1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Internet Explorer virus problem?

Discussion in 'Virus & Other Malware Removal' started by acrylamide, Apr 9, 2010.

Thread Status:
Not open for further replies.
Advertisement
  1. acrylamide

    acrylamide Thread Starter

    Joined:
    Dec 11, 2004
    Messages:
    9
    Hi,

    I am not sure why but every time I open IE it locks up. I have posted by HJT log, and would most appreciate your suggestions on how to resolve this problem.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 2:45:22 PM, on 4/9/2010
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v7.00 (7.00.6002.18005)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exe
    C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
    C:\Users\cindycovell\Downloads\VundoFix.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

    F2 - REG:system.ini: UserInit=userinit.exe
    O1 - Hosts: ::1 localhost
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\coIEPlg.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\IPSBHO.DLL
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
    O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\coIEPlg.dll
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [NeroCheck] C:\Windows\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O13 - Gopher Prefix:
    O15 - ESC Trusted Zone: http://*.update.microsoft.com
    O16 - DPF: {32305793-C19A-48E7-AD2F-D87FF7B264A4} (TenebrilSpywareScanner Control) - http://download.tenebril.com/pub/bin/scanner2008/TenebrilSpywareScanner.ocx
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Andrea RT Filters Service (AERTFilters) - Unknown owner - C:\Windows\system32\AERTSr64.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\AddOns\Norton AddOn Pack\Engine\4.5.0.24\ccProxy.exe
    O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
    O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 9318 bytes
     
  2. emeraldnzl

    emeraldnzl Malware Specialist

    Joined:
    Nov 3, 2007
    Messages:
    2,570
    Hello acrylamide,

    You may have used Malwarebytes before. If you have, and still have it on your machine, please update and run. Post the scan report back here.

    If you do not have Malwarebytes please download from Here

    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.
    Extra Note:
    If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

    Next
    • Download OTL to your desktop.
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • When the window appears, underneath Output at the top change it to Minimal Output.
    • Under the Standard Registry box change it to All.
    • Check the boxes beside LOP Check and Purity Check.
    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
      • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
    So when you return please post
    • MBAM log
    • the two OTL logs - OTL.txt and Extras.txt



    Note: Unless otherwise instructed always post the logs in the forum. If reports don't fit on one post. It might be necessary to break the logs up to get them on the forum. Just use as many posts as you need, that's fine. :)
     
  3. acrylamide

    acrylamide Thread Starter

    Joined:
    Dec 11, 2004
    Messages:
    9
    Hi,

    Thanks. Here are the logs:

    OTL logfile created on: 4/11/2010 12:47:00 PM - Run 2
    OTL by OldTimer - Version 3.2.1.1 Folder = C:\Users\cindycovell\Downloads
    64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.6002.18005)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 65.00% Memory free
    8.00 Gb Paging File | 7.00 Gb Available in Paging File | 81.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 283.40 Gb Total Space | 87.56 Gb Free Space | 30.90% Space Free | Partition Type: NTFS
    Drive D: | 14.65 Gb Total Space | 6.69 Gb Free Space | 45.65% Space Free | Partition Type: NTFS
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: CINDYCOVELL-PC
    Current User Name: cindycovell
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Include 64bit Scans
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 30 Days
    Output = Minimal

    ========== Processes (SafeList) ==========

    PRC - C:\Users\cindycovell\Downloads\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
    PRC - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
    PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
    PRC - C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\ccsvchst.exe (Symantec Corporation)
    PRC - C:\Program Files (x86)\Norton Internet Security\AddOns\Norton AddOn Pack\Engine\4.5.0.24\ccproxy.exe (Symantec Corporation)
    PRC - C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE (Microsoft Corporation)
    PRC - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
    PRC - C:\Program Files (x86)\Microsoft\Office Live\OfficeLiveSignIn.exe (Microsoft Corp.)
    PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)


    ========== Modules (SafeList) ==========

    MOD - C:\Users\cindycovell\Downloads\OTL.exe (OldTimer Tools)
    MOD - C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\asoehook.dll (Symantec Corporation)
    MOD - C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2\msvcr90.dll (Microsoft Corporation)
    MOD - C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2\msvcp90.dll (Microsoft Corporation)
    MOD - C:\Windows\SysWOW64\comdlg32.dll (Microsoft Corporation)


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - (FontCache) -- C:\Windows\SysNative\FntCache.dll (Microsoft Corporation)
    SRV:64bit: - (Ati External Event Utility) -- C:\Windows\SysNative\Ati2evxx.exe (ATI Technologies Inc.)
    SRV:64bit: - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
    SRV:64bit: - (AERTFilters) -- C:\Windows\SysNative\AERTSr64.exe (Andrea Electronics Corporation)
    SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
    SRV - (NIS) -- C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exe (Symantec Corporation)
    SRV - (ccProxy) -- C:\Program Files (x86)\Norton Internet Security\AddOns\Norton AddOn Pack\Engine\4.5.0.24\ccProxy.exe (Symantec Corporation)
    SRV - (fsssvc) -- C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
    SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
    SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
    SRV - (Microsoft Office Groove Audit Service) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
    SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2006/11/02 08:34:14 | 000,000,000 | ---D | M]
    SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof ()
    SRV - (VSS) -- C:\Windows\SysWOW64\wbem\vss.mof ()


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\NISx64\1106000.020\Ironx64.SYS (Symantec Corporation)
    DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\Drivers\NISx64\1106000.020\SRTSP64.SYS (Symantec Corporation)
    DRV:64bit: - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\SysNative\drivers\NISx64\1106000.020\SRTSPX64.SYS (Symantec Corporation)
    DRV:64bit: - (ccHP) -- C:\Windows\SysNative\drivers\NISx64\1106000.020\ccHPx64.sys (Symantec Corporation)
    DRV:64bit: - (SYMTDIv) -- C:\Windows\SysNative\Drivers\NISx64\1106000.020\SYMTDIV.SYS (Symantec Corporation)
    DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\NISx64\1106000.020\SYMEFA64.SYS (Symantec Corporation)
    DRV:64bit: - (SymIM) -- C:\Windows\SysNative\DRIVERS\SymIMv.sys (Symantec Corporation)
    DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\NISx64\1106000.020\SYMDS64.SYS (Symantec Corporation)
    DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS (Symantec Corporation)
    DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\DRIVERS\fssfltr.sys (Microsoft Corporation)
    DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
    DRV:64bit: - (HdAudAddService) -- C:\Windows\SysNative\drivers\HdAudio.sys (Microsoft Corporation)
    DRV:64bit: - (sptd) -- C:\Windows\SysNative\Drivers\sptd.sys ()
    DRV:64bit: - (R300) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
    DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
    DRV:64bit: - (e1express) Intel(R) -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys (Intel Corporation)
    DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100410.020\EX64.SYS (Symantec Corporation)
    DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100410.020\ENG64.SYS (Symantec Corporation)
    DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100324.001\BHDrvx64.sys (Symantec Corporation)
    DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100402.001\IDSviA64.sys (Symantec Corporation)
    DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
    DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
    DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof ()
    DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof ()
    DRV - (Aspi32) -- C:\Windows\SysWOW64\drivers\aspi32.sys (Adaptec)


    ========== Standard Registry (All) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5090123
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5090123
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yo101.com

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5090123
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local;*.local

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "liberation.fr"
    FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.17
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}:6.0.19
    FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
    FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
    FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6
    FF - prefs.js..extensions.enabledItems: [email protected]:2.1
    FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.3
    FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.2.20100119091315
    FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
    FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.9


    FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/02 03:01:23 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\ [2009/10/03 12:24:36 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\ [2010/01/21 21:48:33 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/04/09 13:27:39 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/04/10 16:54:09 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/04/10 16:54:09 | 000,000,000 | ---D | M]

    [2009/12/30 15:36:55 | 000,000,000 | ---D | M] -- C:\Users\cindycovell\AppData\Roaming\Mozilla\Extensions
    [2009/01/30 23:59:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\cindycovell\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
    [2009/12/30 15:36:55 | 000,000,000 | ---D | M] -- C:\Users\cindycovell\AppData\Roaming\Mozilla\Extensions\[email protected]
    [2010/04/10 10:34:55 | 000,000,000 | ---D | M] -- C:\Users\cindycovell\AppData\Roaming\Mozilla\Firefox\Profiles\j7pmi04h.default\extensions
    [2009/07/02 08:10:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\cindycovell\AppData\Roaming\Mozilla\Firefox\Profiles\j7pmi04h.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2010/02/17 20:48:31 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\cindycovell\AppData\Roaming\Mozilla\Firefox\Profiles\j7pmi04h.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    [2010/04/09 15:15:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\cindycovell\AppData\Roaming\Mozilla\Firefox\Profiles\j7pmi04h.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
    [2010/01/14 09:21:44 | 000,000,000 | ---D | M] -- C:\Users\cindycovell\AppData\Roaming\Mozilla\Firefox\Profiles\j7pmi04h.default\extensions\[email protected]
    [2009/02/09 09:24:46 | 000,000,000 | ---D | M] -- C:\Users\cindycovell\AppData\Roaming\Mozilla\Firefox\Profiles\j7pmi04h.default\extensions\[email protected]
    [2009/02/21 16:23:57 | 000,002,921 | ---- | M] () -- C:\Users\cindycovell\AppData\Roaming\Mozilla\Firefox\Profiles\j7pmi04h.default\searchplugins\daemon-search.xml
    [2010/04/10 10:18:54 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2010/04/03 14:15:47 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    [2010/04/10 10:18:54 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
    [2009/03/05 15:03:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
    [2009/04/20 12:43:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
    [2009/08/07 15:27:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
    [2009/10/20 18:32:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
    [2010/04/07 18:50:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
    [2010/04/03 14:15:46 | 000,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browserdirprovider.dll
    [2010/04/03 14:15:46 | 000,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\brwsrcmp.dll
    [2007/04/10 18:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
    [2010/04/07 18:49:47 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeploytk.dll
    [2010/04/03 14:15:46 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npnul32.dll
    [2006/10/26 21:12:16 | 000,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
    [2010/03/24 12:22:46 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npPandoWebInst.dll
    [2009/12/21 19:34:06 | 000,103,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
    [2010/04/09 13:27:33 | 000,140,864 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
    [2010/04/10 16:54:08 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
    [2010/04/10 16:54:08 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
    [2010/04/10 16:54:08 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
    [2010/04/10 16:54:08 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
    [2010/04/10 16:54:09 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
    [2010/04/10 16:54:09 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
    [2010/04/10 16:54:09 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
    [2010/04/09 13:27:47 | 000,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
    [2010/04/09 13:27:25 | 000,098,304 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
    [2010/02/18 19:10:11 | 000,001,394 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazondotcom.xml
    [2010/02/18 19:10:11 | 000,002,193 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\answers.xml
    [2010/02/18 19:10:11 | 000,001,534 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\creativecommons.xml
    [2010/02/18 19:10:11 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay.xml
    [2010/02/18 19:10:11 | 000,002,371 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\google.xml
    [2010/01/13 13:48:46 | 000,002,422 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\safesearch.xml
    [2010/02/18 19:10:11 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia.xml
    [2010/02/18 19:10:11 | 000,000,792 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo.xml

    O1 HOSTS File: ([2009/02/27 16:05:13 | 000,302,495 | R--- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O1 - Hosts: 127.0.0.1 www.007guard.com
    O1 - Hosts: 127.0.0.1 007guard.com
    O1 - Hosts: 127.0.0.1 008i.com
    O1 - Hosts: 127.0.0.1 www.008k.com
    O1 - Hosts: 127.0.0.1 008k.com
    O1 - Hosts: 127.0.0.1 www.00hq.com
    O1 - Hosts: 127.0.0.1 00hq.com
    O1 - Hosts: 127.0.0.1 010402.com
    O1 - Hosts: 127.0.0.1 www.032439.com
    O1 - Hosts: 127.0.0.1 032439.com
    O1 - Hosts: 127.0.0.1 www.0scan.com
    O1 - Hosts: 127.0.0.1 0scan.com
    O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
    O1 - Hosts: 127.0.0.1 1000gratisproben.com
    O1 - Hosts: 127.0.0.1 www.1001namen.com
    O1 - Hosts: 127.0.0.1 1001namen.com
    O1 - Hosts: 127.0.0.1 100888290cs.com
    O1 - Hosts: 127.0.0.1 www.100888290cs.com
    O1 - Hosts: 127.0.0.1 100sexlinks.com
    O1 - Hosts: 127.0.0.1 www.100sexlinks.com
    O1 - Hosts: 127.0.0.1 10sek.com
    O1 - Hosts: 127.0.0.1 www.10sek.com
    O1 - Hosts: 127.0.0.1 www.1-2005-search.com
    O1 - Hosts: 10429 more lines...
    O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
    O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\coieplg.dll (Symantec Corporation)
    O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\ipsbho.dll (Symantec Corporation)
    O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
    O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
    O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
    O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
    O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\coieplg.dll (Symantec Corporation)
    O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
    O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [iTunesHelper] C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
    O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
    O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
    O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
    O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
    O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
    O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
    O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
    O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
    O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysNative\NLAapi.dll (Microsoft Corporation)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysNative\napinsp.dll (Microsoft Corporation)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
    O13 - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O16 - DPF: {32305793-C19A-48E7-AD2F-D87FF7B264A4} http://download.tenebril.com/pub/bin/scanner2008/TenebrilSpywareScanner.ocx (TenebrilSpywareScanner Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?40109.3933564815 (Update Class)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
    O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Value error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 192.168.0.1
    O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\msvidctl.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\msvidctl.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
    O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
    O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
    O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
    O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
    O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
    O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
    O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
    O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
    O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
    O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
    O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
    O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
    O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
    O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\SysNative\shell32.dll (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\SysNative\sysdm.cpl (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\SysWow64\shell32.dll (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\SysWow64\sysdm.cpl (Microsoft Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysNative\webcheck.dll (Microsoft Corporation)
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWOW64\webcheck.dll (Microsoft Corporation)
    O22:64bit: - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\SysNative\browseui.dll (Microsoft Corporation)
    O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\SysWOW64\browseui.dll (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Users\cindycovell\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O24 - Desktop BackupWallPaper: C:\Users\cindycovell\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
    O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
    O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
    O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
    O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
    O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
    O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
    O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
    O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
    O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
    O31 - SafeBoot: AlternateShell - cmd.exe
    O32 - HKLM CDRom: AutoRun - 1
    O33 - MountPoints2\{14af7854-827d-11de-aa5b-00219b2286d8}\Shell - "" = AutoRun
    O33 - MountPoints2\{14af7854-827d-11de-aa5b-00219b2286d8}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
    O33 - MountPoints2\{4baebb8c-1ce9-11df-8783-00219b2286d8}\Shell\AutoRun\command - "" = C:\Windows\SysWow64\shell32.dll -- [2009/04/11 01:28:24 | 011,584,000 | ---- | M] (Microsoft Corporation)
    O33 - MountPoints2\H\Shell - "" = AutoRun
    O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/04/11 12:33:07 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    [2010/04/11 12:33:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2010/04/10 16:55:55 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2010/04/10 16:55:53 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2010/04/10 16:55:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
    [2010/04/10 16:55:53 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
    [2010/04/10 16:53:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
    [2010/04/10 16:50:23 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
    [2010/04/10 16:50:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
    [2010/04/10 16:50:21 | 000,000,000 | -HSD | C] -- C:\Config.Msi
    [2010/04/10 10:18:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
    [2010/04/10 02:40:32 | 002,452,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
    [2010/04/10 02:40:32 | 002,452,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
    [2010/04/10 02:40:27 | 001,032,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wininet.dll
    [2010/04/10 02:40:25 | 000,834,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wininet.dll
    [2010/04/10 02:40:23 | 000,758,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
    [2010/04/10 02:40:22 | 000,477,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
    [2010/04/10 02:40:22 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
    [2010/04/10 02:40:22 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
    [2010/04/10 02:40:22 | 000,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
    [2010/04/10 02:40:21 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieencode.dll
    [2010/04/10 02:40:21 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieencode.dll
    [2010/04/10 02:40:20 | 000,422,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
    [2010/04/10 02:40:20 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
    [2010/04/10 02:40:04 | 000,756,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
    [2010/04/10 02:40:04 | 000,512,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
    [2010/04/09 15:11:26 | 000,000,000 | ---D | C] -- C:\Users\cindycovell\AppData\Roaming\Malwarebytes
    [2010/04/09 15:11:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2010/04/09 15:11:16 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2010/04/09 14:56:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BillP Studios
    [2010/04/09 14:13:35 | 000,000,000 | ---D | C] -- C:\VundoFix Backups
    [2010/04/09 13:27:33 | 000,185,920 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\rmoc3260.dll
    [2010/04/09 13:27:23 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5016.dll
    [2010/04/09 13:27:23 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5032.dll
    [2010/04/09 06:38:08 | 000,000,000 | ---D | C] -- C:\Users\cindycovell\AppData\Local\PMB Files
    [2010/04/09 06:37:29 | 000,000,000 | ---D | C] -- C:\Users\cindycovell\AppData\Local\Symantec
    [2010/04/09 04:29:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wise Registry Cleaner
    [2010/04/08 01:34:50 | 000,000,000 | ---D | C] -- C:\Users\cindycovell\Desktop\harrison, dreams
    [2010/04/07 18:52:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
    [2010/04/07 18:30:34 | 000,000,000 | ---D | C] -- C:\Users\cindycovell\Desktop\Zhu Xi
    [2010/04/04 23:36:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Real
    [2010/04/04 23:35:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared
    [2010/03/27 11:31:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
    [2010/03/25 14:52:18 | 000,000,000 | ---D | C] -- C:\Users\cindycovell\Desktop\0804750688
    [2010/03/24 20:16:07 | 000,000,000 | ---D | C] -- C:\Users\cindycovell\Desktop\diplomatic revolution
    [2010/03/24 12:22:56 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
    [2010/03/17 21:53:42 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\Windows\SysWow64\QuickTimeVR.qtx
    [2010/03/17 21:53:42 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\Windows\SysWow64\QuickTime.qts
    [2010/03/13 00:43:10 | 000,000,000 | ---D | C] -- C:\Users\cindycovell\Documents\books
    [2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2010/04/11 12:48:00 | 000,000,430 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{73BCDB89-B04C-4354-8E74-0963E9AEDD83}.job
    [2010/04/11 12:46:52 | 007,864,320 | -HS- | M] () -- C:\Users\cindycovell\ntuser.dat
    [2010/04/11 12:33:10 | 000,000,850 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/04/11 12:33:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2010/04/11 12:25:39 | 000,694,964 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2010/04/11 12:25:39 | 000,589,884 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2010/04/11 12:25:39 | 000,101,896 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2010/04/11 12:21:17 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2010/04/11 12:19:35 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2010/04/11 12:19:35 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2010/04/11 12:19:30 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
    [2010/04/11 12:19:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2010/04/11 09:53:51 | 000,524,288 | -HS- | M] () -- C:\Users\cindycovell\ntuser.dat{ffcdbb36-43c8-11df-ba6b-00219b2286d8}.TMContainer00000000000000000001.regtrans-ms
    [2010/04/11 09:53:51 | 000,065,536 | -HS- | M] () -- C:\Users\cindycovell\ntuser.dat{ffcdbb36-43c8-11df-ba6b-00219b2286d8}.TM.blf
    [2010/04/11 09:53:44 | 000,007,168 | ---- | M] () -- C:\Windows\powerplayer.ini
    [2010/04/11 09:53:44 | 000,002,201 | ---- | M] () -- C:\Windows\psnetwork.ini
    [2010/04/11 09:53:44 | 000,000,068 | ---- | M] () -- C:\Windows\PCDNSetting.ini
    [2010/04/11 09:47:41 | 1073,741,824 | ---- | M] () -- C:\ppsds.pgf
    [2010/04/11 08:40:44 | 000,000,160 | ---- | M] () -- C:\Windows\powerlist.ini
    [2010/04/11 08:40:03 | 000,000,077 | ---- | M] () -- C:\Windows\MediaList.ini
    [2010/04/11 04:04:34 | 003,850,802 | -H-- | M] () -- C:\Users\cindycovell\AppData\Local\IconCache.db
    [2010/04/10 19:14:22 | 002,450,048 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1106000.020\Cat.DB
    [2010/04/10 16:56:26 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2010/04/10 16:53:44 | 000,001,758 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
    [2010/04/10 10:18:21 | 000,001,890 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
    [2010/04/09 23:17:16 | 000,023,552 | ---- | M] () -- C:\Users\cindycovell\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/04/09 14:44:09 | 000,001,930 | ---- | M] () -- C:\Users\cindycovell\Desktop\HijackThis.lnk
    [2010/04/09 13:27:39 | 000,000,803 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer SP.lnk
    [2010/04/09 13:27:33 | 000,185,920 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\rmoc3260.dll
    [2010/04/09 13:27:23 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5016.dll
    [2010/04/09 13:27:23 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5032.dll
    [2010/04/09 06:35:34 | 000,524,288 | -HS- | M] () -- C:\Users\cindycovell\ntuser.dat{ffcdbb36-43c8-11df-ba6b-00219b2286d8}.TMContainer00000000000000000002.regtrans-ms
    [2010/04/09 06:31:44 | 000,524,288 | -HS- | M] () -- C:\Users\cindycovell\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms
    [2010/04/09 06:31:44 | 000,065,536 | -HS- | M] () -- C:\Users\cindycovell\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf
    [2010/04/09 06:01:07 | 000,028,617 | ---- | M] () -- C:\Users\cindycovell\Desktop\mshta problem.docx
    [2010/04/08 22:40:55 | 000,046,415 | ---- | M] () -- C:\Users\cindycovell\Desktop\Oral_Fields_Exam_Schedule.pdf
    [2010/04/07 18:49:47 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
    [2010/04/07 18:49:47 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
    [2010/04/07 18:49:47 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
    [2010/04/07 18:49:46 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deploytk.dll
    [2010/04/07 18:45:16 | 000,001,919 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
    [2010/04/07 06:57:43 | 000,002,281 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
    [2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    [2010/03/30 00:45:56 | 000,024,664 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2010/03/28 22:52:59 | 000,000,420 | ---- | M] () -- C:\Windows\tasks\SmartDefrag.job
    [2010/03/26 19:57:35 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1106000.020\isolate.ini
    [2010/03/25 11:43:55 | 000,000,600 | ---- | M] () -- C:\Users\cindycovell\AppData\Roaming\winscp.rnd
    [2010/03/17 21:53:42 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\Windows\SysWow64\QuickTimeVR.qtx
    [2010/03/17 21:53:42 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\Windows\SysWow64\QuickTime.qts
    [2010/03/14 13:19:23 | 000,000,028 | ---- | M] () -- C:\Windows\msgtn.ini
    [2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2010/04/11 12:33:10 | 000,000,850 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/04/10 16:56:26 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2010/04/10 16:53:43 | 000,001,758 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
    [2010/04/09 14:27:43 | 000,001,930 | ---- | C] () -- C:\Users\cindycovell\Desktop\HijackThis.lnk
    [2010/04/09 13:27:39 | 000,000,803 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer SP.lnk
    [2010/04/09 06:34:44 | 000,524,288 | -HS- | C] () -- C:\Users\cindycovell\ntuser.dat{ffcdbb36-43c8-11df-ba6b-00219b2286d8}.TMContainer00000000000000000002.regtrans-ms
    [2010/04/09 06:34:44 | 000,524,288 | -HS- | C] () -- C:\Users\cindycovell\ntuser.dat{ffcdbb36-43c8-11df-ba6b-00219b2286d8}.TMContainer00000000000000000001.regtrans-ms
    [2010/04/09 06:34:44 | 000,065,536 | -HS- | C] () -- C:\Users\cindycovell\ntuser.dat{ffcdbb36-43c8-11df-ba6b-00219b2286d8}.TM.blf
    [2010/04/09 06:01:06 | 000,028,617 | ---- | C] () -- C:\Users\cindycovell\Desktop\mshta problem.docx
    [2010/04/08 22:40:55 | 000,046,415 | ---- | C] () -- C:\Users\cindycovell\Desktop\Oral_Fields_Exam_Schedule.pdf
    [2010/03/27 11:29:21 | 000,000,420 | ---- | C] () -- C:\Windows\tasks\SmartDefrag.job
    [2009/12/28 07:50:53 | 000,700,310 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2009/10/31 08:29:32 | 000,000,077 | ---- | C] () -- C:\Windows\MediaList.ini
    [2009/10/29 07:15:52 | 000,000,022 | ---- | C] () -- C:\Windows\MList.INI
    [2009/10/14 13:11:39 | 000,000,036 | ---- | C] () -- C:\Users\cindycovell\AppData\Local\housecall.guid.cache
    [2009/10/03 15:02:49 | 000,043,356 | ---- | C] () -- C:\Users\cindycovell\AppData\Local\dd_vcredistUI33BC.txt
    [2009/10/03 15:02:18 | 000,043,404 | ---- | C] () -- C:\Users\cindycovell\AppData\Local\dd_vcredistUI3357.txt
    [2009/08/28 13:01:05 | 000,000,600 | ---- | C] () -- C:\Users\cindycovell\AppData\Roaming\winscp.rnd
    [2009/08/16 20:13:46 | 000,000,028 | ---- | C] () -- C:\Windows\msgtn.ini
    [2009/08/15 15:11:44 | 000,000,068 | ---- | C] () -- C:\Windows\PCDNSetting.ini
    [2009/08/15 14:41:29 | 000,000,160 | ---- | C] () -- C:\Windows\powerlist.ini
    [2009/08/15 14:41:29 | 000,000,125 | ---- | C] () -- C:\Windows\PPSMediaList.ini
    [2009/08/15 14:41:18 | 000,007,168 | ---- | C] () -- C:\Windows\powerplayer.ini
    [2009/08/15 14:41:18 | 000,002,201 | ---- | C] () -- C:\Windows\psnetwork.ini
    [2009/06/20 20:07:40 | 000,111,613 | ---- | C] () -- C:\Users\cindycovell\Bus- Hyde Park Express 2.pdf
    [2009/06/05 03:42:23 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
    [2009/06/05 03:41:28 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
    [2009/03/24 16:07:13 | 000,000,146 | ---- | C] () -- C:\Windows\WININIT.INI
    [2009/02/06 18:06:22 | 000,001,195 | ---- | C] () -- C:\ProgramData\hpzinstall.log
    [2009/02/03 12:37:32 | 000,000,632 | RHS- | C] () -- C:\Users\cindycovell\ntuser.pol
    [2009/02/01 12:31:47 | 000,024,088 | ---- | C] () -- C:\Users\cindycovell\AppData\Roaming\UserTile.png
    [2009/01/31 23:53:13 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
    [2009/01/31 12:42:28 | 000,023,552 | ---- | C] () -- C:\Users\cindycovell\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009/01/31 00:06:16 | 000,000,844 | ---- | C] () -- C:\Users\cindycovell\AppData\Roaming\wklnhst.dat
    [2009/01/30 23:48:37 | 000,000,020 | -HS- | C] () -- C:\Users\cindycovell\ntuser.ini
    [2009/01/30 23:48:36 | 007,864,320 | -HS- | C] () -- C:\Users\cindycovell\ntuser.dat
    [2009/01/30 23:48:36 | 000,524,288 | -HS- | C] () -- C:\Users\cindycovell\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000002.regtrans-ms
    [2009/01/30 23:48:36 | 000,524,288 | -HS- | C] () -- C:\Users\cindycovell\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms
    [2009/01/30 23:48:36 | 000,262,144 | -H-- | C] () -- C:\Users\cindycovell\ntuser.dat.LOG1
    [2009/01/30 23:48:36 | 000,065,536 | -HS- | C] () -- C:\Users\cindycovell\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf
    [2009/01/30 23:48:36 | 000,000,000 | -H-- | C] () -- C:\Users\cindycovell\ntuser.dat.LOG2
    [2008/12/28 11:59:44 | 004,377,500 | ---- | C] () -- C:\Windows\SysWow64\libavcodec.dll
    [2008/12/28 10:51:00 | 000,239,247 | ---- | C] () -- C:\Windows\SysWow64\ff_theora.dll
    [2008/12/28 10:50:50 | 000,145,609 | ---- | C] () -- C:\Windows\SysWow64\libmpeg2_ff.dll
    [2008/12/28 10:49:08 | 000,560,802 | ---- | C] () -- C:\Windows\SysWow64\libmplayer.dll
    [2008/12/12 11:57:38 | 000,142,848 | ---- | C] () -- C:\Windows\SysWow64\ff_liba52.dll
    [2008/12/09 13:57:26 | 000,183,296 | ---- | C] () -- C:\Windows\SysWow64\ff_samplerate.dll
    [2008/12/09 13:57:18 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\ff_libmad.dll
    [2008/12/09 13:57:02 | 000,113,152 | ---- | C] () -- C:\Windows\SysWow64\ff_unrar.dll
    [2008/12/09 13:56:42 | 000,146,944 | ---- | C] () -- C:\Windows\SysWow64\ff_tremor.dll
    [2008/12/09 13:56:34 | 000,257,024 | ---- | C] () -- C:\Windows\SysWow64\ff_libdts.dll
    [2008/12/09 13:56:22 | 000,485,888 | ---- | C] () -- C:\Windows\SysWow64\ff_libfaad2.dll
    [2008/12/08 08:37:04 | 000,884,237 | ---- | C] () -- C:\Windows\SysWow64\ff_x264.dll
    [2008/12/08 08:34:42 | 000,791,742 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
    [2008/12/08 07:53:40 | 000,093,184 | ---- | C] () -- C:\Windows\SysWow64\ff_wmv9.dll
    [2008/12/08 07:53:32 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
    [2008/11/26 14:55:22 | 000,683,520 | ---- | C] () -- C:\Windows\SysWow64\ff_kernelDeint.dll
    [2008/11/26 13:49:10 | 000,238,080 | ---- | C] () -- C:\Windows\SysWow64\TomsMoComp_ff.dll
    [2008/08/05 17:02:12 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
    [2008/08/05 16:59:04 | 000,000,416 | ---- | C] () -- C:\Windows\SysWow64\dtu100.dll.manifest
    [2008/08/05 16:59:04 | 000,000,416 | ---- | C] () -- C:\Windows\SysWow64\dpl100.dll.manifest
    [2008/03/29 10:42:22 | 000,245,248 | ---- | C] () -- C:\Windows\SysWow64\dxr.dll
    [2008/03/29 10:42:20 | 000,159,744 | ---- | C] () -- C:\Windows\SysWow64\mmfinfo.dll
    [2008/03/29 10:42:14 | 000,102,400 | ---- | C] () -- C:\Windows\SysWow64\avss.dll
    [2008/03/29 10:42:08 | 000,148,992 | ---- | C] () -- C:\Windows\SysWow64\mkx.dll
    [2008/03/29 10:42:04 | 000,141,312 | ---- | C] () -- C:\Windows\SysWow64\mp4.dll
    [2008/03/29 10:42:04 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\avi.dll
    [2008/03/29 10:42:02 | 000,120,832 | ---- | C] () -- C:\Windows\SysWow64\ogm.dll
    [2008/03/29 10:42:00 | 000,163,840 | ---- | C] () -- C:\Windows\SysWow64\ts.dll
    [2008/03/29 10:41:54 | 000,097,280 | ---- | C] () -- C:\Windows\SysWow64\avs.dll
    [2008/03/29 10:41:52 | 000,079,360 | ---- | C] () -- C:\Windows\SysWow64\mkzlib.dll
    [2008/03/29 10:41:52 | 000,023,552 | ---- | C] () -- C:\Windows\SysWow64\mkunicode.dll
    [2008/01/20 21:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
    [2007/10/13 04:30:20 | 000,000,137 | ---- | C] () -- C:\Windows\SysWow64\Registration.ini
    [2007/07/10 12:10:12 | 000,000,547 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll.manifest
    [2007/06/28 13:54:10 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll

    ========== LOP Check ==========

    [2009/01/31 01:59:18 | 000,000,000 | ---D | M] -- C:\Users\cindycovell\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2009/02/21 16:24:52 | 000,000,000 | ---D | M] -- C:\Users\cindycovell\AppData\Roaming\DAEMON Tools
    [2009/02/21 16:25:48 | 000,000,000 | ---D | M] -- C:\Users\cindycovell\AppData\Roaming\DAEMON Tools Lite
    [2009/02/21 16:24:51 | 000,000,000 | ---D | M] -- C:\Users\cindycovell\AppData\Roaming\DAEMON Tools Pro
    [2009/09/05 12:05:13 | 000,000,000 | ---D | M] -- C:\Users\cindycovell\AppData\Roaming\eMule
    [2009/01/31 23:26:00 | 000,000,000 | ---D | M] -- C:\Users\cindycovell\AppData\Roaming\Foxit
    [2010/03/28 13:01:32 | 000,000,000 | ---D | M] -- C:\Users\cindycovell\AppData\Roaming\IDM
    [2009/02/18 16:15:59 | 000,000,000 | ---D | M] -- C:\Users\cindycovell\AppData\Roaming\Image Zone Express
    [2010/03/27 11:29:01 | 000,000,000 | ---D | M] -- C:\Users\cindycovell\AppData\Roaming\IObit
    [2009/12/30 17:37:45 | 000,000,000 | ---D | M] -- C:\Users\cindycovell\AppData\Roaming\LimeWire
    [2009/01/31 00:09:36 | 000,000,000 | ---D | M] -- C:\Users\cindycovell\AppData\Roaming\MessengerGadget
    [2010/03/28 13:01:35 | 000,000,000 | ---D | M] -- C:\Users\cindycovell\AppData\Roaming\NBC Direct
    [2009/01/31 02:39:05 | 000,000,000 | ---D | M] -- C:\Users\cindycovell\AppData\Roaming\OpenOffice.org
    [2009/02/01 12:31:46 | 000,000,000 | ---D | M] -- C:\Users\cindycovell\AppData\Roaming\PeerNetworking
    [2010/04/10 22:12:36 | 000,000,000 | ---D | M] -- C:\Users\cindycovell\AppData\Roaming\PPStream
    [2009/02/06 18:29:12 | 000,000,000 | ---D | M] -- C:\Users\cindycovell\AppData\Roaming\Printer Info Cache
    [2009/08/02 14:32:03 | 000,000,000 | ---D | M] -- C:\Users\cindycovell\AppData\Roaming\Sierra
    [2009/01/31 00:06:20 | 000,000,000 | ---D | M] -- C:\Users\cindycovell\AppData\Roaming\Template
    [2009/07/04 19:46:37 | 000,000,000 | ---D | M] -- C:\Users\cindycovell\AppData\Roaming\Thinstall
    [2009/10/03 14:58:36 | 000,000,000 | ---D | M] -- C:\Users\cindycovell\AppData\Roaming\Tific
    [2010/03/27 11:26:35 | 000,000,000 | ---D | M] -- C:\Users\cindycovell\AppData\Roaming\TweakNow PowerPack 2009
    [2010/01/16 12:50:03 | 000,000,000 | ---D | M] -- C:\Users\cindycovell\AppData\Roaming\WinPatrol
    [2010/04/11 09:53:54 | 000,032,544 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
    [2010/03/28 22:52:59 | 000,000,420 | ---- | M] () -- C:\Windows\Tasks\SmartDefrag.job
    [2010/04/11 12:48:00 | 000,000,430 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{73BCDB89-B04C-4354-8E74-0963E9AEDD83}.job
    [2009/03/24 17:03:16 | 000,000,468 | ---- | M] () -- C:\Windows\Tasks\Wise Disk Cleaner 4.job

    ========== Purity Check ==========



    ========== Files - Unicode (All) ==========
    [2010/03/24 15:19:42 | 712,761,344 | ---- | M] ()(C:\Users\cindycovell\Documents\[BBC.英?史].BBC.A.History.of.Britain.11.The.wrong.empire.DivX5.AC3.www.mvgroup.org.avi) -- C:\Users\cindycovell\Documents\[BBC.英国史].BBC.A.History.of.Britain.11.The.wrong.empire.DivX5.AC3.www.mvgroup.org.avi
    [2010/03/24 15:15:05 | 083,217,454 | ---- | M] ()(C:\Users\cindycovell\Documents\[33][政治??].Smith,.N.(1990).Uneven_Development.pdf) -- C:\Users\cindycovell\Documents\[33][政治经济].Smith,.N.(1990).Uneven_Development.pdf
    [2010/03/24 14:47:25 | 063,157,974 | ---- | M] ()(C:\Users\cindycovell\Documents\[2][大?哈?].David.Harvey.(1973).Social.Justice.and.the.City.pdf) -- C:\Users\cindycovell\Documents\[2][大卫哈维].David.Harvey.(1973).Social.Justice.and.the.City.pdf
    [2010/03/24 14:27:49 | 073,900,562 | ---- | M] ()(C:\Users\cindycovell\Documents\[38][空?社?文化].Lefebvre,.H.(1984).The_production_of_space_1.pdf) -- C:\Users\cindycovell\Documents\[38][空间社会文化].Lefebvre,.H.(1984).The_production_of_space_1.pdf
    [2010/03/24 14:14:34 | 708,313,088 | ---- | M] ()(C:\Users\cindycovell\Documents\[BBC.英?史].BBC.A.History.of.Britain.14.The.empire.of.good.intentions.DivX5.AC3.www.mvgroup.org.avi) -- C:\Users\cindycovell\Documents\[BBC.英国史].BBC.A.History.of.Britain.14.The.empire.of.good.intentions.DivX5.AC3.www.mvgroup.org.avi
    [2010/03/24 14:14:14 | 001,134,940 | ---- | M] ()(C:\Users\cindycovell\Documents\[34][政治??].Thrift,.N.(2005).Knowing_Capitalism.pdf) -- C:\Users\cindycovell\Documents\[34][政治经济].Thrift,.N.(2005).Knowing_Capitalism.pdf
    [2010/03/24 13:52:11 | 018,692,088 | ---- | M] ()(C:\Users\cindycovell\Documents\[8][大?哈?].David.Harvey.(2004).Spaces_of_neoliberalization._.towards_a_theory_of_uneven_geographical_development.pdf) -- C:\Users\cindycovell\Documents\[8][大卫哈维].David.Harvey.(2004).Spaces_of_neoliberalization._.towards_a_theory_of_uneven_geographical_development.pdf
    [2010/03/24 13:44:59 | 020,395,342 | ---- | M] ()(C:\Users\cindycovell\Documents\[55][中?城市].Andrusz,G,.Harloe,M.&.Szelenyi,.I.(1996).Cities.after.socialism.pdf) -- C:\Users\cindycovell\Documents\[55][中国城市].Andrusz,G,.Harloe,M.&.Szelenyi,.I.(1996).Cities.after.socialism.pdf
    [2010/03/24 13:33:41 | 024,121,607 | ---- | M] ()(C:\Users\cindycovell\Documents\[29][政治??].Brenner,.N.&.Jessop,.B.(2003).State.Space_A.Reader.pdf) -- C:\Users\cindycovell\Documents\[29][政治经济].Brenner,.N.&.Jessop,.B.(2003).State.Space_A.Reader.pdf
    [2010/03/24 13:31:10 | 010,004,864 | ---- | M] ()(C:\Users\cindycovell\Documents\[97][政治??]Sassen(2001).The.global.city_.New.York,.London,Tokyo.djvu) -- C:\Users\cindycovell\Documents\[97][政治经济]Sassen(2001).The.global.city_.New.York,.London,Tokyo.djvu
    [2010/03/24 13:28:02 | 011,593,801 | ---- | M] ()(C:\Users\cindycovell\Documents\[60][中?城市].Friedmann,.J.(2005).China's.Urban.Transition.pdf) -- C:\Users\cindycovell\Documents\[60][中国城市].Friedmann,.J.(2005).China's.Urban.Transition.pdf
    [2010/03/24 13:22:47 | 009,133,776 | ---- | M] ()(C:\Users\cindycovell\Documents\[96][空?社?文化]Benedict.R.Anderson(1983).Imagined.communities_.reflections.on.the.origin.and.spread.of.nationalism.djvu) -- C:\Users\cindycovell\Documents\[96][空间社会文化]Benedict.R.Anderson(1983).Imagined.communities_.reflections.on.the.origin.and.spread.of.nationalism.djvu
    [2010/03/24 13:16:50 | 019,747,680 | ---- | M] ()(C:\Users\cindycovell\Documents\[43][空?社?文化]Anthony.Giddens.(1984)The.Constitution.of.Society.pdf) -- C:\Users\cindycovell\Documents\[43][空间社会文化]Anthony.Giddens.(1984)The.Constitution.of.Society.pdf
    [2010/03/24 13:12:04 | 003,426,049 | ---- | M] ()(C:\Users\cindycovell\Documents\[9][大?哈?].David.Harvey.(2005).A.Brief.History.of.Neoliberalism.pdf) -- C:\Users\cindycovell\Documents\[9][大卫哈维].David.Harvey.(2005).A.Brief.History.of.Neoliberalism.pdf
    [2010/03/24 13:09:51 | 013,014,911 | ---- | M] ()(C:\Users\cindycovell\Documents\[3][大?哈?].David.Harvey.(1982).The_Limits_to_Capital.djvu) -- C:\Users\cindycovell\Documents\[3][大卫哈维].David.Harvey.(1982).The_Limits_to_Capital.djvu
    [2010/03/24 12:39:30 | 004,268,541 | ---- | M] ()(C:\Users\cindycovell\Documents\[6][大?哈?].David.Harvey.(2003).PARIS,.CAPITAL.OF.MODERNITY.pdf) -- C:\Users\cindycovell\Documents\[6][大卫哈维].David.Harvey.(2003).PARIS,.CAPITAL.OF.MODERNITY.pdf
    [2010/03/24 12:39:19 | 009,133,776 | ---- | C] ()(C:\Users\cindycovell\Documents\[96][空?社?文化]Benedict.R.Anderson(1983).Imagined.communities_.reflections.on.the.origin.and.spread.of.nationalism.djvu) -- C:\Users\cindycovell\Documents\[96][空间社会文化]Benedict.R.Anderson(1983).Imagined.communities_.reflections.on.the.origin.and.spread.of.nationalism.djvu
    [2010/03/24 12:39:16 | 010,004,864 | ---- | C] ()(C:\Users\cindycovell\Documents\[97][政治??]Sassen(2001).The.global.city_.New.York,.London,Tokyo.djvu) -- C:\Users\cindycovell\Documents\[97][政治经济]Sassen(2001).The.global.city_.New.York,.London,Tokyo.djvu
    [2010/03/24 12:38:42 | 011,593,801 | ---- | C] ()(C:\Users\cindycovell\Documents\[60][中?城市].Friedmann,.J.(2005).China's.Urban.Transition.pdf) -- C:\Users\cindycovell\Documents\[60][中国城市].Friedmann,.J.(2005).China's.Urban.Transition.pdf
    [2010/03/24 12:37:00 | 020,395,342 | ---- | C] ()(C:\Users\cindycovell\Documents\[55][中?城市].Andrusz,G,.Harloe,M.&.Szelenyi,.I.(1996).Cities.after.socialism.pdf) -- C:\Users\cindycovell\Documents\[55][中国城市].Andrusz,G,.Harloe,M.&.Szelenyi,.I.(1996).Cities.after.socialism.pdf
    [2010/03/24 12:36:36 | 019,747,680 | ---- | C] ()(C:\Users\cindycovell\Documents\[43][空?社?文化]Anthony.Giddens.(1984)The.Constitution.of.Society.pdf) -- C:\Users\cindycovell\Documents\[43][空间社会文化]Anthony.Giddens.(1984)The.Constitution.of.Society.pdf
    [2010/03/24 12:36:30 | 073,900,562 | ---- | C] ()(C:\Users\cindycovell\Documents\[38][空?社?文化].Lefebvre,.H.(1984).The_production_of_space_1.pdf) -- C:\Users\cindycovell\Documents\[38][空间社会文化].Lefebvre,.H.(1984).The_production_of_space_1.pdf
    [2010/03/24 12:36:27 | 001,134,940 | ---- | C] ()(C:\Users\cindycovell\Documents\[34][政治??].Thrift,.N.(2005).Knowing_Capitalism.pdf) -- C:\Users\cindycovell\Documents\[34][政治经济].Thrift,.N.(2005).Knowing_Capitalism.pdf
    [2010/03/24 12:36:20 | 083,217,454 | ---- | C] ()(C:\Users\cindycovell\Documents\[33][政治??].Smith,.N.(1990).Uneven_Development.pdf) -- C:\Users\cindycovell\Documents\[33][政治经济].Smith,.N.(1990).Uneven_Development.pdf
    [2010/03/24 12:36:16 | 024,121,607 | ---- | C] ()(C:\Users\cindycovell\Documents\[29][政治??].Brenner,.N.&.Jessop,.B.(2003).State.Space_A.Reader.pdf) -- C:\Users\cindycovell\Documents\[29][政治经济].Brenner,.N.&.Jessop,.B.(2003).State.Space_A.Reader.pdf
    [2010/03/24 12:35:56 | 018,692,088 | ---- | C] ()(C:\Users\cindycovell\Documents\[8][大?哈?].David.Harvey.(2004).Spaces_of_neoliberalization._.towards_a_theory_of_uneven_geographical_development.pdf) -- C:\Users\cindycovell\Documents\[8][大卫哈维].David.Harvey.(2004).Spaces_of_neoliberalization._.towards_a_theory_of_uneven_geographical_development.pdf
    [2010/03/24 12:35:53 | 003,426,049 | ---- | C] ()(C:\Users\cindycovell\Documents\[9][大?哈?].David.Harvey.(2005).A.Brief.History.of.Neoliberalism.pdf) -- C:\Users\cindycovell\Documents\[9][大卫哈维].David.Harvey.(2005).A.Brief.History.of.Neoliberalism.pdf
    [2010/03/24 12:35:45 | 004,268,541 | ---- | C] ()(C:\Users\cindycovell\Documents\[6][大?哈?].David.Harvey.(2003).PARIS,.CAPITAL.OF.MODERNITY.pdf) -- C:\Users\cindycovell\Documents\[6][大卫哈维].David.Harvey.(2003).PARIS,.CAPITAL.OF.MODERNITY.pdf
    [2010/03/24 12:35:35 | 013,014,911 | ---- | C] ()(C:\Users\cindycovell\Documents\[3][大?哈?].David.Harvey.(1982).The_Limits_to_Capital.djvu) -- C:\Users\cindycovell\Documents\[3][大卫哈维].David.Harvey.(1982).The_Limits_to_Capital.djvu
    [2010/03/24 12:35:17 | 063,157,974 | ---- | C] ()(C:\Users\cindycovell\Documents\[2][大?哈?].David.Harvey.(1973).Social.Justice.and.the.City.pdf) -- C:\Users\cindycovell\Documents\[2][大卫哈维].David.Harvey.(1973).Social.Justice.and.the.City.pdf
    [2010/03/17 03:09:33 | 708,313,088 | ---- | C] ()(C:\Users\cindycovell\Documents\[BBC.英?史].BBC.A.History.of.Britain.14.The.empire.of.good.intentions.DivX5.AC3.www.mvgroup.org.avi) -- C:\Users\cindycovell\Documents\[BBC.英国史].BBC.A.History.of.Britain.14.The.empire.of.good.intentions.DivX5.AC3.www.mvgroup.org.avi
    [2010/03/17 03:09:25 | 712,761,344 | ---- | C] ()(C:\Users\cindycovell\Documents\[BBC.英?史].BBC.A.History.of.Britain.11.The.wrong.empire.DivX5.AC3.www.mvgroup.org.avi) -- C:\Users\cindycovell\Documents\[BBC.英国史].BBC.A.History.of.Britain.11.The.wrong.empire.DivX5.AC3.www.mvgroup.org.avi

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5D432CE3
    < End of report >

    OTL Extras logfile created on: 4/11/2010 12:50:10 PM - Run 2
    OTL by OldTimer - Version 3.2.1.1 Folder = C:\Users\cindycovell\Downloads
    64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.6002.18005)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 64.00% Memory free
    8.00 Gb Paging File | 7.00 Gb Available in Paging File | 81.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 283.40 Gb Total Space | 87.56 Gb Free Space | 30.90% Space Free | Partition Type: NTFS
    Drive D: | 14.65 Gb Total Space | 6.69 Gb Free Space | 45.65% Space Free | Partition Type: NTFS
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: CINDYCOVELL-PC
    Current User Name: cindycovell
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Include 64bit Scans
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 30 Days
    Output = Minimal

    ========== Extra Registry (All) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
    .cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation)
    .hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
    .hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
    .html[@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
    .inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
    .ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\ieframe.dll (Microsoft Corporation)
    .js[@ = jsfile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
    .jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
    .reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
    .txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
    .vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
    .vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
    .wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
    .wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
    .hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
    .html [@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
    .inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
    .ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
    .url [@ = InternetShortcut] -- C:\Windows\SysWow64\ieframe.dll (Microsoft Corporation)
    .js [@ = jsfile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
    .jse [@ = JSEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
    .reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)
    .txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
    .vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
    .vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
    .wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
    .wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    batfile [open] -- "%1" %* File not found
    batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
    cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    cmdfile [open] -- "%1" %* File not found
    cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    comfile [open] -- "%1" %* File not found
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %* File not found
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
    htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
    htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
    https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- rundll32.exe C:\Windows\System32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
    jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
    jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
    jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
    jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
    jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
    piffile [open] -- "%1" %* File not found
    regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
    regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
    regfile [merge] -- Reg Error: Key error.
    regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
    scrfile [config] -- "%1" File not found
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S File not found
    txtfile [edit] -- Reg Error: Key error.
    txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
    vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
    vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
    vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
    vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
    wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
    wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
    wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    batfile [open] -- "%1" %*
    batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
    cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    cmdfile [open] -- "%1" %*
    cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
    htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
    htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
    https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- rundll32.exe C:\Windows\SysWOW64\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
    jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
    jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
    jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
    jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
    jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
    regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
    regfile [merge] -- Reg Error: Key error.
    regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
    vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
    vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
    vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
    vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
    wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
    wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
    wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
    "VistaSp2" = AF 78 37 BA D7 E5 C9 01 [binary data]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "oobe_av" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0
    "DoNotAllowExceptions" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files (x86)\PPStream\PPStream.exe" = C:\Program Files (x86)\PPStream\PPStream.exe:*:Enabled:pPS&#21401;&#37328;&#33799;&#24349; -- (PPStream Inc.)
    "C:\Program Files (x86)\PPStream\PPSAP.exe" = C:\Program Files (x86)\PPStream\PPSAP.exe:*:Enabled:pPS &#21401;&#37328;&#27155;&#21394;&#63239; -- (PPStream Inc)
    "C:\Program Files (x86)\PPStream\PPStream.exe" = C:\Program Files (x86)\PPStream\PPStream.exe:*:Enabled:pPS&#21401;&#37328;&#33799;&#24349; -- (PPStream Inc.)
    "C:\Program Files (x86)\PPStream\PPSAP.exe" = C:\Program Files (x86)\PPStream\PPSAP.exe:*:Enabled:pPS &#21401;&#37328;&#27155;&#21394;&#63239; -- (PPStream Inc)


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{05926579-1E44-41F0-8AF9-722C2CB8DD37}" = lport=139 | protocol=6 | dir=in | app=system |
    "{08D43F45-AE4E-4BCF-AE81-CBE66178F11F}" = lport=67 | protocol=17 | dir=in | name=dhcp discovery service |
    "{2011F0C2-B977-4885-B056-820BE7C08F56}" = rport=445 | protocol=6 | dir=out | app=system |
    "{232447FE-4E43-4C1B-B16F-46283726F4AD}" = rport=137 | protocol=17 | dir=out | app=system |
    "{23512EA5-7FE3-4228-93E6-68C7D251AE33}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
    "{25A345EC-631D-45D6-B47E-A0AF4C110F22}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{5CB4DC5C-20B3-4DB2-B9AA-D4C524AC3019}" = rport=139 | protocol=6 | dir=out | app=system |
    "{956D04CC-5A22-40A5-BD8A-4FC15879FC64}" = lport=445 | protocol=6 | dir=in | app=system |
    "{A29EFA75-EB2B-4636-8734-7D144C24E783}" = rport=138 | protocol=17 | dir=out | app=system |
    "{B917317B-85FD-4EFB-809E-CD25D815D2E0}" = lport=138 | protocol=17 | dir=in | app=system |
    "{BF57BCCE-C40E-418B-AC9A-1E665A82E322}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
    "{C3CDDD2B-FFF7-4DC5-A941-5645763002E8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
    "{CFB4B655-FCB3-439E-B483-EBD966D15199}" = lport=137 | protocol=17 | dir=in | app=system |
    "{DCE58101-6730-4991-B334-9ECB1F724620}" = lport=2869 | protocol=6 | dir=in | app=system |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{12851C4F-E0AA-47E8-A9CE-F57C1A292F5E}" = protocol=6 | dir=in | app=c:\program files (x86)\dell remote access\ezi_ra.exe |
    "{2326DA1F-70DA-4684-9205-83F18DF88F53}" = protocol=1 | dir=in | [email protected],-28543 |
    "{23BAFE08-EF13-4207-9497-C1699624EF69}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "{33BA060F-3DE4-4875-B8B0-7B80354117A2}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{3D10F534-73F3-40C0-93A3-279311D4CCD7}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
    "{4A8E0B98-F095-4938-8A74-52375A98E064}" = protocol=6 | dir=in | app=c:\program files (x86)\pure networks\network magic\nmsrvc.exe |
    "{556F227F-E097-4E51-86B8-708B47834B72}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
    "{6248E09B-F5A7-4AED-8A29-BC9C4D69C45C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{7D17A980-785D-4DFF-AED0-1EF5A825D190}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
    "{825C4DB5-DEF7-4D23-9661-556D5A17212B}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
    "{84E3921C-2A7D-4AFF-96AB-85D21311DC72}" = protocol=1 | dir=out | [email protected],-28544 |
    "{86D74539-C1DE-4AE6-A6A2-E9F11BA0DBFB}" = protocol=17 | dir=in | app=c:\program files (x86)\pure networks\network magic\nmsrvc.exe |
    "{873F07F7-B2E4-43A6-B001-FCFC4B242FA5}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
    "{88AE565E-1D99-4C8A-8B3A-9030CF99E808}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
    "{8CEE3007-98CA-415B-AEDC-95656DBAE766}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "{8F17DFE7-1F75-4496-BD7B-4A7BA6FF9556}" = protocol=6 | dir=in | app=c:\programdata\singleclick systems\advanced networking service\hnm_svc.exe |
    "{98129C8E-95E1-40CA-86B5-F3F1E1EBB5E6}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
    "{981DB591-A00A-4D3A-AE53-8272B90DC6EB}" = protocol=58 | dir=out | [email protected],-28546 |
    "{A44978A0-2605-4C1A-8A62-BB23C3D7E9F1}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
    "{ACDB684E-0218-41BE-A951-788332489219}" = protocol=58 | dir=in | [email protected],-28545 |
    "{AE1A3149-A3FC-4B5A-B725-E3DF63D97576}" = protocol=17 | dir=in | app=c:\program files (x86)\dell remote access\ezi_ra.exe |
    "{BE587776-A7F4-45E3-85D1-C23064549534}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{C8E4FB0B-7524-4149-BE0D-73C827202BF7}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
    "{CB785199-E036-4E69-B0A2-F5DE31909439}" = protocol=17 | dir=in | app=c:\programdata\singleclick systems\advanced networking service\hnm_svc.exe |
    "{D09331F9-3ED9-4B16-A9EF-8D646C6739C2}" = protocol=6 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |
    "{E0727925-1FDB-46A7-A541-C10E496A7638}" = protocol=17 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |
    "{FC5FF1E6-7784-4F2C-94A7-CD697228BD85}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{17E02F38-FF2D-4c3d-83DF-ECE2A1D20A5E}" = AIO_CDB_ToolboxIni64
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{4CE36E6A-300B-427C-BEC7-B261CC13814E}" = iTunes
    "{59ABBDF0-E1E5-48AF-85FB-F523A08C3490}" = STREET FIGHTER IV
    "{838F7AB2-5DFE-60B3-1030-43ACC3454CD2}" = ccc-utility64
    "{877924AA-E044-4266-B37D-E974CD799934}" = Bonjour
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
    "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9F560BEB-021F-43AC-825F-AA60442D8DE4}" = 64 Bit HP CIO Components Installer
    "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    "{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
    "{CA4AF936-3312-4AF4-A191-527531490DCD}" = Apple Mobile Device Support
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
    "{F7513E19-6224-485E-988D-9BF45BE64B53}" = Windows Live Family Safety
    "HP Imaging Device Functions" = HP Imaging Device Functions 8.0
    "HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
    "HPExtendedCapabilities" = HP Customer Participation Program 8.0
    "HPOCR" = HP OCR Software 8.0
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
    "{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
    "{0DB1C665-97DD-F405-1D03-60ED1DA95510}" = Catalyst Control Center Graphics Previews Vista
    "{105CA5BB-9F30-149D-1AD4-144040CB3C1B}" = Catalyst Control Center Localization Spanish
    "{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
    "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
    "{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{23DD6DAA-DDEF-41F5-A527-CECF07FA2CAF}" = 1500
    "{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java(TM) 6 Update 19
    "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
    "{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
    "{2BEF1AF7-845D-78AE-D826-A87E8CDB0E7F}" = CCC Help Chinese Standard
    "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
    "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
    "{3C36015E-F0F6-43D7-58ED-F4210D355CF9}" = Catalyst Control Center Localization Turkish
    "{3D8F9830-D6A3-413A-9A54-993827A73E47}" = DELL0604
    "{44033AD6-17D0-3611-1D73-2791646B0892}" = CCC Help Portuguese
    "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
    "{47244975-454F-770B-79C1-0A705F17AA68}" = Catalyst Control Center Localization Chinese Standard
    "{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4C4759BE-2BA4-2DA7-58F6-E5188062E6EB}" = CCC Help French
    "{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
    "{4D125AFC-0817-C6AC-B225-3C4E6EDB696D}" = CCC Help Japanese
    "{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
    "{57D57F9A-0CED-61D0-B3C6-75A874CB9F4D}" = Skins
    "{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
    "{59ABBDF0-E1E5-48AF-85FB-F523A08C3490}" = STREET FIGHTER IV
    "{5E0322C6-8CA9-A4BD-E9DC-CC8D8E7CB99E}" = Catalyst Control Center Graphics Previews Common
    "{5F06BE49-28E6-771F-A57A-7AC8C97F38E1}" = Catalyst Control Center Core Implementation
    "{60E5FF66-3F28-148C-8EE0-CE623C26233D}" = Catalyst Control Center Localization Portuguese
    "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
    "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
    "{672BEEF8-6C95-8F97-74D4-BDF37412437B}" = CCC Help Spanish
    "{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{746F3251-0E32-08E4-D18F-43794D57588D}" = Catalyst Control Center Localization Italian
    "{75C89AB1-F888-6B0B-6BB4-A06ED4BDDFC0}" = Catalyst Control Center Graphics Full Existing
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
    "{7C7088C6-6347-150C-AEF4-A3190FF2F5AA}" = Catalyst Control Center Localization Hungarian
    "{7CF7894B-D52C-F9E5-2ABF-DB6756CE21AC}" = CCC Help Turkish
    "{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
    "{7EDFEE8E-F4F2-CB4E-618B-846D4A95CAC8}" = CCC Help Chinese Traditional
    "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
    "{8380D40E-291B-144A-554F-4877F4B439DB}" = Catalyst Control Center InstallProxy
    "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
    "{8587A68A-BF5F-9492-228C-FACFDBA1A4F4}" = CCC Help Hungarian
    "{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
    "{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91155C7C-3404-C96D-78DA-E1D6AF73F6DA}" = Catalyst Control Center Graphics Full New
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
    "{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
    "{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
    "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
    "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
    "{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
    "{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
    "{9BD9026D-C3C6-0C40-9FD2-DD95A24CDEB2}" = Catalyst Control Center Localization French
    "{A0422738-2E4A-B01F-D19E-ED0379A3C3CC}" = CCC Help English
    "{A2101ACC-DC36-42AA-A576-6FD6A8D466DA}" = 1500_Help
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
    "{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
    "{A4C6B32D-5088-40AF-B74D-CDABEF144F04}" = 1500Trb
    "{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
    "{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.1
    "{AC76BA86-7AD7-2447-0000-900000000003}" = Chinese Simplified Fonts Support For Adobe Reader 9
    "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
    "{ACE0BCCF-27A6-C275-0318-651F6388882F}" = CCC Help German
    "{B935C985-A17F-484B-8470-09E4FC27DC26}" = Dell-eBay
    "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
    "{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
    "{C39A4E1F-9AF1-4FE1-A80E-A5B867FABB42}" = Dell Best of Web
    "{C4B556FF-ABE6-8FBE-EF7A-909F72492DA8}" = CCC Help Korean
    "{C716522C-3731-4667-8579-40B098294500}" = Toolbox
    "{CA06B6B3-A775-50D6-3031-53C40A5202A6}" = Catalyst Control Center Localization Chinese Traditional
    "{D0338BF1-DD06-8565-48A1-C8F3F991B959}" = Catalyst Control Center Localization Japanese
    "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype&#8482; 4.2
    "{D259350E-936C-C6C0-5FDF-B6B4B95731ED}" = Catalyst Control Center Graphics Light
    "{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
    "{D81230AD-71DF-CFCB-CD05-52CFF26F8634}" = Catalyst Control Center Localization Korean
    "{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
    "{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software
    "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
    "{E4A185BB-8E95-6FA7-2637-C9E4768DE2C3}" = ccc-core-static
    "{E5F1AAA6-C0C8-326C-CAD2-B413CE1F5512}" = Catalyst Control Center Localization German
    "{E62FFFA6-DCBC-189B-443E-D10A44901385}" = CCC Help Italian
    "{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
    "{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
    "{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
    "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
    "{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "AOP" = Norton AddOn Pack
    "Dell Video Chat" = Dell Video Chat (remove only)
    "eMule" = eMule
    "ENTERPRISE" = Microsoft Office Enterprise 2007
    "File Shredder_is1" = File Shredder 2.0
    "HijackThis" = HijackThis 2.0.2
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Media Player - Codec Pack" = Media Player Codec Pack 3.3.1
    "Mozilla Firefox (3.5.9)" = Mozilla Firefox (3.5.9)
    "Nero - Burning Rom!UninstallKey" = Nero OEM (32-bit)
    "NIS" = Norton Internet Security
    "Picasa 3" = Picasa 3
    "PPStream" = PPStream V2.6.86.8989 Final
    "RealPlayer 12.0" = RealPlayer
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "WinRAR archiver" = WinRAR archiver
    "winscp3_is1" = WinSCP 4.1.9

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
    "Yahoo! BrowserPlus" = Yahoo! BrowserPlus

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 4/7/2010 7:58:18 AM | Computer Name = cindycovell-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 4/7/2010 9:10:32 AM | Computer Name = cindycovell-PC | Source = EventSystem | ID = 4621
    Description =

    Error - 4/7/2010 11:46:15 AM | Computer Name = cindycovell-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 4/7/2010 11:41:21 PM | Computer Name = cindycovell-PC | Source = EventSystem | ID = 4621
    Description =

    Error - 4/7/2010 11:44:48 PM | Computer Name = cindycovell-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 4/8/2010 8:12:45 AM | Computer Name = cindycovell-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 4/9/2010 1:11:31 AM | Computer Name = cindycovell-PC | Source = Application Error | ID = 1000
    Description = Faulting application iexplore.exe, version 8.0.6001.18904, time stamp
    0x4b835fec, faulting module Flash10e.ocx, version 10.0.45.2, time stamp 0x4b5f8faa,
    exception code 0xc0000005, fault offset 0x0012c71c, process id 0x15a4, application
    start time 0x01cad79ff13a09c8.

    Error - 4/9/2010 5:47:25 AM | Computer Name = cindycovell-PC | Source = EventSystem | ID = 4621
    Description =

    Error - 4/9/2010 5:50:03 AM | Computer Name = cindycovell-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 4/9/2010 6:13:06 AM | Computer Name = cindycovell-PC | Source = EventSystem | ID = 4609
    Description =

    [ OSession Events ]
    Error - 3/3/2009 12:25:02 AM | Computer Name = cindycovell-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.4518.1014, Microsoft Office Version: 12.0.6215.1000. This session lasted 4291
    seconds with 600 seconds of active time. This session ended with a crash.

    [ System Events ]
    Error - 4/11/2010 9:29:11 AM | Computer Name = cindycovell-PC | Source = Dhcp | ID = 1002
    Description = The IP address lease 192.168.1.64 for the Network Card with network
    address 00219B2286D8 has been denied by the DHCP server 192.168.0.1 (The DHCP Server
    sent a DHCPNACK message).

    Error - 4/11/2010 9:30:31 AM | Computer Name = cindycovell-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 4/11/2010 9:30:31 AM | Computer Name = cindycovell-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 4/11/2010 1:19:07 PM | Computer Name = cindycovell-PC | Source = volmgr | ID = 262190
    Description = Crash dump initialization failed!

    Error - 4/11/2010 1:19:17 PM | Computer Name = cindycovell-PC | Source = volmgr | ID = 262190
    Description = Crash dump initialization failed!

    Error - 4/11/2010 1:19:33 PM | Computer Name = cindycovell-PC | Source = Print | ID = 19
    Description = The print spooler failed to share printer HP PSC 1500 series with
    shared resource name HP PSC 1500 series. Error 2114. The printer cannot be used
    by others on the network.

    Error - 4/11/2010 1:19:37 PM | Computer Name = cindycovell-PC | Source = Application Popup | ID = 1060
    Description = \SystemRoot\SysWow64\Drivers\Aspi32.SYS has been blocked from loading
    due to incompatibility with this system. Please contact your software vendor for
    a compatible version of the driver.

    Error - 4/11/2010 1:19:52 PM | Computer Name = cindycovell-PC | Source = Dhcp | ID = 1002
    Description = The IP address lease 192.168.1.64 for the Network Card with network
    address 00219B2286D8 has been denied by the DHCP server 192.168.0.1 (The DHCP Server
    sent a DHCPNACK message).

    Error - 4/11/2010 1:21:13 PM | Computer Name = cindycovell-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 4/11/2010 1:21:13 PM | Computer Name = cindycovell-PC | Source = Service Control Manager | ID = 7000
    Description =


    < End of report >

    Malwarebytes' Anti-Malware 1.45
    www.malwarebytes.org

    Database version: 3930

    Windows 6.0.6002 Service Pack 2
    Internet Explorer 7.0.6002.18005

    4/11/2010 12:37:36 PM
    mbam-log-2010-04-11 (12-37-36).txt

    Scan type: Quick scan
    Objects scanned: 130517
    Time elapsed: 4 minute(s), 1 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
     
  4. acrylamide

    acrylamide Thread Starter

    Joined:
    Dec 11, 2004
    Messages:
    9
    Hi,

    Thanks. Here are the logs:

    OTL logfile created on: 4/11/2010 12:47:00 PM - Run 2
    OTL by OldTimer - Version 3.2.1.1 Folder = C:\Users\cindycovell\Downloads
    64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.6002.18005)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 65.00% Memory free
    8.00 Gb Paging File | 7.00 Gb Available in Paging File | 81.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 283.40 Gb Total Space | 87.56 Gb Free Space | 30.90% Space Free | Partition Type: NTFS
    Drive D: | 14.65 Gb Total Space | 6.69 Gb Free Space | 45.65% Space Free | Partition Type: NTFS
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: CINDYCOVELL-PC
    Current User Name: cindycovell
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Include 64bit Scans
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 30 Days
    Output = Minimal

    ========== Processes (SafeList) ==========

    PRC - C:\Users\cindycovell\Downloads\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
    PRC - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
    PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
    PRC - C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\ccsvchst.exe (Symantec Corporation)
    PRC - C:\Program Files (x86)\Norton Internet Security\AddOns\Norton AddOn Pack\Engine\4.5.0.24\ccproxy.exe (Symantec Corporation)
    PRC - C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE (Microsoft Corporation)
    PRC - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
    PRC - C:\Program Files (x86)\Microsoft\Office Live\OfficeLiveSignIn.exe (Microsoft Corp.)
    PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)


    ========== Modules (SafeList) ==========

    MOD - C:\Users\cindycovell\Downloads\OTL.exe (OldTimer Tools)
    MOD - C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\asoehook.dll (Symantec Corporation)
    MOD - C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2\msvcr90.dll (Microsoft Corporation)
    MOD - C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2\msvcp90.dll (Microsoft Corporation)
    MOD - C:\Windows\SysWOW64\comdlg32.dll (Microsoft Corporation)


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - (FontCache) -- C:\Windows\SysNative\FntCache.dll (Microsoft Corporation)
    SRV:64bit: - (Ati External Event Utility) -- C:\Windows\SysNative\Ati2evxx.exe (ATI Technologies Inc.)
    SRV:64bit: - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
    SRV:64bit: - (AERTFilters) -- C:\Windows\SysNative\AERTSr64.exe (Andrea Electronics Corporation)
    SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
    SRV - (NIS) -- C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exe (Symantec Corporation)
    SRV - (ccProxy) -- C:\Program Files (x86)\Norton Internet Security\AddOns\Norton AddOn Pack\Engine\4.5.0.24\ccProxy.exe (Symantec Corporation)
    SRV - (fsssvc) -- C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
    SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
    SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
    SRV - (Microsoft Office Groove Audit Service) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
    SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2006/11/02 08:34:14 | 000,000,000 | ---D | M]
    SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof ()
    SRV - (VSS) -- C:\Windows\SysWOW64\wbem\vss.mof ()


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\NISx64\1106000.020\Ironx64.SYS (Symantec Corporation)
    DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\Drivers\NISx64\1106000.020\SRTSP64.SYS (Symantec Corporation)
    DRV:64bit: - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\SysNative\drivers\NISx64\1106000.020\SRTSPX64.SYS (Symantec Corporation)
    DRV:64bit: - (ccHP) -- C:\Windows\SysNative\drivers\NISx64\1106000.020\ccHPx64.sys (Symantec Corporation)
    DRV:64bit: - (SYMTDIv) -- C:\Windows\SysNative\Drivers\NISx64\1106000.020\SYMTDIV.SYS (Symantec Corporation)
    DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\NISx64\1106000.020\SYMEFA64.SYS (Symantec Corporation)
    DRV:64bit: - (SymIM) -- C:\Windows\SysNative\DRIVERS\SymIMv.sys (Symantec Corporation)
    DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\NISx64\1106000.020\SYMDS64.SYS (Symantec Corporation)
    DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS (Symantec Corporation)
    DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\DRIVERS\fssfltr.sys (Microsoft Corporation)
    DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
    DRV:64bit: - (HdAudAddService) -- C:\Windows\SysNative\drivers\HdAudio.sys (Microsoft Corporation)
    DRV:64bit: - (sptd) -- C:\Windows\SysNative\Drivers\sptd.sys ()
    DRV:64bit: - (R300) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
    DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
    DRV:64bit: - (e1express) Intel(R) -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys (Intel Corporation)
    DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100410.020\EX64.SYS (Symantec Corporation)
    DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100410.020\ENG64.SYS (Symantec Corporation)
    DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100324.001\BHDrvx64.sys (Symantec Corporation)
    DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100402.001\IDSviA64.sys (Symantec Corporation)
    DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
    DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
    DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof ()
    DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof ()
    DRV - (Aspi32) -- C:\Windows\SysWOW64\drivers\aspi32.sys (Adaptec)


    ========== Standard Registry (All) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5090123
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5090123
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yo101.com

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5090123
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local;*.local

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "liberation.fr"
    FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.17
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}:6.0.19
    FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
    FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
    FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6
    FF - prefs.js..extensions.enabledItems: [email protected]:2.1
    FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.3
    FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.2.20100119091315
    FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
    FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.9


    FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/02 03:01:23 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\ [2009/10/03 12:24:36 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\ [2010/01/21 21:48:33 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/04/09 13:27:39 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/04/10 16:54:09 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/04/10 16:54:09 | 000,000,000 | ---D | M]

    [2009/12/30 15:36:55 | 000,000,000 | ---D | M] -- C:\Users\cindycovell\AppData\Roaming\Mozilla\Extensions
    [2009/01/30 23:59:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\cindycovell\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
    [2009/12/30 15:36:55 | 000,000,000 | ---D | M] -- C:\Users\cindycovell\AppData\Roaming\Mozilla\Extensions\[email protected]
    [2010/04/10 10:34:55 | 000,000,000 | ---D | M] -- C:\Users\cindycovell\AppData\Roaming\Mozilla\Firefox\Profiles\j7pmi04h.default\extensions
    [2009/07/02 08:10:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\cindycovell\AppData\Roaming\Mozilla\Firefox\Profiles\j7pmi04h.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2010/02/17 20:48:31 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\cindycovell\AppData\Roaming\Mozilla\Firefox\Profiles\j7pmi04h.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    [2010/04/09 15:15:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\cindycovell\AppData\Roaming\Mozilla\Firefox\Profiles\j7pmi04h.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
    [2010/01/14 09:21:44 | 000,000,000 | ---D | M] -- C:\Users\cindycovell\AppData\Roaming\Mozilla\Firefox\Profiles\j7pmi04h.default\extensions\[email protected]
    [2009/02/09 09:24:46 | 000,000,000 | ---D | M] -- C:\Users\cindycovell\AppData\Roaming\Mozilla\Firefox\Profiles\j7pmi04h.default\extensions\[email protected]
    [2009/02/21 16:23:57 | 000,002,921 | ---- | M] () -- C:\Users\cindycovell\AppData\Roaming\Mozilla\Firefox\Profiles\j7pmi04h.default\searchplugins\daemon-search.xml
    [2010/04/10 10:18:54 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2010/04/03 14:15:47 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    [2010/04/10 10:18:54 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
    [2009/03/05 15:03:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
    [2009/04/20 12:43:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
    [2009/08/07 15:27:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
    [2009/10/20 18:32:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
    [2010/04/07 18:50:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
    [2010/04/03 14:15:46 | 000,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browserdirprovider.dll
    [2010/04/03 14:15:46 | 000,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\brwsrcmp.dll
    [2007/04/10 18:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
    [2010/04/07 18:49:47 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeploytk.dll
    [2010/04/03 14:15:46 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npnul32.dll
    [2006/10/26 21:12:16 | 000,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
    [2010/03/24 12:22:46 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npPandoWebInst.dll
    [2009/12/21 19:34:06 | 000,103,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
    [2010/04/09 13:27:33 | 000,140,864 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
    [2010/04/10 16:54:08 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
    [2010/04/10 16:54:08 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
    [2010/04/10 16:54:08 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
    [2010/04/10 16:54:08 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
    [2010/04/10 16:54:09 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
    [2010/04/10 16:54:09 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
    [2010/04/10 16:54:09 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
    [2010/04/09 13:27:47 | 000,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
    [2010/04/09 13:27:25 | 000,098,304 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
    [2010/02/18 19:10:11 | 000,001,394 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazondotcom.xml
    [2010/02/18 19:10:11 | 000,002,193 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\answers.xml
    [2010/02/18 19:10:11 | 000,001,534 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\creativecommons.xml
    [2010/02/18 19:10:11 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay.xml
    [2010/02/18 19:10:11 | 000,002,371 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\google.xml
    [2010/01/13 13:48:46 | 000,002,422 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\safesearch.xml
    [2010/02/18 19:10:11 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia.xml
    [2010/02/18 19:10:11 | 000,000,792 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo.xml

    O1 HOSTS File: ([2009/02/27 16:05:13 | 000,302,495 | R--- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O1 - Hosts: 127.0.0.1 www.007guard.com
    O1 - Hosts: 127.0.0.1 007guard.com
    O1 - Hosts: 127.0.0.1 008i.com
    O1 - Hosts: 127.0.0.1 www.008k.com
    O1 - Hosts: 127.0.0.1 008k.com
    O1 - Hosts: 127.0.0.1 www.00hq.com
    O1 - Hosts: 127.0.0.1 00hq.com
    O1 - Hosts: 127.0.0.1 010402.com
    O1 - Hosts: 127.0.0.1 www.032439.com
    O1 - Hosts: 127.0.0.1 032439.com
    O1 - Hosts: 127.0.0.1 www.0scan.com
    O1 - Hosts: 127.0.0.1 0scan.com
    O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
    O1 - Hosts: 127.0.0.1 1000gratisproben.com
    O1 - Hosts: 127.0.0.1 www.1001namen.com
    O1 - Hosts: 127.0.0.1 1001namen.com
    O1 - Hosts: 127.0.0.1 100888290cs.com
    O1 - Hosts: 127.0.0.1 www.100888290cs.com
    O1 - Hosts: 127.0.0.1 100sexlinks.com
    O1 - Hosts: 127.0.0.1 www.100sexlinks.com
    O1 - Hosts: 127.0.0.1 10sek.com
    O1 - Hosts: 127.0.0.1 www.10sek.com
    O1 - Hosts: 127.0.0.1 www.1-2005-search.com
    O1 - Hosts: 10429 more lines...
    O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
    O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\coieplg.dll (Symantec Corporation)
    O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\ipsbho.dll (Symantec Corporation)
    O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
    O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
    O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
    O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
    O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\coieplg.dll (Symantec Corporation)
    O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
    O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [iTunesHelper] C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
    O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
    O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
    O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
    O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
    O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
    O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
    O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
    O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
    O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysNative\NLAapi.dll (Microsoft Corporation)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysNative\napinsp.dll (Microsoft Corporation)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
    O13 - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O16 - DPF: {32305793-C19A-48E7-AD2F-D87FF7B264A4} http://download.tenebril.com/pub/bin/scanner2008/TenebrilSpywareScanner.ocx (TenebrilSpywareScanner Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?40109.3933564815 (Update Class)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
    O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Value error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 192.168.0.1
    O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\msvidctl.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\msvidctl.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
    O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
    O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
    O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
    O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
    O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
    O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
    O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
    O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
    O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
    O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
    O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
    O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
    O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
    O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\SysNative\shell32.dll (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\SysNative\sysdm.cpl (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\SysWow64\shell32.dll (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\SysWow64\sysdm.cpl (Microsoft Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysNative\webcheck.dll (Microsoft Corporation)
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWOW64\webcheck.dll (Microsoft Corporation)
    O22:64bit: - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\SysNative\browseui.dll (Microsoft Corporation)
    O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\SysWOW64\browseui.dll (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Users\cindycovell\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O24 - Desktop BackupWallPaper: C:\Users\cindycovell\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
    O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
    O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
    O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
    O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
    O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
    O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
    O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
    O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
    O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
    O31 - SafeBoot: AlternateShell - cmd.exe
    O32 - HKLM CDRom: AutoRun - 1
    O33 - MountPoints2\{14af7854-827d-11de-aa5b-00219b2286d8}\Shell - "" = AutoRun
    O33 - MountPoints2\{14af7854-827d-11de-aa5b-00219b2286d8}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
    O33 - MountPoints2\{4baebb8c-1ce9-11df-8783-00219b2286d8}\Shell\AutoRun\command - "" = C:\Windows\SysWow64\shell32.dll -- [2009/04/11 01:28:24 | 011,584,000 | ---- | M] (Microsoft Corporation)
    O33 - MountPoints2\H\Shell - "" = AutoRun
    O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/04/11 12:33:07 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    [2010/04/11 12:33:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2010/04/10 16:55:55 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2010/04/10 16:55:53 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2010/04/10 16:55:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
    [2010/04/10 16:55:53 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
    [2010/04/10 16:53:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
    [2010/04/10 16:50:23 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
    [2010/04/10 16:50:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
    [2010/04/10 16:50:21 | 000,000,000 | -HSD | C] -- C:\Config.Msi
    [2010/04/10 10:18:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
    [2010/04/10 02:40:32 | 002,452,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
    [2010/04/10 02:40:32 | 002,452,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
    [2010/04/10 02:40:27 | 001,032,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wininet.dll
    [2010/04/10 02:40:25 | 000,834,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wininet.dll
    [2010/04/10 02:40:23 | 000,758,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
    [2010/04/10 02:40:22 | 000,477,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
    [2010/04/10 02:40:22 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
    [2010/04/10 02:40:22 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
    [2010/04/10 02:40:22 | 000,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
    [2010/04/10 02:40:21 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieencode.dll
    [2010/04/10 02:40:21 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieencode.dll
    [2010/04/10 02:40:20 | 000,422,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
    [2010/04/10 02:40:20 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
    [2010/04/10 02:40:04 | 000,756,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
    [2010/04/10 02:40:04 | 000,512,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
    [2010/04/09 15:11:26 | 000,000,000 | ---D | C] -- C:\Users\cindycovell\AppData\Roaming\Malwarebytes
    [2010/04/09 15:11:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2010/04/09 15:11:16 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2010/04/09 14:56:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BillP Studios
    [2010/04/09 14:13:35 | 000,000,000 | ---D | C] -- C:\VundoFix Backups
    [2010/04/09 13:27:33 | 000,185,920 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\rmoc3260.dll
    [2010/04/09 13:27:23 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5016.dll
    [2010/04/09 13:27:23 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5032.dll
    [2010/04/09 06:38:08 | 000,000,000 | ---D | C] -- C:\Users\cindycovell\AppData\Local\PMB Files
    [2010/04/09 06:37:29 | 000,000,000 | ---D | C] -- C:\Users\cindycovell\AppData\Local\Symantec
    [2010/04/09 04:29:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wise Registry Cleaner
    [2010/04/08 01:34:50 | 000,000,000 | ---D | C] -- C:\Users\cindycovell\Desktop\harrison, dreams
    [2010/04/07 18:52:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
    [2010/04/07 18:30:34 | 000,000,000 | ---D | C] -- C:\Users\cindycovell\Desktop\Zhu Xi
    [2010/04/04 23:36:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Real
    [2010/04/04 23:35:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared
    [2010/03/27 11:31:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
    [2010/03/25 14:52:18 | 000,000,000 | ---D | C] -- C:\Users\cindycovell\Desktop\0804750688
    [2010/03/24 20:16:07 | 000,000,000 | ---D | C] -- C:\Users\cindycovell\Desktop\diplomatic revolution
    [2010/03/24 12:22:56 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
    [2010/03/17 21:53:42 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\Windows\SysWow64\QuickTimeVR.qtx
    [2010/03/17 21:53:42 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\Windows\SysWow64\QuickTime.qts
    [2010/03/13 00:43:10 | 000,000,000 | ---D | C] -- C:\Users\cindycovell\Documents\books
    [2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2010/04/11 12:48:00 | 000,000,430 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{73BCDB89-B04C-4354-8E74-0963E9AEDD83}.job
    [2010/04/11 12:46:52 | 007,864,320 | -HS- | M] () -- C:\Users\cindycovell\ntuser.dat
    [2010/04/11 12:33:10 | 000,000,850 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/04/11 12:33:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2010/04/11 12:25:39 | 000,694,964 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2010/04/11 12:25:39 | 000,589,884 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2010/04/11 12:25:39 | 000,101,896 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2010/04/11 12:21:17 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2010/04/11 12:19:35 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2010/04/11 12:19:35 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2010/04/11 12:19:30 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
    [2010/04/11 12:19:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2010/04/11 09:53:51 | 000,524,288 | -HS- | M] () -- C:\Users\cindycovell\ntuser.dat{ffcdbb36-43c8-11df-ba6b-00219b2286d8}.TMContainer00000000000000000001.regtrans-ms
    [2010/04/11 09:53:51 | 000,065,536 | -HS- | M] () -- C:\Users\cindycovell\ntuser.dat{ffcdbb36-43c8-11df-ba6b-00219b2286d8}.TM.blf
    [2010/04/11 09:53:44 | 000,007,168 | ---- | M] () -- C:\Windows\powerplayer.ini
    [2010/04/11 09:53:44 | 000,002,201 | ---- | M] () -- C:\Windows\psnetwork.ini
    [2010/04/11 09:53:44 | 000,000,068 | ---- | M] () -- C:\Windows\PCDNSetting.ini
    [2010/04/11 09:47:41 | 1073,741,824 | ---- | M] () -- C:\ppsds.pgf
    [2010/04/11 08:40:44 | 000,000,160 | ---- | M] () -- C:\Windows\powerlist.ini
    [2010/04/11 08:40:03 | 000,000,077 | ---- | M] () -- C:\Windows\MediaList.ini
    [2010/04/11 04:04:34 | 003,850,802 | -H-- | M] () -- C:\Users\cindycovell\AppData\Local\IconCache.db
    [2010/04/10 19:14:22 | 002,450,048 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1106000.020\Cat.DB
    [2010/04/10 16:56:26 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2010/04/10 16:53:44 | 000,001,758 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
    [2010/04/10 10:18:21 | 000,001,890 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
    [2010/04/09 23:17:16 | 000,023,552 | ---- | M] () -- C:\Users\cindycovell\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/04/09 14:44:09 | 000,001,930 | ---- | M] () -- C:\Users\cindycovell\Desktop\HijackThis.lnk
    [2010/04/09 13:27:39 | 000,000,803 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer SP.lnk
    [2010/04/09 13:27:33 | 000,185,920 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\rmoc3260.dll
    [2010/04/09 13:27:23 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5016.dll
    [2010/04/09 13:27:23 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5032.dll
    [2010/04/09 06:35:34 | 000,524,288 | -HS- | M] () -- C:\Users\cindycovell\ntuser.dat{ffcdbb36-43c8-11df-ba6b-00219b2286d8}.TMContainer00000000000000000002.regtrans-ms
    [2010/04/09 06:31:44 | 000,524,288 | -HS- | M] () -- C:\Users\cindycovell\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms
    [2010/04/09 06:31:44 | 000,065,536 | -HS- | M] () -- C:\Users\cindycovell\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf
    [2010/04/09 06:01:07 | 000,028,617 | ---- | M] () -- C:\Users\cindycovell\Desktop\mshta problem.docx
    [2010/04/08 22:40:55 | 000,046,415 | ---- | M] () -- C:\Users\cindycovell\Desktop\Oral_Fields_Exam_Schedule.pdf
    [2010/04/07 18:49:47 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
    [2010/04/07 18:49:47 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
    [2010/04/07 18:49:47 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
    [2010/04/07 18:49:46 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deploytk.dll
    [2010/04/07 18:45:16 | 000,001,919 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
    [2010/04/07 06:57:43 | 000,002,281 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
    [2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    [2010/03/30 00:45:56 | 000,024,664 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2010/03/28 22:52:59 | 000,000,420 | ---- | M] () -- C:\Windows\tasks\SmartDefrag.job
    [2010/03/26 19:57:35 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1106000.020\isolate.ini
    [2010/03/25 11:43:55 | 000,000,600 | ---- | M] () -- C:\Users\cindycovell\AppData\Roaming\winscp.rnd
    [2010/03/17 21:53:42 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\Windows\SysWow64\QuickTimeVR.qtx
    [2010/03/17 21:53:42 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\Windows\SysWow64\QuickTime.qts
    [2010/03/14 13:19:23 | 000,000,028 | ---- | M] () -- C:\Windows\msgtn.ini
    [2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2010/04/11 12:33:10 | 000,000,850 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/04/10 16:56:26 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2010/04/10 16:53:43 | 000,001,758 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
    [2010/04/09 14:27:43 | 000,001,930 | ---- | C] () -- C:\Users\cindycovell\Desktop\HijackThis.lnk
    [2010/04/09 13:27:39 | 000,000,803 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer SP.lnk
    [2010/04/09 06:34:44 | 000,524,288 | -HS- | C] () -- C:\Users\cindycovell\ntuser.dat{ffcdbb36-43c8-11df-ba6b-00219b2286d8}.TMContainer00000000000000000002.regtrans-ms
    [2010/04/09 06:34:44 | 000,524,288 | -HS- | C] () -- C:\Users\cindycovell\ntuser.dat{ffcdbb36-43c8-11df-ba6b-00219b2286d8}.TMContainer00000000000000000001.regtrans-ms
    [2010/04/09 06:34:44 | 000,065,536 | -HS- | C] () -- C:\Users\cindycovell\ntuser.dat{ffcdbb36-43c8-11df-ba6b-00219b2286d8}.TM.blf
    [2010/04/09 06:01:06 | 000,028,617 | ---- | C] () -- C:\Users\cindycovell\Desktop\mshta problem.docx
    [2010/04/08 22:40:55 | 000,046,415 | ---- | C] () -- C:\Users\cindycovell\Desktop\Oral_Fields_Exam_Schedule.pdf
    [2010/03/27 11:29:21 | 000,000,420 | ---- | C] () -- C:\Windows\tasks\SmartDefrag.job
    [2009/12/28 07:50:53 | 000,700,310 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2009/10/31 08:29:32 | 000,000,077 | ---- | C] () -- C:\Windows\MediaList.ini
    [2009/10/29 07:15:52 | 000,000,022 | ---- | C] () -- C:\Windows\MList.INI
    [2009/10/14 13:11:39 | 000,000,036 | ---- | C] () -- C:\Users\cindycovell\AppData\Local\housecall.guid.cache
    [2009/10/03 15:02:49 | 000,043,356 | ---- | C] () -- C:\Users\cindycovell\AppData\Local\dd_vcredistUI33BC.txt
    [2009/10/03 15:02:18 | 000,043,404 | ---- | C] () -- C:\Users\cindycovell\AppData\Local\dd_vcredistUI3357.txt
    [2009/08/28 13:01:05 | 000,000,600 | ---- | C] () -- C:\Users\cindycovell\AppData\Roaming\winscp.rnd
    [2009/08/16 20:13:46 | 000,000,028 | ---- | C] () -- C:\Windows\msgtn.ini
    [2009/08/15 15:11:44 | 000,000,068 | ---- | C] () -- C:\Windows\PCDNSetting.ini
    [2009/08/15 14:41:29 | 000,000,160 | ---- | C] () -- C:\Windows\powerlist.ini
    [2009/08/15 14:41:29 | 000,000,125 | ---- | C] () -- C:\Windows\PPSMediaList.ini
    [2009/08/15 14:41:18 | 000,007,168 | ---- | C] () -- C:\Windows\powerplayer.ini
    [2009/08/15 14:41:18 | 000,002,201 | ---- | C] () -- C:\Windows\psnetwork.ini
    [2009/06/20 20:07:40 | 000,111,613 | ---- | C] () -- C:\Users\cindycovell\Bus- Hyde Park Express 2.pdf
    [2009/06/05 03:42:23 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
    [2009/06/05 03:41:28 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
    [2009/03/24 16:07:13 | 000,000,146 | ---- | C] () -- C:\Windows\WININIT.INI
    [2009/02/06 18:06:22 | 000,001,195 | ---- | C] () -- C:\ProgramData\hpzinstall.log
    [2009/02/03 12:37:32 | 000,000,632 | RHS- | C] () -- C:\Users\cindycovell\ntuser.pol
    [2009/02/01 12:31:47 | 000,024,088 | ---- | C] () -- C:\Users\cindycovell\AppData\Roaming\UserTile.png
    [2009/01/31 23:53:13 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
    [2009/01/31 12:42:28 | 000,023,552 | ---- | C] () -- C:\Users\cindycovell\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009/01/31 00:06:16 | 000,000,844 | ---- | C] () -- C:\Users\cindycovell\AppData\Roaming\wklnhst.dat
    [2009/01/30 23:48:37 | 000,000,020 | -HS- | C] () -- C:\Users\cindycovell\ntuser.ini
    [2009/01/30 23:48:36 | 007,864,320 | -HS- | C] () -- C:\Users\cindycovell\ntuser.dat
    [2009/01/30 23:48:36 | 000,524,288 | -HS- | C] () -- C:\Users\cindycovell\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000002.regtrans-ms
    [2009/01/30 23:48:36 | 000,524,288 | -HS- | C] () -- C:\Users\cindycovell\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms
    [2009/01/30 23:48:36 | 000,262,144 | -H-- | C] () -- C:\Users\cindycovell\ntuser.dat.LOG1
    [2009/01/30 23:48:36 | 000,065,536 | -HS- | C] () -- C:\Users\cindycovell\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf
    [2009/01/30 23:48:36 | 000,000,000 | -H-- | C] () -- C:\Users\cindycovell\ntuser.dat.LOG2
    [2008/12/28 11:59:44 | 004,377,500 | ---- | C] () -- C:\Windows\SysWow64\libavcodec.dll
    [2008/12/28 10:51:00 | 000,239,247 | ---- | C] () -- C:\Windows\SysWow64\ff_theora.dll
    [2008/12/28 10:50:50 | 000,145,609 | ---- | C] () -- C:\Windows\SysWow64\libmpeg2_ff.dll
    [2008/12/28 10:49:08 | 000,560,802 | ---- | C] () -- C:\Windows\SysWow64\libmplayer.dll
    [2008/12/12 11:57:38 | 000,142,848 | ---- | C] () -- C:\Windows\SysWow64\ff_liba52.dll
    [2008/12/09 13:57:26 | 000,183,296 | ---- | C] () -- C:\Windows\SysWow64\ff_samplerate.dll
    [2008/12/09 13:57:18 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\ff_libmad.dll
    [2008/12/09 13:57:02 | 000,113,152 | ---- | C] () -- C:\Windows\SysWow64\ff_unrar.dll
    [2008/12/09 13:56:42 | 000,146,944 | ---- | C] () -- C:\Windows\SysWow64\ff_tremor.dll
    [2008/12/09 13:56:34 | 000,257,024 | ---- | C] () -- C:\Windows\SysWow64\ff_libdts.dll
    [2008/12/09 13:56:22 | 000,485,888 | ---- | C] () -- C:\Windows\SysWow64\ff_libfaad2.dll
    [2008/12/08 08:37:04 | 000,884,237 | ---- | C] () -- C:\Windows\SysWow64\ff_x264.dll
    [2008/12/08 08:34:42 | 000,791,742 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
    [2008/12/08 07:53:40 | 000,093,184 | ---- | C] () -- C:\Windows\SysWow64\ff_wmv9.dll
    [2008/12/08 07:53:32 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
    [2008/11/26 14:55:22 | 000,683,520 | ---- | C] () -- C:\Windows\SysWow64\ff_kernelDeint.dll
    [2008/11/26 13:49:10 | 000,238,080 | ---- | C] () -- C:\Windows\SysWow64\TomsMoComp_ff.dll
    [2008/08/05 17:02:12 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
    [2008/08/05 16:59:04 | 000,000,416 | ---- | C] () -- C:\Windows\SysWow64\dtu100.dll.manifest
    [2008/08/05 16:59:04 | 000,000,416 | ---- | C] () -- C:\Windows\SysWow64\dpl100.dll.manifest
    [2008/03/29 10:42:22 | 000,245,248 | ---- | C] () -- C:\Windows\SysWow64\dxr.dll
    [2008/03/29 10:42:20 | 000,159,744 | ---- | C] () -- C:\Windows\SysWow64\mmfinfo.dll
    [2008/03/29 10:42:14 | 000,102,400 | ---- | C] () -- C:\Windows\SysWow64\avss.dll
    [2008/03/29 10:42:08 | 000,148,992 | ---- | C] () -- C:\Windows\SysWow64\mkx.dll
    [2008/03/29 10:42:04 | 000,141,312 | ---- | C] () -- C:\Windows\SysWow64\mp4.dll
    [2008/03/29 10:42:04 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\avi.dll
    [2008/03/29 10:42:02 | 000,120,832 | ---- | C] () -- C:\Windows\SysWow64\ogm.dll
    [2008/03/29 10:42:00 | 000,163,840 | ---- | C] () -- C:\Windows\SysWow64\ts.dll
    [2008/03/29 10:41:54 | 000,097,280 | ---- | C] () -- C:\Windows\SysWow64\avs.dll
    [2008/03/29 10:41:52 | 000,079,360 | ---- | C] () -- C:\Windows\SysWow64\mkzlib.dll
    [2008/03/29 10:41:52 | 000,023,552 | ---- | C] () -- C:\Windows\SysWow64\mkunicode.dll
    [2008/01/20 21:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
    [2007/10/13 04:30:20 | 000,000,137 | ---- | C] () -- C:\Windows\SysWow64\Registration.ini
    [2007/07/10 12:10:12 | 000,000,547 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll.manifest
    [2007/06/28 13:54:10 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll

    ========== LOP Check ==========

    [2009/01/31 01:59:18 | 000,000,000 | ---D | M] -- C:\Users\cindycovell\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2009/02/21 16:24:52 | 000,000,000 | ---D | M] -- C:\Users\cindycovell\AppData\Roaming\DAEMON Tools
    [2009/02/21 16:25:48 | 000,000,000 | ---D | M] -- C:\Users\cindycovell\AppData\Roaming\DAEMON Tools Lite
    [2009/02/21 16:24:51 | 000,000,000 | ---D | M] -- C:\Users\cindycovell\AppData\Roaming\DAEMON Tools Pro
    [2009/09/05 12:05:13 | 000,000,000 | ---D | M] -- C:\Users\cindycovell\AppData\Roaming\eMule
    [2009/01/31 23:26:00 | 000,000,000 | ---D | M] -- C:\Users\cindycovell\AppData\Roaming\Foxit
    [2010/03/28 13:01:32 | 000,000,000 | ---D | M] -- C:\Users\cindycovell\AppData\Roaming\IDM
    [2009/02/18 16:15:59 | 000,000,000 | ---D | M] -- C:\Users\cindycovell\AppData\Roaming\Image Zone Express
    [2010/03/27 11:29:01 | 000,000,000 | ---D | M] -- C:\Users\cindycovell\AppData\Roaming\IObit
    [2009/12/30 17:37:45 | 000,000,000 | ---D | M] -- C:\Users\cindycovell\AppData\Roaming\LimeWire
    [2009/01/31 00:09:36 | 000,000,000 | ---D | M] -- C:\Users\cindycovell\AppData\Roaming\MessengerGadget
    [2010/03/28 13:01:35 | 000,000,000 | ---D | M] -- C:\Users\cindycovell\AppData\Roaming\NBC Direct
    [2009/01/31 02:39:05 | 000,000,000 | ---D | M] -- C:\Users\cindycovell\AppData\Roaming\OpenOffice.org
    [2009/02/01 12:31:46 | 000,000,000 | ---D | M] -- C:\Users\cindycovell\AppData\Roaming\PeerNetworking
    [2010/04/10 22:12:36 | 000,000,000 | ---D | M] -- C:\Users\cindycovell\AppData\Roaming\PPStream
    [2009/02/06 18:29:12 | 000,000,000 | ---D | M] -- C:\Users\cindycovell\AppData\Roaming\Printer Info Cache
    [2009/08/02 14:32:03 | 000,000,000 | ---D | M] -- C:\Users\cindycovell\AppData\Roaming\Sierra
    [2009/01/31 00:06:20 | 000,000,000 | ---D | M] -- C:\Users\cindycovell\AppData\Roaming\Template
    [2009/07/04 19:46:37 | 000,000,000 | ---D | M] -- C:\Users\cindycovell\AppData\Roaming\Thinstall
    [2009/10/03 14:58:36 | 000,000,000 | ---D | M] -- C:\Users\cindycovell\AppData\Roaming\Tific
    [2010/03/27 11:26:35 | 000,000,000 | ---D | M] -- C:\Users\cindycovell\AppData\Roaming\TweakNow PowerPack 2009
    [2010/01/16 12:50:03 | 000,000,000 | ---D | M] -- C:\Users\cindycovell\AppData\Roaming\WinPatrol
    [2010/04/11 09:53:54 | 000,032,544 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
    [2010/03/28 22:52:59 | 000,000,420 | ---- | M] () -- C:\Windows\Tasks\SmartDefrag.job
    [2010/04/11 12:48:00 | 000,000,430 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{73BCDB89-B04C-4354-8E74-0963E9AEDD83}.job
    [2009/03/24 17:03:16 | 000,000,468 | ---- | M] () -- C:\Windows\Tasks\Wise Disk Cleaner 4.job

    ========== Purity Check ==========



    ========== Files - Unicode (All) ==========
    [2010/03/24 15:19:42 | 712,761,344 | ---- | M] ()(C:\Users\cindycovell\Documents\[BBC.&#33521;?&#21490;].BBC.A.History.of.Britain.11.The.wrong.empire.DivX5.AC3.www.mvgroup.org.avi) -- C:\Users\cindycovell\Documents\[BBC.&#33521;&#22269;&#21490;].BBC.A.History.of.Britain.11.The.wrong.empire.DivX5.AC3.www.mvgroup.org.avi
    [2010/03/24 15:15:05 | 083,217,454 | ---- | M] ()(C:\Users\cindycovell\Documents\[33][&#25919;&#27835;??].Smith,.N.(1990).Uneven_Development.pdf) -- C:\Users\cindycovell\Documents\[33][&#25919;&#27835;&#32463;&#27982;].Smith,.N.(1990).Uneven_Development.pdf
    [2010/03/24 14:47:25 | 063,157,974 | ---- | M] ()(C:\Users\cindycovell\Documents\[2][&#22823;?&#21704;?].David.Harvey.(1973).Social.Justice.and.the.City.pdf) -- C:\Users\cindycovell\Documents\[2][&#22823;&#21355;&#21704;&#32500;].David.Harvey.(1973).Social.Justice.and.the.City.pdf
    [2010/03/24 14:27:49 | 073,900,562 | ---- | M] ()(C:\Users\cindycovell\Documents\[38][&#31354;?&#31038;?&#25991;&#21270;].Lefebvre,.H.(1984).The_production_of_space_1.pdf) -- C:\Users\cindycovell\Documents\[38][&#31354;&#38388;&#31038;&#20250;&#25991;&#21270;].Lefebvre,.H.(1984).The_production_of_space_1.pdf
    [2010/03/24 14:14:34 | 708,313,088 | ---- | M] ()(C:\Users\cindycovell\Documents\[BBC.&#33521;?&#21490;].BBC.A.History.of.Britain.14.The.empire.of.good.intentions.DivX5.AC3.www.mvgroup.org.avi) -- C:\Users\cindycovell\Documents\[BBC.&#33521;&#22269;&#21490;].BBC.A.History.of.Britain.14.The.empire.of.good.intentions.DivX5.AC3.www.mvgroup.org.avi
    [2010/03/24 14:14:14 | 001,134,940 | ---- | M] ()(C:\Users\cindycovell\Documents\[34][&#25919;&#27835;??].Thrift,.N.(2005).Knowing_Capitalism.pdf) -- C:\Users\cindycovell\Documents\[34][&#25919;&#27835;&#32463;&#27982;].Thrift,.N.(2005).Knowing_Capitalism.pdf
    [2010/03/24 13:52:11 | 018,692,088 | ---- | M] ()(C:\Users\cindycovell\Documents\[8][&#22823;?&#21704;?].David.Harvey.(2004).Spaces_of_neoliberalization._.towards_a_theory_of_uneven_geographical_development.pdf) -- C:\Users\cindycovell\Documents\[8][&#22823;&#21355;&#21704;&#32500;].David.Harvey.(2004).Spaces_of_neoliberalization._.towards_a_theory_of_uneven_geographical_development.pdf
    [2010/03/24 13:44:59 | 020,395,342 | ---- | M] ()(C:\Users\cindycovell\Documents\[55][&#20013;?&#22478;&#24066;].Andrusz,G,.Harloe,M.&.Szelenyi,.I.(1996).Cities.after.socialism.pdf) -- C:\Users\cindycovell\Documents\[55][&#20013;&#22269;&#22478;&#24066;].Andrusz,G,.Harloe,M.&.Szelenyi,.I.(1996).Cities.after.socialism.pdf
    [2010/03/24 13:33:41 | 024,121,607 | ---- | M] ()(C:\Users\cindycovell\Documents\[29][&#25919;&#27835;??].Brenner,.N.&.Jessop,.B.(2003).State.Space_A.Reader.pdf) -- C:\Users\cindycovell\Documents\[29][&#25919;&#27835;&#32463;&#27982;].Brenner,.N.&.Jessop,.B.(2003).State.Space_A.Reader.pdf
    [2010/03/24 13:31:10 | 010,004,864 | ---- | M] ()(C:\Users\cindycovell\Documents\[97][&#25919;&#27835;??]Sassen(2001).The.global.city_.New.York,.London,Tokyo.djvu) -- C:\Users\cindycovell\Documents\[97][&#25919;&#27835;&#32463;&#27982;]Sassen(2001).The.global.city_.New.York,.London,Tokyo.djvu
    [2010/03/24 13:28:02 | 011,593,801 | ---- | M] ()(C:\Users\cindycovell\Documents\[60][&#20013;?&#22478;&#24066;].Friedmann,.J.(2005).China's.Urban.Transition.pdf) -- C:\Users\cindycovell\Documents\[60][&#20013;&#22269;&#22478;&#24066;].Friedmann,.J.(2005).China's.Urban.Transition.pdf
    [2010/03/24 13:22:47 | 009,133,776 | ---- | M] ()(C:\Users\cindycovell\Documents\[96][&#31354;?&#31038;?&#25991;&#21270;]Benedict.R.Anderson(1983).Imagined.communities_.reflections.on.the.origin.and.spread.of.nationalism.djvu) -- C:\Users\cindycovell\Documents\[96][&#31354;&#38388;&#31038;&#20250;&#25991;&#21270;]Benedict.R.Anderson(1983).Imagined.communities_.reflections.on.the.origin.and.spread.of.nationalism.djvu
    [2010/03/24 13:16:50 | 019,747,680 | ---- | M] ()(C:\Users\cindycovell\Documents\[43][&#31354;?&#31038;?&#25991;&#21270;]Anthony.Giddens.(1984)The.Constitution.of.Society.pdf) -- C:\Users\cindycovell\Documents\[43][&#31354;&#38388;&#31038;&#20250;&#25991;&#21270;]Anthony.Giddens.(1984)The.Constitution.of.Society.pdf
    [2010/03/24 13:12:04 | 003,426,049 | ---- | M] ()(C:\Users\cindycovell\Documents\[9][&#22823;?&#21704;?].David.Harvey.(2005).A.Brief.History.of.Neoliberalism.pdf) -- C:\Users\cindycovell\Documents\[9][&#22823;&#21355;&#21704;&#32500;].David.Harvey.(2005).A.Brief.History.of.Neoliberalism.pdf
    [2010/03/24 13:09:51 | 013,014,911 | ---- | M] ()(C:\Users\cindycovell\Documents\[3][&#22823;?&#21704;?].David.Harvey.(1982).The_Limits_to_Capital.djvu) -- C:\Users\cindycovell\Documents\[3][&#22823;&#21355;&#21704;&#32500;].David.Harvey.(1982).The_Limits_to_Capital.djvu
    [2010/03/24 12:39:30 | 004,268,541 | ---- | M] ()(C:\Users\cindycovell\Documents\[6][&#22823;?&#21704;?].David.Harvey.(2003).PARIS,.CAPITAL.OF.MODERNITY.pdf) -- C:\Users\cindycovell\Documents\[6][&#22823;&#21355;&#21704;&#32500;].David.Harvey.(2003).PARIS,.CAPITAL.OF.MODERNITY.pdf
    [2010/03/24 12:39:19 | 009,133,776 | ---- | C] ()(C:\Users\cindycovell\Documents\[96][&#31354;?&#31038;?&#25991;&#21270;]Benedict.R.Anderson(1983).Imagined.communities_.reflections.on.the.origin.and.spread.of.nationalism.djvu) -- C:\Users\cindycovell\Documents\[96][&#31354;&#38388;&#31038;&#20250;&#25991;&#21270;]Benedict.R.Anderson(1983).Imagined.communities_.reflections.on.the.origin.and.spread.of.nationalism.djvu
    [2010/03/24 12:39:16 | 010,004,864 | ---- | C] ()(C:\Users\cindycovell\Documents\[97][&#25919;&#27835;??]Sassen(2001).The.global.city_.New.York,.London,Tokyo.djvu) -- C:\Users\cindycovell\Documents\[97][&#25919;&#27835;&#32463;&#27982;]Sassen(2001).The.global.city_.New.York,.London,Tokyo.djvu
    [2010/03/24 12:38:42 | 011,593,801 | ---- | C] ()(C:\Users\cindycovell\Documents\[60][&#20013;?&#22478;&#24066;].Friedmann,.J.(2005).China's.Urban.Transition.pdf) -- C:\Users\cindycovell\Documents\[60][&#20013;&#22269;&#22478;&#24066;].Friedmann,.J.(2005).China's.Urban.Transition.pdf
    [2010/03/24 12:37:00 | 020,395,342 | ---- | C] ()(C:\Users\cindycovell\Documents\[55][&#20013;?&#22478;&#24066;].Andrusz,G,.Harloe,M.&.Szelenyi,.I.(1996).Cities.after.socialism.pdf) -- C:\Users\cindycovell\Documents\[55][&#20013;&#22269;&#22478;&#24066;].Andrusz,G,.Harloe,M.&.Szelenyi,.I.(1996).Cities.after.socialism.pdf
    [2010/03/24 12:36:36 | 019,747,680 | ---- | C] ()(C:\Users\cindycovell\Documents\[43][&#31354;?&#31038;?&#25991;&#21270;]Anthony.Giddens.(1984)The.Constitution.of.Society.pdf) -- C:\Users\cindycovell\Documents\[43][&#31354;&#38388;&#31038;&#20250;&#25991;&#21270;]Anthony.Giddens.(1984)The.Constitution.of.Society.pdf
    [2010/03/24 12:36:30 | 073,900,562 | ---- | C] ()(C:\Users\cindycovell\Documents\[38][&#31354;?&#31038;?&#25991;&#21270;].Lefebvre,.H.(1984).The_production_of_space_1.pdf) -- C:\Users\cindycovell\Documents\[38][&#31354;&#38388;&#31038;&#20250;&#25991;&#21270;].Lefebvre,.H.(1984).The_production_of_space_1.pdf
    [2010/03/24 12:36:27 | 001,134,940 | ---- | C] ()(C:\Users\cindycovell\Documents\[34][&#25919;&#27835;??].Thrift,.N.(2005).Knowing_Capitalism.pdf) -- C:\Users\cindycovell\Documents\[34][&#25919;&#27835;&#32463;&#27982;].Thrift,.N.(2005).Knowing_Capitalism.pdf
    [2010/03/24 12:36:20 | 083,217,454 | ---- | C] ()(C:\Users\cindycovell\Documents\[33][&#25919;&#27835;??].Smith,.N.(1990).Uneven_Development.pdf) -- C:\Users\cindycovell\Documents\[33][&#25919;&#27835;&#32463;&#27982;].Smith,.N.(1990).Uneven_Development.pdf
    [2010/03/24 12:36:16 | 024,121,607 | ---- | C] ()(C:\Users\cindycovell\Documents\[29][&#25919;&#27835;??].Brenner,.N.&.Jessop,.B.(2003).State.Space_A.Reader.pdf) -- C:\Users\cindycovell\Documents\[29][&#25919;&#27835;&#32463;&#27982;].Brenner,.N.&.Jessop,.B.(2003).State.Space_A.Reader.pdf
    [2010/03/24 12:35:56 | 018,692,088 | ---- | C] ()(C:\Users\cindycovell\Documents\[8][&#22823;?&#21704;?].David.Harvey.(2004).Spaces_of_neoliberalization._.towards_a_theory_of_uneven_geographical_development.pdf) -- C:\Users\cindycovell\Documents\[8][&#22823;&#21355;&#21704;&#32500;].David.Harvey.(2004).Spaces_of_neoliberalization._.towards_a_theory_of_uneven_geographical_development.pdf
    [2010/03/24 12:35:53 | 003,426,049 | ---- | C] ()(C:\Users\cindycovell\Documents\[9][&#22823;?&#21704;?].David.Harvey.(2005).A.Brief.History.of.Neoliberalism.pdf) -- C:\Users\cindycovell\Documents\[9][&#22823;&#21355;&#21704;&#32500;].David.Harvey.(2005).A.Brief.History.of.Neoliberalism.pdf
    [2010/03/24 12:35:45 | 004,268,541 | ---- | C] ()(C:\Users\cindycovell\Documents\[6][&#22823;?&#21704;?].David.Harvey.(2003).PARIS,.CAPITAL.OF.MODERNITY.pdf) -- C:\Users\cindycovell\Documents\[6][&#22823;&#21355;&#21704;&#32500;].David.Harvey.(2003).PARIS,.CAPITAL.OF.MODERNITY.pdf
    [2010/03/24 12:35:35 | 013,014,911 | ---- | C] ()(C:\Users\cindycovell\Documents\[3][&#22823;?&#21704;?].David.Harvey.(1982).The_Limits_to_Capital.djvu) -- C:\Users\cindycovell\Documents\[3][&#22823;&#21355;&#21704;&#32500;].David.Harvey.(1982).The_Limits_to_Capital.djvu
    [2010/03/24 12:35:17 | 063,157,974 | ---- | C] ()(C:\Users\cindycovell\Documents\[2][&#22823;?&#21704;?].David.Harvey.(1973).Social.Justice.and.the.City.pdf) -- C:\Users\cindycovell\Documents\[2][&#22823;&#21355;&#21704;&#32500;].David.Harvey.(1973).Social.Justice.and.the.City.pdf
    [2010/03/17 03:09:33 | 708,313,088 | ---- | C] ()(C:\Users\cindycovell\Documents\[BBC.&#33521;?&#21490;].BBC.A.History.of.Britain.14.The.empire.of.good.intentions.DivX5.AC3.www.mvgroup.org.avi) -- C:\Users\cindycovell\Documents\[BBC.&#33521;&#22269;&#21490;].BBC.A.History.of.Britain.14.The.empire.of.good.intentions.DivX5.AC3.www.mvgroup.org.avi
    [2010/03/17 03:09:25 | 712,761,344 | ---- | C] ()(C:\Users\cindycovell\Documents\[BBC.&#33521;?&#21490;].BBC.A.History.of.Britain.11.The.wrong.empire.DivX5.AC3.www.mvgroup.org.avi) -- C:\Users\cindycovell\Documents\[BBC.&#33521;&#22269;&#21490;].BBC.A.History.of.Britain.11.The.wrong.empire.DivX5.AC3.www.mvgroup.org.avi

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5D432CE3
    < End of report >

    OTL Extras logfile created on: 4/11/2010 12:50:10 PM - Run 2
    OTL by OldTimer - Version 3.2.1.1 Folder = C:\Users\cindycovell\Downloads
    64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.6002.18005)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 64.00% Memory free
    8.00 Gb Paging File | 7.00 Gb Available in Paging File | 81.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 283.40 Gb Total Space | 87.56 Gb Free Space | 30.90% Space Free | Partition Type: NTFS
    Drive D: | 14.65 Gb Total Space | 6.69 Gb Free Space | 45.65% Space Free | Partition Type: NTFS
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: CINDYCOVELL-PC
    Current User Name: cindycovell
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Include 64bit Scans
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 30 Days
    Output = Minimal

    ========== Extra Registry (All) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
    .cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation)
    .hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
    .hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
    .html[@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
    .inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
    .ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\ieframe.dll (Microsoft Corporation)
    .js[@ = jsfile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
    .jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
    .reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
    .txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
    .vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
    .vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
    .wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
    .wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
    .hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
    .html [@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
    .inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
    .ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
    .url [@ = InternetShortcut] -- C:\Windows\SysWow64\ieframe.dll (Microsoft Corporation)
    .js [@ = jsfile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
    .jse [@ = JSEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
    .reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)
    .txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
    .vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
    .vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
    .wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
    .wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    batfile [open] -- "%1" %* File not found
    batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
    cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    cmdfile [open] -- "%1" %* File not found
    cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    comfile [open] -- "%1" %* File not found
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %* File not found
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
    htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
    htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
    https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- rundll32.exe C:\Windows\System32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
    jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
    jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
    jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
    jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
    jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
    piffile [open] -- "%1" %* File not found
    regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
    regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
    regfile [merge] -- Reg Error: Key error.
    regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
    scrfile [config] -- "%1" File not found
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S File not found
    txtfile [edit] -- Reg Error: Key error.
    txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
    vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
    vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
    vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
    vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
    wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
    wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
    wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    batfile [open] -- "%1" %*
    batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
    cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    cmdfile [open] -- "%1" %*
    cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
    htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
    htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
    https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- rundll32.exe C:\Windows\SysWOW64\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
    jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
    jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
    jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
    jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
    jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
    regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
    regfile [merge] -- Reg Error: Key error.
    regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
    vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
    vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
    vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
    vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
    wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
    wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
    wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
    "VistaSp2" = AF 78 37 BA D7 E5 C9 01 [binary data]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "oobe_av" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0
    "DoNotAllowExceptions" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files (x86)\PPStream\PPStream.exe" = C:\Program Files (x86)\PPStream\PPStream.exe:*:Enabled:pPS&#21401;&#37328;&#33799;&#24349; -- (PPStream Inc.)
    "C:\Program Files (x86)\PPStream\PPSAP.exe" = C:\Program Files (x86)\PPStream\PPSAP.exe:*:Enabled:pPS &#21401;&#37328;&#27155;&#21394;&#63239; -- (PPStream Inc)
    "C:\Program Files (x86)\PPStream\PPStream.exe" = C:\Program Files (x86)\PPStream\PPStream.exe:*:Enabled:pPS&#21401;&#37328;&#33799;&#24349; -- (PPStream Inc.)
    "C:\Program Files (x86)\PPStream\PPSAP.exe" = C:\Program Files (x86)\PPStream\PPSAP.exe:*:Enabled:pPS &#21401;&#37328;&#27155;&#21394;&#63239; -- (PPStream Inc)


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{05926579-1E44-41F0-8AF9-722C2CB8DD37}" = lport=139 | protocol=6 | dir=in | app=system |
    "{08D43F45-AE4E-4BCF-AE81-CBE66178F11F}" = lport=67 | protocol=17 | dir=in | name=dhcp discovery service |
    "{2011F0C2-B977-4885-B056-820BE7C08F56}" = rport=445 | protocol=6 | dir=out | app=system |
    "{232447FE-4E43-4C1B-B16F-46283726F4AD}" = rport=137 | protocol=17 | dir=out | app=system |
    "{23512EA5-7FE3-4228-93E6-68C7D251AE33}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
    "{25A345EC-631D-45D6-B47E-A0AF4C110F22}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{5CB4DC5C-20B3-4DB2-B9AA-D4C524AC3019}" = rport=139 | protocol=6 | dir=out | app=system |
    "{956D04CC-5A22-40A5-BD8A-4FC15879FC64}" = lport=445 | protocol=6 | dir=in | app=system |
    "{A29EFA75-EB2B-4636-8734-7D144C24E783}" = rport=138 | protocol=17 | dir=out | app=system |
    "{B917317B-85FD-4EFB-809E-CD25D815D2E0}" = lport=138 | protocol=17 | dir=in | app=system |
    "{BF57BCCE-C40E-418B-AC9A-1E665A82E322}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
    "{C3CDDD2B-FFF7-4DC5-A941-5645763002E8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
    "{CFB4B655-FCB3-439E-B483-EBD966D15199}" = lport=137 | protocol=17 | dir=in | app=system |
    "{DCE58101-6730-4991-B334-9ECB1F724620}" = lport=2869 | protocol=6 | dir=in | app=system |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{12851C4F-E0AA-47E8-A9CE-F57C1A292F5E}" = protocol=6 | dir=in | app=c:\program files (x86)\dell remote access\ezi_ra.exe |
    "{2326DA1F-70DA-4684-9205-83F18DF88F53}" = protocol=1 | dir=in | [email protected],-28543 |
    "{23BAFE08-EF13-4207-9497-C1699624EF69}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "{33BA060F-3DE4-4875-B8B0-7B80354117A2}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{3D10F534-73F3-40C0-93A3-279311D4CCD7}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
    "{4A8E0B98-F095-4938-8A74-52375A98E064}" = protocol=6 | dir=in | app=c:\program files (x86)\pure networks\network magic\nmsrvc.exe |
    "{556F227F-E097-4E51-86B8-708B47834B72}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
    "{6248E09B-F5A7-4AED-8A29-BC9C4D69C45C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{7D17A980-785D-4DFF-AED0-1EF5A825D190}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
    "{825C4DB5-DEF7-4D23-9661-556D5A17212B}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
    "{84E3921C-2A7D-4AFF-96AB-85D21311DC72}" = protocol=1 | dir=out | [email protected],-28544 |
    "{86D74539-C1DE-4AE6-A6A2-E9F11BA0DBFB}" = protocol=17 | dir=in | app=c:\program files (x86)\pure networks\network magic\nmsrvc.exe |
    "{873F07F7-B2E4-43A6-B001-FCFC4B242FA5}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
    "{88AE565E-1D99-4C8A-8B3A-9030CF99E808}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
    "{8CEE3007-98CA-415B-AEDC-95656DBAE766}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "{8F17DFE7-1F75-4496-BD7B-4A7BA6FF9556}" = protocol=6 | dir=in | app=c:\programdata\singleclick systems\advanced networking service\hnm_svc.exe |
    "{98129C8E-95E1-40CA-86B5-F3F1E1EBB5E6}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
    "{981DB591-A00A-4D3A-AE53-8272B90DC6EB}" = protocol=58 | dir=out | [email protected],-28546 |
    "{A44978A0-2605-4C1A-8A62-BB23C3D7E9F1}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
    "{ACDB684E-0218-41BE-A951-788332489219}" = protocol=58 | dir=in | [email protected],-28545 |
    "{AE1A3149-A3FC-4B5A-B725-E3DF63D97576}" = protocol=17 | dir=in | app=c:\program files (x86)\dell remote access\ezi_ra.exe |
    "{BE587776-A7F4-45E3-85D1-C23064549534}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{C8E4FB0B-7524-4149-BE0D-73C827202BF7}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
    "{CB785199-E036-4E69-B0A2-F5DE31909439}" = protocol=17 | dir=in | app=c:\programdata\singleclick systems\advanced networking service\hnm_svc.exe |
    "{D09331F9-3ED9-4B16-A9EF-8D646C6739C2}" = protocol=6 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |
    "{E0727925-1FDB-46A7-A541-C10E496A7638}" = protocol=17 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |
    "{FC5FF1E6-7784-4F2C-94A7-CD697228BD85}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{17E02F38-FF2D-4c3d-83DF-ECE2A1D20A5E}" = AIO_CDB_ToolboxIni64
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{4CE36E6A-300B-427C-BEC7-B261CC13814E}" = iTunes
    "{59ABBDF0-E1E5-48AF-85FB-F523A08C3490}" = STREET FIGHTER IV
    "{838F7AB2-5DFE-60B3-1030-43ACC3454CD2}" = ccc-utility64
    "{877924AA-E044-4266-B37D-E974CD799934}" = Bonjour
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
    "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9F560BEB-021F-43AC-825F-AA60442D8DE4}" = 64 Bit HP CIO Components Installer
    "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    "{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
    "{CA4AF936-3312-4AF4-A191-527531490DCD}" = Apple Mobile Device Support
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
    "{F7513E19-6224-485E-988D-9BF45BE64B53}" = Windows Live Family Safety
    "HP Imaging Device Functions" = HP Imaging Device Functions 8.0
    "HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
    "HPExtendedCapabilities" = HP Customer Participation Program 8.0
    "HPOCR" = HP OCR Software 8.0
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
    "{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
    "{0DB1C665-97DD-F405-1D03-60ED1DA95510}" = Catalyst Control Center Graphics Previews Vista
    "{105CA5BB-9F30-149D-1AD4-144040CB3C1B}" = Catalyst Control Center Localization Spanish
    "{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
    "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
    "{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{23DD6DAA-DDEF-41F5-A527-CECF07FA2CAF}" = 1500
    "{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java(TM) 6 Update 19
    "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
    "{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
    "{2BEF1AF7-845D-78AE-D826-A87E8CDB0E7F}" = CCC Help Chinese Standard
    "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
    "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
    "{3C36015E-F0F6-43D7-58ED-F4210D355CF9}" = Catalyst Control Center Localization Turkish
    "{3D8F9830-D6A3-413A-9A54-993827A73E47}" = DELL0604
    "{44033AD6-17D0-3611-1D73-2791646B0892}" = CCC Help Portuguese
    "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
    "{47244975-454F-770B-79C1-0A705F17AA68}" = Catalyst Control Center Localization Chinese Standard
    "{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4C4759BE-2BA4-2DA7-58F6-E5188062E6EB}" = CCC Help French
    "{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
    "{4D125AFC-0817-C6AC-B225-3C4E6EDB696D}" = CCC Help Japanese
    "{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
    "{57D57F9A-0CED-61D0-B3C6-75A874CB9F4D}" = Skins
    "{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
    "{59ABBDF0-E1E5-48AF-85FB-F523A08C3490}" = STREET FIGHTER IV
    "{5E0322C6-8CA9-A4BD-E9DC-CC8D8E7CB99E}" = Catalyst Control Center Graphics Previews Common
    "{5F06BE49-28E6-771F-A57A-7AC8C97F38E1}" = Catalyst Control Center Core Implementation
    "{60E5FF66-3F28-148C-8EE0-CE623C26233D}" = Catalyst Control Center Localization Portuguese
    "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
    "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
    "{672BEEF8-6C95-8F97-74D4-BDF37412437B}" = CCC Help Spanish
    "{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{746F3251-0E32-08E4-D18F-43794D57588D}" = Catalyst Control Center Localization Italian
    "{75C89AB1-F888-6B0B-6BB4-A06ED4BDDFC0}" = Catalyst Control Center Graphics Full Existing
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
    "{7C7088C6-6347-150C-AEF4-A3190FF2F5AA}" = Catalyst Control Center Localization Hungarian
    "{7CF7894B-D52C-F9E5-2ABF-DB6756CE21AC}" = CCC Help Turkish
    "{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
    "{7EDFEE8E-F4F2-CB4E-618B-846D4A95CAC8}" = CCC Help Chinese Traditional
    "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
    "{8380D40E-291B-144A-554F-4877F4B439DB}" = Catalyst Control Center InstallProxy
    "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
    "{8587A68A-BF5F-9492-228C-FACFDBA1A4F4}" = CCC Help Hungarian
    "{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
    "{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91155C7C-3404-C96D-78DA-E1D6AF73F6DA}" = Catalyst Control Center Graphics Full New
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
    "{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
    "{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
    "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
    "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
    "{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
    "{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
    "{9BD9026D-C3C6-0C40-9FD2-DD95A24CDEB2}" = Catalyst Control Center Localization French
    "{A0422738-2E4A-B01F-D19E-ED0379A3C3CC}" = CCC Help English
    "{A2101ACC-DC36-42AA-A576-6FD6A8D466DA}" = 1500_Help
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
    "{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
    "{A4C6B32D-5088-40AF-B74D-CDABEF144F04}" = 1500Trb
    "{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
    "{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.1
    "{AC76BA86-7AD7-2447-0000-900000000003}" = Chinese Simplified Fonts Support For Adobe Reader 9
    "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
    "{ACE0BCCF-27A6-C275-0318-651F6388882F}" = CCC Help German
    "{B935C985-A17F-484B-8470-09E4FC27DC26}" = Dell-eBay
    "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
    "{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
    "{C39A4E1F-9AF1-4FE1-A80E-A5B867FABB42}" = Dell Best of Web
    "{C4B556FF-ABE6-8FBE-EF7A-909F72492DA8}" = CCC Help Korean
    "{C716522C-3731-4667-8579-40B098294500}" = Toolbox
    "{CA06B6B3-A775-50D6-3031-53C40A5202A6}" = Catalyst Control Center Localization Chinese Traditional
    "{D0338BF1-DD06-8565-48A1-C8F3F991B959}" = Catalyst Control Center Localization Japanese
    "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype¬ô 4.2
    "{D259350E-936C-C6C0-5FDF-B6B4B95731ED}" = Catalyst Control Center Graphics Light
    "{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
    "{D81230AD-71DF-CFCB-CD05-52CFF26F8634}" = Catalyst Control Center Localization Korean
    "{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
    "{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software
    "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
    "{E4A185BB-8E95-6FA7-2637-C9E4768DE2C3}" = ccc-core-static
    "{E5F1AAA6-C0C8-326C-CAD2-B413CE1F5512}" = Catalyst Control Center Localization German
    "{E62FFFA6-DCBC-189B-443E-D10A44901385}" = CCC Help Italian
    "{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
    "{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
    "{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
    "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
    "{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "AOP" = Norton AddOn Pack
    "Dell Video Chat" = Dell Video Chat (remove only)
    "eMule" = eMule
    "ENTERPRISE" = Microsoft Office Enterprise 2007
    "File Shredder_is1" = File Shredder 2.0
    "HijackThis" = HijackThis 2.0.2
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Media Player - Codec Pack" = Media Player Codec Pack 3.3.1
    "Mozilla Firefox (3.5.9)" = Mozilla Firefox (3.5.9)
    "Nero - Burning Rom!UninstallKey" = Nero OEM (32-bit)
    "NIS" = Norton Internet Security
    "Picasa 3" = Picasa 3
    "PPStream" = PPStream V2.6.86.8989 Final
    "RealPlayer 12.0" = RealPlayer
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "WinRAR archiver" = WinRAR archiver
    "winscp3_is1" = WinSCP 4.1.9

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
    "Yahoo! BrowserPlus" = Yahoo! BrowserPlus

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 4/7/2010 7:58:18 AM | Computer Name = cindycovell-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 4/7/2010 9:10:32 AM | Computer Name = cindycovell-PC | Source = EventSystem | ID = 4621
    Description =

    Error - 4/7/2010 11:46:15 AM | Computer Name = cindycovell-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 4/7/2010 11:41:21 PM | Computer Name = cindycovell-PC | Source = EventSystem | ID = 4621
    Description =

    Error - 4/7/2010 11:44:48 PM | Computer Name = cindycovell-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 4/8/2010 8:12:45 AM | Computer Name = cindycovell-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 4/9/2010 1:11:31 AM | Computer Name = cindycovell-PC | Source = Application Error | ID = 1000
    Description = Faulting application iexplore.exe, version 8.0.6001.18904, time stamp
    0x4b835fec, faulting module Flash10e.ocx, version 10.0.45.2, time stamp 0x4b5f8faa,
    exception code 0xc0000005, fault offset 0x0012c71c, process id 0x15a4, application
    start time 0x01cad79ff13a09c8.

    Error - 4/9/2010 5:47:25 AM | Computer Name = cindycovell-PC | Source = EventSystem | ID = 4621
    Description =

    Error - 4/9/2010 5:50:03 AM | Computer Name = cindycovell-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 4/9/2010 6:13:06 AM | Computer Name = cindycovell-PC | Source = EventSystem | ID = 4609
    Description =

    [ OSession Events ]
    Error - 3/3/2009 12:25:02 AM | Computer Name = cindycovell-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.4518.1014, Microsoft Office Version: 12.0.6215.1000. This session lasted 4291
    seconds with 600 seconds of active time. This session ended with a crash.

    [ System Events ]
    Error - 4/11/2010 9:29:11 AM | Computer Name = cindycovell-PC | Source = Dhcp | ID = 1002
    Description = The IP address lease 192.168.1.64 for the Network Card with network
    address 00219B2286D8 has been denied by the DHCP server 192.168.0.1 (The DHCP Server
    sent a DHCPNACK message).

    Error - 4/11/2010 9:30:31 AM | Computer Name = cindycovell-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 4/11/2010 9:30:31 AM | Computer Name = cindycovell-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 4/11/2010 1:19:07 PM | Computer Name = cindycovell-PC | Source = volmgr | ID = 262190
    Description = Crash dump initialization failed!

    Error - 4/11/2010 1:19:17 PM | Computer Name = cindycovell-PC | Source = volmgr | ID = 262190
    Description = Crash dump initialization failed!

    Error - 4/11/2010 1:19:33 PM | Computer Name = cindycovell-PC | Source = Print | ID = 19
    Description = The print spooler failed to share printer HP PSC 1500 series with
    shared resource name HP PSC 1500 series. Error 2114. The printer cannot be used
    by others on the network.

    Error - 4/11/2010 1:19:37 PM | Computer Name = cindycovell-PC | Source = Application Popup | ID = 1060
    Description = \SystemRoot\SysWow64\Drivers\Aspi32.SYS has been blocked from loading
    due to incompatibility with this system. Please contact your software vendor for
    a compatible version of the driver.

    Error - 4/11/2010 1:19:52 PM | Computer Name = cindycovell-PC | Source = Dhcp | ID = 1002
    Description = The IP address lease 192.168.1.64 for the Network Card with network
    address 00219B2286D8 has been denied by the DHCP server 192.168.0.1 (The DHCP Server
    sent a DHCPNACK message).

    Error - 4/11/2010 1:21:13 PM | Computer Name = cindycovell-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 4/11/2010 1:21:13 PM | Computer Name = cindycovell-PC | Source = Service Control Manager | ID = 7000
    Description =


    < End of report >

    Malwarebytes' Anti-Malware 1.45
    www.malwarebytes.org

    Database version: 3930

    Windows 6.0.6002 Service Pack 2
    Internet Explorer 7.0.6002.18005

    4/11/2010 12:37:36 PM
    mbam-log-2010-04-11 (12-37-36).txt

    Scan type: Quick scan
    Objects scanned: 130517
    Time elapsed: 4 minute(s), 1 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
     
  5. emeraldnzl

    emeraldnzl Malware Specialist

    Joined:
    Nov 3, 2007
    Messages:
    2,570
    Hello again acrylamide,

    Kaspersky on line scanner is very thorough. It can take a long time and for periods may seem not to be working. Just be patient and let it do its job.

    Kaspersky works with Internet Explorer and Firefox 3. It uses Java Runtime Environment (JRE) .

    Go to Kaspersky website and perform an online antivirus scan.

    Note: you will need to turn off your security programs to allow Kaspersky to do its job.

    • Read through the requirements and privacy statement and click on Accept button.
    • It will start dowanloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
    • When the downloads have finished, click on Settings.
    • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      • Spyware, Adware, Dialers, and other potentially dangerous programs
        Archives
        Mail databases
    • Click on My Computer under Scan.
    • Once the scan is complete, it will display the results. Click on View Scan Report.
    • You will see a list of infected items there. Click on Save Report As....
    • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
    Copy and paste that information in your next post.
     
  6. acrylamide

    acrylamide Thread Starter

    Joined:
    Dec 11, 2004
    Messages:
    9
    Thanks again. Here is the scan report:

    --------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER 7.0: scan report
    Monday, April 12, 2010
    Operating system: Microsoft Windows Vista Home Premium Edition, 64-bit Service Pack 2 (build 6002)
    Kaspersky Online Scanner version: 7.0.26.13
    Last database update: Sunday, April 11, 2010 22:47:50
    Records in database: 3936384
    --------------------------------------------------------------------------------

    Scan settings:
    scan using the following database: extended
    Scan archives: yes
    Scan e-mail databases: yes

    Scan area - My Computer:
    C:\
    D:\
    E:\
    F:\
    G:\

    Scan statistics:
    Objects scanned: 170458
    Threats found: 1
    Infected objects found: 1
    Suspicious objects found: 0
    Scan duration: 02:29:28


    File name / Threat / Threats count
    C:\Users\cindycovell\Music\Covell music\(2009) Charlotte Gainsbourg Irm.rar Infected: Trojan-Clicker.Win32.AutoIt.k 1

    Selected area has been scanned.
     
  7. emeraldnzl

    emeraldnzl Malware Specialist

    Joined:
    Nov 3, 2007
    Messages:
    2,570
    Hello acrylamide,

    Please run OTL.exe
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :Files
      C:\Users\cindycovell\Music\Covell music\(2009) Charlotte Gainsbourg Irm.rar
      :Commands
      [emptytemp]
      [resethosts]
      [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot when it is done
    • It will produce a log for you on reboot, please post that log in your next reply.
     
  8. acrylamide

    acrylamide Thread Starter

    Joined:
    Dec 11, 2004
    Messages:
    9
    Hi again,

    Here is the OTL log.

    Thanks

    All processes killed
    ========== FILES ==========
    C:\Users\cindycovell\Music\Covell music\(2009) Charlotte Gainsbourg Irm.rar moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: cindycovell
    ->Temp folder emptied: 200088463 bytes
    ->Temporary Internet Files folder emptied: 5430497 bytes
    ->Java cache emptied: 37494510 bytes
    ->FireFox cache emptied: 83850977 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 15930 bytes

    User: covell

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Guest
    ->Temp folder emptied: 57429 bytes
    ->Temporary Internet Files folder emptied: 2928714 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 23462432 bytes
    ->Flash cache emptied: 3723 bytes

    User: new

    User: new.cindycovell-PC

    User: new.cindycovell-PC.000

    User: Public

    User: RA Media Server
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 1591808 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 149137 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 339.00 mb

    File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
    HOSTS file reset successfully

    OTL by OldTimer - Version 3.2.1.1 log created on 04122010_222050

    Files\Folders moved on Reboot...
    File move failed. C:\Windows\SysNative\SETE384.tmp scheduled to be moved on reboot.
    File move failed. C:\Windows\SysNative\SETE8A5.tmp scheduled to be moved on reboot.
    File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

    Registry entries deleted on Reboot...
     
  9. emeraldnzl

    emeraldnzl Malware Specialist

    Joined:
    Nov 3, 2007
    Messages:
    2,570
    How is your machine now?

    Is your Internet Explorer still locking up, and if so, can you tell me when it does this... for example is it at a particular site or perhaps when you are running some other program?
     
  10. acrylamide

    acrylamide Thread Starter

    Joined:
    Dec 11, 2004
    Messages:
    9
    Hi,

    It looks like the problem is gone. Thanks so very much for being so kind as to guide me through this process.

    Best,
    Jack
     
  11. emeraldnzl

    emeraldnzl Malware Specialist

    Joined:
    Nov 3, 2007
    Messages:
    2,570
    Brilliant :)

    Now

    We have a couple of last steps to perform and then you're all set.[​IMG]

    • Double-click OTL.exe to run it. (Vista users, please right click on OTL.exe and select "Run as an Administrator")
    • Click on the CleanUp! button
    • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

    MBAM can be uninstalled via control panel add/remove but it may be a useful tool to keep.

    Next, we need to clean your restore points and set a new one:

    Please go here for directions on how to do this. You need to turn System Protection off to delete all old restore points, reboot and then turn System Protection back on to create a new restore point.

    -------------------------------------------------------------------------------------------------------------------

    A reminder: Remember to turn back on any anti-malware programs you may have turned off during the cleaning process.

    -------------------------------------------------------------------------------------------------------------------

    Now that your machine is clean here are some things that I think are worth having a look at if you don't already know a bout them:

    ---------------------------------------------------------------------------------------------------------------------

    Regularly check that your Java is up to date. Older versions are vunerable to malicious attack.
    • Download from here Java Runtime Environment (JDK) Update
    • Scroll to where it says "Windows XP/Vista/2000/2003/2008 online" and download and follow the instructions to install.

      Reboot your computer.
      You also need to uininstall older versions of Java.
    • Click Start > Control Panel > Programs
    • Remove all Java updates except the latest one you have just installed.
    --------------------------------------------------------------------------------------------------------------------

    Be sure and give the Temp folders a cleaning out now and then. This helps with security and your computer will run more efficiently. I clean mine once a week.

    For ease of use, you might consider the following free program:--------------------------------------------------------------------------------------------------------------------

    Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.
    * Consider using an alternate browser.

    Opera may be downloaded from here. It is one of the least targeted of all browers.

    Avant may be downloaded from here. Another one that is less well known.

    Firefox may be downloaded from Here. I use Firefox because I like it. Used to be one of the safest but now targeted probably as much as IE.

    Adblock Plus is a good Add-on for Firefox that helps prevent those annoying pop ups.

    -----------------------------------------------------------------------------------------------------------------------

    To help protect your computer in the future here are some free programs you can look at:



    • If you do not already have automatic updates set then it is recommended that you do set Windows to check, download and install your updates automatically.

      * Click Start > Control Panel > System and Security > Windows Update
      * Under Windows Update click on Turn automatic updating on or off
      * Check items shown to ensure you receive updates automatically. Click OK.

      And to keep your system clean consider choosing from these free for home use malware scanners and updating and running weekly.
    • Malwarebytes
    • SuperAntiSpyWare
    Be aware of what emails you open and websites you visit.

    Go here for some good advice about how to prevent infection.

    Have a safe and happy computing day!
     
  12. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/915863

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice