.dll (Capital Intellect, Inc.)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (ShopAtHome.com Cash Back Helper) - {66516A07-F617-488A-90CF-4E690CFB3C5F} - C:\Users\Davia Ward\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll (ShopAtHome.com)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Search-Results Toolbar) - {7abe12ca-e995-4ab4-9a4e-ef8820a20182} - C:\Program Files (x86)\SR Toolbar\Datamngr\SRTOOL~1\searchresultsDx.dll (APN LLC)
O2 - BHO: (DefaultTab Browser Helper) - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Davia Ward\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll (Search Results LLC.)
O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files (x86)\SR Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc)
O2 - BHO: (Coupon Savings) - {C3F62D94-EEBB-11E1-B88F-CBBD4CC15727} - C:\Program Files (x86)\Coupon Savings\toolbar.dll ()
O2 - BHO: (TBSB07898 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll ()
O3:
64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:
64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:
64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (ShopAtHome.com Toolbar) - {311B58DC-A4DC-4B04-B1B5-60299AD3D803} - C:\Users\Davia Ward\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll (ShopAtHome.com)
O3 - HKLM\..\Toolbar: (BeFrugal.com Toolbar) - {5BA2C4EE-42EF-4E2D-88BE-7271AE4E35B7} - C:\Program Files (x86)\Common Files\BeFrugal.com\Toolbar\BFTB.dll (Capital Intellect, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {65c72339-fb1d-4155-84e1-9afacee02d6f} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Search-Results Toolbar) - {7abe12ca-e995-4ab4-9a4e-ef8820a20182} - C:\Program Files (x86)\SR Toolbar\Datamngr\SRTOOL~1\searchresultsDx.dll (APN LLC)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Coupons.com CouponBar) - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:
64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (ShopAtHome.com Toolbar) - {311B58DC-A4DC-4B04-B1B5-60299AD3D803} - C:\Users\Davia Ward\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll (ShopAtHome.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Coupons.com CouponBar) - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll ()
O4:
64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:
64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:
64bit: - HKLM..\Run: [Logitech Download Assistant] C:\windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:
64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:
64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:
64bit: - HKLM..\Run: [SBRegRebootCleaner] "C:\Program Files (x86)\Ad-Aware Antivirus\SBRC.exe" File not found
O4:
64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\Toshiba\Hotkey\TCrdMain_Win8.exe (TOSHIBA Corporation)
O4:
64bit: - HKLM..\Run: [TecoResident] C:\Program Files\Toshiba\Teco\TecoResident.exe (TOSHIBA Corporation)
O4:
64bit: - HKLM..\Run: [TODDMain] C:\Program Files (x86)\Toshiba\System Setting\TODDMain.exe ()
O4:
64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\Toshiba\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files (x86)\SR Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [ToshibaAppPlace] C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe (Toshiba)
O4 - HKCU..\Run: [Driver Detective] C:\Program Files (x86)\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe (PC Drivers Headquarters)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:
64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13
64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD}
http://utilities.pcpitstop.com/Exterminate2/pcpitstopAntiVirus.dll (PCPitstop AntiVirus)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{430D5376-2A77-4715-9E21-943074C9C52C}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4AC5402D-6D3F-4277-8876-1EE263B4643D}: DhcpNameServer = 10.0.0.1
O18:
64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:
64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:
64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:
64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:
64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:
64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:
64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:
64bit: - HKLM\..comfile [open] -- "%1" %*
O35:
64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:
64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:
64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013/01/24 12:22:29 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Davia Ward\Desktop\OTL.exe
[2013/01/24 12:10:28 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Davia Ward\Desktop\aswmbr.exe
[2013/01/24 11:41:51 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\Desktop\TDSSKiller.2.8.15.0_24.01.2013_11.34.10_log
[2013/01/24 11:33:07 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Davia Ward\Desktop\tdsskiller.exe
[2013/01/24 11:26:59 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\Desktop\RK_Quarantine
[2013/01/24 11:10:06 | 000,000,000 | ---D | C] -- C:\windows\pss
[2013/01/24 09:59:06 | 005,114,096 | ---- | C] (PC Cleaners) -- C:\windows\uninst.exe
[2013/01/24 09:59:04 | 000,000,000 | ---D | C] -- C:\ProgramData\PC1Data
[2013/01/24 07:50:35 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\Desktop\mbar-1.01.0.1016
[2013/01/24 01:34:28 | 000,000,000 | ---D | C] -- C:\ProgramData\PCPitstop
[2013/01/24 01:33:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PCPitstop
[2013/01/24 01:03:26 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\Documents\mbar-1.01.0.1016
[2013/01/24 00:14:05 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Davia Ward\Desktop\dds.com
[2013/01/24 00:08:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/01/24 00:08:20 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2013/01/24 00:08:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/01/23 23:47:48 | 000,000,000 | ---D | C] -- C:\TEMP
[2013/01/23 23:44:15 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\AppData\Roaming\PC Utility Kit
[2013/01/23 23:44:15 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\AppData\Roaming\DriverCure
[2013/01/23 23:43:13 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Utility Kit
[2013/01/23 22:02:49 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\Documents\Symantec
[2013/01/23 22:01:10 | 000,177,312 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\SYMEVENT64x86.SYS
[2013/01/23 22:01:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2013/01/23 22:01:10 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2013/01/23 21:59:05 | 001,133,216 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\N360x64\1402010.016\SymEFA64.sys
[2013/01/23 21:59:05 | 000,776,864 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\N360x64\1402010.016\srtsp64.sys
[2013/01/23 21:59:05 | 000,493,216 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\N360x64\1402010.016\SymDS64.sys
[2013/01/23 21:59:05 | 000,432,800 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\N360x64\1402010.016\symnets.sys
[2013/01/23 21:59:05 | 000,224,416 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\N360x64\1402010.016\Ironx64.sys
[2013/01/23 21:59:05 | 000,168,096 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\N360x64\1402010.016\ccSetx64.sys
[2013/01/23 21:59:05 | 000,037,496 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\N360x64\1402010.016\srtspx64.sys
[2013/01/23 21:59:05 | 000,023,448 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\N360x64\1402010.016\SymELAM.sys
[2013/01/23 21:58:30 | 000,000,000 | ---D | C] -- C:\windows\SysNative\drivers\N360x64
[2013/01/23 21:58:30 | 000,000,000 | ---D | C] -- C:\windows\SysNative\drivers\N360x64\1402010.016
[2013/01/23 21:58:28 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
[2013/01/23 21:58:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton 360
[2013/01/23 21:50:26 | 000,000,000 | ---D | C] -- C:\ProgramData\PCSettings
[2013/01/23 21:36:02 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
[2013/01/23 10:15:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013/01/23 09:33:12 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\AppData\Roaming\Stamps.com Internet Postage
[2013/01/23 09:32:42 | 000,000,000 | ---D | C] -- C:\ProgramData\{C243CCC8-5474-45FC-A546-7FBC284A692E}
[2013/01/23 09:32:24 | 000,000,000 | ---D | C] -- C:\ProgramData\{232FC370-3714-4F10-BC93-DA33AA1D6D22}
[2013/01/23 09:32:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stamps.com
[2013/01/23 09:31:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Stamps.com Internet Postage
[2013/01/23 09:31:12 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\AppData\Local\Seven Zip
[2013/01/21 18:06:08 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\Documents\gegl-0.0
[2013/01/21 18:06:08 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\.gimp-2.6
[2013/01/21 16:17:08 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\AppData\Roaming\Brother
[2013/01/21 16:13:00 | 000,376,832 | ---- | C] (Brother Industries, Ltd.) -- C:\windows\SysWow64\BSQ70M.EXE
[2013/01/21 16:12:59 | 000,068,608 | ---- | C] (Brother Industries, Ltd.) -- C:\windows\SysNative\BSQ70L.DLL
[2013/01/21 16:12:59 | 000,011,264 | ---- | C] (Brother Industries, Ltd.) -- C:\windows\SysWow64\BSQ70M.DLL
[2013/01/21 16:09:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother P-touch
[2013/01/21 16:09:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Brother
[2013/01/21 16:09:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Brother
[2013/01/21 15:50:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DefaultTab
[2013/01/21 15:50:04 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\AppData\Roaming\DefaultTab
[2013/01/21 07:50:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
[2013/01/21 07:50:19 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\AppData\Roaming\Yahoo!
[2013/01/21 07:49:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger
[2013/01/21 07:49:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2013/01/21 07:47:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yahoo!
[2013/01/20 12:06:01 | 000,038,096 | ---- | C] (GFI Software) -- C:\windows\SysNative\drivers\gfiark.sys
[2013/01/19 13:20:42 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\Documents\New folder
[2013/01/19 13:06:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Browser Manager
[2013/01/19 10:31:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Wincert
[2013/01/19 10:31:38 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\AppData\Local\jZip
[2013/01/19 10:31:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SR Toolbar
[2013/01/19 10:31:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\jZip
[2013/01/17 11:43:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CouponXplorer_5zEI
[2013/01/15 13:12:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\InboxDollars
[2013/01/15 13:12:48 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\AppData\Local\The Weather Channel
[2013/01/09 11:50:38 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\AppData\Roaming\LavasoftStatistics
[2013/01/09 11:49:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ad-Aware Antivirus
[2013/01/09 11:49:45 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\AppData\Local\Downloaded Installations
[2013/01/09 11:49:38 | 000,014,456 | ---- | C] (GFI Software) -- C:\windows\SysNative\drivers\gfibto.sys
[2013/01/09 11:16:19 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\AppData\Roaming\Malwarebytes
[2013/01/09 11:16:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/01/09 07:50:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Coupon Savings
[2013/01/09 07:43:44 | 000,000,000 | --SD | C] -- C:\ProgramData\SKL
[2013/01/09 07:32:22 | 000,000,000 | -HSD | C] -- C:\windows\syspkgwk
[2013/01/06 19:59:43 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\Documents\Cathy's Parole Plan
[2013/01/06 19:59:14 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\Documents\Cathy's Pics
[2013/01/06 19:58:59 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\Documents\Cathy Parole Pics
[2013/01/05 10:33:08 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\Documents\Robbys Red Velvet Cake_files
[2012/12/31 14:32:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2012/12/31 14:32:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP
[2012/12/31 14:32:20 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2012/12/30 11:17:29 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\AppData\Local\Programs
[2012/12/30 11:17:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\BeFrugal.com
[2012/12/29 20:24:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Coupon Savings
[2012/12/29 20:11:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012/12/29 20:11:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/12/29 20:11:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012/12/29 12:02:14 | 000,000,000 | ---D | C] -- C:\ProgramData\UAB
[2012/12/29 12:02:10 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\AppData\Local\PC_Drivers_Headquarters
[2012/12/29 11:55:48 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Drivers HeadQuarters
[2012/12/29 11:55:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Detective
[2012/12/29 11:54:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Drivers HeadQuarters
[2012/12/29 11:54:34 | 000,000,000 | ---D | C] -- C:\ProgramData\APN
[2012/12/29 11:43:39 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2012/12/29 11:42:56 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\AppData\Local\SlimWare Utilities Inc
[2012/12/29 11:42:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverUpdate
[2012/12/29 11:42:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DriverUpdate
[2012/12/29 11:42:49 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Downloaded Installers
[2012/12/29 11:37:59 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\AppData\Local\HP
[2012/12/29 09:13:36 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\AppData\Roaming\Catalina Marketing Corp
[2012/12/29 09:13:18 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Catalina Marketing Corp
[2012/12/28 17:42:12 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\Documents\OneNote Notebooks
[2012/12/28 16:38:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2012/12/28 16:37:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2012/12/28 16:34:39 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012/12/28 16:34:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2012/12/28 16:33:57 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\AppData\Local\Microsoft Help
[2012/12/28 16:33:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2012/12/28 16:33:33 | 000,000,000 | R--D | C] -- C:\MSOCache
[2012/12/28 15:25:48 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\Documents\old business forms and letters
[2012/12/28 14:13:51 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\AppData\Local\IAC
[2012/12/27 19:59:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Coupons.com CouponBar
[2012/12/27 19:58:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
[2012/12/27 19:58:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Coupons
[2012/12/26 18:13:45 | 000,000,000 | R--D | C] -- C:\Users\Davia Ward\Documents\Scanned Documents
[2012/12/26 18:13:44 | 000,000,000 | ---D | C] -- C:\Users\Davia Ward\Documents\Fax
========== Files - Modified Within 30 Days ==========
[2013/01/24 12:22:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Davia Ward\Desktop\OTL.exe
[2013/01/24 12:10:28 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Davia Ward\Desktop\aswmbr.exe
[2013/01/24 11:47:00 | 000,000,918 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/24 11:41:05 | 000,030,233 | ---- | M] () -- C:\Users\Davia Ward\Desktop\TDSSKiller.2.8.15.0_24.01.2013_11.34.10_log.zip
[2013/01/24 11:33:18 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Davia Ward\Desktop\tdsskiller.exe
[2013/01/24 11:25:42 | 000,768,512 | ---- | M] () -- C:\Users\Davia Ward\Desktop\RogueKiller.exe
[2013/01/24 11:23:45 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/01/24 11:23:26 | 000,000,914 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/24 11:21:41 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013/01/24 11:21:39 | 3338,846,208 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/24 10:40:26 | 005,114,096 | ---- | M] (PC Cleaners) -- C:\windows\uninst.exe
[2013/01/24 07:50:16 | 013,462,931 | ---- | M] () -- C:\Users\Davia Ward\Desktop\mbar-1.01.0.1016.zip
[2013/01/24 00:14:06 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Davia Ward\Desktop\dds.com
[2013/01/24 00:08:23 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/23 22:02:04 | 002,046,180 | ---- | M] () -- C:\windows\SysNative\drivers\N360x64\1402010.016\Cat.DB
[2013/01/23 22:01:10 | 000,177,312 | ---- | M] (Symantec Corporation) -- C:\windows\SysNative\drivers\SYMEVENT64x86.SYS
[2013/01/23 22:01:10 | 000,007,466 | ---- | M] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.CAT
[2013/01/23 22:01:10 | 000,000,855 | ---- | M] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.INF
[2013/01/23 22:01:02 | 000,002,402 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2013/01/23 21:17:27 | 000,000,105 | ---- | M] () -- C:\prefs.js
[2013/01/23 19:25:22 | 000,848,230 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/01/23 19:25:22 | 000,719,418 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/01/23 19:25:22 | 000,132,748 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/01/23 10:15:33 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013/01/23 10:10:27 | 000,381,960 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013/01/23 10:09:24 | 000,001,188 | ---- | M] () -- C:\windows\SysWow64\ServiceConfig.xml
[2013/01/23 09:33:14 | 000,000,036 | -H-- | M] () -- C:\windows\SysWow64\f9t.dat
[2013/01/23 09:33:04 | 000,001,017 | ---- | M] () -- C:\Users\Public\Desktop\Stamps.com.lnk
[2013/01/21 16:28:50 | 000,001,906 | ---- | M] () -- C:\Users\Davia Ward\Application Data\Microsoft\Internet Explorer\Quick Launch\P-touch Editor 5.0.lnk
[2013/01/21 16:28:50 | 000,001,882 | ---- | M] () -- C:\Users\Public\Desktop\P-touch Editor 5.0.lnk
[2013/01/21 16:25:30 | 000,001,918 | ---- | M] () -- C:\Users\Davia Ward\Application Data\Microsoft\Internet Explorer\Quick Launch\P-touch Address Book 1.1.lnk
[2013/01/21 16:11:25 | 000,002,619 | ---- | M] () -- C:\Users\Davia Ward\Application Data\Microsoft\Internet Explorer\Quick Launch\P-touch Update Software.lnk
[2013/01/21 07:49:24 | 000,001,172 | ---- | M] () -- C:\Users\Davia Ward\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2013/01/21 07:49:24 | 000,001,148 | ---- | M] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2013/01/19 19:19:01 | 000,451,203 | ---- | M] () -- C:\Users\Davia Ward\Desktop\ONLINE COPY PASTE PROJECT DOCUMENT.pdf
[2013/01/19 13:41:06 | 000,001,303 | ---- | M] () -- C:\Users\Davia Ward\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2013/01/19 11:47:35 | 001,426,250 | ---- | M] () -- C:\Users\Davia Ward\Documents\Scan0001.png
[2013/01/19 10:37:34 | 013,344,187 | ---- | M] () -- C:\Users\Davia Ward\Documents\Training Part 1-3adds.rar
[2013/01/19 10:31:51 | 000,001,014 | ---- | M] () -- C:\Users\Davia Ward\Application Data\Microsoft\Internet Explorer\Quick Launch\jZip.lnk
[2013/01/19 10:31:50 | 000,000,990 | ---- | M] () -- C:\Users\Davia Ward\Desktop\jZip.lnk
[2013/01/16 12:15:35 | 000,316,129 | ---- | M] () -- C:\Users\Davia Ward\Documents\ncfu1.10.13.pdf
[2013/01/16 12:00:00 | 000,201,189 | ---- | M] () -- C:\Users\Davia Ward\Documents\id.jpg
[2013/01/10 03:07:02 | 000,000,172 | ---- | M] () -- C:\windows\SysNative\drivers\N360x64\1402010.016\isolate.ini
[2013/01/09 11:49:38 | 000,014,456 | ---- | M] (GFI Software) -- C:\windows\SysNative\drivers\gfibto.sys
[2013/01/05 10:33:08 | 000,023,876 | ---- | M] () -- C:\Users\Davia Ward\Documents\Robbys Red Velvet Cake.htm
[2013/01/04 21:48:11 | 002,413,630 | ---- | M] () -- C:\Users\Davia Ward\Documents\Accicdent 1.4.13.pdf
[2012/12/31 14:32:43 | 000,002,283 | ---- | M] () -- C:\Users\Public\Desktop\HP Deskjet 1050 J410 series.lnk
[2012/12/31 14:32:14 | 000,000,057 | ---- | M] () -- C:\ProgramData\Ament.ini
[2012/12/30 11:17:34 | 000,000,430 | ---- | M] () -- C:\windows\tasks\BeFrugal.com Toolbar.job
[2012/12/29 11:43:04 | 000,000,430 | ---- | M] () -- C:\windows\tasks\DriverUpdate Startup.job
[2012/12/29 11:42:58 | 000,015,712 | ---- | M] () -- C:\windows\SysNative\drivers\SWDUMon.sys
========== Files Created - No Company Name ==========
[2013/01/24 11:41:05 | 000,030,233 | ---- | C] () -- C:\Users\Davia Ward\Desktop\TDSSKiller.2.8.15.0_24.01.2013_11.34.10_log.zip
[2013/01/24 11:25:40 | 000,768,512 | ---- | C] () -- C:\Users\Davia Ward\Desktop\RogueKiller.exe
[2013/01/24 07:49:55 | 013,462,931 | ---- | C] () -- C:\Users\Davia Ward\Desktop\mbar-1.01.0.1016.zip
[2013/01/24 00:08:23 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/23 22:01:12 | 002,046,180 | ---- | C] () -- C:\windows\SysNative\drivers\N360x64\1402010.016\Cat.DB
[2013/01/23 22:01:10 | 000,007,466 | ---- | C] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.CAT
[2013/01/23 22:01:10 | 000,000,855 | ---- | C] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.INF
[2013/01/23 22:01:02 | 000,002,402 | ---- | C] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2013/01/23 21:58:31 | 000,009,103 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1402010.016\SymVTcer.dat
[2013/01/23 21:58:31 | 000,003,433 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1402010.016\SymEFA.inf
[2013/01/23 21:58:31 | 000,002,851 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1402010.016\SymDS.inf
[2013/01/23 21:58:31 | 000,001,440 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1402010.016\SymNet.inf
[2013/01/23 21:58:31 | 000,001,437 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1402010.016\srtsp64.inf
[2013/01/23 21:58:31 | 000,001,418 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1402010.016\srtspx64.inf
[2013/01/23 21:58:31 | 000,000,996 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1402010.016\symELAM.inf
[2013/01/23 21:58:31 | 000,000,853 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1402010.016\ccSetx64.inf
[2013/01/23 21:58:31 | 000,000,767 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1402010.016\Iron.inf
[2013/01/23 21:58:30 | 000,009,670 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1402010.016\SymELAM64.cat
[2013/01/23 21:58:30 | 000,007,611 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1402010.016\ccsetx64.cat
[2013/01/23 21:58:30 | 000,007,605 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1402010.016\srtspx64.cat
[2013/01/23 21:58:30 | 000,007,603 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1402010.016\SymEFA64.cat
[2013/01/23 21:58:30 | 000,007,601 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1402010.016\symnet64.cat
[2013/01/23 21:58:30 | 000,007,601 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1402010.016\srtsp64.cat
[2013/01/23 21:58:30 | 000,007,597 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1402010.016\SymDS64.cat
[2013/01/23 21:58:30 | 000,007,593 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1402010.016\iron.cat
[2013/01/23 21:58:30 | 000,000,172 | ---- | C] () -- C:\windows\SysNative\drivers\N360x64\1402010.016\isolate.ini
[2013/01/23 21:17:27 | 000,000,105 | ---- | C] () -- C:\prefs.js
[2013/01/23 10:10:15 | 000,381,960 | ---- | C] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013/01/23 10:09:24 | 000,001,188 | ---- | C] () -- C:\windows\SysWow64\ServiceConfig.xml
[2013/01/23 09:33:04 | 000,001,017 | ---- | C] () -- C:\Users\Public\Desktop\Stamps.com.lnk
[2013/01/23 09:31:49 | 000,000,036 | -H-- | C] () -- C:\windows\SysWow64\f9t.dat
[2013/01/21 16:28:50 | 000,001,906 | ---- | C] () -- C:\Users\Davia Ward\Application Data\Microsoft\Internet Explorer\Quick Launch\P-touch Editor 5.0.lnk
[2013/01/21 16:28:50 | 000,001,882 | ---- | C] () -- C:\Users\Public\Desktop\P-touch Editor 5.0.lnk
[2013/01/21 16:25:30 | 000,001,918 | ---- | C] () -- C:\Users\Davia Ward\Application Data\Microsoft\Internet Explorer\Quick Launch\P-touch Address Book 1.1.lnk
[2013/01/21 16:12:59 | 000,067,584 | ---- | C] () -- C:\windows\SysWow64\BSQ70F.DLL
[2013/01/21 16:12:59 | 000,015,652 | ---- | C] () -- C:\windows\SysWow64\BSQ70M.CHM
[2013/01/21 16:12:59 | 000,001,465 | ---- | C] () -- C:\windows\SysNative\BSQ70L.INI
[2013/01/21 16:11:24 | 000,002,619 | ---- | C] () -- C:\Users\Davia Ward\Application Data\Microsoft\Internet Explorer\Quick Launch\P-touch Update Software.lnk
[2013/01/21 07:49:24 | 000,001,148 | ---- | C] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2013/01/21 07:49:23 | 000,001,172 | ---- | C] () -- C:\Users\Davia Ward\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2013/01/19 19:18:56 | 000,451,203 | ---- | C] () -- C:\Users\Davia Ward\Desktop\ONLINE COPY PASTE PROJECT DOCUMENT.pdf
[2013/01/19 11:47:35 | 001,426,250 | ---- | C] () -- C:\Users\Davia Ward\Documents\Scan0001.png
[2013/01/19 10:36:41 | 013,344,187 | ---- | C] () -- C:\Users\Davia Ward\Documents\Training Part 1-3adds.rar
[2013/01/19 10:31:51 | 000,001,020 | ---- | C] () -- C:\Users\Davia Ward\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\jZip.lnk
[2013/01/19 10:31:50 | 000,001,014 | ---- | C] () -- C:\Users\Davia Ward\Application Data\Microsoft\Internet Explorer\Quick Launch\jZip.lnk
[2013/01/19 10:31:50 | 000,000,990 | ---- | C] () -- C:\Users\Davia Ward\Desktop\jZip.lnk
[2013/01/16 12:15:35 | 000,316,129 | ---- | C] () -- C:\Users\Davia Ward\Documents\ncfu1.10.13.pdf
[2013/01/16 12:00:00 | 000,201,189 | ---- | C] () -- C:\Users\Davia Ward\Documents\id.jpg
[2013/01/05 10:33:08 | 000,023,876 | ---- | C] () -- C:\Users\Davia Ward\Documents\Robbys Red Velvet Cake.htm
[2013/01/04 21:48:10 | 002,413,630 | ---- | C] () -- C:\Users\Davia Ward\Documents\Accicdent 1.4.13.pdf
[2012/12/31 14:32:43 | 000,002,283 | ---- | C] () -- C:\Users\Public\Desktop\HP Deskjet 1050 J410 series.lnk
[2012/12/31 14:32:14 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012/12/30 11:17:34 | 000,000,430 | ---- | C] () -- C:\windows\tasks\BeFrugal.com Toolbar.job
[2012/12/29 11:43:04 | 000,000,430 | ---- | C] () -- C:\windows\tasks\DriverUpdate Startup.job
[2012/12/29 11:42:58 | 000,015,712 | ---- | C] () -- C:\windows\SysNative\drivers\SWDUMon.sys
[2012/12/28 17:42:20 | 000,001,303 | ---- | C] () -- C:\Users\Davia Ward\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2012/12/28 15:49:04 | 196,706,304 | ---- | C] () -- C:\Users\Davia Ward\Desktop\Hannah Xmas 2.18.12.MTS
[2012/12/28 15:40:39 | 000,110,592 | ---- | C] () -- C:\windows\SysNative\OEMLicense.dll
[2012/12/28 15:40:39 | 000,083,968 | ---- | C] () -- C:\windows\SysWow64\OEMLicense.dll
[2012/12/27 18:22:17 | 000,385,604 | ---- | C] () -- C:\windows\SysNative\ApnDatabase.xml
[2012/11/15 23:39:26 | 000,451,072 | ---- | C] () -- C:\windows\SysWow64\ISSRemoveSP.exe
[2012/08/06 08:36:22 | 000,598,780 | ---- | C] () -- C:\windows\SysWow64\igvpkrng700.bin
[2012/08/06 08:36:08 | 000,064,512 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll
[2012/08/06 08:36:06 | 000,755,048 | ---- | C] () -- C:\windows\SysWow64\igcodeckrng700.bin
[2012/07/26 03:13:10 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat
[2012/07/26 03:13:09 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT
[2012/07/26 02:21:26 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2012/07/25 20:17:42 | 000,043,520 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2012/07/25 15:37:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2012/07/25 15:28:31 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2012/06/02 09:31:19 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat
[2012/04/20 16:59:44 | 000,001,536 | ---- | C] () -- C:\windows\SysWow64\IusEventLog.dll
========== ZeroAccess Check ==========
[2012/12/29 11:55:05 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/11/05 23:19:27 | 019,789,824 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/11/05 23:20:00 | 017,560,576 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/07/25 22:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/25 22:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/07/25 22:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2012/12/29 09:13:36 | 000,000,000 | ---D | M] -- C:\Users\Davia Ward\AppData\Roaming\Catalina Marketing Corp
[2013/01/21 15:50:04 | 000,000,000 | ---D | M] -- C:\Users\Davia Ward\AppData\Roaming\DefaultTab
[2013/01/23 23:44:15 | 000,000,000 | ---D | M] -- C:\Users\Davia Ward\AppData\Roaming\DriverCure
[2012/12/22 17:49:11 | 000,000,000 | ---D | M] -- C:\Users\Davia Ward\AppData\Roaming\Origin
[2013/01/23 23:44:15 | 000,000,000 | ---D | M] -- C:\Users\Davia Ward\AppData\Roaming\PC Utility Kit
[2013/01/01 09:28:23 | 000,000,000 | ---D | M] -- C:\Users\Davia Ward\AppData\Roaming\ShopAtHome
[2013/01/23 09:33:14 | 000,000,000 | ---D | M] -- C:\Users\Davia Ward\AppData\Roaming\Stamps.com Internet Postage
[2012/12/22 09:02:11 | 000,000,000 | ---D | M] -- C:\Users\Davia Ward\AppData\Roaming\WinBatch
========== Purity Check ==========
< End of report >