Live Chat & Podcast at 1:00PM Eastern on Sunday!
There's no such thing as a stupid question, but they're the easiest to answer.
JoinTour
Login
Search
Virus & Other Malware Removal
Go to first new post Google Hijacker/Google Search Result vir ...
Go to first new post server not found
Go to first new post slow computer, downloads over a few mb f ...
Go to first new post Ramnit virus, nearly cleared
Go to first new post Trojan: Win32/Alureon.FK - hijack this l ...
Go to first new post Network, good; Internet, bad
Go to first new post Windows live Messenger Virus
Go to first new post We Got System Checked :-(
Go to first new post This setup thing keeps popping up everyd ...
Go to first new post Extremely unresponsive, massive hang-ups ...
Go to first new post Trojan:dos/alureon.E still here!
Go to first new post Cannot access any google sites - youtube ...
Go to first new post "Congratulations, you won" &am ...
Go to first new post Black desktop, missing all shortcuts, fi ...
Go to first new post Microsoft Visual C++ Runtime Library Buf ...
Tag Cloud
access acer asus bios bsod computer crash desktop dns driver drivers error ethernet excel freeze gaming graphics hard drive hardware hdmi internet laptop malware memory monitor motherboard network printer problem ram registry repair router slow software sound trojan ubuntu 11.10 uninstall usb video virus vista wifi windows windows 7 windows 7 32 bit windows 7 64 bit windows xp wireless
Search
Search for:
Tech Support Guy Forums > Security & Malware Removal > Virus & Other Malware Removal >
Solved: Help please (hijackthis and dds logs)

Page 1 of 2 1 2
Reply  
Thread Tools
apple0's Avatar
Junior Member with 12 posts.
  
Join Date: Sep 2010
07-Sep-2010, 08:11 PM #1
Help please (hijackthis and dds logs)
Please help see if there are any malicious files left on my computer thanks.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:18:39 PM, on 9/7/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18943)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Software Informer\softinfo.exe
C:\Program Files (x86)\DNA\btdna.exe
C:\Windows\SysWOW64\mmrtkrnl.exe
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
C:\Program Files (x86)\Portrait Displays\Pivot Software\wpCtrl.exe
C:\Program Files (x86)\Portrait Displays\Pivot Software\floater.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Portrait Displays\HP My Display\dthtml.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\hp\kbd\kbd.exe
C:\Program Files (x86)\AV Music Morpher Gold\AV Music Morpher.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...vilion&pf=cndt
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.ask.com?o=16081&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Softonic-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files (x86)\Softonic-Eng7\tbSoft.dll
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Softonic-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files (x86)\Softonic-Eng7\tbSoft.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Easy Gif Animator Toolbar Helper - {96372AB6-15EB-4316-B497-71C741BC548C} - C:\Program Files (x86)\Easy Gif Animator Extension\v3.3.0.2\EasyGifAnimator_Toolbar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Easy Gif Animator Toolbar - {35065594-9169-4A34-B167-FC4865038E53} - C:\Program Files (x86)\Easy Gif Animator Extension\v3.3.0.2\EasyGifAnimator_Toolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: Softonic-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files (x86)\Softonic-Eng7\tbSoft.dll
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe" -delete
O4 - HKLM\..\Run: [Realtime Audio Engine] "mmrtkrnl.exe" /i
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [PWRISOVM.EXE] "C:\Program Files (x86)\PowerISO\PWRISOVM.EXE"
O4 - HKLM\..\Run: [PivotSoftware] "C:\Program Files (x86)\Portrait Displays\Pivot Software\wpctrl.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DT HPW] "C:\Program Files (x86)\Portrait Displays\HP My Display\DTHtml.exe" -startup_folder
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /install /silent
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [Steam] "c:\program files (x86)\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Software Informer] "C:\Program Files (x86)\Software Informer\softinfo.exe" -autorun
O4 - HKCU\..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EA Link\Core.exe" -silent
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files (x86)\DNA\btdna.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MI1933~1\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Google Update Service (gupdate1ca50252f2a4d4a) (gupdate1ca50252f2a4d4a) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Chasis Button Service (HPBtnSrv) - Unknown owner - c:\hp\HPEZBTN\HPBtnSrv.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (X86)\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Unknown owner - C:\Windows\system32\DRIVERS\xaudio64.exe (file missing)

--
End of file - 14594 bytes


DDS (Ver_10-03-17.01) - NTFSX64
Run by Katherine at 21:22:10.18 on Tue 09/07/2010
Internet Explorer: 8.0.6001.18943
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.6142.2750 [GMT 2:00]

SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\RAVCpl64.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Software Informer\softinfo.exe
C:\Program Files (x86)\DNA\btdna.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Windows\SysWOW64\mmrtkrnl.exe
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
C:\Program Files (x86)\Portrait Displays\Pivot Software\wpCtrl.exe
C:\Program Files (x86)\Portrait Displays\Pivot Software\floater.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Portrait Displays\HP My Display\dthtml.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe
c:\hp\HPEZBTN\HPBtnSrv.exe
C:\Program Files (X86)\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio64.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\hp\kbd\kbd.exe
c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\AV Music Morpher Gold\AV Music Morpher.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Katherine\Documents\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://de.ask.com?o=16081&l=dis
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cndt
uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
mStart Page = hxxp://www.yahoo.com
mDefault_Page_URL = hxxp://www.yahoo.com
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
mLocal Page = c:\windows\syswow64\blank.htm
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = <local>;*.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
uURLSearchHooks: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - c:\program files (x86)\softonic-eng7\tbSoft.dll
uURLSearchHooks: Winamp Search Class: {57bca5fa-5dbb-45a2-b558-1755c3f6253b} - c:\program files (x86)\winamp toolbar\winamptb.dll
uURLSearchHooks: H - No File
mURLSearchHooks: Winamp Search Class: {57bca5fa-5dbb-45a2-b558-1755c3f6253b} - c:\program files (x86)\winamp toolbar\winamptb.dll
mURLSearchHooks: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - c:\program files (x86)\softonic-eng7\tbSoft.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Winamp Toolbar Loader: {25cee8ec-5730-41bc-8b58-22ddc8ab8c20} - c:\program files (x86)\winamp toolbar\winamptb.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - c:\program files (x86)\softonic-eng7\tbSoft.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files (x86)\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Easy Gif Animator Toolbar Helper: {96372ab6-15eb-4316-b497-71c741bc548c} - c:\program files (x86)\easy gif animator extension\v3.3.0.2\EasyGifAnimator_Toolbar.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files (x86)\windows live\toolbar\wltcore.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - c:\program files (x86)\winamp toolbar\winamptb.dll
TB: Easy Gif Animator Toolbar: {35065594-9169-4a34-b167-fc4865038e53} - c:\program files (x86)\easy gif animator extension\v3.3.0.2\EasyGifAnimator_Toolbar.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files (x86)\windows live\toolbar\wltcore.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - c:\program files (x86)\softonic-eng7\tbSoft.dll
TB: {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [fsm]
uRun: [uTorrent] "c:\program files (x86)\utorrent\uTorrent.exe"
uRun: [Steam] "c:\program files (x86)\steam\steam.exe" -silent
uRun: [Software Informer] "c:\program files (x86)\software informer\softinfo.exe" -autorun
uRun: [EA Core] "c:\program files (x86)\electronic arts\ea link\Core.exe" -silent
uRun: [BitTorrent DNA] "c:\program files (x86)\dna\btdna.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [<NO NAME>]
mRun: [SunJavaUpdateReg] "c:\windows\system32\jureg.exe" -delete
mRun: [Realtime Audio Engine] "mmrtkrnl.exe" /i
mRun: [QuickTime Task] "c:\program files (x86)\quicktime\QTTask.exe" -atboottime
mRun: [PWRISOVM.EXE] "c:\program files (x86)\poweriso\PWRISOVM.EXE"
mRun: [PivotSoftware] "c:\program files (x86)\portrait displays\pivot software\wpctrl.exe"
mRun: [KBD] c:\hp\kbd\KbdStub.EXE
mRun: [iTunesHelper] "c:\program files (x86)\itunes\iTunesHelper.exe"
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [HP Software Update] c:\program files (x86)\hp\hp software update\HPWuSchd2.exe
mRun: [DT HPW] "c:\program files (x86)\portrait displays\hp my display\DTHtml.exe" -startup_folder
mRun: [DivXUpdate] "c:\program files (x86)\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [AppleSyncNotifier] c:\program files (x86)\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [AdobeCS4ServiceManager] "c:\program files (x86)\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe Acrobat Speed Launcher] "c:\program files (x86)\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files (x86)\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRunOnce: [Malwarebytes' Anti-Malware] "c:\program files (x86)\malwarebytes' anti-malware\mbamgui.exe" /install /silent
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Winamp Search - c:\programdata\winamp toolbar\ietoolbar\resources\en-us\local\search.html
IE: Append Link Target to Existing PDF - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\mi1933~1\office11\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files (x86)\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\mi1933~1\office11\REFIEBAR.DLL
BHO-X64: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - c:\program files\windows live\family safety\fssbho.dll
BHO-X64: Windows Live Family Safety Browser Helper - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
TB-X64: {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - No File
TB-X64: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
TB-X64: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB-X64: Winamp Toolbar: {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} -
TB-X64: {35065594-9169-4A34-B167-FC4865038E53} - No File
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB-X64: {414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} - No File
mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun-x64: [RtHDVCpl] RAVCpl64.exe
mRun-x64: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun-x64: [IAAnotif] "c:\program files (x86)\intel\intel matrix storage manager\Iaanotif.exe"
mRun-x64: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\users\kather~1\appdata\roaming\mozilla\firefox\profiles\p91xafd2.default \
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2405280&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: network.proxy.type - 4
FF - component: c:\users\katherine\appdata\roaming\mozilla\firefox\profiles\p91xafd2.defaul t\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - component: c:\users\katherine\appdata\roaming\mozilla\firefox\profiles\p91xafd2.defaul t\extensions\{7378b8c2-fc38-41b8-a8c9-875d1f5b0a24}\components\NativeComponent.dll
FF - plugin: c:\program files (x86)\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files (x86)\gametap\bin\release\npgametaptool.dll
FF - plugin: c:\program files (x86)\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files (x86)\microsoft\office live\npOLW.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files (x86)\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\syswow64\adobe\director\np32dsw.dll
FF - plugin: c:\windows\syswow64\macromed\flash\NPSWF32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_availa ble_pref", true);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 PxHlpa64;PxHlpa64;c:\windows\system32\drivers\PxHlpa64.sys [2008-7-9 55024]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv64.sys [2010-2-17 14920]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\saskutil64.sys [2010-2-17 12360]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore64.exe [2010-6-29 128752]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-9-4 61008]
R2 HPBtnSrv;HP Chasis Button Service;c:\hp\hpezbtn\HPBtnSrv.exe [2008-5-9 198240]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\nvidia corporation\3d vision\nvSCPAPISvr.exe [2009-9-27 240232]
R3 CAXHWBS2;CAXHWBS2;c:\windows\system32\drivers\CAXHWBS2.sys [2008-5-8 411136]
R3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [2008-5-9 1379584]
S2 gupdate1ca50252f2a4d4a;Google Update Service (gupdate1ca50252f2a4d4a);c:\program files (x86)\google\update\GoogleUpdate.exe [2009-10-18 133104]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\spybot - search & destroy\SDWinSec.exe [2010-9-4 1153368]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe [2009-8-16 93184]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\common files\macrovision shared\flexnet publisher\FNPLicensingService64.exe [2009-2-23 1038088]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2009-11-7 61280]
S3 fsssvc;Windows Live Family Safety Service;c:\program files (x86)\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam_x64.sys [2008-3-13 27136]
S3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\drivers\netr28x.sys [2008-5-9 405504]
S3 PerfHost;Performance Counter DLL Host;c:\windows\syswow64\perfhost.exe [2008-1-21 19968]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl64.sys [2010-4-19 50688]

============== File Associations ===============

JSEFile=c:\windows\syswow64\WScript.exe "%1" %*

=============== Created Last 30 ================

2010-09-07 19:18:09 0 d-----w- c:\program files (x86)\Trend Micro
2010-09-07 14:25:02 0 d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2010-09-06 01:00:58 0 d-sh--w- c:\windows\syswow64\%APPDATA%
2010-09-04 22:52:42 0 d-----w- c:\programdata\EA Core
2010-09-04 21:20:25 0 d-----w- c:\programdata\Spybot - Search & Destroy
2010-09-04 21:20:25 0 d-----w- c:\program files (x86)\Spybot - Search & Destroy
2010-09-04 21:09:01 0 d-----w- c:\users\kather~1\appdata\roaming\SUPERAntiSpyware.com
2010-09-04 21:09:01 0 d-----w- c:\programdata\SUPERAntiSpyware.com
2010-09-04 21:08:57 0 d-----w- c:\programdata\!SASCORE
2010-09-04 21:08:55 0 d-----w- c:\program files\SUPERAntiSpyware
2010-09-04 20:45:41 0 d-----w- c:\program files (x86)\CCleaner
2010-09-04 12:49:41 61008 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-09-04 10:48:38 0 d-----w- c:\windows\syswow64\xlive
2010-08-29 13:06:54 0 d-----w- c:\programdata\Lavasoft
2010-08-28 23:45:31 0 ----a-w- c:\users\katherine\mssefullinstall-amd64fre-en-us-vista-win7.exe
2010-08-28 09:56:58 0 d-----w- c:\program files\iPod
2010-08-28 09:56:55 0 d-----w- c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2010-08-28 09:56:55 0 d-----w- c:\program files\iTunes
2010-08-28 09:56:55 0 d-----w- c:\program files (x86)\iTunes
2010-08-28 09:52:48 0 d-----w- c:\program files\Bonjour
2010-08-12 04:56:01 1420176 ----a-w- c:\windows\system32\drivers\tcpip.sys

==================== Find3M ====================

2010-09-07 04:31:38 35275 ----a-w- c:\programdata\nvModes.dat
2010-09-04 12:49:51 86016 ----a-w- c:\windows\inf\infstor.dat
2010-09-04 12:49:51 51200 ----a-w- c:\windows\inf\infpub.dat
2010-09-04 12:49:51 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-08-31 16:05:04 5238 ----a-w- c:\windows\syswow64\ealregsnapshot1.reg
2010-08-10 18:19:47 5142 ----a-w- c:\users\kather~1\appdata\roaming\wklnhst.dat
2010-07-26 16:55:26 11581440 ----a-w- c:\windows\syswow64\shell32.dll
2010-06-26 06:30:12 1147904 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:25:54 77312 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 06:25:54 132096 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 06:05:49 916480 ----a-w- c:\windows\syswow64\wininet.dll
2010-06-26 06:05:41 1210368 ----a-w- c:\windows\syswow64\urlmon.dll
2010-06-26 06:04:40 206848 ----a-w- c:\windows\syswow64\occache.dll
2010-06-26 06:03:22 611840 ----a-w- c:\windows\syswow64\mstime.dll
2010-06-26 06:03:04 5951488 ----a-w- c:\windows\syswow64\mshtml.dll
2010-06-26 06:03:02 599040 ----a-w- c:\windows\syswow64\msfeeds.dll
2010-06-26 06:03:02 55296 ----a-w- c:\windows\syswow64\msfeedsbs.dll
2010-06-26 06:02:31 25600 ----a-w- c:\windows\syswow64\jsproxy.dll
2010-06-26 06:02:15 71680 ----a-w- c:\windows\syswow64\iesetup.dll
2010-06-26 06:02:15 1986560 ----a-w- c:\windows\syswow64\iertutil.dll
2010-06-26 06:02:15 164352 ----a-w- c:\windows\syswow64\ieui.dll
2010-06-26 06:02:15 109056 ----a-w- c:\windows\syswow64\iesysprep.dll
2010-06-26 06:02:14 55808 ----a-w- c:\windows\syswow64\iernonce.dll
2010-06-26 06:02:14 184320 ----a-w- c:\windows\syswow64\iepeers.dll
2010-06-26 06:02:14 11077120 ----a-w- c:\windows\syswow64\ieframe.dll
2010-06-26 06:02:09 387584 ----a-w- c:\windows\syswow64\iedkcs32.dll
2010-06-26 04:47:47 162816 ----a-w- c:\windows\system32\ieUnatt.exe
2010-06-26 04:25:02 133632 ----a-w- c:\windows\syswow64\ieUnatt.exe
2010-06-26 04:24:51 173056 ----a-w- c:\windows\syswow64\ie4uinit.exe
2010-06-26 04:24:17 13312 ----a-w- c:\windows\syswow64\msfeedssync.exe
2010-06-21 13:53:02 2749952 ----a-w- c:\windows\system32\win32k.sys
2010-06-18 17:17:49 50688 ----a-w- c:\windows\system32\rtutils.dll
2010-06-18 16:43:54 36352 ----a-w- c:\windows\syswow64\rtutils.dll
2010-06-11 16:09:43 343040 ----a-w- c:\windows\system32\schannel.dll
2010-06-11 16:08:18 1875456 ----a-w- c:\windows\system32\msxml3.dll
2010-06-11 15:31:42 274432 ----a-w- c:\windows\syswow64\schannel.dll
2010-06-11 15:30:23 1257472 ----a-w- c:\windows\syswow64\msxml3.dll
2009-02-26 10:47:41 1315840 ----a-w- c:\program files (x86)\Zoo Tycoon 2 - Extinct Animals.msi
2008-08-15 15:52:35 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 03:21:59 174 --sha-w- c:\program files\desktop.ini
2008-01-21 03:21:59 174 --sha-w- c:\program files (x86)\desktop.ini
2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2010-05-23 04:46:20 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\h istory\history.ie5\index.dat
2010-05-23 04:46:20 32768 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\t emporary internet files\content.ie5\index.dat
2010-05-23 04:46:20 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows \cookies\index.dat
2009-11-26 16:25:55 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows \ietldcache\index.dat
2009-10-03 17:57:44 245760 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\ ietldcache\index.dat
2006-05-03 09:06:54 163328 --sh--r- c:\windows\syswow64\flvDX.dll
2007-02-21 10:47:16 31232 --sh--r- c:\windows\syswow64\msfDX.dll
2008-03-16 12:30:52 216064 --sh--r- c:\windows\syswow64\nbDX.dll

============= FINISH: 21:26:10.77 ===============
Register for free to hide this ad!
apple0's Avatar
Junior Member with 12 posts.
  
Join Date: Sep 2010
09-Sep-2010, 01:58 AM #2
bump
apple0's Avatar
Junior Member with 12 posts.
  
Join Date: Sep 2010
10-Sep-2010, 11:36 AM #3
bump
apple0's Avatar
Junior Member with 12 posts.
  
Join Date: Sep 2010
12-Sep-2010, 09:49 AM #4
bump
SweetTech's Avatar
Senior Member with 1,016 posts.
  
Join Date: Dec 1969
Location: Antarctica
12-Sep-2010, 10:20 AM #5
Hello and welcome to the forums! My name is SweetTech, it's a pleasure to meet you.

I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.

If you have already received help elsewhere please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:
  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post.
  • Please make sure to carefully read any instruction that I give you.
    Reading too lightly will cause you to miss important steps, which could have destructive effects.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. It's important to note that these instructions are not suitable for any other computer, even if the issues are fairly similar.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together
    Because of this, you must reply within three days     failure to reply will result in the topic being closed!
  • Please do not PM me directly for help. If you have any questions, post them in this topic. The only time you can and should PM me is when I have not been replying to you for several days (usually around 3 days) and you need an explanation. If that's the case, just send me a message on here.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.
____________________________________________________


Please download MBRCheck.exe to your Desktop. Run the application.

If no infection is found, it will produce a report on the desktop. Post that report in your next reply.

If an infection is found, you will be presented with the following dialog:

Quote:
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Type N and press Enter. A report will be produced on the desktop. Post that report in your next reply.



NEXT:



OTL Custom Scan

Please download OTL to your Desktop, if you have not done so already.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click on Minimal Output at the top
  • Download the following file scan.txt to your Desktop. Click here to download it. You may need to right click on it and select "Save"
  • Double click inside the Custom Scan box at the bottom
  • A window will appear saying "Click Ok to load a custom scan from a file or Cancel to cancel"
  • Click the Ok button and navigate to the file scan.txt which we just saved to your desktop
  • Select scan.txt and click Open. Writing will now appear under the Custom Scan box
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic
__________________
Please Note: Unless notified in advance, any thread that has not been replied to within 3 days will be removed from my Subscribed Threads list.
apple0's Avatar
Junior Member with 12 posts.
  
Join Date: Sep 2010
13-Sep-2010, 04:29 PM #6
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 1 (build 6001), 64-bit
Base Board Manufacturer: PEGATRON CORPORATION
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: HP-Pavilion
System Product Name: KQ497AA-ABA m9340f
Logical Drives Mask: 0x000003fc

Kernel Drivers (total 163):
0x03047000 \SystemRoot\system32\ntoskrnl.exe
0x03001000 \SystemRoot\system32\hal.dll
0x00601000 \SystemRoot\system32\kdcom.dll
0x0060B000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00638000 \SystemRoot\system32\PSHED.dll
0x0064C000 \SystemRoot\system32\CLFS.SYS
0x006A9000 \SystemRoot\system32\CI.dll
0x00807000 \SystemRoot\system32\drivers\Wdf01000.sys
0x008E1000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00A07000 \SystemRoot\System32\Drivers\sptd.sys
0x00B2C000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x00B35000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x00B63000 \SystemRoot\system32\drivers\acpi.sys
0x00BB9000 \SystemRoot\system32\drivers\msisadrv.sys
0x00BC3000 \SystemRoot\system32\drivers\pci.sys
0x008EF000 \SystemRoot\System32\drivers\partmgr.sys
0x00904000 \SystemRoot\system32\drivers\volmgr.sys
0x00918000 \SystemRoot\System32\drivers\volmgrx.sys
0x0097E000 \SystemRoot\System32\drivers\mountmgr.sys
0x00C01000 \SystemRoot\system32\drivers\iastor.sys
0x00D04000 \SystemRoot\system32\drivers\fltmgr.sys
0x00D4A000 \SystemRoot\system32\drivers\fileinfo.sys
0x00D5E000 \SystemRoot\System32\Drivers\PxHlpa64.sys
0x00D6A000 \SystemRoot\System32\Drivers\ksecdd.sys
0x00E00000 \SystemRoot\system32\drivers\ndis.sys
0x00991000 \SystemRoot\system32\drivers\msrpc.sys
0x0075B000 \SystemRoot\system32\drivers\NETIO.SYS
0x0100C000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01190000 \SystemRoot\system32\drivers\volsnap.sys
0x011D4000 \SystemRoot\System32\Drivers\spldr.sys
0x011DC000 \SystemRoot\System32\Drivers\mup.sys
0x00FC3000 \SystemRoot\System32\drivers\ecache.sys
0x009E1000 \SystemRoot\system32\drivers\disk.sys
0x007B3000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x011EE000 \SystemRoot\system32\drivers\crcdisk.sys
0x00FEF000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x01000000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x007DF000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x02802000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x032C6000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x032C8000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x033A7000 \SystemRoot\System32\drivers\watchdog.sys
0x033B6000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x0340B000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x03451000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x03462000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x03475000 \SystemRoot\system32\drivers\HCW85BDA.sys
0x035C6000 \SystemRoot\system32\drivers\BdaSup.SYS
0x035CA000 \SystemRoot\system32\drivers\ks.sys
0x03400000 \SystemRoot\system32\drivers\ksthunk.sys
0x033C2000 \SystemRoot\system32\DRIVERS\Rtlh64.sys
0x03609000 \SystemRoot\system32\DRIVERS\CAXHWBS2.sys
0x03679000 \SystemRoot\system32\DRIVERS\CAX_DP.sys
0x03806000 \SystemRoot\system32\DRIVERS\CAX_CNXT.sys
0x038D1000 \SystemRoot\system32\drivers\modem.sys
0x038E0000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x038F2000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x03902000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x03918000 \SystemRoot\system32\DRIVERS\L8042Kbd.sys
0x03925000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x03933000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x0394F000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x0395C000 \SystemRoot\system32\DRIVERS\serscan.sys
0x03964000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x0399C000 \SystemRoot\system32\DRIVERS\storport.sys
0x037ED000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x03A02000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x03A25000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x03A31000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x03A62000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x03A72000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x03A90000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x03AA8000 \SystemRoot\system32\DRIVERS\PdiPorts.sys
0x03AB0000 \SystemRoot\system32\DRIVERS\termdd.sys
0x03AC2000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x03ACE000 \SystemRoot\system32\DRIVERS\swenum.sys
0x03AD0000 \SystemRoot\system32\DRIVERS\circlass.sys
0x03AE1000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x03AEC000 \SystemRoot\system32\DRIVERS\umbus.sys
0x03AFC000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x03B43000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x04C0E000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x04D67000 \SystemRoot\system32\drivers\portcls.sys
0x04DA2000 \SystemRoot\system32\drivers\drmk.sys
0x03B57000 \SystemRoot\System32\Drivers\aswSnx.SYS
0x04DC5000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x04DCF000 \SystemRoot\System32\Drivers\Null.SYS
0x04DE2000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x04DEA000 \SystemRoot\System32\drivers\vga.sys
0x03BCE000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x04C00000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x04DD8000 \SystemRoot\system32\drivers\rdpencdd.sys
0x03BF3000 \SystemRoot\System32\Drivers\Msfs.SYS
0x033ED000 \SystemRoot\System32\Drivers\Npfs.SYS
0x03600000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x05007000 \SystemRoot\System32\drivers\tcpip.sys
0x0517B000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x051A7000 \SystemRoot\system32\DRIVERS\tdx.sys
0x051C4000 \SystemRoot\System32\Drivers\aswTdi.SYS
0x051D4000 \SystemRoot\system32\DRIVERS\smb.sys
0x0520E000 \SystemRoot\System32\DRIVERS\netbt.sys
0x05252000 \SystemRoot\system32\drivers\afd.sys
0x052BF000 \SystemRoot\System32\Drivers\aswRdr.SYS
0x052C9000 \SystemRoot\system32\DRIVERS\pacer.sys
0x052E7000 \SystemRoot\system32\DRIVERS\netbios.sys
0x052F6000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x05311000 \SystemRoot\System32\Drivers\SCDEmu.SYS
0x0532B000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
0x05335000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
0x0533F000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x0538D000 \SystemRoot\system32\drivers\nsiproxy.sys
0x05399000 \SystemRoot\System32\Drivers\dfsc.sys
0x053B6000 \SystemRoot\System32\Drivers\aswSP.SYS
0x0540C000 \SystemRoot\system32\DRIVERS\udfs.sys
0x0545A000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x05476000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x05478000 \SystemRoot\system32\drivers\usbaudio.sys
0x05491000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x0549A000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x00060000 \SystemRoot\System32\win32k.sys
0x054AC000 \SystemRoot\System32\drivers\Dxapi.sys
0x054C9000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x054DE000 \SystemRoot\system32\DRIVERS\monitor.sys
0x054F1000 \SystemRoot\system32\DRIVERS\usbcir.sys
0x0550B000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys
0x0551E000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x05529000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys
0x0553D000 \SystemRoot\system32\DRIVERS\hidir.sys
0x05548000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x00410000 \SystemRoot\System32\TSDDD.dll
0x05552000 \SystemRoot\System32\Drivers\crashdmp.sys
0x0880F000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x006D0000 \SystemRoot\System32\cdd.dll
0x008D0000 \SystemRoot\System32\ATMFD.DLL
0x08912000 \SystemRoot\system32\drivers\luafv.sys
0x08934000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
0x0896E000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0x05560000 \SystemRoot\system32\drivers\spsys.sys
0x08977000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x0898B000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x089BF000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x089CA000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x0980E000 \SystemRoot\System32\Drivers\fastfat.SYS
0x09843000 \SystemRoot\system32\drivers\HTTP.sys
0x098E2000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x0990A000 \SystemRoot\system32\DRIVERS\bowser.sys
0x09928000 \SystemRoot\System32\drivers\mpsdrv.sys
0x09942000 \SystemRoot\system32\drivers\mrxdav.sys
0x09969000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x09992000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x099DB000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x09E09000 \SystemRoot\System32\DRIVERS\srv2.sys
0x09E3B000 \SystemRoot\System32\DRIVERS\srv.sys
0x09ED2000 \SystemRoot\System32\Drivers\adfs.SYS
0x09EEA000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0x09EEF000 \SystemRoot\system32\drivers\peauth.sys
0x09FA5000 \SystemRoot\System32\Drivers\secdrv.SYS
0x09FB0000 \SystemRoot\System32\drivers\tcpipreg.sys
0x09FBF000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x09FDF000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
0x09FF5000 \SystemRoot\system32\DRIVERS\xaudio64.sys
0x089E2000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x77BB0000 \Windows\System32\ntdll.dll

Processes (total 82):
0 System Idle Process
4 System
656 C:\Windows\System32\smss.exe
724 csrss.exe
776 C:\Windows\System32\wininit.exe
796 csrss.exe
832 C:\Windows\System32\services.exe
848 C:\Windows\System32\lsass.exe
856 C:\Windows\System32\lsm.exe
932 C:\Windows\System32\winlogon.exe
368 C:\Windows\System32\svchost.exe
492 C:\Windows\System32\nvvsvc.exe
680 C:\Windows\System32\svchost.exe
788 C:\Windows\System32\svchost.exe
1028 C:\Windows\System32\svchost.exe
1060 C:\Windows\System32\svchost.exe
1072 C:\Windows\System32\svchost.exe
1156 C:\Windows\System32\audiodg.exe
1176 C:\Windows\System32\svchost.exe
1192 C:\Windows\System32\SLsvc.exe
1248 C:\Windows\System32\svchost.exe
1356 C:\Windows\System32\svchost.exe
1492 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
1836 C:\Windows\System32\spoolsv.exe
1860 C:\Windows\System32\svchost.exe
1128 C:\Program Files\SUPERAntiSpyware\SASCore64.exe
1556 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1344 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
904 C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
2128 C:\hp\HPEZBTN\HPBtnSrv.exe
2204 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
2276 C:\Windows\System32\svchost.exe
2300 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
2396 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
2452 C:\Windows\System32\svchost.exe
2484 C:\Windows\System32\svchost.exe
2520 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2572 C:\Windows\System32\SearchIndexer.exe
2708 C:\Windows\System32\drivers\XAudio64.exe
2852 WUDFHost.exe
2884 C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
3416 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
3916 C:\Windows\System32\nvvsvc.exe
3176 C:\Windows\System32\dwm.exe
3228 C:\Windows\System32\taskeng.exe
3292 C:\Windows\explorer.exe
3308 C:\Windows\System32\taskeng.exe
3660 C:\Windows\RAVCpl64.exe
3752 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
2104 C:\Program Files (x86)\uTorrent\uTorrent.exe
1240 C:\Program Files (x86)\Steam\Steam.exe
2896 C:\Program Files (x86)\Software Informer\softinfo.exe
3692 C:\Windows\System32\wbem\unsecapp.exe
3224 C:\Program Files (x86)\DNA\btdna.exe
3000 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
2844 C:\Program Files\Logitech\SetPoint\SetPoint.exe
3332 C:\Windows\SysWOW64\mmrtkrnl.exe
3840 C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
3852 C:\Program Files (x86)\Portrait Displays\Pivot Software\wpCtrl.exe
3992 C:\hp\support\hpsysdrv.exe
3812 C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
1724 C:\Program Files (x86)\Portrait Displays\HP My Display\dthtml.exe
896 C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
3136 C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
2216 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
2924 WmiPrvSE.exe
2220 C:\Program Files (x86)\Portrait Displays\Pivot Software\Floater.exe
4256 C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
4288 C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
4184 C:\Program Files\Logitech\SetPoint\LU\LuLnchr.exe
176 C:\Program Files\Logitech\SetPoint\LU\LogitechUpdate.exe
3564 C:\hp\KBD\kbd.exe
4596 C:\Windows\System32\wuauclt.exe
4100 C:\Windows\System32\mobsync.exe
3084 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
4552 C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
3164 C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
296 C:\Windows\System32\SearchProtocolHost.exe
4036 C:\Windows\System32\SearchFilterHost.exe
5376 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
5344 C:\Windows\System32\SearchProtocolHost.exe
3120 C:\Users\Katherine\Documents\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x000000ab`d4097600 (NTFS)

PhysicalDrive0 Model Number: ST3750630AS, Rev: HP24

Size Device Name MBR Status
--------------------------------------------
698 GB \\.\PhysicalDrive0 Hewlett-Packard MBR code detected
SHA1: F362CE084BC77B454330005C1657154A64FB9456


Done!
apple0's Avatar
Junior Member with 12 posts.
  
Join Date: Sep 2010
13-Sep-2010, 04:32 PM #7
OTL logfile created on: 9/13/2010 2:04:30 PM - Run 1
OTL by OldTimer - Version 3.2.12.0 Folder = C:\Users\Katherine\Documents
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 50.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 60.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 687.31 Gb Total Space | 134.68 Gb Free Space | 19.60% Space Free | Partition Type: NTFS
Drive D: | 11.32 Gb Total Space | 1.52 Gb Free Space | 13.38% Space Free | Partition Type: NTFS
Drive E: | 4.60 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SUPER-PC
Current User Name: Katherine
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan

========== Processes (SafeList) ==========

PRC - C:\Users\Katherine\Documents\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
PRC - C:\Program Files (x86)\DNA\btdna.exe (BitTorrent, Inc.)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Software Informer\softinfo.exe (Informer Technologies, Inc.)
PRC - C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
PRC - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe ()
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Windows\SysWOW64\mmrtkrnl.exe (AlcaTech)
PRC - C:\Program Files\Logitech\SetPoint\LU\LogitechUpdate.exe (Logitech, Inc.)
PRC - C:\Program Files\Logitech\SetPoint\LU\LuLnchr.exe (Logitech, Inc.)
PRC - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Portrait Displays\HP My Display\dthtml.exe (Portrait Displays, Inc)
PRC - C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe ()
PRC - c:\hp\HPEZBTN\HPBtnSrv.exe ()
PRC - C:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
PRC - C:\Program Files (x86)\Portrait Displays\Pivot Software\Floater.exe ()
PRC - C:\Program Files (x86)\Portrait Displays\Pivot Software\wpCtrl.exe ()


========== Modules (SafeList) ==========

MOD - C:\Users\Katherine\Documents\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Alwil Software\Avast5\snxPlugins.dll (AVAST Software)
MOD - C:\Windows\SysWOW64\wintrust.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_no ne_d08d7da0442a985d\msvcr80.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\WMVCORE.DLL (Microsoft Corporation)
MOD - C:\Program Files\Logitech\SetPoint\x86\GameHook.dll (Logitech, Inc.)
MOD - C:\Program Files\Logitech\SetPoint\x86\lgscroll.dll (Logitech, Inc.)
MOD - C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.1 8175_none_9e7bbe54c9c04bca\GdiPlus.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\PortableDeviceApi.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\WindowsCodecs.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\msshsq.dll (Microsoft Corporation)
MOD - C:\Program Files (x86)\Common Files\microsoft shared\ink\tiptsf.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\wpdshext.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\PortableDeviceTypes.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\audiodev.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\WMASF.DLL (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\ntshrui.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\duser.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\cscapi.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\actxprxy.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\ntlanman.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\msi.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\rsaenh.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\SLC.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\networkexplorer.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\imagehlp.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\thumbcache.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files (x86)\Portrait Displays\Pivot Software\Winphook.dll ()
MOD - C:\Windows\SysWOW64\linkinfo.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\davclnt.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\drprov.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:64bit: - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SRV:64bit: - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.)
SRV:64bit: - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (XAudioService) -- C:\Windows\SysNative\DRIVERS\xaudio64.exe ()
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (fsssvc) -- C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (IAANTMON) Intel(R) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (DTSRVC) -- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe ()
SRV - (HPBtnSrv) -- c:\hp\HPEZBTN\HPBtnSrv.exe ()


========== Driver Services (SafeList) ==========

DRV:64bit: - (NwlnkFwd) -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys File not found
DRV:64bit: - (NwlnkFlt) -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys File not found
DRV:64bit: - (IpInIp) -- C:\Windows\SysNative\DRIVERS\ipinip.sys File not found
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys ()
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys ()
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys ()
DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\DRIVERS\fssfltr.sys ()
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys ()
DRV:64bit: - (LMouKE) -- C:\Windows\SysNative\DRIVERS\LMouKE.Sys ()
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys ()
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys ()
DRV:64bit: - (L8042mou) -- C:\Windows\SysNative\DRIVERS\L8042mou.Sys ()
DRV:64bit: - (L8042Kbd) -- C:\Windows\SysNative\DRIVERS\L8042Kbd.sys ()
DRV:64bit: - (sptd) -- C:\Windows\SysNative\Drivers\sptd.sys ()
DRV:64bit: - (CAXHWBS2) -- C:\Windows\SysNative\DRIVERS\CAXHWBS2.sys ()
DRV:64bit: - (winachsf) -- C:\Windows\SysNative\DRIVERS\CAX_CNXT.sys ()
DRV:64bit: - (HSF_DP) -- C:\Windows\SysNative\DRIVERS\CAX_DP.sys ()
DRV:64bit: - (netr28x) -- C:\Windows\SysNative\DRIVERS\netr28x.sys ()
DRV:64bit: - (HCW85BDA) -- C:\Windows\SysNative\drivers\HCW85BDA.sys ()
DRV:64bit: - (ManyCam) -- C:\Windows\SysNative\DRIVERS\ManyCam_x64.sys ()
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys ()
DRV:64bit: - (xnacc) -- C:\Windows\SysNative\DRIVERS\xnacc.sys ()
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\DRIVERS\serscan.sys ()
DRV:64bit: - (XAudio) -- C:\Windows\SysNative\DRIVERS\xaudio64.sys ()
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\DRIVERS\xusb21.sys ()
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iastor.sys ()
DRV:64bit: - (PdiPorts) -- C:\Windows\SysNative\DRIVERS\PdiPorts.sys ()
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof ()
DRV:64bit: - (mdmxsdk) -- C:\Windows\SysNative\DRIVERS\mdmxsdk.sys ()
DRV - (X4HSX32) -- C:\Program Files (x86)\GameTap\bin\Release\X4HSX32.sys (Exent Technologies Ltd.)
DRV - (adfs) -- C:\Windows\SysWow64\drivers\adfs.sys (Adobe Systems, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...vilion&pf=cndt
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...vilion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/...ch/search.html
IE - HKLM\..\URLSearchHook: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files (x86)\Softonic-Eng7\tbSoft.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL LLC.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...vilion&pf=cndt
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://de.ask.com?o=16081&l=dis
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files (x86)\Softonic-Eng7\tbSoft.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL LLC.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "Softonic-Eng7 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2405280&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10
FF - prefs.js..extensions.enabledItems: support@easygifanimator-toolbar.com:1.0
FF - prefs.js..extensions.enabledItems: {582195F5-92E7-40a0-A127-DB71295901D7}:0.6
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: {7378B8C2-FC38-41b8-A8C9-875D1F5B0A24}:5.2.4.8
FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.11.2
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.2.20100119091315
FF - prefs.js..network.proxy.type: 4


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/09/10 21:46:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/09/09 23:15:28 | 000,000,000 | ---D | M]

[2008/08/18 09:51:28 | 000,000,000 | ---D | M] -- C:\Users\Katherine\AppData\Roaming\mozilla\Extensions
[2010/09/12 22:25:33 | 000,000,000 | ---D | M] -- C:\Users\Katherine\AppData\Roaming\mozilla\Firefox\Profiles\p91xafd2.defaul t\extensions
[2009/10/21 19:28:06 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Users\Katherine\AppData\Roaming\mozilla\Firefox\Profiles\p91xafd2.defaul t\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2010/04/28 11:13:12 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Katherine\AppData\Roaming\mozilla\Firefox\Profiles\p91xafd2.defaul t\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/02/17 22:54:13 | 000,000,000 | ---D | M] (Gmail Manager) -- C:\Users\Katherine\AppData\Roaming\mozilla\Firefox\Profiles\p91xafd2.defaul t\extensions\{582195F5-92E7-40a0-A127-DB71295901D7}
[2010/02/17 22:54:13 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Katherine\AppData\Roaming\mozilla\Firefox\Profiles\p91xafd2.defaul t\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/03/27 12:01:03 | 000,000,000 | ---D | M] (ImageShack® Toolbar) -- C:\Users\Katherine\AppData\Roaming\mozilla\Firefox\Profiles\p91xafd2.defaul t\extensions\{7378B8C2-FC38-41b8-A8C9-875D1F5B0A24}
[2009/06/30 22:35:06 | 000,000,000 | ---D | M] (IE Tab) -- C:\Users\Katherine\AppData\Roaming\mozilla\Firefox\Profiles\p91xafd2.defaul t\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2010/07/31 16:48:58 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Katherine\AppData\Roaming\mozilla\Firefox\Profiles\p91xafd2.defaul t\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/07/10 05:14:46 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Katherine\AppData\Roaming\mozilla\Firefox\Profiles\p91xafd2.defaul t\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/07/15 06:02:37 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\Katherine\AppData\Roaming\mozilla\Firefox\Profiles\p91xafd2.defaul t\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010/07/01 15:39:56 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Katherine\AppData\Roaming\mozilla\Firefox\Profiles\p91xafd2.defaul t\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010/04/12 17:51:46 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Katherine\AppData\Roaming\mozilla\Firefox\Profiles\p91xafd2.defaul t\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/07/13 17:49:56 | 000,002,393 | ---- | M] () -- C:\Users\Katherine\AppData\Roaming\Mozilla\FireFox\Profiles\p91xafd2.defaul t\searchplugins\askcom.xml
[2010/03/16 11:33:24 | 000,000,929 | ---- | M] () -- C:\Users\Katherine\AppData\Roaming\Mozilla\FireFox\Profiles\p91xafd2.defaul t\searchplugins\conduit.xml
[2009/07/02 06:36:56 | 000,001,196 | ---- | M] () -- C:\Users\Katherine\AppData\Roaming\Mozilla\FireFox\Profiles\p91xafd2.defaul t\searchplugins\winamp-search.xml
[2010/09/04 22:48:19 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2008/09/04 02:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npbittorrent.dll

O1 HOSTS File: ([2010/09/05 11:11:20 | 000,417,861 | R--- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 14420 more lines...
O2:64bit: - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL LLC.)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Softonic-Eng7 Toolbar) - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files (x86)\Softonic-Eng7\tbSoft.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Easy Gif Animator Toolbar Helper) - {96372AB6-15EB-4316-B497-71C741BC548C} - C:\Program Files (x86)\Easy Gif Animator Extension\v3.3.0.2\EasyGifAnimator_Toolbar.dll ()
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Easy Gif Animator Toolbar) - {35065594-9169-4A34-B167-FC4865038E53} - C:\Program Files (x86)\Easy Gif Animator Extension\v3.3.0.2\EasyGifAnimator_Toolbar.dll ()
O3 - HKLM\..\Toolbar: (Softonic-Eng7 Toolbar) - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files (x86)\Softonic-Eng7\tbSoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Easy Gif Animator Toolbar) - {35065594-9169-4A34-B167-FC4865038E53} - C:\Program Files (x86)\Easy Gif Animator Extension\v3.3.0.2\EasyGifAnimator_Toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Softonic-Eng7 Toolbar) - {414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} - C:\Program Files (x86)\Softonic-Eng7\tbSoft.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL LLC.)
O4:64bit: - HKLM..\Run: [HP Health Check Scheduler] File not found
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (X86)\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [DT HPW] C:\Program Files (x86)\Portrait Displays\HP My Display\DTHtml.exe (Portrait Displays, Inc)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()
O4 - HKLM..\Run: [PivotSoftware] C:\Program Files (x86)\Portrait Displays\Pivot Software\wpctrl.exe ()
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [Realtime Audio Engine] C:\Windows\SysWow64\mmrtkrnl.exe (AlcaTech)
O4 - HKLM..\Run: [SunJavaUpdateReg] C:\Windows\SysWow64\jureg.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [BitTorrent DNA] C:\Program Files (x86)\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [EA Core] C:\Program Files (x86)\Electronic Arts\EA Link\Core.exe (Electronic Arts)
O4 - HKCU..\Run: [fsm] File not found
O4 - HKCU..\Run: [Software Informer] C:\Program Files (x86)\Software Informer\softinfo.exe (Informer Technologies, Inc.)
O4 - HKCU..\Run: [Steam] c:\program files (x86)\steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8:64bit: - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 85.216.127.130 82.212.63.122
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\horizon_1920x1200.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\horizon_1920x1200.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/04/20 22:37:17 | 000,054,544 | R--- | M] (Electronic Arts) - E:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2010/03/27 06:03:00 | 000,000,049 | R--- | M] () - E:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{0bbd7f4a-2e5c-11dd-894b-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{0bbd7f4a-2e5c-11dd-894b-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe -- [2010/04/20 22:37:17 | 000,054,544 | R--- | M] (Electronic Arts)
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\Autorun.exe -- File not found
O33 - MountPoints2\K\Shell - "" = AutoRun
O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\Autoplay.exe -- File not found
O33 - MountPoints2\L\Shell - "" = AutoRun
O33 - MountPoints2\L\Shell\AutoRun\command - "" = L:\Setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm ()
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\Windows\SysWow64\lhacm.acm (Microsoft Corporation)
Drivers32: msacm.vorbis - C:\Windows\SysWow64\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: vidc.i420 - C:\Windows\SysWow64\i420vfw.dll (www.helixcommunity.org)
Drivers32: vidc.VP60 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
Drivers32: vidc.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 90 Days ==========

[2010/09/13 14:02:25 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Users\Katherine\Documents\OTL.exe
[2010/09/11 12:08:00 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2010/09/10 14:00:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Amazon
[2010/09/09 23:57:01 | 000,000,000 | ---D | C] -- C:\Users\Katherine\Documents\Adobe
[2010/09/08 16:06:24 | 000,167,592 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2010/09/08 16:06:24 | 000,038,848 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2010/09/07 21:18:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010/09/07 21:17:52 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Users\Katherine\Documents\HijackThisInstaller.exe
[2010/09/07 16:25:04 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/09/07 16:25:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/09/06 03:00:58 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2010/09/05 00:52:42 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core
[2010/09/04 23:20:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/09/04 23:20:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2010/09/04 23:19:31 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Users\Katherine\Documents\spybotsd162.exe
[2010/09/04 23:09:01 | 000,000,000 | ---D | C] -- C:\Users\Katherine\AppData\Roaming\SUPERAntiSpyware.com
[2010/09/04 23:09:01 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/09/04 23:08:57 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2010/09/04 23:08:55 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/09/04 22:53:56 | 009,333,808 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\Katherine\Documents\SUPERAntiSpyware.exe
[2010/09/04 22:45:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner
[2010/09/04 22:45:35 | 003,427,248 | ---- | C] (Piriform Ltd) -- C:\Users\Katherine\Documents\ccsetup235.exe
[2010/09/04 12:48:38 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive
[2010/09/04 12:18:25 | 000,975,512 | ---- | C] (Blizzard Entertainment, Inc.) -- C:\Users\Katherine\Documents\Repair.exe
[2010/08/29 15:08:29 | 000,000,000 | ---D | C] -- C:\Users\Katherine\AppData\Local\Sunbelt Software
[2010/08/29 15:06:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2010/08/28 20:16:53 | 002,146,504 | ---- | C] (AVG Technologies) -- C:\Users\Katherine\Documents\avg_iswt_stb_all_9_117_free.exe
[2010/08/28 11:56:58 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/08/28 11:56:55 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/08/28 11:56:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2010/08/28 11:56:55 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2010/08/28 11:55:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010/08/28 11:55:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2010/08/28 11:52:48 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/08/28 10:30:35 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Katherine\Documents\mbam-setup.exe
[2010/08/28 10:13:48 | 109,280,088 | ---- | C] (Kaspersky Lab) -- C:\Users\Katherine\Documents\kav2011_11.0.1.400en_us.exe
[2010/07/24 05:43:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ventrilo
[2010/07/23 04:35:49 | 025,548,264 | ---- | C] (Acresso Software Inc.) -- C:\Users\Katherine\Documents\Sims3_1.14.11.007001_from_1.12.70.006001.exe
[2010/07/23 04:15:30 | 022,103,176 | ---- | C] (Electronic Arts, Inc.) -- C:\Users\Katherine\Documents\eadm-installer.exe
[2010/07/23 03:53:41 | 041,995,184 | ---- | C] (Acresso Software Inc.) -- C:\Users\Katherine\Documents\Sims3_4.2.32.007001_from_4.0.87.006001.exe
[2010/07/23 03:52:40 | 049,910,760 | ---- | C] (Acresso Software Inc.) -- C:\Users\Katherine\Documents\Sims3_4.2.32.007017_from_4.0.87.006017.exe
[2010/07/23 03:38:23 | 028,075,408 | ---- | C] (Acresso Software Inc.) -- C:\Users\Katherine\Documents\Sims3_1.14.11.007002_from_1.12.70.006002.exe
[2010/07/22 06:50:16 | 000,000,000 | ---D | C] -- C:\Users\Katherine\AppData\Roaming\Malwarebytes
[2010/07/22 06:49:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/07/22 04:27:54 | 000,000,000 | ---D | C] -- C:\Users\Katherine\AppData\Local\skeyyhbfr
[2010/07/01 15:56:20 | 012,760,056 | ---- | C] (Electronic Arts ) -- C:\Users\Katherine\Documents\ead-installer.exe
[2010/07/01 15:56:20 | 002,131,336 | ---- | C] (Ask.com ) -- C:\Users\Katherine\Documents\askToolbarInstaller-1.6.6.0.exe
[2010/06/25 06:19:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VentSrv
[2010/06/19 23:42:58 | 000,000,000 | ---D | C] -- C:\Users\Katherine\Documents\World of Warcraft
[2008/09/03 07:20:00 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdbserv.dll
[2008/09/03 07:20:00 | 000,991,232 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdbusb1.dll
[2008/09/03 07:20:00 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdbhbn3.dll
[2008/09/03 07:20:00 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdbcomc.dll
[2008/09/03 07:20:00 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdbpmui.dll
[2008/09/03 07:20:00 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdblmpm.dll
[2008/09/03 07:20:00 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdbcomm.dll
[2008/09/03 07:20:00 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdbinpa.dll
[2008/09/03 07:20:00 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdbiesc.dll
[2008/09/03 07:20:00 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdbprox.dll
[2008/09/03 07:20:00 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdbpplc.dll
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Users\Katherine\Documents\*.tmp files -> C:\Users\Katherine\Documents\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/09/13 14:04:41 | 071,041,024 | -HS- | M] () -- C:\Users\Katherine\ntuser.dat
[2010/09/13 14:02:24 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Katherine\Documents\OTL.exe
[2010/09/13 13:59:28 | 000,080,384 | ---- | M] () -- C:\Users\Katherine\Documents\MBRCheck.exe
[2010/09/13 13:38:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/09/13 12:53:33 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/09/13 12:53:33 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/09/13 06:55:38 | 000,035,275 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/09/13 06:55:38 | 000,035,275 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/09/13 06:54:30 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/09/13 06:53:36 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/09/13 06:53:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/09/13 06:53:31 | 268,435,456 | -HS- | M] () -- C:\Windows\SysNative\temppf.sys
[2010/09/13 06:53:13 | 2146,721,791 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/13 00:00:17 | 000,524,288 | -HS- | M] () -- C:\Users\Katherine\ntuser.dat{c51dc64c-7ec5-11df-bd8d-001fc68a4053}.TMContainer00000000000000000001.regtrans-ms
[2010/09/13 00:00:17 | 000,065,536 | -HS- | M] () -- C:\Users\Katherine\ntuser.dat{c51dc64c-7ec5-11df-bd8d-001fc68a4053}.TM.blf
[2010/09/13 00:00:12 | 003,690,237 | -H-- | M] () -- C:\Users\Katherine\AppData\Local\IconCache.db
[2010/09/12 23:22:14 | 000,002,215 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/09/12 23:19:43 | 000,007,729 | -HS- | M] () -- C:\Users\Katherine\Documents\Folder.jpg
[2010/09/12 23:19:43 | 000,002,458 | -HS- | M] () -- C:\Users\Katherine\Documents\AlbumArtSmall.jpg
[2010/09/12 20:57:15 | 003,797,191 | ---- | M] () -- C:\Users\Katherine\Documents\Selena Gomez - Naturally (PJ-R Bootleg Remix).mp3
[2010/09/12 20:42:40 | 003,291,878 | ---- | M] () -- C:\Users\Katherine\Documents\Selena Gomez - Naturally (Clubwaver Remix).mp3
[2010/09/12 20:40:13 | 008,339,584 | ---- | M] () -- C:\Users\Katherine\Documents\Selena Gomez - Naturally (Clubwaver Remix) [ www.DjKaniQ.pl ].mp3
[2010/09/12 19:50:20 | 004,806,656 | ---- | M] () -- C:\Users\Katherine\Documents\Ke$ha - Tik Tok Instrumental (Regular).mp3
[2010/09/12 19:09:22 | 011,167,938 | ---- | M] () -- C:\Users\Katherine\Documents\Ke$ha - Tik Tok (D3Y Remix Edit).mp3
[2010/09/12 15:47:14 | 000,005,142 | ---- | M] () -- C:\Users\Katherine\AppData\Roaming\wklnhst.dat
[2010/09/11 13:20:07 | 003,304,105 | ---- | M] () -- C:\Users\Katherine\Documents\The Corrs - Breathless.mp3
[2010/09/11 13:20:02 | 006,830,466 | ---- | M] () -- C:\Users\Katherine\Documents\not afraid.mp3
[2010/09/11 13:19:51 | 010,671,885 | ---- | M] () -- C:\Users\Katherine\Documents\01_Love_the_Way_You_Lie_(Clean).mp3
[2010/09/11 13:19:10 | 000,010,955 | -HS- | M] () -- C:\Users\Katherine\Documents\AlbumArt_{13FADCDF-EA64-483B-9523-32D918DF8E53}_Large.jpg
[2010/09/11 13:18:55 | 000,002,754 | -HS- | M] () -- C:\Users\Katherine\Documents\AlbumArt_{13FADCDF-EA64-483B-9523-32D918DF8E53}_Small.jpg
[2010/09/11 13:15:03 | 000,007,368 | -HS- | M] () -- C:\Users\Katherine\Documents\AlbumArt_{7333A340-E097-42B3-A035-2747625D5F62}_Large.jpg
[2010/09/11 13:14:53 | 000,002,119 | -HS- | M] () -- C:\Users\Katherine\Documents\AlbumArt_{7333A340-E097-42B3-A035-2747625D5F62}_Small.jpg
[2010/09/11 13:14:28 | 000,008,999 | -HS- | M] () -- C:\Users\Katherine\Documents\AlbumArt_{5D6524EE-006A-41C4-9E59-A1805504B904}_Large.jpg
[2010/09/11 13:14:28 | 000,002,382 | -HS- | M] () -- C:\Users\Katherine\Documents\AlbumArt_{5D6524EE-006A-41C4-9E59-A1805504B904}_Small.jpg
[2010/09/11 13:13:34 | 003,940,480 | ---- | M] () -- C:\Users\Katherine\Documents\Sydney Forest - I'm gonna fly.mp3
[2010/09/11 13:13:14 | 003,940,480 | ---- | M] () -- C:\Users\Katherine\Documents\im gonna fly.mp3
[2010/09/10 16:58:16 | 005,937,142 | ---- | M] () -- C:\Users\Katherine\Documents\Selena Gomez &amp.mp3
[2010/09/10 16:32:36 | 005,939,649 | ---- | M] () -- C:\Users\Katherine\Documents\Selena Gomez - Naturally (trance remix) [HQ].mp3
[2010/09/10 16:12:45 | 005,272,181 | ---- | M] () -- C:\Users\Katherine\Documents\DJ KTMan - Naturally.mp3
[2010/09/10 15:08:57 | 000,176,128 | ---- | M] () -- C:\Users\Katherine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/10 14:00:22 | 001,008,936 | ---- | M] () -- C:\Users\Katherine\Documents\AmazonMP3Installer.exe
[2010/09/09 22:45:15 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2010/09/09 21:21:58 | 007,678,778 | ---- | M] () -- C:\Users\Katherine\Documents\Selena Gomez - Naturally (DJ Kimbo's Trance Radio Remix) (Radio Remix Made By n!nO).mp3
[2010/09/09 21:03:11 | 004,933,215 | ---- | M] () -- C:\Users\Katherine\Documents\Selena Gomez Naturally (Instrumental).mp3
[2010/09/09 20:44:41 | 003,242,609 | ---- | M] () -- C:\Users\Katherine\Documents\Selena_Gomez_-_Naturally_(Official_Acapella).mp3
[2010/09/09 20:40:35 | 004,054,236 | ---- | M] () -- C:\Users\Katherine\Documents\Naturally official instrumental 2010.mp3
[2010/09/09 18:10:24 | 003,194,945 | ---- | M] () -- C:\Users\Katherine\Documents\warlock.mp3
[2010/09/08 16:07:13 | 000,001,798 | ---- | M] () -- C:\Users\Public\Desktop\avast! Pro Antivirus.lnk
[2010/09/08 16:03:24 | 052,923,144 | ---- | M] () -- C:\Users\Katherine\Documents\setup_av_pro.exe
[2010/09/08 15:06:07 | 000,095,320 | ---- | M] () -- C:\Users\Katherine\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/09/08 11:09:01 | 003,200,032 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/09/07 21:27:26 | 000,293,376 | ---- | M] () -- C:\Users\Katherine\Documents\gkrmld0o.exe
[2010/09/07 21:21:56 | 000,525,824 | ---- | M] () -- C:\Users\Katherine\Documents\dds.scr
[2010/09/07 21:17:34 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Users\Katherine\Documents\HijackThisInstaller.exe
[2010/09/07 17:12:17 | 000,038,848 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2010/09/07 17:11:54 | 000,167,592 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2010/09/07 16:54:10 | 000,472,656 | ---- | M] () -- C:\Windows\SysNative\drivers\aswSnx.sys
[2010/09/07 16:52:29 | 000,051,280 | ---- | M] () -- C:\Windows\SysNative\drivers\aswTdi.sys
[2010/09/07 16:52:09 | 000,121,936 | ---- | M] () -- C:\Windows\SysNative\drivers\aswSP.sys
[2010/09/07 16:47:49 | 000,028,752 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRdr.sys
[2010/09/07 16:47:33 | 000,061,008 | ---- | M] () -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2010/09/07 16:47:10 | 000,020,048 | ---- | M] () -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2010/09/07 16:25:06 | 000,000,810 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/07 15:43:52 | 000,177,208 | ---- | M] () -- C:\Users\Katherine\Documents\GearScore3.1.17.zip
[2010/09/07 15:43:18 | 000,035,698 | ---- | M] () -- C:\Users\Katherine\Documents\MoveAnything.zip
[2010/09/07 15:43:04 | 000,246,754 | ---- | M] () -- C:\Users\Katherine\Documents\Bartender4-4.4.2.zip
[2010/09/07 15:41:57 | 000,700,112 | ---- | M] () -- C:\Users\Katherine\Documents\XPerl-3.0.9.zip
[2010/09/06 19:35:15 | 000,022,016 | ---- | M] () -- C:\Users\Katherine\Documents\Dps.doc
[2010/09/05 21:22:34 | 000,630,676 | ---- | M] () -- C:\Users\Katherine\Documents\breathless3.mp3
[2010/09/05 17:36:40 | 009,508,399 | ---- | M] () -- C:\Users\Katherine\Documents\1280423780_nelly___just_a_dream___hotnewhiphop _com.mp3
[2010/09/05 11:11:20 | 000,417,861 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2010/09/05 11:03:11 | 000,417,861 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20100905-111120.backup
[2010/09/04 23:20:29 | 000,001,083 | ---- | M] () -- C:\Users\Katherine\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/09/04 23:20:29 | 000,001,065 | ---- | M] () -- C:\Users\Katherine\Contacts\Desktop\Spybot - Search & Destroy.lnk
[2010/09/04 23:18:50 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Users\Katherine\Documents\spybotsd162.exe
[2010/09/04 23:08:57 | 000,001,758 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/09/04 22:56:12 | 009,333,808 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Katherine\Documents\SUPERAntiSpyware.exe
[2010/09/04 22:45:42 | 000,000,814 | ---- | M] () -- C:\Users\Katherine\Contacts\Desktop\CCleaner.lnk
[2010/09/04 22:45:31 | 003,427,248 | ---- | M] (Piriform Ltd) -- C:\Users\Katherine\Documents\ccsetup235.exe
[2010/09/04 18:54:51 | 000,000,396 | ---- | M] () -- C:\Windows\tasks\Install_NSS.job
[2010/09/04 12:46:31 | 000,000,240 | ---- | M] () -- C:\Windows\win.ini
[2010/09/04 12:19:50 | 000,001,430 | ---- | M] () -- C:\Users\Katherine\Contacts\Desktop\DivX Movies.lnk
[2010/09/04 12:19:36 | 000,000,909 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2010/08/31 18:05:04 | 000,005,238 | ---- | M] () -- C:\Windows\SysWow64\ealregsnapshot1.reg
[2010/08/30 19:17:41 | 001,612,557 | ---- | M] () -- C:\Users\Katherine\Documents\TropicalBeach31.JPG
[2010/08/30 19:16:47 | 000,407,184 | ---- | M] () -- C:\Users\Katherine\Documents\Tropical_Retreat.jpg
[2010/08/30 19:11:39 | 000,651,512 | ---- | M] () -- C:\Users\Katherine\Documents\beach-wallpaper-01.jpg
[2010/08/30 19:11:17 | 000,301,627 | ---- | M] () -- C:\Users\Katherine\Documents\afterglow,_hawaii.jpg
[2010/08/30 19:08:57 | 000,769,512 | ---- | M] () -- C:\Users\Katherine\Documents\Beach-Scene.jpg
[2010/08/29 18:33:50 | 000,000,000 | ---- | M] () -- C:\Users\Katherine\AppData\Local\prvlcl.dat
[2010/08/29 15:46:32 | 000,790,054 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/08/29 15:46:32 | 000,663,486 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/08/29 15:46:32 | 000,128,906 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/08/29 12:20:12 | 000,001,798 | ---- | M] () -- C:\Users\Katherine\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox (5).lnk
[2010/08/29 11:40:40 | 000,024,064 | ---- | M] () -- C:\Users\Katherine\Documents\11518041.doc
[2010/08/29 11:39:06 | 000,001,798 | ---- | M] () -- C:\Users\Katherine\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox (4).lnk
[2010/08/29 10:41:29 | 000,001,798 | ---- | M] () -- C:\Users\Katherine\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox (3).lnk
[2010/08/29 10:41:23 | 000,001,798 | ---- | M] () -- C:\Users\Katherine\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/08/29 01:45:31 | 000,000,000 | ---- | M] () -- C:\Users\Katherine\mssefullinstall-amd64fre-en-us-vista-win7.exe
[2010/08/28 20:58:46 | 000,001,977 | ---- | M] () -- C:\Users\Katherine\Contacts\Desktop\Windows Live Messenger .lnk
[2010/08/28 20:16:49 | 002,146,504 | ---- | M] (AVG Technologies) -- C:\Users\Katherine\Documents\avg_iswt_stb_all_9_117_free.exe
[2010/08/28 11:56:03 | 000,001,718 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/08/28 11:47:41 | 000,000,000 | ---- | M] () -- C:\Users\Katherine\Documents\iTunesSetup.exe
[2010/08/28 10:30:33 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Katherine\Documents\mbam-setup.exe
[2010/08/28 10:13:59 | 109,280,088 | ---- | M] (Kaspersky Lab) -- C:\Users\Katherine\Documents\kav2011_11.0.1.400en_us.exe
[2010/08/19 11:56:34 | 000,019,968 | ---- | M] () -- C:\Users\Katherine\Documents\sefsfsfsfsfesf.doc
[2010/08/15 13:32:17 | 001,312,504 | ---- | M] () -- C:\Users\Katherine\Documents\ghrdgsgs.jpg
[2010/08/15 13:25:38 | 001,052,000 | ---- | M] () -- C:\Users\Katherine\Documents\cszzczcz.jpg
[2010/08/15 13:18:23 | 002,263,492 | ---- | M] () -- C:\Users\Katherine\Documents\dadawdadwadawda.jpg
[2010/08/15 13:15:35 | 002,674,254 | ---- | M] () -- C:\Users\Katherine\Documents\esfsfsfsfe.jpg
[2010/08/15 01:47:54 | 000,000,000 | ---- | M] () -- C:\Users\Katherine\Documents\preview.mp3
[2010/08/11 02:23:10 | 000,027,124 | ---- | M] () -- C:\Users\Katherine\Documents\alphaville-forever_young.mid
[2010/08/11 01:02:19 | 008,238,753 | ---- | M] () -- C:\Users\Katherine\Documents\6hdubelong2me.mp3
[2010/08/11 01:01:58 | 008,011,233 | ---- | M] () -- C:\Users\Katherine\Documents\18hddontrust.mp3
[2010/08/11 01:01:29 | 004,467,597 | ---- | M] () -- C:\Users\Katherine\Documents\jay-z_ft._mr._hudson_-_forever_young_piano_by_ray_mak.mp3
[2010/08/11 00:59:48 | 008,181,504 | ---- | M] () -- C:\Users\Katherine\Documents\50hdnaturally.mp3
[2010/08/05 19:45:04 | 000,355,189 | ---- | M] () -- C:\Users\Katherine\Documents\Recount-v3.3h_release.zip
[2010/07/29 17:13:52 | 000,019,968 | ---- | M] () -- C:\Users\Katherine\Documents\the land before time.doc
[2010/07/29 15:06:44 | 004,481,162 | ---- | M] () -- C:\Users\Katherine\Documents\Kiki's Delivery Service - I'm Gonna Fly.mp3
[2010/07/24 05:43:12 | 000,000,268 | ---- | M] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/07/23 04:35:50 | 025,548,264 | ---- | M] (Acresso Software Inc.) -- C:\Users\Katherine\Documents\Sims3_1.14.11.007001_from_1.12.70.006001.exe
[2010/07/23 04:30:10 | 028,075,408 | ---- | M] (Acresso Software Inc.) -- C:\Users\Katherine\Documents\Sims3_1.14.11.007002_from_1.12.70.006002.exe
[2010/07/23 04:16:37 | 000,002,094 | ---- | M] () -- C:\Users\Katherine\Documents\EA Download Manager.lnk
[2010/07/23 04:15:22 | 022,103,176 | ---- | M] (Electronic Arts, Inc.) -- C:\Users\Katherine\Documents\eadm-installer.exe
[2010/07/23 03:53:45 | 041,995,184 | ---- | M] (Acresso Software Inc.) -- C:\Users\Katherine\Documents\Sims3_4.2.32.007001_from_4.0.87.006001.exe
[2010/07/23 03:52:46 | 049,910,760 | ---- | M] (Acresso Software Inc.) -- C:\Users\Katherine\Documents\Sims3_4.2.32.007017_from_4.0.87.006017.exe
[2010/07/22 06:05:14 | 000,000,680 | ---- | M] () -- C:\Users\Katherine\AppData\Local\d3d9caps.dat
[2010/07/22 05:36:55 | 000,000,732 | ---- | M] () -- C:\Users\Katherine\AppData\Local\d3d9caps64.dat
[2010/07/22 04:44:23 | 000,000,000 | ---- | M] () -- C:\Users\Katherine\Documents\All I Do Is Win (Remix).mp3
[2010/07/22 04:27:45 | 000,000,794 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20100905-110311.backup
[2010/07/22 04:27:43 | 000,000,150 | ---- | M] () -- C:\zrpt.xml
[2010/07/22 02:46:36 | 004,549,600 | ---- | M] () -- C:\Users\Katherine\Documents\all i do is win.mp3
[2010/07/19 12:08:28 | 000,045,132 | ---- | M] () -- C:\Users\Katherine\Documents\CazyAntoHair80_thumbf.jpg
[2010/07/18 20:40:14 | 000,001,729 | ---- | M] () -- C:\Users\Katherine\Documents\McAfee Security Scan Plus.lnk
[2010/07/18 05:07:32 | 004,768,910 | ---- | M] () -- C:\Users\Katherine\Documents\The Fugees-Killing me softl.mp3
[2010/07/18 03:48:04 | 045,255,764 | ---- | M] () -- C:\Users\Katherine\Documents\ForeverYoung.wav
[2010/07/18 03:37:32 | 005,003,574 | ---- | M] () -- C:\Users\Katherine\Documents\ForeverYoung.mp3
[2010/07/17 05:04:39 | 000,000,357 | ---- | M] () -- C:\Users\Katherine\Documents\shakira - waka waka.mp3
[2010/07/14 00:37:57 | 000,028,672 | ---- | M] () -- C:\Users\Katherine\Documents\wow faction talk.doc
[2010/07/13 21:55:40 | 000,000,162 | -H-- | M] () -- C:\Users\Katherine\Documents\~$w faction talk.doc
[2010/07/13 17:13:15 | 000,044,008 | ---- | M] () -- C:\Users\Katherine\Documents\PeggyHair26_3.jpg
[2010/07/09 14:19:49 | 000,001,430 | ---- | M] () -- C:\Users\Katherine\Documents\DivX Movies.lnk
[2010/07/09 14:19:18 | 000,000,909 | ---- | M] () -- C:\Users\Katherine\Documents\DivX Plus Player.lnk
[2010/07/09 02:02:52 | 000,110,526 | ---- | M] () -- C:\Users\Katherine\Documents\GearScore.rar
[2010/07/08 02:35:30 | 028,582,572 | ---- | M] () -- C:\Users\Katherine\Documents\05. WeAre Young - 30H!3.wav
[2010/07/08 02:30:57 | 029,756,012 | ---- | M] () -- C:\Users\Katherine\Documents\12. Strrets Of Gold - 30H!3.wav
[2010/07/08 00:48:38 | 000,022,016 | ---- | M] () -- C:\Users\Katherine\Documents\À Á Â Ã Ä Å à á â ã ä å Æ æ È É Ê Ë ë è ê é Ì Í Î Ï ì í î ï Ñ ñ Ò Ó Ö Õ Ô Ø ò ó ô õ ö ø ð Ù Ü Ú Û ù ú û ü Ý Ÿ ý ÿ Š š ž Ž Ç ç Ð ß Æ.doc
[2010/07/06 23:03:43 | 000,029,696 | ---- | M] () -- C:\Users\Katherine\Documents\dinosaurlol.doc
[2010/07/06 13:58:19 | 000,000,949 | ---- | M] () -- C:\Users\Katherine\Documents\DivX Plus Converter.lnk
[2010/07/02 00:03:05 | 030,291,480 | ---- | M] () -- C:\Users\Katherine\Documents\Don't Trust Me - 30H!3.wav
[2010/07/01 23:57:25 | 030,292,940 | ---- | M] () -- C:\Users\Katherine\Documents\15. Don't Trust Me - 30H!3.wav
[2010/07/01 21:37:44 | 001,998,294 | ---- | M] () -- C:\Users\Katherine\Documents\fd38375000268a564794f234.mp3
[2010/07/01 15:57:56 | 000,001,979 | ---- | M] () -- C:\Users\Katherine\Documents\EA Link.lnk
[2010/07/01 15:56:34 | 002,131,336 | ---- | M] (Ask.com ) -- C:\Users\Katherine\Documents\askToolbarInstaller-1.6.6.0.exe
[2010/07/01 15:56:28 | 012,760,056 | ---- | M] (Electronic Arts ) -- C:\Users\Katherine\Documents\ead-installer.exe
[2010/07/01 15:56:14 | 000,260,400 | ---- | M] () -- C:\Users\Katherine\Documents\SoftonicDownloader62174.exe
[2010/06/29 23:04:31 | 000,002,029 | ---- | M] () -- C:\Users\Public\Desktop\The Sims™ 3 Ambitions.lnk
[2010/06/29 22:54:06 | 000,002,073 | ---- | M] () -- C:\Users\Katherine\Documents\The Sims™ 3 World Adventures.lnk
[2010/06/26 08:28:41 | 000,243,712 | ---- | M] () -- C:\Windows\SysNative\occache.dll
[2010/06/26 08:26:43 | 000,706,048 | ---- | M] () -- C:\Windows\SysNative\msfeeds.dll
[2010/06/26 08:26:05 | 001,538,560 | ---- | M] () -- C:\Windows\SysNative\inetcpl.cpl
[2010/06/26 08:25:54 | 002,335,744 | ---- | M] () -- C:\Windows\SysNative\iertutil.dll
[2010/06/26 08:25:54 | 000,219,136 | ---- | M] () -- C:\Windows\SysNative\ieui.dll
[2010/06/26 08:25:54 | 000,132,096 | ---- | M] () -- C:\Windows\SysNative\iesysprep.dll
[2010/06/26 08:25:54 | 000,077,312 | ---- | M] () -- C:\Windows\SysNative\iesetup.dll
[2010/06/26 08:25:53 | 000,252,416 | ---- | M] () -- C:\Windows\SysNative\iepeers.dll
[2010/06/26 08:25:53 | 000,072,192 | ---- | M] () -- C:\Windows\SysNative\iernonce.dll
[2010/06/26 06:47:47 | 000,162,816 | ---- | M] () -- C:\Windows\SysNative\ieUnatt.exe
[2010/06/26 06:47:29 | 000,070,656 | ---- | M] () -- C:\Windows\SysNative\ie4uinit.exe
[2010/06/26 06:46:54 | 000,012,288 | ---- | M] () -- C:\Windows\SysNative\msfeedssync.exe
[2010/06/23 14:50:16 | 000,524,288 | -HS- | M] () -- C:\Users\Katherine\ntuser.dat{c51dc64c-7ec5-11df-bd8d-001fc68a4053}.TMContainer00000000000000000002.regtrans-ms
[2010/06/22 03:26:17 | 000,524,288 | -HS- | M] () -- C:\Users\Katherine\ntuser.dat{44a65ddc-7c58-11df-8870-001fc68a4053}.TMContainer00000000000000000001.regtrans-ms
[2010/06/22 03:26:17 | 000,065,536 | -HS- | M] () -- C:\Users\Katherine\ntuser.dat{44a65ddc-7c58-11df-8870-001fc68a4053}.TM.blf
[2010/06/20 12:41:24 | 000,524,288 | -HS- | M] () -- C:\Users\Katherine\ntuser.dat{44a65ddc-7c58-11df-8870-001fc68a4053}.TMContainer00000000000000000002.regtrans-ms
[2010/06/19 11:01:34 | 000,524,288 | -HS- | M] () -- C:\Users\Katherine\ntuser.dat{3048248e-7b81-11df-8848-001fc68a4053}.TMContainer00000000000000000002.regtrans-ms
[2010/06/19 11:01:34 | 000,524,288 | -HS- | M] () -- C:\Users\Katherine\ntuser.dat{3048248e-7b81-11df-8848-001fc68a4053}.TMContainer00000000000000000001.regtrans-ms
[2010/06/19 11:01:34 | 000,065,536 | -HS- | M] () -- C:\Users\Katherine\ntuser.dat{3048248e-7b81-11df-8848-001fc68a4053}.TM.blf
[2010/06/18 19:17:49 | 000,050,688 | ---- | M] () -- C:\Windows\SysNative\rtutils.dll
[2010/06/18 15:38:13 | 000,524,288 | -HS- | M] () -- C:\Users\Katherine\ntuser.dat{6752e66e-5bf7-11df-8efd-001fc68a4053}.TMContainer00000000000000000001.regtrans-ms
[2010/06/18 15:38:13 | 000,065,536 | -HS- | M] () -- C:\Users\Katherine\ntuser.dat{6752e66e-5bf7-11df-8efd-001fc68a4053}.TM.blf
[2010/06/15 16:10:46 | 000,975,512 | ---- | M] (Blizzard Entertainment, Inc.) -- C:\Users\Katherine\Documents\Repair.exe
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Users\Katherine\Documents\*.tmp files -> C:\Users\Katherine\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/09/13 13:59:37 | 000,080,384 | ---- | C] () -- C:\Users\Katherine\Documents\MBRCheck.exe
[2010/09/13 06:53:31 | 268,435,456 | -HS- | C] () -- C:\Windows\SysNative\temppf.sys
[2010/09/12 20:57:22 | 003,797,191 | ---- | C] () -- C:\Users\Katherine\Documents\Selena Gomez - Naturally (PJ-R Bootleg Remix).mp3
[2010/09/12 20:42:39 | 003,291,878 | ---- | C] () -- C:\Users\Katherine\Documents\Selena Gomez - Naturally (Clubwaver Remix).mp3
[2010/09/12 20:40:13 | 008,339,584 | ---- | C] () -- C:\Users\Katherine\Documents\Selena Gomez - Naturally (Clubwaver Remix) [ www.DjKaniQ.pl ].mp3
[2010/09/12 19:49:07 | 004,806,656 | ---- | C] () -- C:\Users\Katherine\Documents\Ke$ha - Tik Tok Instrumental (Regular).mp3
[2010/09/12 19:06:39 | 011,167,938 | ---- | C] () -- C:\Users\Katherine\Documents\Ke$ha - Tik Tok (D3Y Remix Edit).mp3
[2010/09/11 13:19:24 | 000,010,955 | -HS- | C] () -- C:\Users\Katherine\Documents\AlbumArt_{13FADCDF-EA64-483B-9523-32D918DF8E53}_Large.jpg
[2010/09/11 13:19:24 | 000,002,754 | -HS- | C] () -- C:\Users\Katherine\Documents\AlbumArt_{13FADCDF-EA64-483B-9523-32D918DF8E53}_Small.jpg
[2010/09/11 13:15:15 | 000,007,368 | -HS- | C] () -- C:\Users\Katherine\Documents\AlbumArt_{7333A340-E097-42B3-A035-2747625D5F62}_Large.jpg
[2010/09/11 13:15:15 | 000,002,119 | -HS- | C] () -- C:\Users\Katherine\Documents\AlbumArt_{7333A340-E097-42B3-A035-2747625D5F62}_Small.jpg
[2010/09/11 13:14:28 | 000,008,999 | -HS- | C] () -- C:\Users\Katherine\Documents\AlbumArt_{5D6524EE-006A-41C4-9E59-A1805504B904}_Large.jpg
[2010/09/11 13:14:28 | 000,002,382 | -HS- | C] () -- C:\Users\Katherine\Documents\AlbumArt_{5D6524EE-006A-41C4-9E59-A1805504B904}_Small.jpg
[2010/09/10 16:58:16 | 005,937,142 | ---- | C] () -- C:\Users\Katherine\Documents\Selena Gomez &amp.mp3
[2010/09/10 16:32:35 | 005,939,649 | ---- | C] () -- C:\Users\Katherine\Documents\Selena Gomez - Naturally (trance remix) [HQ].mp3
[2010/09/10 16:12:47 | 005,272,181 | ---- | C] () -- C:\Users\Katherine\Documents\DJ KTMan - Naturally.mp3
[2010/09/10 14:00:28 | 001,008,936 | ---- | C] () -- C:\Users\Katherine\Documents\AmazonMP3Installer.exe
[2010/09/09 21:20:02 | 007,678,778 | ---- | C] () -- C:\Users\Katherine\Documents\Selena Gomez - Naturally (DJ Kimbo's Trance Radio Remix) (Radio Remix Made By n!nO).mp3
[2010/09/09 21:01:54 | 004,933,215 | ---- | C] () -- C:\Users\Katherine\Documents\Selena Gomez Naturally (Instrumental).mp3
[2010/09/09 20:44:42 | 003,242,609 | ---- | C] () -- C:\Users\Katherine\Documents\Selena_Gomez_-_Naturally_(Official_Acapella).mp3
[2010/09/09 20:40:37 | 004,054,236 | ---- | C] () -- C:\Users\Katherine\Documents\Naturally official instrumental 2010.mp3
[2010/09/09 18:10:20 | 003,194,945 | ---- | C] () -- C:\Users\Katherine\Documents\warlock.mp3
[2010/09/08 16:07:13 | 000,001,798 | ---- | C] () -- C:\Users\Public\Desktop\avast! Pro Antivirus.lnk
[2010/09/08 16:07:12 | 000,121,936 | ---- | C] () -- C:\Windows\SysNative\drivers\aswSP.sys
[2010/09/08 16:07:12 | 000,020,048 | ---- | C] () -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2010/09/08 16:07:10 | 000,472,656 | ---- | C] () -- C:\Windows\SysNative\drivers\aswSnx.sys
[2010/09/08 16:07:10 | 000,028,752 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRdr.sys
[2010/09/08 16:07:09 | 000,051,280 | ---- | C] () -- C:\Windows\SysNative\drivers\aswTdi.sys
[2010/09/08 16:06:27 | 000,427,430 | ---- | C] () -- C:\Users\Katherine\AppData\Local\dd_vcredistMSI682F.txt
[2010/09/08 16:06:26 | 000,012,258 | ---- | C] () -- C:\Users\Katherine\AppData\Local\dd_vcredistUI682F.txt
[2010/09/08 16:03:20 | 052,923,144 | ---- | C] () -- C:\Users\Katherine\Documents\setup_av_pro.exe
[2010/09/07 21:27:29 | 000,293,376 | ---- | C] () -- C:\Users\Katherine\Documents\gkrmld0o.exe
[2010/09/07 21:21:57 | 000,525,824 | ---- | C] () -- C:\Users\Katherine\Documents\dds.scr
[2010/09/07 16:25:06 | 000,000,810 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/07 15:43:15 | 000,035,698 | ---- | C] () -- C:\Users\Katherine\Documents\MoveAnything.zip
[2010/09/07 15:42:57 | 000,246,754 | ---- | C] () -- C:\Users\Katherine\Documents\Bartender4-4.4.2.zip
[2010/09/07 15:41:46 | 000,700,112 | ---- | C] () -- C:\Users\Katherine\Documents\XPerl-3.0.9.zip
[2010/09/06 19:35:14 | 000,022,016 | ---- | C] () -- C:\Users\Katherine\Documents\Dps.doc
[2010/09/05 21:27:19 | 003,304,105 | ---- | C] () -- C:\Users\Katherine\Documents\The Corrs - Breathless.mp3
[2010/09/05 21:22:37 | 000,630,676 | ---- | C] () -- C:\Users\Katherine\Documents\breathless3.mp3
[2010/09/05 17:36:08 | 009,508,399 | ---- | C] () -- C:\Users\Katherine\Documents\1280423780_nelly___just_a_dream___hotnewhiphop _com.mp3
[2010/09/04 23:20:29 | 000,001,083 | ---- | C] () -- C:\Users\Katherine\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/09/04 23:20:29 | 000,001,065 | ---- | C] () -- C:\Users\Katherine\Contacts\Desktop\Spybot - Search & Destroy.lnk
[2010/09/04 23:08:57 | 000,001,758 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/09/04 22:45:42 | 000,000,814 | ---- | C] () -- C:\Users\Katherine\Contacts\Desktop\CCleaner.lnk
[2010/09/04 19:09:57 | 2146,721,791 | -HS- | C] () -- C:\hiberfil.sys
[2010/09/04 19:02:51 | 000,001,695 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
[2010/09/04 14:49:41 | 000,061,008 | ---- | C] () -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2010/09/04 14:49:37 | 000,001,824 | ---- | C] () -- C:\Users\Katherine\AppData\Local\dd_vcredistMSI74D6.txt
[2010/09/04 14:49:35 | 000,012,056 | ---- | C] () -- C:\Users\Katherine\AppData\Local\dd_vcredistUI74D6.txt
[2010/09/04 14:43:15 | 000,001,832 | ---- | C] () -- C:\Users\Katherine\AppData\Local\dd_vcredistMSI6FF9.txt
[2010/09/04 14:43:14 | 000,012,072 | ---- | C] () -- C:\Users\Katherine\AppData\Local\dd_vcredistUI6FF9.txt
[2010/09/04 12:19:50 | 000,001,430 | ---- | C] () -- C:\Users\Katherine\Contacts\Desktop\DivX Movies.lnk
[2010/09/04 12:19:36 | 000,000,909 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2010/09/04 12:19:25 | 000,000,396 | ---- | C] () -- C:\Windows\tasks\Install_NSS.job
[2010/09/03 10:46:38 | 000,337,284 | ---- | C] () -- C:\Users\Katherine\AppData\Local\dd_vcredistMSI6CC1.txt
[2010/09/03 10:46:38 | 000,012,502 | ---- | C] () -- C:\Users\Katherine\AppData\Local\dd_vcredistUI6CC1.txt
[2010/08/30 19:19:02 | 000,336,616 | ---- | C] () -- C:\Users\Katherine\AppData\Local\dd_vcredistMSI3C63.txt
[2010/08/30 19:19:01 | 000,011,418 | ---- | C] () -- C:\Users\Katherine\AppData\Local\dd_vcredistUI3C63.txt
[2010/08/30 19:17:40 | 001,612,557 | ---- | C] () -- C:\Users\Katherine\Documents\TropicalBeach31.JPG
[2010/08/30 19:16:47 | 000,407,184 | ---- | C] () -- C:\Users\Katherine\Documents\Tropical_Retreat.jpg
[2010/08/30 19:11:39 | 000,651,512 | ---- | C] () -- C:\Users\Katherine\Documents\beach-wallpaper-01.jpg
[2010/08/30 19:11:17 | 000,301,627 | ---- | C] () -- C:\Users\Katherine\Documents\afterglow,_hawaii.jpg
[2010/08/30 19:08:57 | 000,769,512 | ---- | C] () -- C:\Users\Katherine\Documents\Beach-Scene.jpg
[2010/08/30 17:49:36 | 000,335,774 | ---- | C] () -- C:\Users\Katherine\AppData\Local\dd_vcredistMSI77F0.txt
[2010/08/30 17:49:35 | 000,011,986 | ---- | C] () -- C:\Users\Katherine\AppData\Local\dd_vcredistUI77F0.txt
[2010/08/29 18:30:46 | 000,336,154 | ---- | C] () -- C:\Users\Katherine\AppData\Local\dd_vcredistMSI4950.txt
[2010/08/29 18:30:45 | 000,012,002 | ---- | C] () -- C:\Users\Katherine\AppData\Local\dd_vcredistUI4950.txt
[2010/08/29 14:45:59 | 000,010,630 | ---- | C] () -- C:\Users\Katherine\AppData\Local\dd_vcredistUI1D48.txt
[2010/08/29 14:45:58 | 000,412,014 | ---- | C] () -- C:\Users\Katherine\AppData\Local\dd_vcredistMSI1D3E.txt
[2010/08/29 14:45:56 | 000,012,106 | ---- | C] () -- C:\Users\Katherine\AppData\Local\dd_vcredistUI1D3E.txt
[2010/08/29 12:20:12 | 000,001,798 | ---- | C] () -- C:\Users\Katherine\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox (5).lnk
[2010/08/29 11:40:39 | 000,024,064 | ---- | C] () -- C:\Users\Katherine\Documents\11518041.doc
[2010/08/29 11:39:06 | 000,001,798 | ---- | C] () -- C:\Users\Katherine\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox (4).lnk
[2010/08/29 10:41:29 | 000,001,798 | ---- | C] () -- C:\Users\Katherine\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox (3).lnk
[2010/08/29 10:41:23 | 000,001,798 | ---- | C] () -- C:\Users\Katherine\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/08/29 01:45:31 | 000,000,000 | ---- | C] () -- C:\Users\Katherine\mssefullinstall-amd64fre-en-us-vista-win7.exe
[2010/08/28 20:58:46 | 000,001,977 | ---- | C] () -- C:\Users\Katherine\Contacts\Desktop\Windows Live Messenger .lnk
[2010/08/28 11:57:26 | 000,002,215 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/08/28 11:56:03 | 000,001,718 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/08/28 11:47:41 | 000,000,000 | ---- | C] () -- C:\Users\Katherine\Documents\iTunesSetup.exe
[2010/08/28 10:02:24 | 000,421,400 | ---- | C] () -- C:\Users\Katherine\AppData\Local\dd_vcredistMSI7617.txt
[2010/08/28 10:02:23 | 000,012,290 | ---- | C] () -- C:\Users\Katherine\AppData\Local\dd_vcredistUI7617.txt
[2010/08/18 09:36:41 | 000,019,968 | ---- | C] () -- C:\Users\Katherine\Documents\sefsfsfsfsfesf.doc
[2010/08/15 13:32:15 | 001,312,504 | ---- | C] () -- C:\Users\Katherine\Documents\ghrdgsgs.jpg
[2010/08/15 13:15:33 | 002,674,254 | ---- | C] () -- C:\Users\Katherine\Documents\esfsfsfsfe.jpg
[2010/08/15 13:13:04 | 001,052,000 | ---- | C] () -- C:\Users\Katherine\Documents\cszzczcz.jpg
[2010/08/15 12:20:20 | 002,263,492 | ---- | C] () -- C:\Users\Katherine\Documents\dadawdadwadawda.jpg
[2010/08/15 01:47:54 | 000,000,000 | ---- | C] () -- C:\Users\Katherine\Documents\preview.mp3
[2010/08/12 06:56:01 | 001,420,176 | ---- | C] () -- C:\Windows\SysNative\drivers\tcpip.sys
[2010/08/12 06:55:58 | 000,462,848 | ---- | C] () -- C:\Windows\SysNative\drivers\srv.sys
[2010/08/12 06:55:58 | 000,174,592 | ---- | C] () -- C:\Windows\SysNative\drivers\srv2.sys
[2010/08/12 06:55:53 | 002,749,952 | ---- | C] () -- C:\Windows\SysNative\win32k.sys
[2010/08/12 06:55:50 | 000,050,688 | ---- | C] () -- C:\Windows\SysNative\rtutils.dll
[2010/08/12 06:55:47 | 004,690,832 | ---- | C] () -- C:\Windows\SysNative\ntoskrnl.exe
[2010/08/12 06:55:36 | 009,250,816 | ---- | C] () -- C:\Windows\SysNative\mshtml.dll
[2010/08/12 06:55:35 | 012,473,344 | ---- | C] () -- C:\Windows\SysNative\ieframe.dll
[2010/08/12 06:55:34 | 002,335,744 | ---- | C] () -- C:\Windows\SysNative\iertutil.dll
[2010/08/12 06:55:33 | 001,487,360 | ---- | C] () -- C:\Windows\SysNative\urlmon.dll
[2010/08/12 06:55:33 | 001,147,904 | ---- | C] () -- C:\Windows\SysNative\wininet.dll
[2010/08/12 06:55:33 | 000,706,048 | ---- | C] () -- C:\Windows\SysNative\msfeeds.dll
[2010/08/12 06:55:33 | 000,459,776 | ---- | C] () -- C:\Windows\SysNative\iedkcs32.dll
[2010/08/12 06:55:33 | 000,252,416 | ---- | C] () -- C:\Windows\SysNative\iepeers.dll
[2010/08/12 06:55:33 | 000,243,712 | ---- | C] () -- C:\Windows\SysNative\occache.dll
[2010/08/12 06:55:32 | 001,538,560 | ---- | C] () -- C:\Windows\SysNative\inetcpl.cpl
[2010/08/12 06:55:32 | 001,062,912 | ---- | C] () -- C:\Windows\SysNative\mstime.dll
[2010/08/12 06:55:32 | 000,219,136 | ---- | C] () -- C:\Windows\SysNative\ieui.dll
[2010/08/12 06:55:32 | 000,162,816 | ---- | C] () -- C:\Windows\SysNative\ieUnatt.exe
[2010/08/12 06:55:32 | 000,132,096 | ---- | C] () -- C:\Windows\SysNative\iesysprep.dll
[2010/08/12 06:55:32 | 000,077,312 | ---- | C] () -- C:\Windows\SysNative\iesetup.dll
[2010/08/12 06:55:32 | 000,072,192 | ---- | C] () -- C:\Windows\SysNative\iernonce.dll
[2010/08/12 06:55:32 | 000,071,680 | ---- | C] () -- C:\Windows\SysNative\msfeedsbs.dll
[2010/08/12 06:55:32 | 000,070,656 | ---- | C] () -- C:\Windows\SysNative\ie4uinit.exe
[2010/08/12 06:55:32 | 000,031,744 | ---- | C] () -- C:\Windows\SysNative\jsproxy.dll
[2010/08/12 06:55:32 | 000,012,288 | ---- | C] () -- C:\Windows\SysNative\msfeedssync.exe
[2010/08/12 06:55:31 | 001,638,912 | ---- | C] () -- C:\Windows\SysNative\mshtml.tlb
[2010/08/12 06:55:28 | 001,875,456 | ---- | C] () -- C:\Windows\SysNative\msxml3.dll
[2010/08/12 06:55:27 | 000,343,040 | ---- | C] () -- C:\Windows\SysNative\schannel.dll
[2010/08/11 04:39:04 | 010,671,885 | ---- | C] () -- C:\Users\Katherine\Documents\01_Love_the_Way_You_Lie_(Clean).mp3
[2010/08/11 04:32:39 | 006,830,466 | ---- | C] () -- C:\Users\Katherine\Documents\not afraid.mp3
[2010/08/11 02:23:12 | 000,027,124 | ---- | C] () -- C:\Users\Katherine\Documents\alphaville-forever_young.mid
[2010/08/11 01:02:08 | 008,238,753 | ---- | C] () -- C:\Users\Katherine\Documents\6hdubelong2me.mp3
[2010/08/11 01:01:39 | 008,011,233 | ---- | C] () -- C:\Users\Katherine\Documents\18hddontrust.mp3
[2010/08/11 01:01:17 | 004,467,597 | ---- | C] () -- C:\Users\Katherine\Documents\jay-z_ft._mr._hudson_-_forever_young_piano_by_ray_mak.mp3
[2010/08/11 00:59:09 | 008,181,504 | ---- | C] () -- C:\Users\Katherine\Documents\50hdnaturally.mp3
[2010/08/05 19:45:07 | 000,355,189 | ---- | C] () -- C:\Users\Katherine\Documents\Recount-v3.3h_release.zip
[2010/08/03 11:39:41 | 012,898,304 | ---- | C] () -- C:\Windows\SysNative\shell32.dll
[2010/07/31 16:06:02 | 000,568,540 | ---- | C] () -- C:\Users\Katherine\AppData\Local\dd_vcredistMSI7D32.txt
[2010/07/31 16:01:28 | 000,015,380 | ---- | C] () -- C:\Users\Katherine\AppData\Local\dd_vcredistUI7D32.txt
[2010/07/29 17:13:52 | 000,019,968 | ---- | C] () -- C:\Users\Katherine\Documents\the land before time.doc
[2010/07/29 15:40:38 | 003,940,480 | ---- | C] () -- C:\Users\Katherine\Documents\Sydney Forest - I'm gonna fly.mp3
[2010/07/29 15:12:20 | 003,940,480 | ---- | C] () -- C:\Users\Katherine\Documents\im gonna fly.mp3
[2010/07/29 15:05:42 | 004,481,162 | ---- | C] () -- C:\Users\Katherine\Documents\Kiki's Delivery Service - I'm Gonna Fly.mp3
[2010/07/24 05:43:08 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/07/23 04:16:37 | 000,002,094 | ---- | C] () -- C:\Users\Katherine\Documents\EA Download Manager.lnk
[2010/07/23 04:08:04 | 000,005,238 | ---- | C] () -- C:\Windows\SysWow64\ealregsnapshot1.reg
[2010/07/23 03:05:13 | 000,027,453 | ---- | C] () -- C:\Users\Katherine\Documents\peggyzone-sims3-F-FAhair083.jpg
[2010/07/23 03:05:13 | 000,020,025 | ---- | C] () -- C:\Users\Katherine\Documents\peggyzone-sims3-F-FAhair052.JPG
[2010/07/23 03:04:23 | 000,068,790 | ---- | C] () -- C:\Users\Katherine\Documents\peggyzone-sims3-hair1-1-b.jpg
[2010/07/23 03:04:19 | 000,023,084 | ---- | C] () -- C:\Users\Katherine\Documents\peggyzone-sims3-F-FAhair041.jpg
[2010/07/23 03:04:18 | 000,076,508 | ---- | C] () -- C:\Users\Katherine\Documents\installed_PlumpLip.jpg
[2010/07/23 03:04:18 | 000,071,940 | ---- | C] () -- C:\Users\Katherine\Documents\lip02_tech02.jpg
[2010/07/23 03:04:17 | 000,045,132 | ---- | C] () -- C:\Users\Katherine\Documents\CazyAntoHair80_thumbf.jpg
[2010/07/23 03:04:16 | 000,044,008 | ---- | C] () -- C:\Users\Katherine\Documents\PeggyHair26_3.jpg
[2010/07/23 03:04:04 | 000,002,752 | ---- | C] () -- C:\Users\Katherine\Documents\XM Sims 3 Read Me (2).htm
[2010/07/22 06:49:55 | 000,024,664 | ---- | C] () -- C:\Windows\SysNative\drivers\mbam.sys
[2010/07/22 06:04:15 | 000,000,680 | ---- | C] () -- C:\Users\Katherine\AppData\Local\d3d9caps.dat
[2010/07/22 04:44:23 | 000,000,000 | ---- | C] () -- C:\Users\Katherine\Documents\All I Do Is Win (Remix).mp3
[2010/07/22 04:27:43 | 000,000,150 | ---- | C] () -- C:\zrpt.xml
[2010/07/22 02:45:59 | 004,549,600 | ---- | C] () -- C:\Users\Katherine\Documents\all i do is win.mp3
[2010/07/18 05:07:11 | 004,768,910 | ---- | C] () -- C:\Users\Katherine\Documents\The Fugees-Killing me softl.mp3
[2010/07/18 03:48:02 | 045,255,764 | ---- | C] () -- C:\Users\Katherine\Documents\ForeverYoung.wav
[2010/07/18 03:37:15 | 005,003,574 | ---- | C] () -- C:\Users\Katherine\Documents\ForeverYoung.mp3
[2010/07/17 05:04:38 | 000,000,357 | ---- | C] () -- C:\Users\Katherine\Documents\shakira - waka waka.mp3
[2010/07/15 14:21:52 | 000,001,729 | ---- | C] () -- C:\Users\Katherine\Documents\McAfee Security Scan Plus.lnk
[2010/07/13 21:55:40 | 000,028,672 | ---- | C] () -- C:\Users\Katherine\Documents\wow faction talk.doc
[2010/07/13 21:55:40 | 000,000,162 | -H-- | C] () -- C:\Users\Katherine\Documents\~$w faction talk.doc
[2010/07/09 02:02:52 | 000,110,526 | ---- | C] () -- C:\Users\Katherine\Documents\GearScore.rar
[2010/07/09 01:02:14 | 000,177,208 | ---- | C] () -- C:\Users\Katherine\Documents\GearScore3.1.17.zip
[2010/07/08 02:35:26 | 028,582,572 | ---- | C] () -- C:\Users\Katherine\Documents\05. WeAre Young - 30H!3.wav
[2010/07/08 02:30:52 | 029,756,012 | ---- | C] () -- C:\Users\Katherine\Documents\12. Strrets Of Gold - 30H!3.wav
[2010/07/07 15:00:46 | 000,336,798 | ---- | C] () -- C:\Users\Katherine\AppData\Local\dd_vcredistMSI7B89.txt
[2010/07/07 15:00:45 | 000,012,018 | ---- | C] () -- C:\Users\Katherine\AppData\Local\dd_vcredistUI7B89.txt
[2010/07/06 21:51:05 | 000,029,696 | ---- | C] () -- C:\Users\Katherine\Documents\dinosaurlol.doc
[2010/07/06 13:59:20 | 000,001,430 | ---- | C] () -- C:\Users\Katherine\Documents\DivX Movies.lnk
[2010/07/06 13:58:26 | 000,000,909 | ---- | C] () -- C:\Users\Katherine\Documents\DivX Plus Player.lnk
[2010/07/06 13:58:19 | 000,000,949 | ---- | C] () -- C:\Users\Katherine\Documents\DivX Plus Converter.lnk
[2010/07/02 00:03:03 | 030,291,480 | ---- | C] () -- C:\Users\Katherine\Documents\Don't Trust Me - 30H!3.wav
[2010/07/01 23:57:22 | 030,292,940 | ---- | C] () -- C:\Users\Katherine\Documents\15. Don't Trust Me - 30H!3.wav
[2010/07/01 21:36:09 | 001,998,294 | ---- | C] () -- C:\Users\Katherine\Documents\fd38375000268a564794f234.mp3
[2010/07/01 15:57:56 | 000,001,979 | ---- | C] () -- C:\Users\Katherine\Documents\EA Link.lnk
[2010/07/01 15:56:14 | 000,260,400 | ---- | C] () -- C:\Users\Katherine\Documents\SoftonicDownloader62174.exe
[2010/06/29 23:15:28 | 000,000,886 | ---- | C] () -- C:\Users\Katherine\Documents\Resource.cfg
[2010/06/29 23:14:48 | 000,214,774 | ---- | C] () -- C:\Users\Katherine\Documents\Longer Parties Mod.pdf
[2010/06/29 23:14:37 | 000,001,196 | ---- | C] () -- C:\Users\Katherine\Documents\Sky_PartlyCloudySea.ini
[2010/06/29 23:14:37 | 000,001,196 | ---- | C] () -- C:\Users\Katherine\Documents\Sky_ClearSea.ini
[2010/06/29 23:14:37 | 000,000,975 | ---- | C] () -- C:\Users\Katherine\Documents\Sky_OvercastSea.ini
[2010/06/29 23:14:37 | 000,000,973 | ---- | C] () -- C:\Users\Katherine\Documents\Sky_StormySea.ini
[2010/06/29 23:14:37 | 000,000,917 | ---- | C] () -- C:\Users\Katherine\Documents\Sky_CustomSea.ini
[2010/06/29 23:14:37 | 000,000,135 | ---- | C] () -- C:\Users\Katherine\Documents\Water Color Tutorial.url
[2010/06/29 23:14:36 | 000,030,373 | ---- | C] () -- C:\Users\Katherine\Documents\ReadMe.doc
[2010/06/29 23:14:36 | 000,027,648 | ---- | C] () -- C:\Users\Katherine\Documents\ReadMe.xls
[2010/06/29 23:13:11 | 000,002,752 | ---- | C] () -- C:\Users\Katherine\Documents\XM Sims 3 Read Me.htm
[2010/06/29 23:04:31 | 000,002,029 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 3 Ambitions.lnk
[2010/06/29 22:54:06 | 000,002,073 | ---- | C] () -- C:\Users\Katherine\Documents\The Sims™ 3 World Adventures.lnk
[2010/06/24 03:04:12 | 000,227,328 | ---- | C] () -- C:\Windows\SysNative\mpg2splt.ax
[2010/06/24 03:04:12 | 000,101,376 | ---- | C] () -- C:\Windows\SysNative\MSNP.ax
[2010/06/24 03:04:10 | 000,375,808 | ---- | C] () -- C:\Windows\SysNative\psisdecd.dll
[2010/06/24 03:04:09 | 000,558,592 | ---- | C] () -- C:\Windows\SysNative\EncDec.dll
[2010/06/24 03:04:09 | 000,289,792 | ---- | C] () -- C:\Windows\SysNative\psisrndr.ax
[2010/06/24 03:04:00 | 001,942,856 | ---- | C] () -- C:\Windows\SysNative\dfshim.dll
[2010/06/24 03:04:00 | 000,444,752 | ---- | C] () -- C:\Windows\SysNative\mscoree.dll
[2010/06/24 03:04:00 | 000,320,352 | ---- | C] () -- C:\Windows\SysNative\PresentationHost.exe
[2010/06/24 03:04:00 | 000,109,912 | ---- | C] () -- C:\Windows\SysNative\PresentationHostProxy.dll
[2010/06/24 03:04:00 | 000,048,960 | ---- | C] () -- C:\Windows\SysNative\netfxperf.dll
[2010/06/23 22:16:44 | 000,032,256 | ---- | C] () -- C:\Windows\SysNative\Apphlpdm.dll
[2010/06/23 22:16:43 | 004,240,384 | ---- | C] () -- C:\Windows\SysNative\GameUXLegacyGDFs.dll
[2010/06/23 14:50:16 | 000,524,288 | -HS- | C] () -- C:\Users\Katherine\ntuser.dat{c51dc64c-7ec5-11df-bd8d-001fc68a4053}.TMContainer00000000000000000002.regtrans-ms
[2010/06/23 14:50:16 | 000,524,288 | -HS- | C] () -- C:\Users\Katherine\ntuser.dat{c51dc64c-7ec5-11df-bd8d-001fc68a4053}.TMContainer00000000000000000001.regtrans-ms
[2010/06/23 14:50:16 | 000,065,536 | -HS- | C] () -- C:\Users\Katherine\ntuser.dat{c51dc64c-7ec5-11df-bd8d-001fc68a4053}.TM.blf
[2010/06/20 12:41:24 | 000,524,288 | -HS- | C] () -- C:\Users\Katherine\ntuser.dat{44a65ddc-7c58-11df-8870-001fc68a4053}.TMContainer00000000000000000002.regtrans-ms
[2010/06/20 12:41:24 | 000,524,288 | -HS- | C] () -- C:\Users\Katherine\ntuser.dat{44a65ddc-7c58-11df-8870-001fc68a4053}.TMContainer00000000000000000001.regtrans-ms
[2010/06/20 12:41:24 | 000,065,536 | -HS- | C] () -- C:\Users\Katherine\ntuser.dat{44a65ddc-7c58-11df-8870-001fc68a4053}.TM.blf
[2010/06/19 11:01:34 | 000,524,288 | -HS- | C] () -- C:\Users\Katherine\ntuser.dat{3048248e-7b81-11df-8848-001fc68a4053}.TMContainer00000000000000000002.regtrans-ms
[2010/06/19 11:01:34 | 000,524,288 | -HS- | C] () -- C:\Users\Katherine\ntuser.dat{3048248e-7b81-11df-8848-001fc68a4053}.TMContainer00000000000000000001.regtrans-ms
[2010/06/19 11:01:34 | 000,065,536 | -HS- | C] () -- C:\Users\Katherine\ntuser.dat{3048248e-7b81-11df-8848-001fc68a4053}.TM.blf
[2010/04/08 14:00:54 | 000,426,914 | ---- | C] () -- C:\Users\Katherine\AppData\Local\dd_vcredistMSI55BF.txt
[2010/04/08 14:00:53 | 000,016,062 | ---- | C] () -- C:\Users\Katherine\AppData\Local\dd_vcredistUI55BF.txt
[2010/04/02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/03/10 16:45:12 | 000,000,000 | ---- | C] () -- C:\Users\Katherine\AppData\Local\prvlcl.dat
[2009/10/26 17:10:13 | 000,000,598 | ---- | C] () -- C:\Users\Katherine\AppData\Roaming\ClipExtractor-YouTube-Clip-ExtractorFlvConverterDefaultSettings.xml
[2009/10/26 17:06:13 | 000,000,026 | ---- | C] () -- C:\Users\Katherine\AppData\Roaming\ClipExtractor-UpdatePerformed.txt
[2009/10/07 17:39:45 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/08/30 17:02:16 | 000,000,600 | ---- | C] () -- C:\Windows\Quake.INI
[2009/05/21 15:26:21 | 000,005,184 | ---- | C] () -- C:\ProgramData\N360BUOptions.ini
[2009/05/19 17:41:17 | 000,035,275 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/05/19 15:54:53 | 000,035,275 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/03/13 20:46:28 | 000,002,672 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2009/03/13 20:46:28 | 000,000,088 | RHS- | C] () -- C:\ProgramData\418A2EBD90.sys
[2009/02/26 12:47:40 | 001,315,840 | ---- | C] () -- C:\Program Files (x86)\Zoo Tycoon 2 - Extinct Animals.msi
[2009/02/11 20:01:32 | 000,000,732 | ---- | C] () -- C:\Users\Katherine\AppData\Local\d3d9caps64.dat
[2009/01/18 03:24:51 | 000,000,089 | ---- | C] () -- C:\Windows\ulead32.ini
[2009/01/02 19:30:22 | 000,002,304 | ---- | C] () -- C:\Windows\SysWow64\Machnm32.sys
[2008/12/18 22:32:43 | 000,112,412 | ---- | C] () -- C:\Users\Katherine\AppData\Local\dd_depcheckdotnetfx30.txt
[2008/12/18 22:32:40 | 000,129,428 | ---- | C] () -- C:\Users\Katherine\AppData\Local\dd_dotnetfx3install.txt
[2008/12/18 22:32:40 | 000,008,208 | ---- | C] () -- C:\Users\Katherine\AppData\Local\uxeventlog.txt
[2008/12/18 22:32:40 | 000,002,410 | ---- | C] () -- C:\Users\Katherine\AppData\Local\dd_dotnetfx3error.txt
[2008/12/12 21:04:53 | 000,647,168 | ---- | C] () -- C:\Windows\SysWow64\sonicismdsp.dll
[2008/12/12 21:02:11 | 000,038,905 | ---- | C] () -- C:\Windows\4ORM-DEMO-DX.ini
[2008/12/05 18:50:11 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini
[2008/11/06 18:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2008/11/02 15:26:32 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/10/07 10:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2008/09/27 13:45:39 | 002,463,976 | ---- | C] () -- C:\Windows\SysWow64\NPSWF32.dll
[2008/09/03 07:20:00 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\lxdbcomx.dll
[2008/09/03 07:20:00 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\lxdbinst.dll
[2008/08/31 20:18:27 | 000,765,952 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2008/08/31 20:18:26 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2008/08/22 02:01:22 | 000,000,097 | ---- | C] () -- C:\Users\Katherine\AppData\Local\fusioncache.dat
[2008/08/20 13:27:35 | 000,743,720 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2008/08/17 16:11:09 | 000,176,128 | ---- | C] () -- C:\Users\Katherine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/08/16 22:08:30 | 000,005,142 | ---- | C] () -- C:\Users\Katherine\AppData\Roaming\wklnhst.dat
[2008/06/05 08:58:26 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008/05/09 15:22:12 | 000,327,680 | ---- | C] () -- C:\Windows\SysWow64\pythoncom25.dll
[2008/05/09 15:22:12 | 000,102,400 | ---- | C] () -- C:\Windows\SysWow64\pywintypes25.dll
[2008/01/21 04:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/21 04:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2003/01/07 17:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI
[1999/07/07 02:00:00 | 000,000,006 | RHS- | C] () -- C:\ProgramData\D81EDBF9-D167-4011-B77D-211DF920EB80

========== LOP Check ==========

[2009/11/18 00:14:18 | 000,000,000 | ---D | M] -- C:\Users\Katherine\AppData\Roaming\Acoustica
[2009/03/08 16:24:55 | 000,000,000 | ---D | M] -- C:\Users\Katherine\AppData\Roaming\AlcaTech
[2010/03/09 18:56:12 | 000,000,000 | ---D | M] -- C:\Users\Katherine\AppData\Roaming\DisplayTune
[2010/09/13 14:06:07 | 000,000,000 | ---D | M] -- C:\Users\Katherine\AppData\Roaming\DNA
[2010/09/12 22:48:39 | 000,000,000 | ---D | M] -- C:\Users\Katherine\AppData\Roaming\Electronic Arts
[2010/04/04 03:44:17 | 000,000,000 | ---D | M] -- C:\Users\Katherine\AppData\Roaming\GetRightToGo
[2009/03/13 20:12:43 | 000,000,000 | ---D | M] -- C:\Users\Katherine\AppData\Roaming\gtk-2.0
[2010/07/13 19:08:22 | 000,000,000 | ---D | M] -- C:\Users\Katherine\AppData\Roaming\iCopyExpert
[2009/06/20 04:42:51 | 000,000,000 | ---D | M] -- C:\Users\Katherine\AppData\Roaming\ManyCam
[2009/03/08 08:14:15 | 000,000,000 | ---D | M] -- C:\Users\Katherine\AppData\Roaming\mioObjects
[2008/12/12 21:14:49 | 000,000,000 | ---D | M] -- C:\Users\Katherine\AppData\Roaming\Publish Providers
[2010/01/09 03:49:30 | 000,000,000 | ---D | M] -- C:\Users\Katherine\AppData\Roaming\SecondLife
[2010/09/13 06:56:13 | 000,000,000 | ---D | M] -- C:\Users\Katherine\AppData\Roaming\Software Informer
[2008/12/12 21:13:40 | 000,000,000 | ---D | M] -- C:\Users\Katherine\AppData\Roaming\Sony
[2008/08/16 22:08:31 | 000,000,000 | ---D | M] -- C:\Users\Katherine\AppData\Roaming\Template
[2010/09/13 14:06:08 | 000,000,000 | ---D | M] -- C:\Users\Katherine\AppData\Roaming\uTorrent
[2010/09/04 18:54:51 | 000,000,396 | ---- | M] () -- C:\Windows\Tasks\Install_NSS.job
[2010/09/13 00:00:20 | 000,032,600 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/08/30 11:01:54 | 000,001,408 | ---- | M] () -- C:\aaw7boot.log
[2008/01/21 04:50:15 | 000,333,203 | RHS- | M] () -- C:\bootmgr
[2008/05/09 16:13:01 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2009/08/13 10:38:29 | 000,000,698 | ---- | M] () -- C:\deltaStartup.log
[2010/09/13 06:53:13 | 2146,721,791 | -HS- | M] () -- C:\hiberfil.sys
[2008/09/03 07:28:09 | 000,000,200 | ---- | M] () -- C:\lxdb.log
[2006/12/02 08:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
[2002/01/05 03:38:38 | 000,054,784 | ---- | M] (Microsoft Corporation) -- C:\msvci70.dll
[2009/05/12 22:24:57 | 000,000,000 | ---- | M] () -- C:\ntuser.dat
[2009/05/12 22:24:57 | 000,000,000 | -H-- | M] () -- C:\ntuser.dat.LOG1
[2009/05/12 22:24:57 | 000,000,000 | -H-- | M] () -- C:\ntuser.dat.LOG2
[2009/09/12 08:49:16 | 000,000,000 | -HS- | M] () -- C:\pagefile.sys
[2006/10/06 16:42:22 | 000,002,853 | ---- | M] () -- C:\pdiports64.inf
[2009/01/02 22:44:26 | 000,000,173 | ---- | M] () -- C:\pdisdk.log
[2009/01/02 22:43:41 | 000,000,184 | ---- | M] () -- C:\pivot.log
[2010/07/22 06:49:23 | 000,000,485 | ---- | M] () -- C:\rkill.log
[2008/09/01 20:48:17 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2008/09/01 20:48:17 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2010/03/09 19:34:55 | 001,294,336 | ---- | M] () -- C:\Zoo Tycoon 2 - African Adventure.msi
[2010/02/28 19:15:47 | 001,144,320 | ---- | M] () -- C:\Zoo Tycoon 2 - Marine Mania.msi
[2010/07/22 04:27:43 | 000,000,150 | ---- | M] () -- C:\zrpt.xml

< %systemroot%\Fonts\*.com >
[2006/11/02 17:06:41 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 17:06:41 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 17:06:41 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2006/11/02 17:06:41 | 000,030,808 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 23:35:48 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010/09/07 17:12:17 | 000,038,848 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2009/07/10 13:15:46 | 000,306,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/01/21 05:21:59 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
[2009/02/26 12:47:41 | 001,315,840 | ---- | M] () -- C:\Program Files (x86)\Zoo Tycoon 2 - Extinct Animals.msi

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/10/03 19:56:37 | 000,000,365 | -HS- | M] () -- C:\Users\Katherine\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >
[2010/08/29 01:45:31 | 000,000,000 | ---- | M] () -- C:\Users\Katherine\mssefullinstall-amd64fre-en-us-vista-win7.exe

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >
[2009/11/04 20:09:57 | 000,008,192 | ---- | M] () -- C:\Windows\security\database\edb.chk
[2009/11/04 20:09:27 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edb.log
[2009/08/21 09:18:16 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00001.jrs
[2009/08/21 09:18:16 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00002.jrs
[2009/11/04 20:09:27 | 001,056,768 | ---- | M] () -- C:\Windows\security\database\tmp.edb

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2008/08/15 17:17:04 | 000,000,402 | -HS- | M] () -- C:\Users\Katherine\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2009/04/24 15:24:58 | 000,000,088 | RHS- | M] () -- C:\ProgramData\418A2EBD90.sys
[1999/07/07 02:00:00 | 000,000,006 | RHS- | M] () -- C:\ProgramData\D81EDBF9-D167-4011-B77D-211DF920EB80
[2009/04/24 15:25:11 | 000,002,672 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2009/05/21 15:26:21 | 000,005,184 | ---- | M] () -- C:\ProgramData\N360BUOptions.ini
[2009/10/03 20:15:55 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010/09/13 06:55:38 | 000,035,275 | ---- | M] () -- C:\ProgramData\nvModes.001

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.exe >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< %USERPROFILE%\Templates\*.tmp >

< %SYSTEMDRIVE%\explorexxx.exe\*.* >

< %Windir%\Installer\*.tmp >
[12 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]

< %systemroot%\System32\*.xco >

< %ProgramFiles%\system32\*.* >

< %systemroot%\System32\windos\*.* >

< %SystemRoot%\system32\sandbox\*.* >

< %SystemRoot%\system32\*.amo >

< %SystemRoot%\system32\Windows Live\*.* >

< %ProgramFiles%\logs\*.* >

< %ProgramFiles%\Bifrost\*.* >

< %SystemRoot%\system32\*.goo >

< %systemroot%\system32\IME\*.* >

< %systemroot%\BackUp\*.* >

< %systemroot%\system32\*.ico >
[2006/09/18 23:31:55 | 000,107,620 | ---- | M] () -- C:\Windows\SysWOW64\acwizard.ico

< %systemroot%\system\*.dat >
[2008/08/15 17:16:00 | 000,000,044 | ---- | M] () -- C:\Windows\system\hpsysdrv.dat

< %systemroot%\system\*.exe >

< %AppData%\Macromedia\Common\*.* >

< %SYSTEMDRIVE%\dir\*.* /s >

< %systemroot%\system32\ras\*.exe >

< %SYSTEMDRIVE%\MFILES\*.* >

< %SYSTEMDRIVE%\mDNSRespon.exe\*.* >

< %systemroot%\system32\services\*.* >

< %systemroot%\Spooler\*.* >

< %ProgramFiles%\system32\*.* >

< %systemroot%\system32\Setup\*.dll /x >

< %systemroot%\system32\*.mine >

< %SYSTEMDRIVE%\cleansweep.exe\*.* >

< %systemroot%\system32\ras\*.dll >

< %systemroot%\system32\ras\*.drv >

< %systemroot%\*.iq >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMPFC5A2B2
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:A2947BEA
< End of report >
apple0's Avatar
Junior Member with 12 posts.
  
Join Date: Sep 2010
13-Sep-2010, 04:39 PM #8
OTL Extras logfile created on: 9/13/2010 2:04:30 PM - Run 1
OTL by OldTimer - Version 3.2.12.0 Folder = C:\Users\Katherine\Documents
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 50.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 60.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 687.31 Gb Total Space | 134.68 Gb Free Space | 19.60% Space Free | Partition Type: NTFS
Drive D: | 11.32 Gb Total Space | 1.52 Gb Free Space | 13.38% Space Free | Partition Type: NTFS
Drive E: | 4.60 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SUPER-PC
Current User Name: Katherine
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" ()
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l ()
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\BitTorrent\bittorrent.exe" = C:\Program Files (x86)\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files (x86)\BitTorrent\bittorrent.exe" = C:\Program Files (x86)\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\FirewallRules]
"{0F08BA51-5334-4419-8CAA-4AF0E8542FE6}" = rport=445 | protocol=6 | dir=out | app=system |
"{142E0024-19FD-462D-8355-E5276AC1B612}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{21257EC7-F38D-442D-8596-5E69C05BC60C}" = lport=137 | protocol=17 | dir=in | app=system |
"{2D6BEC24-6F53-45EB-88FD-658E8C5552B2}" = rport=139 | protocol=6 | dir=out | app=system |
"{584DCA91-15DC-4F79-97D7-B1FC705B5566}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{729E5B55-CFFF-4C07-A713-E95A36731FB1}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{74738E0F-D7CD-474B-9311-D3C06F0D45DF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{945DFF0E-4F51-4C3B-9FD7-BF8BA4516FA5}" = lport=139 | protocol=6 | dir=in | app=system |
"{B731875F-2315-405E-A2BA-DCEED7530957}" = lport=138 | protocol=17 | dir=in | app=system |
"{BD5CD44F-41F3-4318-AC63-B2F3673C4652}" = rport=137 | protocol=17 | dir=out | app=system |
"{C2EA30E4-EB56-4DEA-A5C9-ABEFAA2DA84A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C930832C-F077-4ADC-99C0-CD10C6730E1C}" = rport=138 | protocol=17 | dir=out | app=system |
"{E5A7DE52-37BB-4AEE-A5B8-459B68483B6C}" = lport=445 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\FirewallRules]
"{012A0DE5-1310-40E9-AF0F-92B62C148994}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{05004CC2-5393-4C9D-B81C-828812414F6D}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-enus-downloader.exe |
"{06AB190E-1EBD-4CCD-9F96-F54294111C7A}" = protocol=17 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe |
"{06B30B5D-2E07-4648-BC3D-FEA1B67D77A0}" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{07EF0F50-AAC2-4D6E-8C33-C83E23C20609}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{08916AFD-A4B3-4CB3-890E-00239D361045}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{0D405E4B-5DD6-4F18-BD40-48B73ECA002E}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-enus-downloader.exe |
"{1463775B-D153-44E7-9EC0-26AA7C9E88FB}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{15774F16-43DD-4234-9ED6-860521A4BAE3}" = protocol=6 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{1B5A70F0-B11A-4B35-9E97-1CEA32D6FEFE}" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{1BFB1883-7733-4BFF-996B-0C4644B19C05}" = protocol=17 | dir=in | app=c:\program files (x86)\turbine\turbine download manager\turbinenetworkservice.exe |
"{25BA04F1-935C-4EB7-B69D-36C1A6E768DA}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{2D782C9A-D29D-46A5-8931-5C3B069022A3}" = protocol=17 | dir=in | app=c:\program files (x86)\relevantknowledge\rlvknlg.exe |
"{2F2A312E-D48E-4949-8CC0-A03EE7AE68D5}" = protocol=6 | dir=in | app=c:\program files (x86)\firaxis games\sid meier's civilization 4\civilization4.exe |
"{36D3244F-5D15-4F94-ACF6-CBABF538505F}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{380C20E9-5BCC-4B5E-BFFE-5911DF5FF6CD}" = protocol=17 | dir=in | app=c:\program files (x86)\turbine\turbine download manager\turbinemessageservice.exe |
"{39BF55F4-5BD8-4479-ABCA-21252BA02AD0}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{3B30CA90-33D8-43B0-9D19-FECA5AFE2221}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{3B53D14F-9091-41C9-8932-2DFB51B75701}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{3E201221-8A0A-4DBE-BF5C-E69F91C33BBA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{3F1CEB03-5C25-438E-B5B8-3AC608C9CB1E}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{3F23FC81-F5E6-41BE-998D-7CBAA4CF515D}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{42149A1B-055F-44A8-89C2-8FB1C89023F7}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{45D014C2-8823-427E-860B-BE97253422A6}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-enus-downloader.exe |
"{532C0629-B694-457D-8E75-2956A74CB303}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{561C8250-871B-44C3-804A-188FBFA72F50}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{5AC6C0D5-2374-49F8-B637-C6FF8B097B24}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{5AF4BA3E-E7D3-4AE0-8EA3-35C3ADBDF282}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{5B51FFE3-8F59-4176-A039-B0BC01C53AC3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{5CCA5F81-B1EE-47A4-B6F3-AD428616BD4E}" = protocol=6 | dir=in | app=c:\program files (x86)\winamp remote\bin\orbtray.exe |
"{635019D5-A5E7-4F9D-BC5A-399DD881E059}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{64C6537E-16DD-4733-B1F3-9ABD994A46D8}" = protocol=6 | dir=in | app=c:\windows\syswow64\lxdbcoms.exe |
"{65CECF17-24AD-4A21-989A-3649F7D12F38}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe |
"{6EB08ADC-8453-41EB-9DB8-AA4850DD4F40}" = protocol=6 | dir=in | app=c:\program files (x86)\winamp remote\bin\orbstreamerclient.exe |
"{6EDA4476-DB30-4CE0-B515-E9E7DA28693F}" = protocol=17 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{79993353-4AA8-4979-AC12-6FD85A4A7CD5}" = protocol=6 | dir=in | app=c:\windows\temp\~os33dc.tmp\ossproxy.exe |
"{7A698313-EDAA-4CBA-AB9A-8EF72D87F64D}" = protocol=6 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe |
"{7B32E4F1-E9B9-4D26-AA95-6465A5E817F4}" = protocol=6 | dir=in | app=c:\program files (x86)\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\dedicated\xr_3da.exe |
"{7BEBB5A9-E371-4E5F-B40D-F8FA771D2FA7}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{7EA04ED6-5370-4BBE-BE97-4DA7B5A4C8A0}" = protocol=17 | dir=in | app=c:\program files (x86)\winamp remote\bin\orbtray.exe |
"{7F09D674-17BE-42B9-B1F8-E0DB17713027}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{811F6E16-53B2-4304-A625-67C7F272A526}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe |
"{827965EF-B9ED-4153-AE7D-61B5B9348F51}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe |
"{875ECB42-4819-405A-96A4-A7DE112B31A0}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{88387130-9F70-4F71-9076-89DC9E2014DD}" = protocol=17 | dir=in | app=c:\windows\syswow64\lxdbcoms.exe |
"{90414D1B-87A7-4D0F-9F52-D92D8D0970ED}" = protocol=6 | dir=in | app=c:\program files (x86)\turbine\turbine download manager\turbinenetworkservice.exe |
"{91F1FD2B-EB13-4B7B-8030-B3F21ED15518}" = protocol=17 | dir=in | app=c:\program files (x86)\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\dedicated\xr_3da.exe |
"{975E223A-FA7B-4132-BC60-9A63398F998B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe |
"{9C30E6A6-C9BF-4081-8404-0A644967D311}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-enus-downloader.exe |
"{9E32E516-F75A-4B41-8706-54D1DDD9C6F2}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{9EF0C12D-39FA-4376-8D29-B8FA291072BD}" = protocol=6 | dir=in | app=c:\program files (x86)\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\xr_3da.exe |
"{9EFD549E-5AA1-430D-B4B4-9752A324935B}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{A4DBD7A7-0587-4826-A55E-5BDB8A524573}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{AAB3B4B8-E517-48E9-8274-4E9B72F40550}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{ABE4F381-A33C-4AE8-96F6-0E49BCEB0D81}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{AD116D29-8303-4057-88BF-99CA7C35CBDD}" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{B661716D-3A43-4279-A800-FB5D113DF979}" = protocol=6 | dir=in | app=c:\program files (x86)\winamp remote\bin\orb.exe |
"{C57F497E-60DC-495D-B339-3BF23BBEA4C8}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{C9E16C45-72A4-4517-81E7-2DC8B6F1B691}" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{D19D13DD-0719-42D5-9F45-9841083CAEED}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{D2F9B249-B54F-45E2-B3DD-EFA4840A4FD1}" = protocol=17 | dir=in | app=c:\program files (x86)\firaxis games\sid meier's civilization 4\civilization4.exe |
"{D6356456-D770-4BDD-8582-5F5B15B361AB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{D69D76FA-7502-445D-899D-16A3071C8569}" = protocol=6 | dir=in | app=c:\program files (x86)\turbine\turbine download manager\turbinemessageservice.exe |
"{D974531F-4AB3-4463-89D6-F951AA814282}" = protocol=17 | dir=in | app=c:\program files (x86)\winamp remote\bin\orbstreamerclient.exe |
"{DCD3201C-E305-48B5-AC6C-D656D9EDFA5D}" = protocol=17 | dir=in | app=c:\program files (x86)\winamp remote\bin\orb.exe |
"{E2D46B0B-B740-4B0F-BADB-A6328DFD8DB0}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{E4CEF1C0-99AC-45F4-B40C-BC174A1D4533}" = protocol=17 | dir=in | app=c:\program files (x86)\winamp remote\bin\orbir.exe |
"{E7894554-A88E-4066-A0EE-4607A085D254}" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{F60B9C86-5DD3-4515-8A0C-C5383AC07DEB}" = protocol=6 | dir=in | app=c:\program files (x86)\relevantknowledge\rlvknlg.exe |
"{FAAF17B6-AA6E-4424-8B82-04529F1B3184}" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{FBB271EF-02A7-4F35-BDCD-049FB49F1390}" = protocol=6 | dir=in | app=c:\program files (x86)\winamp remote\bin\orbir.exe |
"{FD41073A-2031-4722-B28F-A54070404168}" = protocol=17 | dir=in | app=c:\program files (x86)\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\xr_3da.exe |
"TCP Query User{1FB0840F-31C7-48DF-BDC2-B96953E05F46}C:\program files (x86)\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"TCP Query User{5060724A-8455-473E-BE43-7803920662EC}C:\users\katherine\program files (x86)\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\katherine\program files (x86)\dna\btdna.exe |
"TCP Query User{64126CDB-1DCF-4DA4-8A6E-D2D8B24C558B}C:\program files (x86)\dna\btdna.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"TCP Query User{66FA4B6D-A1FE-4956-97FA-AC8FDBAC346D}C:\program files (x86)\bethesda softworks\fallout 3\fallout3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bethesda softworks\fallout 3\fallout3.exe |
"TCP Query User{6FB8D816-21AC-495E-9E79-FAFFE594BC42}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{93CDFB2D-3380-4F20-9725-D4A43154AC7C}C:\program files (x86)\steam\steamapps\xametrinex\garrysmod\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\xametrinex\garrysmod\hl2.exe |
"TCP Query User{C399B71A-E8F0-4F17-8928-2ECD866E4C3D}C:\program files (x86)\steam\steamapps\xametrinex\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\xametrinex\counter-strike source\hl2.exe |
"TCP Query User{DFF2C63E-7CA2-46A4-A8F8-E740C15F3D14}C:\program files (x86)\steam\steamapps\xametrinex\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\xametrinex\team fortress 2\hl2.exe |
"TCP Query User{EDA7127E-4E16-4730-A213-082571277ACE}C:\users\katherine\program files (x86)\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\katherine\program files (x86)\dna\btdna.exe |
"UDP Query User{0A4935B4-C150-4284-B0CA-027C51DA7EA0}C:\users\katherine\program files (x86)\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\katherine\program files (x86)\dna\btdna.exe |
"UDP Query User{4D6DAE9E-FED3-4DA6-80BE-F11699EB4BDE}C:\program files (x86)\steam\steamapps\xametrinex\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\xametrinex\counter-strike source\hl2.exe |
"UDP Query User{5FE073EB-1D67-4253-962E-50FBAEE6C8AB}C:\program files (x86)\steam\steamapps\xametrinex\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\xametrinex\team fortress 2\hl2.exe |
"UDP Query User{9C59659D-8BEE-4245-8F9A-4CF218999E6D}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{A520292E-4461-4A2A-A302-2D0E4FD43581}C:\program files (x86)\steam\steamapps\xametrinex\garrysmod\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\xametrinex\garrysmod\hl2.exe |
"UDP Query User{A52CCCA8-1F3C-48CD-82B4-D3EE5B109E8B}C:\program files (x86)\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"UDP Query User{BF8B5129-C281-4207-8C34-321C7E1673DB}C:\program files (x86)\dna\btdna.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"UDP Query User{F96F3148-5F38-4148-992D-EB7E98BAB64E}C:\users\katherine\program files (x86)\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\katherine\program files (x86)\dna\btdna.exe |
"UDP Query User{FB51BE94-5AE2-427F-A780-B90EA4B86BDE}C:\program files (x86)\bethesda softworks\fallout 3\fallout3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bethesda softworks\fallout 3\fallout3.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{328CC232-CFDC-468B-A214-2E21300E4CB5}" = Apple Mobile Device Support
"{39107B20-EA1C-4974-881C-607300BB3C99}" = MobileMe Control Panel
"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{8F790958-2107-48F2-88E0-B352A0C225AB}" = iTunes
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}" = Bonjour
"{C5856970-6B43-41AC-B4A6-BB0B3E80F52B}_is1" = HP Demo
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
"{F7513E19-6224-485E-988D-9BF45BE64B53}" = Windows Live Family Safety
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Soft Data Fax Modem with SmartCP
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NVIDIA Drivers" = NVIDIA Drivers

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{0217E1D1-BCEF-4A61-AF6D-F7740F65A066}" = Pivot Software
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}" = SDK
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{11B83AD3-7A46-4C2E-A568-9505981D4C6F}" = HP Update
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{14F70205-1940-4000-88C7-BE799A6B2CAD}" = Adobe Soundbooth CS4
"{15733AD1-1CEF-459A-9245-0924FC63BDD5}" = HP My Display
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1D46A3A0-B37D-423A-91C2-101A49E2FF80}" = Ventrilo Server
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{4377F918-E6C9-4ECA-A7F5-754B310B7ED8}" = Sid Meier's Civilization 4
"{4458C442-7376-4CF9-AF58-E8CEA6722363}" = Adobe Setup
"{485ACF57-F364-440A-8496-E1E81C8FA1AA}" = Adobe Premiere Pro CS3 Third Party Content
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}" = Adobe Premiere Pro CS3 Functional Content
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}" = Adobe Premiere Pro CS3
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{71828142-5A24-4BD0-97E7-976DA08CE6CF}" = The Sims™ 3 High-End Loft Stuff
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CA53298-AB86-49C7-8040-D5E7BA2F703A}" = NVIDIA PhysX Particle Fluid Demo
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = The Sims™ 3 Ambitions
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9CC4840D-EF1C-406F-AF08-3C19EB1335B9}" = Zoo Tycoon 2 - Ultimate Collection
"{9CCB8F6D-33FC-4E79-8616-7BE5DF32A955}" = BPM-Studio 4 Demo
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{A724605D-B399-4304-B8C7-33B3EF7D4677}" = Bully Scholarship Edition
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{AD94B355-57A5-41E4-81AC-F2A6EA880978}" = Sid Meier's Civilization 4
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = The Sims™ 3 World Adventures
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BB81360F-041C-4CF7-B15E-71380D154244}" = Adobe Setup
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C27C82E4-9C53-4D76-9ED3-A01A3D5EE679}" = HP Customer Experience Enhancements
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}" = Safari
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E0810CC2-4B5B-4439-B1D0-452306AF2D64}" = HP Active Support Library
"{E17141A6-211D-5854-61D9-69827A430D82}" = EA Download Manager UI
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{f32502b5-5b64-4882-bf61-77f23edcac4f}" = HP Total Care Advisor
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F5577101-33CC-4711-8235-3A95BCD49DB0}" = EA Link
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{FA3B34BE-4246-4062-90A3-34CBBEA12B72}" = HPTCSSetup
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"Acoustica Effects Pack" = Acoustica Effects Pack
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"Adobe_32fdd767b4383606e8168e834af5d90" = Adobe Premiere Pro CS3
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_4dcfd9b7e901b57f81f667144603236" = Add or Remove Adobe Creative Suite 3 Master Collection
"Adobe_b2d6abde968e6f277ddbfd501383e02" = Adobe Creative Suite 4 Master Collection
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.10
"AnalogX Vocal Remover" = AnalogX Vocal Remover
"ASIO4ALL" = ASIO4ALL
"Audacity_is1" = Audacity 1.2.6
"AV Music Morpher Gold" = AV Music Morpher Gold
"avast5" = avast! Pro Antivirus
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"CCleaner" = CCleaner
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"dBpowerAMP Music Converter" = dBpowerAMP Music Converter
"Desktop FLV Player_is1" = FLVhosting Desktop FLV Player Ver 2.00
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"EA Download Manager" = EA Download Manager
"Easy Gif Animator Extension" = Easy Gif Animator Extension
"Easy GIF Animator_is1" = Easy GIF Animator 4.9
"Flash2X Flash Player_is1" = Flash2X Flash Player version 3.0.2
"GCFScape_is1" = GCFScape 1.6.9
"GoldWave v5.25" = GoldWave v5.25
"Google Chrome" = Google Chrome
"HijackThis" = HijackThis 2.0.2
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{9CC4840D-EF1C-406F-AF08-3C19EB1335B9}" = Zoo Tycoon 2 - Ultimate Collection
"InstallShield_{F5577101-33CC-4711-8235-3A95BCD49DB0}" = EA Link
"KC Softwares VideoInspector_is1" = KC Softwares VideoInspector
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.6.9)" = Mozilla Firefox (3.6.9)
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PIXELRULER" = PIXELRULER
"PowerISO" = PowerISO
"Riva FLV Encoder 2.0_is1" = Riva FLV Encoder 2.0
"Softonic-Eng7 Toolbar" = Softonic-Eng7 Toolbar
"Software Informer_is1" = Software Informer 1.0 BETA
"Speakonia_is1" = Speakonia
"Steam App 440" = Team Fortress 2
"Steam App 500" = Left 4 Dead
"Steam App 550" = Left 4 Dead 2
"Steam App 564" = Left 4 Dead 2 Add-on Support
"SUPER ©" = SUPER © Version 2008.bld.32 (July 8, 2008)
"TS3 Install Helper Monkey" = TS3 Install Helper Monkey
"tv_enua" = Lernout & Hauspie TruVoice American English TTS Engine
"uTorrent" = µTorrent
"Vintage Vocoder 1.03 Build 1" = Vintage Vocoder 1.03 Build 1
"VLC media player" = VLC media player 0.9.9
"VTFEdit_is1" = VTFEdit 1.2.5
"Warhammer Online - Age of Reckoning" = Warhammer Online - Age of Reckoning
"Winamp" = Winamp
"Winamp Toolbar" = Winamp Toolbar
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Xvid_is1" = Xvid 1.1.3 final uninstall

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >
SweetTech's Avatar
Senior Member with 1,016 posts.
  
Join Date: Dec 1969
Location: Antarctica
13-Sep-2010, 05:01 PM #9
Hello,

OTL Fix

We need to run an OTL Fix
  1. Please reopen on your desktop.
  2. Copy and Paste the following code into the textbox. Do not include the word "Code"

    Code:
    :Services
:OTL
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
FF - prefs.js..network.proxy.type: 4
O2:64bit: - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HP Health Check Scheduler] File not found
O4 - HKLM..\Run: [] File not found
O4 - HKCU..\Run: [fsm] File not found
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 85.216.127.130 82.212.63.122
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O33 - MountPoints2\{0bbd7f4a-2e5c-11dd-894b-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{0bbd7f4a-2e5c-11dd-894b-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe -- [2010/04/20 22:37:17 | 000,054,544 | R--- | M] (Electronic Arts)
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\Autorun.exe -- File not found
O33 - MountPoints2\K\Shell - "" = AutoRun
O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\Autoplay.exe -- File not found
O33 - MountPoints2\L\Shell - "" = AutoRun
O33 - MountPoints2\L\Shell\AutoRun\command - "" = L:\Setup.exe -- File not found
[2010/09/06 03:00:58 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2010/07/22 04:27:54 | 000,000,000 | ---D | C] -- C:\Users\Katherine\AppData\Local\skeyyhbfr
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Users\Katherine\Documents\*.tmp files -> C:\Users\Katherine\Documents\*.tmp -> ]
[2010/09/07 21:27:26 | 000,293,376 | ---- | M] () -- C:\Users\Katherine\Documents\gkrmld0o.exe
[2010/09/05 11:03:11 | 000,417,861 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20100905-111120.backup
[2010/07/22 04:27:45 | 000,000,794 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20100905-110311.backup
[2010/07/22 04:27:43 | 000,000,150 | ---- | M] () -- C:\zrpt.xml
[2010/07/22 06:49:23 | 000,000,485 | ---- | M] () -- C:\rkill.log
[2010/07/22 04:27:43 | 000,000,150 | ---- | M] () -- C:\zrpt.xml
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMPFC5A2B2
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:A2947BEA

:Reg

:Files
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[CreateRestorePoint]
[emptytemp]
[EMPTYFLASH]
  3. Push
  4. OTL may ask to reboot the machine. Please do so if asked.
  5. Click .
  6. A report will open. Copy and Paste that report in your next reply.
  7. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:


Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:
  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform quick scan, then click on Scan
  • Leave the default options as it is and click on Start Scan
  • When done, you will be prompted. Click OK, then click on Show Results
  • Checked (ticked) all items and click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT:



Update Adobe Reader
Earlier versions of Adobe Reader have known security flaws so it is recommended that you update your copy
  • Go to Start > Control Panel > Add/Remove Programs
  • Remove ALL instances of Adobe Reader
  • Re-boot your computer as required.
  • Once ALL versions of Adobe Reader have been uninstalled, visit: <<here>> and download the latest version of Adobe Reader
Alternative Option: after uninstalling Adobe Reader, you could try installing Foxit Reader from >here< Foxit Reader has fewer add-ons therefore loads more quickly.



NEXT:


ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.

  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Make sure that the option "Remove found threats" is Unchecked
  9. Push the Start button.
  10. ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  11. When the scan completes, push
  12. Push , and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
  13. Push the button.
  14. Push


NEXT:



Security Check
Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
__________________
Please Note: Unless notified in advance, any thread that has not been replied to within 3 days will be removed from my Subscribed Threads list.
apple0's Avatar
Junior Member with 12 posts.
  
Join Date: Sep 2010
13-Sep-2010, 10:00 PM #10
All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: 4 removed from network.proxy.type
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HP Health Check Scheduler not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\fsm not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\WMPNSCFG not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explo rer\\NoActiveDesktop not found.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\\Dhcp NameServer| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\http\0x00000001\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1D2BF42-A96B-11d1-9C6B-0000F875AC61}\ not found.
File {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\http\oledb\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1D2BF40-A96B-11d1-9C6B-0000F875AC61}\ not found.
File {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\https\0x00000001\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1D2BF42-A96B-11d1-9C6B-0000F875AC61}\ not found.
File {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\https\oledb\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1D2BF40-A96B-11d1-9C6B-0000F875AC61}\ not found.
File {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{828030A1-22C1-4009-854F-8E305202313F}\ not found.
File {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\ not found.
File Protocol\Handler\msdaipp - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\0x00000001\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1D2BF42-A96B-11d1-9C6B-0000F875AC61}\ not found.
File {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\oledb\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1D2BF40-A96B-11d1-9C6B-0000F875AC61}\ not found.
File {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-itss\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A9007C0-4076-11D3-8789-0000F8105754}\ not found.
File {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{828030A1-22C1-4009-854F-8E305202313F}\ not found.
File {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\mso-offdap11\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32505114-5902-49B2-880A-1F7738E5A384}\ not found.
File {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03C514A3-1EFB-4856-9F99-10D7BE1653C0}\ not found.
File {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\text/xml\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{807553E5-5146-11D5-A672-00B0D022E945}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\{0bbd7f4a-2e5c-11dd-894b-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0bbd7f4a-2e5c-11dd-894b-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\{0bbd7f4a-2e5c-11dd-894b-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0bbd7f4a-2e5c-11dd-894b-806e6f6e6963}\ not found.
File move failed. E:\Autorun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\J\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\J\ not found.
File J:\Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\K\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\K\ not found.
File K:\Autoplay.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\L\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\L\ not found.
File L:\Setup.exe not found.
Folder C:\Windows\SysWow64\%APPDATA%\ not found.
Folder C:\Users\Katherine\AppData\Local\skeyyhbfr\ not found.
File/Folder C:\Windows\*.tmp not found.
File/Folder C:\Users\Katherine\Documents\*.tmp not found.
File C:\Users\Katherine\Documents\gkrmld0o.exe not found.
File move failed. C:\Windows\SysNative\drivers\etc\hosts.20100905-111120.backup scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\drivers\etc\hosts.20100905-110311.backup scheduled to be moved on reboot.
File C:\zrpt.xml not found.
File C:\rkill.log not found.
File C:\zrpt.xml not found.
Unable to delete ADS C:\ProgramData\TEMP:A8ADE5D8 .
Unable to delete ADS C:\ProgramData\TEMPFC5A2B2 .
Unable to delete ADS C:\ProgramData\TEMP:A2947BEA .
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Katherine\Documents\cmd.bat deleted successfully.
C:\Users\Katherine\Documents\cmd.txt deleted successfully.
========== COMMANDS ==========
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
HOSTS file reset successfully
Restore point Set: OTL Restore Point

[EMPTYTEMP]

User: All Users

User: AppData

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Katherine
->Temp folder emptied: 20473972 bytes
->Temporary Internet Files folder emptied: 557552 bytes
->Java cache emptied: 9903843 bytes
->FireFox cache emptied: 50273248 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 1562045 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows \Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 79.00 mb


[EMPTYFLASH]

User: All Users

User: AppData

User: Default

User: Default User

User: Katherine
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.12.0 log created on 09132010_224004

Files\Folders moved on Reboot...
File move failed. E:\Autorun.exe scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\drivers\etc\hosts.20100905-111120.backup scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\drivers\etc\hosts.20100905-110311.backup scheduled to be moved on reboot.
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\T emporary Internet Files\Content.IE5\MOHM8BA6\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\T emporary Internet Files\Content.IE5\J9S5NLCU\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\T emporary Internet Files\Content.IE5\I862XP92\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\T emporary Internet Files\Content.IE5\2F3U6555\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\T emporary Internet Files\Content.IE5\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\T emporary Internet Files\desktop.ini scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4610

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18943

9/13/2010 10:54:02 PM
mbam-log-2010-09-13 (22-54-02).txt

Scan type: Quick scan
Objects scanned: 144133
Time elapsed: 6 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

C:\Users\Katherine\Documents\Stuff\videoinspector.exe multiple threats

Results of screen317's Security Check version 0.99.5
Windows Vista (UAC is disabled!)
Out of date service pack!!
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
avast! Pro Antivirus
ESET Online Scanner v3
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
HijackThis 2.0.2
CCleaner
Adobe Flash Player 10.1.82.76
Adobe Reader 9.3.4
````````````````````````````````
Process Check:
objlist.exe by Laurent
Spybot Teatimer.exe is disabled!
Alwil Software Avast5 AvastSvc.exe
Alwil Software Avast5 AvastUI.exe
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````
SweetTech's Avatar
Senior Member with 1,016 posts.
  
Join Date: Dec 1969
Location: Antarctica
13-Sep-2010, 10:04 PM #11
Hello,

Please do the following:

Go Start > Run and copy/paste the following single-line command into the Run box and click OK:

Code:
cmd /c del /f/a/q "C:\Users\Katherine\Documents\Stuff\videoinspector.exe"


NEXT:



Your computer is currently running with No Service Packs installed. This is not something that I recommend you continue to do. Please visit this link here: http://support.microsoft.com/kb/935791#Method2 for information on how to obtain the latest Service Pack for Vista. The latest service pack for Vista is currently Service Pack 2.



NEXT:



Please provide me with an update on how things are running in your next post.
__________________
Please Note: Unless notified in advance, any thread that has not been replied to within 3 days will be removed from my Subscribed Threads list.
apple0's Avatar
Junior Member with 12 posts.
  
Join Date: Sep 2010
14-Sep-2010, 11:16 AM #12
I can't install the service pack 2 because of "error 0x80240009" and error "code 800B0100".
SweetTech's Avatar
Senior Member with 1,016 posts.
  
Join Date: Dec 1969
Location: Antarctica
14-Sep-2010, 06:15 PM #13
SFC ScanNow

Go to the Run box on the Start Menu and type in:

sfc /scannow

Make sure to include the space between the first "c" and the "/".

This will run the System File checker and it will scan for corrupt or missing files. It may prompt you to insert the CD if it needs to obtain files.

Please post back when it has finished letting me know what it has reported.

More info on this process can be found here.



After doing the above, see if your able to install the Service Packs.
__________________
Please Note: Unless notified in advance, any thread that has not been replied to within 3 days will be removed from my Subscribed Threads list.
apple0's Avatar
Junior Member with 12 posts.
  
Join Date: Sep 2010
15-Sep-2010, 01:01 PM #14
I scanned but it says "Windows Resource Protection found corrupt files but was unable to fix some of them. Details are included in the CBS.log windir/logs/CBS/CBS.log"
SweetTech's Avatar
Senior Member with 1,016 posts.
  
Join Date: Dec 1969
Location: Antarctica
15-Sep-2010, 02:37 PM #15
Do you have your Windows disc?

Can you please attach this log: %windir%/logs/CBS/CBS.log
Email This Email  Print This Print  Tweet This Send to Facebook Send to MySpace Send to StumbleUpon Digg This | More Services More
Reply
Page 1 of 2 1 2

THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!

« Previous Thread | Virus & Other Malware Removal | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
WELCOME TO TECH SUPPORT GUY! Are you looking for the solution to your computer problem? Join our site today to ask your question -- for free! Our site is run completely by volunteers who want to help you solve your computer problems. See our Welcome Guide to get started.
Thread Tools


Similar Threads
Title Thread Starter Forum Replies Last Post
Help needed! Hijackthis log and mbam log Tearaana Virus & Other Malware Removal 0 22-Oct-2009 08:19 AM
Help Please! My HijackThis Log butters09 Virus & Other Malware Removal 0 21-Sep-2009 06:03 PM
Help Please, Hijackthis and Malwarebytes Close snakekilla Virus & Other Malware Removal 1 22-Aug-2009 12:10 PM
I Need Help with Hijackthis and i have a question Ashmic Virus & Other Malware Removal 1 20-Dec-2008 06:06 PM
Noob help please - HijackThis log inside - can you help me? JUDGECAL Virus & Other Malware Removal 2 10-Jun-2004 02:45 PM


Facebook Facebook Twitter Twitter TechGuy.tv TechGuy.tv Mobile TSG Mobile
Contact Us - HelpOnThe.Net - Archive - Terms of Service - Top
You Are Using:
Server ID
Advertisements do not imply our endorsement of that product or service.
All times are GMT -4. The time now is 09:55 PM.
Copyright © 1996 - 2011 TechGuy, Inc. All rights reserved.

 Powered by Cermak Technologies, Inc.