1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Security tools has taken over laptop

Discussion in 'Virus & Other Malware Removal' started by Shiningbright, Dec 25, 2010.

Thread Status:
Not open for further replies.
Advertisement
  1. Shiningbright

    Shiningbright Thread Starter

    Joined:
    Dec 25, 2010
    Messages:
    11
    I can't open anything so i won't be able to download anything. I'm typing this on my I pod. I'm not particularly good with computers so clear instructions please! Spy tools - which I've never downloaded -has the message that's become my background warning me that my boss, wife and the FBI can view of my files - I'm a teenage girl in the um. When I try and load things it won't let me saying I need to buy this security package but if I click carry on unprotected it wont let me open anything saying thAt the file is corrupted. It won't even let me use safe mode.
    Please help, it's Christmas day and it's ruining it for me!
    Thanks in advance!
     
  2. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Hello Shiningbright,

    I'm kevinf80 and I will be helping with any malware issues you may have with your system.
    • Please be aware that some of the logs I may ask for can be very complex and can take a long time to decipher. I am a volunteer here with a job and family so I ask that you be patient when waiting for replies.
    • Please DO NOT run any scans/tools/fixes on your own as this will conflict with the tools we are going to use.
    • Either print or Save to Notepad all instructions and please follow them carefully, if there's something you don't understand or that will not work please let me know and we will go through it together.
    • Malware is often buggy and can be very unstable, with that in mind it is advisable to backup any important data before we begin.
    • If you do not reply within 72 hours the thread will be closed, if you need more time let me know. Likewise if I do not respond within 48 hours feel free to PM me.
    • If you have any P2P applications installed such as BitTorrent, uTorrent, Limewire etc etc, please uninstall them before we begin.
    • If you are using Cracked or Illegal software your thread will be locked and all help will cease.

    Please proceed as follows :-

    Step 1

    Re-boot your computer into Safe mode with Networking as follows:

    Re-boot and continuously tap the F8 key until you see the Windows Advanced Menu, from the available options select "Safe mode with Networking"

    Step 2

    Please download Rkill and save to your Desktop.
    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If you get an alert from Security Tool that RKill is a threat, leave that alert open and re-run RKill again.

    Step 3

    [​IMG] Please download Malwarebytes Anti-Malware and save it to your desktop.
    Alernative D/L mirror
    Alternative D/L mirror

    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
    • Please save the log to a location you will remember.
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy and paste the entire report in your next reply.

    Extra Note:

    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

    If you get a successful run with Malwarebytes re-boot to Normal mode, re-open Malwarebytes and do another quick scan. Post both Malwarebyte logs in your reply.

    Kevin
     
  3. Shiningbright

    Shiningbright Thread Starter

    Joined:
    Dec 25, 2010
    Messages:
    11
    OK, I've done as you said, and thank you for replying so quickly
    here's the first Malwarebyte log:

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 5397

    Windows 6.0.6002 Service Pack 2 (Safe Mode)
    Internet Explorer 8.0.6001.18999

    26/12/2010 15:09:30
    mbam-log-2010-12-26 (15-09-30).txt

    Scan type: Quick scan
    Objects scanned: 145490
    Time elapsed: 6 minute(s), 1 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 2
    Registry Values Infected: 1
    Registry Data Items Infected: 1
    Folders Infected: 0
    Files Infected: 1

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{D95C7240-0282-4C01-93F5-673BCA03DA86} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\apocalyps32 (Trojan.Horse) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\gCmLl08200 (Rogue.SystemTool) -> Value: gCmLl08200 -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Rachel\AppData\Local\av.exe" /START "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\programdata\gcmll08200\gcmll08200.exe (Rogue.SystemTool) -> Quarantined and deleted successfully.


    and then the second one, now in Normal Mode:

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 5397

    Windows 6.0.6002 Service Pack 2
    Internet Explorer 8.0.6001.18999

    26/12/2010 15:28:31
    mbam-log-2010-12-26 (15-28-31).txt

    Scan type: Quick scan
    Objects scanned: 147769
    Time elapsed: 7 minute(s), 57 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    obviously I'm no computer expert, but it looks like everything has cleared - how would i stop it from happening again?
     
  4. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Hiya Shiningbright,

    Yep looks like Malwarebytes has done a good job for us, proceed as follows please,

    Step 1

    Download [​IMG] TFC to your desktop, from either of the following links
    Link 1
    Link 2
    • Make sure any open work is saved. TFC will close all open application windows.
    • Double-click TFC.exe to run the program.
    • If prompted, click "Yes" to reboot.
    TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

    Step 2

    Download [​IMG] from any of the following links and save to your Desktop:

    Link 1
    Link 2
    Link 3

    • Double click on the icon to run it. Vista and Windows 7 users right click and select Run as Administrator. Make sure all other windows are closed and to let it run uninterrupted.
    • In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".
    • Under the Custom Scan box paste this in
      Code:
            netsvcs
            drivers32
            %SYSTEMDRIVE%\*.*
            %systemroot%\*. /mp /s
            CREATERESTOREPOINT
            %systemroot%\System32\config\*.sav
            HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
            HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
      
    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them in your reply

    Copy and paste OTL Txt and ExtrasTxt in your reply.

    Kevin
     
  5. Shiningbright

    Shiningbright Thread Starter

    Joined:
    Dec 25, 2010
    Messages:
    11
    Thank you!
    Here's the OTL Txt:

    OTL logfile created on: 26/12/2010 19:37:51 - Run 1
    OTL by OldTimer - Version 3.2.18.0 Folder = C:\Users\Rachel\Downloads
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18999)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 55.00% Memory free
    6.00 Gb Paging File | 5.00 Gb Available in Paging File | 79.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 219.88 Gb Total Space | 144.77 Gb Free Space | 65.84% Space Free | Partition Type: NTFS

    Computer Name: RACHELS_PC | User Name: Rachel | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2010/12/26 19:36:55 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Rachel\Downloads\OTL.com
    PRC - [2010/12/26 19:35:13 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Rachel\AppData\Local\Temp\RtkBtMnt.exe
    PRC - [2010/12/24 10:06:18 | 000,308,464 | ---- | M] () -- C:\Users\Rachel\AppData\Roaming\cacaoweb\cacaoweb.exe
    PRC - [2010/12/08 23:28:23 | 000,991,800 | ---- | M] (Google Inc.) -- C:\Users\Rachel\AppData\Local\Google\Chrome\Application\chrome.exe
    PRC - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    PRC - [2010/01/30 20:20:52 | 000,201,992 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
    PRC - [2009/08/02 08:49:45 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    PRC - [2009/05/19 10:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    PRC - [2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2009/04/07 12:04:12 | 000,703,008 | ---- | M] (Acer Incorporated) -- C:\Program Files\PACKARD BELL\Packard Bell PowerSave Solution\ePowerTray.exe
    PRC - [2009/04/07 12:04:12 | 000,703,008 | ---- | M] (Acer Incorporated) -- C:\Program Files\PACKARD BELL\Packard Bell PowerSave Solution\ePowerSvc.exe
    PRC - [2009/04/07 12:04:10 | 000,453,152 | ---- | M] (Acer Incorporated) -- C:\Program Files\PACKARD BELL\Packard Bell PowerSave Solution\ePowerEvent.exe
    PRC - [2009/03/18 08:46:30 | 001,160,736 | ---- | M] (Acer Incorporated) -- C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe
    PRC - [2009/03/10 00:53:02 | 000,044,800 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe
    PRC - [2009/02/24 10:09:30 | 006,789,664 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    PRC - [2009/02/12 04:21:14 | 000,862,728 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
    PRC - [2009/01/26 15:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    PRC - [2008/10/17 09:44:58 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
    PRC - [2007/09/11 00:45:04 | 000,124,832 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/12/26 19:36:55 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Rachel\Downloads\OTL.com
    MOD - [2010/08/31 15:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
    MOD - [2009/04/07 12:04:26 | 000,215,584 | ---- | M] (Acer Incorporated) -- C:\Program Files\PACKARD BELL\Packard Bell PowerSave Solution\SysHook.dll
    MOD - [2008/04/25 18:22:22 | 000,011,016 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\kloehk.dll
    MOD - [2008/04/25 18:21:50 | 000,083,208 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\adialhk.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
    SRV - [2010/03/18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
    SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/01/30 20:20:52 | 000,201,992 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe -- (AVP)
    SRV - [2009/09/25 01:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
    SRV - [2009/08/05 22:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
    SRV - [2009/05/19 10:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
    SRV - [2009/05/05 09:15:57 | 000,647,680 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2009/04/07 12:04:12 | 000,703,008 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\PACKARD BELL\Packard Bell PowerSave Solution\ePowerSvc.exe -- (ePowerSvc)
    SRV - [2009/03/10 00:53:02 | 000,044,800 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc)
    SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
    SRV - [2008/11/03 11:37:58 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Stopped] -- C:\Windows\System32\XAudio32.dll -- (HsfXAudioService)
    SRV - [2008/01/21 02:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2007/09/11 00:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
    DRV - [2010/01/30 20:20:53 | 000,224,272 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
    DRV - [2010/01/30 20:20:53 | 000,033,808 | ---- | M] (Kaspersky Lab) [File_System | Boot | Running] -- C:\Windows\system32\drivers\klbg.sys -- (klbg)
    DRV - [2009/08/05 22:48:42 | 000,054,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr)
    DRV - [2009/02/24 08:48:26 | 002,327,968 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
    DRV - [2009/02/23 16:20:12 | 000,062,976 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTSTOR.sys -- (RTSTOR)
    DRV - [2009/02/09 02:06:20 | 004,172,800 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
    DRV - [2009/02/06 02:33:04 | 000,205,232 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
    DRV - [2008/12/24 17:30:00 | 000,155,808 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService)
    DRV - [2008/11/04 05:13:32 | 000,952,320 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
    DRV - [2008/11/03 11:32:20 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio32.sys -- (XAudio)
    DRV - [2008/10/10 01:31:32 | 000,023,096 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbfilter.sys -- (usbfilter)
    DRV - [2008/10/03 00:08:52 | 000,183,312 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\ahcix86s.sys -- (ahcix86s)
    DRV - [2008/09/03 12:12:56 | 000,223,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink (TM)
    DRV - [2008/04/27 21:26:42 | 000,014,352 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
    DRV - [2008/04/16 14:23:44 | 000,112,144 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl1.sys -- (kl1)
    DRV - [2008/03/26 13:10:16 | 000,020,496 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)
    DRV - [2008/03/13 19:02:46 | 000,026,640 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klfltdev.sys -- (KLFLTDEV)
    DRV - [2008/01/30 10:52:06 | 000,014,848 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NTIDrvr.sys -- (NTIDrvr)
    DRV - [2008/01/30 10:51:50 | 000,013,824 | ---- | M] (NewTech Infosystems Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\UBHelper.sys -- (UBHelper)
    DRV - [2008/01/21 02:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
    DRV - [2008/01/21 02:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
    DRV - [2008/01/21 02:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
    DRV - [2008/01/21 02:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
    DRV - [2008/01/21 02:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
    DRV - [2008/01/21 02:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
    DRV - [2008/01/21 02:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
    DRV - [2008/01/21 02:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
    DRV - [2008/01/21 02:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
    DRV - [2008/01/21 02:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
    DRV - [2008/01/21 02:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
    DRV - [2008/01/21 02:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
    DRV - [2008/01/21 02:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
    DRV - [2008/01/21 02:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
    DRV - [2008/01/21 02:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
    DRV - [2008/01/21 02:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
    DRV - [2008/01/21 02:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
    DRV - [2008/01/21 02:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
    DRV - [2008/01/21 02:23:22 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
    DRV - [2008/01/21 02:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
    DRV - [2008/01/21 02:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
    DRV - [2008/01/21 02:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
    DRV - [2008/01/21 02:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
    DRV - [2008/01/21 02:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
    DRV - [2008/01/21 02:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
    DRV - [2008/01/21 02:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
    DRV - [2006/11/02 13:29:38 | 000,021,264 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\DKbFltr.sys -- (DKbFltr)
    DRV - [2006/11/02 13:27:36 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO)
    DRV - [2006/11/02 09:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
    DRV - [2006/11/02 09:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
    DRV - [2006/11/02 09:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
    DRV - [2006/11/02 09:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
    DRV - [2006/11/02 09:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
    DRV - [2006/11/02 09:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
    DRV - [2006/11/02 09:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
    DRV - [2006/11/02 09:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
    DRV - [2006/11/02 09:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
    DRV - [2006/11/02 09:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
    DRV - [2006/11/02 09:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
    DRV - [2006/11/02 08:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
    DRV - [2006/11/02 08:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
    DRV - [2006/11/02 08:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
    DRV - [2006/11/02 08:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
    DRV - [2006/11/02 08:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
    DRV - [2006/11/02 08:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
    DRV - [2006/11/02 07:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0809&s=2&o=vp32&d=0509&m=easynote_lj61
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0809&s=2&o=vp32&d=0509&m=easynote_lj61
    IE - HKLM\..\URLSearchHook: {D3F669EB-57CE-4f45-8FBD-E245CBB46366} - C:\Program Files\STOPzilla!\Toolbar\SZIESearchHook.dll (iS3 Inc.)

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0809&s=2&o=vp32&d=0509&m=easynote_lj61
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ig?hl=en
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/ig?hl=en"
    FF - prefs.js..extensions.enabledItems: [email protected]:4.0
    FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778

    FF - HKLM\software\mozilla\Firefox\Extensions\\{780044d1-e8c0-488f-8059-4522ddbfc2ea}: C:\Program Files\Stopzilla!\Toolbar\Extension [2010/01/31 21:01:33 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/04 18:05:39 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/04 18:05:39 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\THBExt [2010/01/30 19:38:48 | 000,000,000 | ---D | M]

    [2010/02/04 18:17:01 | 000,000,000 | ---D | M] -- C:\Users\Rachel\AppData\Roaming\Mozilla\Extensions
    [2009/11/08 01:26:04 | 000,000,000 | ---D | M] -- C:\Users\Rachel\AppData\Roaming\Mozilla\Extensions\[email protected]
    [2010/12/20 14:34:19 | 000,000,000 | ---D | M] -- C:\Users\Rachel\AppData\Roaming\Mozilla\Firefox\Profiles\p9nd33ag.default\extensions
    [2010/08/31 20:46:22 | 000,000,000 | ---D | M] -- C:\Users\Rachel\AppData\Roaming\Mozilla\Firefox\Profiles\p9nd33ag.default\extensions\[email protected]
    [2010/10/22 17:24:46 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
    [2010/10/22 17:24:47 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
    [2010/09/01 18:47:34 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
    [2010/09/01 18:47:34 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
    [2010/09/01 18:47:34 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
    [2010/09/01 18:47:34 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

    O1 HOSTS File: ([2010/01/31 21:38:39 | 000,377,782 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O1 - Hosts: 127.0.0.1 www.007guard.com
    O1 - Hosts: 127.0.0.1 007guard.com
    O1 - Hosts: 127.0.0.1 008i.com
    O1 - Hosts: 127.0.0.1 www.008k.com
    O1 - Hosts: 127.0.0.1 008k.com
    O1 - Hosts: 127.0.0.1 www.00hq.com
    O1 - Hosts: 127.0.0.1 00hq.com
    O1 - Hosts: 127.0.0.1 010402.com
    O1 - Hosts: 127.0.0.1 www.032439.com
    O1 - Hosts: 127.0.0.1 032439.com
    O1 - Hosts: 127.0.0.1 www.0scan.com
    O1 - Hosts: 127.0.0.1 0scan.com
    O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
    O1 - Hosts: 127.0.0.1 1000gratisproben.com
    O1 - Hosts: 127.0.0.1 www.1001namen.com
    O1 - Hosts: 127.0.0.1 1001namen.com
    O1 - Hosts: 127.0.0.1 www.100888290cs.com
    O1 - Hosts: 127.0.0.1 100888290cs.com
    O1 - Hosts: 127.0.0.1 www.100sexlinks.com
    O1 - Hosts: 127.0.0.1 100sexlinks.com
    O1 - Hosts: 127.0.0.1 10sek.com
    O1 - Hosts: 127.0.0.1 www.10sek.com
    O1 - Hosts: 127.0.0.1 1-2005-search.com
    O1 - Hosts: 13023 more lines...
    O2 - BHO: (ZILLAbar Browser Helper Object) - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\Toolbar\SZSG.dll (iS3, Inc)
    O2 - BHO: (no name) - {474597C5-AB09-49d6-A4D5-2E8D7341384E} - No CLSID value found.
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll (Kaspersky Lab)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
    O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
    O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
    O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
    O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (STOPzilla) - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\Toolbar\SZSG.dll (iS3, Inc)
    O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - SITEguard - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
    O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O4 - HKLM..\Run: [Acer ePower Management] C:\Program Files\PACKARD BELL\Packard Bell PowerSave Solution\ePowerTrayLauncher.exe (Acer Incorporated)
    O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe (Kaspersky Lab)
    O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
    O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe ()
    O4 - HKLM..\Run: [RemoteControl8] C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
    O4 - HKCU..\Run: [cacaoweb] C:\Users\Rachel\AppData\Roaming\cacaoweb\cacaoweb.exe ()
    O4 - HKCU..\Run: [Home Typist] C:\Program Files\Invention Pilot\Home Typist\HTypist.exe File not found
    O4 - HKCU..\Run: [SmpcSys] C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe (Acer Incorporated)
    O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
    O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
    O4 - Startup: C:\Users\Rachel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk = C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe File not found
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm ()
    O9 - Extra Button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll (Kaspersky Lab)
    O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
    O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\mzvkbd.dll (Kaspersky Lab)
    O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\adialhk.dll (Kaspersky Lab)
    O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\kloehk.dll (Kaspersky Lab)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - C:\Windows\System32\klogon.dll (Kaspersky Lab)
    O24 - Desktop WallPaper: C:\Users\Rachel\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O24 - Desktop BackupWallPaper: C:\Users\Rachel\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O33 - MountPoints2\{c84ce878-aec4-11de-914a-00235a966eac}\Shell - "" = AutoRun
    O33 - MountPoints2\{c84ce878-aec4-11de-914a-00235a966eac}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
    O33 - MountPoints2\F\Shell - "" = AutoRun
    O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found

    Drivers32: msacm.l3acm - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
    Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/12/26 14:29:03 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
    [2010/12/26 14:28:57 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2010/12/25 10:01:41 | 000,000,000 | ---D | C] -- C:\ProgramData\gCmLl08200
    [2010/12/20 14:48:21 | 000,000,000 | ---D | C] -- C:\Users\Rachel\AppData\Roaming\cacaoweb
    [2010/12/15 19:44:28 | 002,038,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
    [2010/12/15 19:44:26 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
    [2010/12/15 19:44:26 | 000,345,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
    [2010/12/15 19:44:26 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
    [2010/12/15 19:44:24 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
    [2010/12/15 19:44:23 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
    [2010/12/15 19:44:22 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
    [2010/12/15 19:44:22 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
    [2010/12/15 19:44:19 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
    [2010/12/15 19:44:18 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
    [2010/12/15 19:44:18 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
    [2010/12/15 19:44:18 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
    [2010/12/15 19:44:18 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
    [2010/12/15 19:44:18 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
    [2010/12/15 19:44:18 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
    [2010/12/15 19:44:18 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
    [2010/12/15 19:44:18 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
    [2010/12/15 19:44:18 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
    [2010/12/15 19:44:18 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
    [2010/12/15 19:44:18 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
    [2010/12/15 19:44:18 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
    [2010/12/15 19:44:18 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
    [2010/12/15 19:44:17 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
    [2010/12/15 19:44:17 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
    [2010/12/15 19:44:17 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
    [2010/12/15 19:44:05 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
    [1 C:\Users\Rachel\Documents\*.tmp files -> C:\Users\Rachel\Documents\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2010/12/26 19:40:21 | 000,604,520 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2010/12/26 19:40:21 | 000,107,796 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2010/12/26 19:40:04 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2010/12/26 19:34:41 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2010/12/26 19:34:35 | 000,004,384 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2010/12/26 19:34:35 | 000,004,384 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2010/12/26 19:34:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2010/12/26 19:34:22 | 2949,070,848 | -HS- | M] () -- C:\hiberfil.sys
    [2010/12/26 19:33:42 | 004,501,536 | -HS- | M] () -- C:\Windows\System32\drivers\fidbox.dat
    [2010/12/26 19:33:42 | 000,925,728 | -HS- | M] () -- C:\Windows\System32\drivers\fidbox2.dat
    [2010/12/26 19:33:42 | 000,036,248 | -HS- | M] () -- C:\Windows\System32\drivers\fidbox.idx
    [2010/12/26 19:33:42 | 000,004,244 | -HS- | M] () -- C:\Windows\System32\drivers\fidbox2.idx
    [2010/12/26 16:13:00 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4127821002-2094884117-1205626698-1000UA.job
    [2010/12/26 15:19:20 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{8A8FA6DB-374E-496D-BBD3-FFC4D5D3548E}.job
    [2010/12/26 14:29:03 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/12/26 14:19:58 | 000,001,356 | ---- | M] () -- C:\Users\Rachel\AppData\Local\d3d9caps.dat
    [2010/12/24 18:13:00 | 000,000,858 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4127821002-2094884117-1205626698-1000Core.job
    [2010/12/20 19:19:23 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
    [2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
    [2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2010/12/20 16:06:50 | 000,026,624 | ---- | M] () -- C:\Users\Rachel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/12/20 14:48:25 | 000,307,440 | ---- | M] () -- C:\Users\Rachel\Desktop\cacaoweb.exe
    [2010/12/16 07:44:10 | 000,301,072 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2010/12/15 23:14:25 | 000,002,049 | ---- | M] () -- C:\Users\Rachel\Desktop\Google Chrome.lnk
    [2010/12/08 22:59:10 | 000,002,627 | ---- | M] () -- C:\Users\Rachel\Desktop\Microsoft Office Word 2007.lnk
    [2010/12/01 21:32:38 | 000,016,462 | ---- | M] () -- C:\Users\Rachel\Documents\Coompare and Contarast how April de Angelis in Playouse Creatures nand Brian Friel in Living Quarters Explore the Theme of Betrayal.docx
    [1 C:\Users\Rachel\Documents\*.tmp files -> C:\Users\Rachel\Documents\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2010/12/26 15:17:04 | 2949,070,848 | -HS- | C] () -- C:\hiberfil.sys
    [2010/12/26 14:29:03 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/12/20 14:48:21 | 000,307,440 | ---- | C] () -- C:\Users\Rachel\Desktop\cacaoweb.exe
    [2010/12/17 19:25:08 | 000,111,857 | ---- | C] () -- C:\Users\Rachel\Documents\P1000249.JPG
    [2010/12/17 19:24:29 | 025,591,296 | ---- | C] () -- C:\Users\Rachel\Documents\P1000248.MOV
    [2010/12/17 19:24:29 | 000,115,498 | ---- | C] () -- C:\Users\Rachel\Documents\P1000248.JPG
    [2010/11/30 22:52:03 | 000,016,462 | ---- | C] () -- C:\Users\Rachel\Documents\Coompare and Contarast how April de Angelis in Playouse Creatures nand Brian Friel in Living Quarters Explore the Theme of Betrayal.docx
    [2010/10/22 18:03:24 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
    [2010/09/27 15:46:27 | 000,001,356 | ---- | C] () -- C:\Users\Rachel\AppData\Local\d3d9caps.dat
    [2010/03/24 23:38:20 | 000,000,000 | ---- | C] () -- C:\Users\Rachel\AppData\Roaming\wklnhst.dat
    [2010/02/15 17:20:37 | 000,069,632 | ---- | C] () -- C:\Windows\System32\MobOlExt.dll
    [2010/01/29 20:01:40 | 000,012,762 | -HS- | C] () -- C:\Users\Rachel\AppData\Local\rifW
    [2010/01/23 04:22:55 | 000,000,000 | ---- | C] () -- C:\Users\Rachel\AppData\Roaming\apocalyps32.exe
    [2010/01/13 20:30:05 | 000,000,203 | ---- | C] () -- C:\Windows\gsp_gcse.ini
    [2010/01/13 20:29:32 | 000,000,036 | ---- | C] () -- C:\Windows\Tiny_Run.ini
    [2009/12/02 21:00:52 | 000,076,407 | ---- | C] () -- C:\Users\Rachel\AppData\Roaming\Smiley.ico
    [2009/09/17 18:15:41 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
    [2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
    [2009/08/02 09:42:19 | 000,026,624 | ---- | C] () -- C:\Users\Rachel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009/08/02 09:37:17 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
    [2009/03/12 18:26:53 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
    [2009/03/12 08:10:13 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
    [2006/11/02 12:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
    [2006/11/02 07:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

    ========== LOP Check ==========

    [2010/01/23 04:22:55 | 000,000,000 | ---D | M] -- C:\Users\Rachel\AppData\Roaming\ap0calypse_68C0B067
    [2009/08/03 22:13:58 | 000,000,000 | ---D | M] -- C:\Users\Rachel\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
    [2010/12/25 09:51:48 | 000,000,000 | ---D | M] -- C:\Users\Rachel\AppData\Roaming\cacaoweb
    [2009/10/26 18:45:37 | 000,000,000 | ---D | M] -- C:\Users\Rachel\AppData\Roaming\Home Sweet Home
    [2010/12/07 00:03:10 | 000,000,000 | ---D | M] -- C:\Users\Rachel\AppData\Roaming\LimeWire
    [2009/08/02 08:55:56 | 000,000,000 | ---D | M] -- C:\Users\Rachel\AppData\Roaming\Packard Bell
    [2010/10/25 22:45:54 | 000,000,000 | ---D | M] -- C:\Users\Rachel\AppData\Roaming\Spotify
    [2010/12/26 19:33:35 | 000,032,626 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
    [2010/12/26 15:19:20 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{8A8FA6DB-374E-496D-BBD3-FFC4D5D3548E}.job

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
    [2009/04/11 06:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
    [2009/03/12 08:12:30 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
    [2006/09/18 21:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
    [2010/12/26 19:34:22 | 2949,070,848 | -HS- | M] () -- C:\hiberfil.sys
    [2010/01/13 20:29:57 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2010/01/13 20:29:57 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2010/12/26 19:34:20 | 3264,925,696 | -HS- | M] () -- C:\pagefile.sys
    [2009/03/12 18:14:27 | 000,002,917 | ---- | M] () -- C:\RHDSetup.log
    [2010/12/26 14:25:45 | 000,000,778 | ---- | M] () -- C:\rkill.log

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2008/01/21 03:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
    [2008/01/21 03:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
    [2008/01/21 03:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
    [2006/11/02 10:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
    [2006/11/02 10:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-12-24 15:32:20

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:2AF40C07
    @Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:67518200
    @Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:6ECD2470
    @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:AED4FFF5
    @Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:A8ADE5D8
    @Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:517B507A
    @Alternate Data Stream - 103 bytes -> C:\ProgramData\Temp:DFC5A2B2

    < End of report >


    And the Extras.Txt


    OTL Extras logfile created on: 26/12/2010 19:37:51 - Run 1
    OTL by OldTimer - Version 3.2.18.0 Folder = C:\Users\Rachel\Downloads
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18999)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 55.00% Memory free
    6.00 Gb Paging File | 5.00 Gb Available in Paging File | 79.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 219.88 Gb Total Space | 144.77 Gb Free Space | 65.84% Space Free | Partition Type: NTFS

    Computer Name: RACHELS_PC | User Name: Rachel | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
    "DisableMonitoring" = 1
    "" =

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "VistaSp2" = Reg Error: Unknown registry data type -- File not found

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{1465E364-9704-4E33-9A2D-7AB2E7E64972}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{3583A215-998A-4FAB-8FFD-CC218053C8FA}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
    "{4569E902-1A7A-44B6-AF35-846E1688537E}" = lport=138 | protocol=17 | dir=in | app=system |
    "{6069E45F-E7AA-49D7-85D6-7F7A3C4F8334}" = lport=445 | protocol=6 | dir=in | app=system |
    "{66A8DAEC-2B28-4A09-80FE-1836AF63F8A8}" = rport=137 | protocol=17 | dir=out | app=system |
    "{76E870EE-78A2-4E72-90D2-B4E1554AFE03}" = rport=139 | protocol=6 | dir=out | app=system |
    "{8AF53A9E-C14A-444A-81D2-F5AF4F1477AC}" = rport=138 | protocol=17 | dir=out | app=system |
    "{90BC8990-FF3F-4279-ADF9-7BFCC7889DEA}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{A4259609-71DF-4EE3-92C8-7B5A058915C6}" = lport=139 | protocol=6 | dir=in | app=system |
    "{C23DB4E6-B81A-41C9-B37B-498381DB8504}" = rport=445 | protocol=6 | dir=out | app=system |
    "{CFEE7672-D6EA-4C12-848B-5E55D0D8718A}" = lport=137 | protocol=17 | dir=in | app=system |
    "{D481669E-16A4-4861-8FB4-713C0C22FE3C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{059ADD6C-1B89-43F8-96A0-3CE34542FE45}" = protocol=1 | dir=in | [email protected],-28543 |
    "{11BDF117-A7A8-4B67-B545-391CA74767D8}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{305C8E89-3C22-47EC-8586-FDD257E2454B}" = dir=in | app=c:\program files\cyberlink\powerdvd8\powerdvd8.exe |
    "{37DF88B7-913D-487B-8D15-DBBAA52F8B85}" = dir=in | app=c:\program files\itunes\itunes.exe |
    "{790664C5-ED8B-403B-B187-7E52FABE668B}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
    "{84DD1C8E-B5E5-4F3B-A7AA-D6C1D0595473}" = protocol=58 | dir=in | [email protected],-28545 |
    "{A3E81368-32FF-43C5-B5C2-C02B6BF08E20}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{B03DEF0E-1668-4939-9E86-9F85B211BEC1}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{C628213E-0D1E-46C0-9F8B-C553884218A3}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{D692F026-0D9F-4C77-80F8-6F6866248DE5}" = protocol=58 | dir=out | [email protected],-28546 |
    "{DF4E0890-6CF0-427B-BE0C-513AF957C8A6}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
    "{EAB16143-99A3-46FF-A3D2-1876C44F1E3F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{EB30B746-B0E0-48AA-8C51-FDC0C3FEC8A4}" = protocol=1 | dir=out | [email protected],-28544 |
    "TCP Query User{1C283AF7-C958-4D9B-BFEC-76AA5799089A}C:\program files\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\program files\spotify\spotify.exe |
    "TCP Query User{3BF37B16-D17B-406D-90D3-7C2AED7C1ACA}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
    "TCP Query User{8D6D5A75-B4A0-48D0-A18E-5BED08B7888F}C:\program files\imesh applications\imesh\imesh.exe" = protocol=6 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |
    "TCP Query User{8EE0EA87-BFC3-477F-BB3F-156ACB084220}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
    "TCP Query User{DE9C537C-182B-41AB-8EEF-7B313E1621F2}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
    "UDP Query User{0224218E-6DA7-4CBA-9349-0B4261D2574C}C:\program files\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\program files\spotify\spotify.exe |
    "UDP Query User{851F7FF4-0508-405E-968A-38F90E7AC94D}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
    "UDP Query User{987F684E-DE95-4960-A61B-87FFD8940C17}C:\program files\imesh applications\imesh\imesh.exe" = protocol=17 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |
    "UDP Query User{BED8D804-977D-4983-8EB8-34ECDB728AFA}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
    "UDP Query User{D727727B-D38E-47F4-8792-2F8A11FDCFA7}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{01F8AA87-0B08-DFE7-6248-4ACAC76A3656}" = CCC Help Hungarian
    "{02D75F37-8ADF-545D-B51D-81D41C10AE2B}" = CCC Help Russian
    "{03216980-BEFF-F79E-D158-2D9F8D908982}" = CCC Help Korean
    "{05BDE771-F0AC-8BFF-6394-2FB8D14DCB09}" = CCC Help Portuguese
    "{09AA42C9-5867-5DCD-38AB-80EF357CE8FB}" = CCC Help Chinese Traditional
    "{0D295166-28F5-3839-7072-762C9B77DB72}" = Catalyst Control Center Localization Russian
    "{114A21FC-E15A-EE2F-5BBE-B7F675E97075}" = Catalyst Control Center Localization French
    "{123ED099-5872-85F8-7228-8A4B6B9AB115}" = Catalyst Control Center Graphics Full New
    "{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety
    "{14169761-2E91-F471-A2B8-C3D70AAFF62E}" = Catalyst Control Center Localization Spanish
    "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{1B6E1845-5454-0351-5E45-6A378B77F163}" = CCC Help Italian
    "{1BBEE7E7-82EF-7DB5-D2B0-5D9481F72587}" = CCC Help Turkish
    "{1FC2584D-B6F3-8C91-61D2-C60778D1B210}" = Catalyst Control Center Localization Chinese Standard
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 17
    "{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
    "{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
    "{30062FDB-7F63-5179-A263-58BED9B4D33B}" = ccc-utility
    "{3032B823-6AA5-8BD1-72F5-BD045D9D5547}" = Catalyst Control Center Localization Czech
    "{32B09F2B-6241-6A8D-5D2C-C30763C6A90E}" = CCC Help French
    "{34E15301-FBA0-1A24-288C-7FADC3A52A70}" = CCC Help Greek
    "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
    "{3DB0448D-AD82-4923-B305-D001E521A964}" = Packard Bell PowerSave Solution
    "{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
    "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
    "{45FFF505-8CA6-9CDF-9749-D589AD8BDBF0}" = CCC Help Dutch
    "{486B5BE1-0C46-401A-2AFE-86B69168C172}" = CCC Help Polish
    "{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
    "{4E5EAE73-9329-12EE-64B1-2945D94BBCBB}" = CCC Help Norwegian
    "{520782BB-ECB5-65CD-60F6-994A417CD9B9}" = Catalyst Control Center Localization Korean
    "{52AA5EF7-D840-1D03-8A1C-4A030F204437}" = Catalyst Control Center Localization Greek
    "{52DDAE8B-FFBF-2FAF-B3A9-154564630C35}" = ccc-core-static
    "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
    "{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
    "{5959122F-0D76-DEE2-089D-16948CE63102}" = CCC Help Czech
    "{5B729ADC-5F03-07F4-CABB-AD10906431EF}" = Catalyst Control Center Localization Danish
    "{5C1BF3AC-B19D-4C26-B0A0-90833A521033}" = Nero 8 Essentials
    "{625E0A65-5C45-33C2-9442-025B5F82AC99}" = Catalyst Control Center Graphics Full Existing
    "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
    "{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
    "{6CAEDBFE-86BC-89C9-084A-1F3F35D5ECE8}" = Catalyst Control Center Localization Dutch
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
    "{73290804-96DA-1E25-6997-5D678E85AD71}" = Catalyst Control Center Localization Finnish
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
    "{7A857D15-7CE4-FC05-1F68-95A9A7407F21}" = CCC Help Chinese Standard
    "{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
    "{7E67C8B8-77AA-CB5A-74F3-1703FE0EE1CE}" = Catalyst Control Center Localization Italian
    "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Packard Bell Recovery Management
    "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{84A20CDB-73BA-105D-5C9A-BBF2F5C17DF7}" = Catalyst Control Center Localization Japanese
    "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
    "{8ABA8EAC-503A-684A-5CA1-E4E45B624724}" = Catalyst Control Center InstallProxy
    "{8B5EB09E-CF76-396A-72D7-A2779A48D841}" = Catalyst Control Center Localization Norwegian
    "{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55}" = Kaspersky Internet Security 2009
    "{8F5BDB91-4EC4-56D7-1312-8F197B325044}" = ATI Catalyst Install Manager
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{92ABBA93-EE00-41C7-8D44-67D0C9DEF51E}" = Catalyst Control Center - Branding
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9B10C3A2-D43D-ADAD-191B-2FA0CD2FAA17}" = Catalyst Control Center Localization Hungarian
    "{9CB497F2-2420-CBFA-5685-0E63781A0386}" = CCC Help Thai
    "{9D8BC7F4-661A-F902-4DD1-74B5826DEB28}" = Catalyst Control Center Localization Swedish
    "{A2297386-0DB1-18D4-193C-885E6AD09707}" = Catalyst Control Center Core Implementation
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A5653E98-C00B-421B-86A2-E7DA75BFD97A}" = STOPzilla Toolbar
    "{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Video Web Camera
    "{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
    "{AFD10BFE-21A6-EB0A-6177-7B037A8A479E}" = CCC Help Danish
    "{B1F876C9-0226-29FD-E829-B7E9A56DBF01}" = Catalyst Control Center Localization Chinese Traditional
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{B3D26119-3F6B-5E13-50E6-53C9473986E4}" = CCC Help Japanese
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
    "{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims&#8482; 3
    "{C2F62AF2-8748-4CAE-BE53-1AF4763CFC15}" = AMD USB Audio Driver Filter
    "{C320F434-AFAC-9F46-46E3-B7066E2E5A17}" = Catalyst Control Center Localization Thai
    "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
    "{C7CB1394-DF88-7110-D9B2-C500133B66DE}" = Catalyst Control Center Localization Turkish
    "{C9223CC9-19F4-78A9-AF1E-8D5DB16678C1}" = CCC Help Finnish
    "{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
    "{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D2182DE0-F06D-A736-95D8-6B60AA0CA353}" = Catalyst Control Center Localization Polish
    "{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
    "{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
    "{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
    "{DE710185-AEB4-946E-7F34-82FB1B8E9B5A}" = Catalyst Control Center Localization Portuguese
    "{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
    "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
    "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
    "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
    "{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype&#8482; 5.0
    "{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
    "{E9AF6504-976A-A370-337C-26E97C1B4E2D}" = CCC Help Swedish
    "{EA36B873-F44D-0362-8785-813DA1A71AD6}" = CCC Help German
    "{F0000760-930B-AA6B-F26F-D7A9D7385093}" = CCC Help English
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
    "{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0
    "{F6977E72-CB30-656B-BFCB-DF6F2A642AFB}" = Catalyst Control Center Localization German
    "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
    "{FE528266-7604-8657-3B46-B7AB72B2A566}" = Catalyst Control Center Graphics Light
    "{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "{FF8AFB53-F39D-1713-FB1D-66D2D5E5C4DD}" = CCC Help Spanish
    "Ad-Aware" = Ad-Aware
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "ALCATEL PC Suite_is1" = ALCATEL PC Suite V6.3.19
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "EADM" = EA Download Manager
    "HOMESTUDENTR" = Microsoft Office Home and Student 2007
    "Identity Card" = Identity Card
    "InfoCentre" = InfoCentre
    "InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
    "InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Packard Bell MyBackup
    "InstallWIX_{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55}" = Kaspersky Internet Security 2009
    "LimeWire" = LimeWire 5.5.14
    "LManager" = Launch Manager
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Messenger Plus! Live" = Messenger Plus! Live
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
    "Packard Bell Customer Registration" = Packard Bell Customer Registration
    "PackardBell Screensaver" = PackardBell ScreenSaver
    "Recuva" = Recuva
    "SetUpMyPC" = SetUpMyPC
    "Spotify" = Spotify
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "Updator" = Updator
    "VLC media player" = VLC media player 1.1.4
    "WinLiveSuite_Wave3" = Windows Live Essentials

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Google Chrome" = Google Chrome

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 06/12/2010 12:53:23 | Computer Name = rachels_pc | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksdb.exe".
    Dependent
    Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 06/12/2010 12:53:23 | Computer Name = rachels_pc | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe".
    Dependent
    Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 06/12/2010 12:53:23 | Computer Name = rachels_pc | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".
    Dependent
    Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 06/12/2010 17:25:10 | Computer Name = rachels_pc | Source = Windows Search Service | ID = 3013
    Description =

    Error - 06/12/2010 18:45:09 | Computer Name = rachels_pc | Source = Application Error | ID = 1000
    Description = Faulting application chrome.exe, version 0.0.0.0, time stamp 0x4cf490bf,
    faulting module gcswf32.dll, version 10.1.103.20, time stamp 0x4cd9f257, exception
    code 0xc0000005, fault offset 0x00182a4b, process id 0x5f4, application start time
    0x01cb95669e483b5d.

    Error - 06/12/2010 19:04:49 | Computer Name = rachels_pc | Source = Application Error | ID = 1000
    Description = Faulting application chrome.exe, version 0.0.0.0, time stamp 0x4cf490bf,
    faulting module gcswf32.dll, version 10.1.103.20, time stamp 0x4cd9f257, exception
    code 0xc0000005, fault offset 0x00182a45, process id 0x12cc, application start time
    0x01cb95974f95f8a0.

    Error - 06/12/2010 20:03:20 | Computer Name = rachels_pc | Source = Bonjour Service | ID = 100
    Description = 400: ERROR: read_msg errno 10054 (An existing connection was forcibly
    closed by the remote host.)

    Error - 06/12/2010 20:03:20 | Computer Name = rachels_pc | Source = Bonjour Service | ID = 100
    Description = 408: ERROR: read_msg errno 10054 (An existing connection was forcibly
    closed by the remote host.)

    Error - 06/12/2010 20:03:20 | Computer Name = rachels_pc | Source = Bonjour Service | ID = 100
    Description = 404: ERROR: read_msg errno 10054 (An existing connection was forcibly
    closed by the remote host.)

    Error - 06/12/2010 20:03:20 | Computer Name = rachels_pc | Source = Bonjour Service | ID = 100
    Description = 412: ERROR: read_msg errno 10054 (An existing connection was forcibly
    closed by the remote host.)

    [ OSession Events ]
    Error - 30/04/2010 19:25:25 | Computer Name = rachels_pc | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 13912
    seconds with 120 seconds of active time. This session ended with a crash.

    Error - 25/06/2010 20:38:03 | Computer Name = rachels_pc | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6535.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3464
    seconds with 240 seconds of active time. This session ended with a crash.

    [ System Events ]
    Error - 26/12/2010 11:24:00 | Computer Name = rachels_pc | Source = bowser | ID = 8003
    Description =

    Error - 26/12/2010 15:16:55 | Computer Name = rachels_pc | Source = Service Control Manager | ID = 7000
    Description =

    Error - 26/12/2010 15:16:55 | Computer Name = rachels_pc | Source = Service Control Manager | ID = 7009
    Description =

    Error - 26/12/2010 15:16:55 | Computer Name = rachels_pc | Source = Service Control Manager | ID = 7000
    Description =

    Error - 26/12/2010 15:19:29 | Computer Name = rachels_pc | Source = bowser | ID = 8003
    Description =

    Error - 26/12/2010 15:20:16 | Computer Name = rachels_pc | Source = Service Control Manager | ID = 7034
    Description =

    Error - 26/12/2010 15:34:37 | Computer Name = rachels_pc | Source = Service Control Manager | ID = 7000
    Description =

    Error - 26/12/2010 15:34:37 | Computer Name = rachels_pc | Source = Service Control Manager | ID = 7009
    Description =

    Error - 26/12/2010 15:34:37 | Computer Name = rachels_pc | Source = Service Control Manager | ID = 7000
    Description =

    Error - 26/12/2010 15:35:22 | Computer Name = rachels_pc | Source = bowser | ID = 8003
    Description =


    < End of report >
     
  6. Shiningbright

    Shiningbright Thread Starter

    Joined:
    Dec 25, 2010
    Messages:
    11
    Thank you!
    Here's the OTL Txt:

    OTL logfile created on: 26/12/2010 19:37:51 - Run 1
    OTL by OldTimer - Version 3.2.18.0 Folder = C:\Users\Rachel\Downloads
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18999)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 55.00% Memory free
    6.00 Gb Paging File | 5.00 Gb Available in Paging File | 79.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 219.88 Gb Total Space | 144.77 Gb Free Space | 65.84% Space Free | Partition Type: NTFS

    Computer Name: RACHELS_PC | User Name: Rachel | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2010/12/26 19:36:55 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Rachel\Downloads\OTL.com
    PRC - [2010/12/26 19:35:13 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Rachel\AppData\Local\Temp\RtkBtMnt.exe
    PRC - [2010/12/24 10:06:18 | 000,308,464 | ---- | M] () -- C:\Users\Rachel\AppData\Roaming\cacaoweb\cacaoweb.exe
    PRC - [2010/12/08 23:28:23 | 000,991,800 | ---- | M] (Google Inc.) -- C:\Users\Rachel\AppData\Local\Google\Chrome\Application\chrome.exe
    PRC - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    PRC - [2010/01/30 20:20:52 | 000,201,992 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
    PRC - [2009/08/02 08:49:45 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    PRC - [2009/05/19 10:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    PRC - [2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2009/04/07 12:04:12 | 000,703,008 | ---- | M] (Acer Incorporated) -- C:\Program Files\PACKARD BELL\Packard Bell PowerSave Solution\ePowerTray.exe
    PRC - [2009/04/07 12:04:12 | 000,703,008 | ---- | M] (Acer Incorporated) -- C:\Program Files\PACKARD BELL\Packard Bell PowerSave Solution\ePowerSvc.exe
    PRC - [2009/04/07 12:04:10 | 000,453,152 | ---- | M] (Acer Incorporated) -- C:\Program Files\PACKARD BELL\Packard Bell PowerSave Solution\ePowerEvent.exe
    PRC - [2009/03/18 08:46:30 | 001,160,736 | ---- | M] (Acer Incorporated) -- C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe
    PRC - [2009/03/10 00:53:02 | 000,044,800 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe
    PRC - [2009/02/24 10:09:30 | 006,789,664 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    PRC - [2009/02/12 04:21:14 | 000,862,728 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
    PRC - [2009/01/26 15:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    PRC - [2008/10/17 09:44:58 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
    PRC - [2007/09/11 00:45:04 | 000,124,832 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/12/26 19:36:55 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Rachel\Downloads\OTL.com
    MOD - [2010/08/31 15:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
    MOD - [2009/04/07 12:04:26 | 000,215,584 | ---- | M] (Acer Incorporated) -- C:\Program Files\PACKARD BELL\Packard Bell PowerSave Solution\SysHook.dll
    MOD - [2008/04/25 18:22:22 | 000,011,016 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\kloehk.dll
    MOD - [2008/04/25 18:21:50 | 000,083,208 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\adialhk.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
    SRV - [2010/03/18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
    SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/01/30 20:20:52 | 000,201,992 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe -- (AVP)
    SRV - [2009/09/25 01:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
    SRV - [2009/08/05 22:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
    SRV - [2009/05/19 10:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
    SRV - [2009/05/05 09:15:57 | 000,647,680 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2009/04/07 12:04:12 | 000,703,008 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\PACKARD BELL\Packard Bell PowerSave Solution\ePowerSvc.exe -- (ePowerSvc)
    SRV - [2009/03/10 00:53:02 | 000,044,800 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc)
    SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
    SRV - [2008/11/03 11:37:58 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Stopped] -- C:\Windows\System32\XAudio32.dll -- (HsfXAudioService)
    SRV - [2008/01/21 02:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2007/09/11 00:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
    DRV - [2010/01/30 20:20:53 | 000,224,272 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
    DRV - [2010/01/30 20:20:53 | 000,033,808 | ---- | M] (Kaspersky Lab) [File_System | Boot | Running] -- C:\Windows\system32\drivers\klbg.sys -- (klbg)
    DRV - [2009/08/05 22:48:42 | 000,054,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr)
    DRV - [2009/02/24 08:48:26 | 002,327,968 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
    DRV - [2009/02/23 16:20:12 | 000,062,976 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTSTOR.sys -- (RTSTOR)
    DRV - [2009/02/09 02:06:20 | 004,172,800 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
    DRV - [2009/02/06 02:33:04 | 000,205,232 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
    DRV - [2008/12/24 17:30:00 | 000,155,808 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService)
    DRV - [2008/11/04 05:13:32 | 000,952,320 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
    DRV - [2008/11/03 11:32:20 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio32.sys -- (XAudio)
    DRV - [2008/10/10 01:31:32 | 000,023,096 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbfilter.sys -- (usbfilter)
    DRV - [2008/10/03 00:08:52 | 000,183,312 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\ahcix86s.sys -- (ahcix86s)
    DRV - [2008/09/03 12:12:56 | 000,223,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink (TM)
    DRV - [2008/04/27 21:26:42 | 000,014,352 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
    DRV - [2008/04/16 14:23:44 | 000,112,144 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl1.sys -- (kl1)
    DRV - [2008/03/26 13:10:16 | 000,020,496 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)
    DRV - [2008/03/13 19:02:46 | 000,026,640 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klfltdev.sys -- (KLFLTDEV)
    DRV - [2008/01/30 10:52:06 | 000,014,848 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NTIDrvr.sys -- (NTIDrvr)
    DRV - [2008/01/30 10:51:50 | 000,013,824 | ---- | M] (NewTech Infosystems Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\UBHelper.sys -- (UBHelper)
    DRV - [2008/01/21 02:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
    DRV - [2008/01/21 02:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
    DRV - [2008/01/21 02:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
    DRV - [2008/01/21 02:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
    DRV - [2008/01/21 02:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
    DRV - [2008/01/21 02:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
    DRV - [2008/01/21 02:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
    DRV - [2008/01/21 02:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
    DRV - [2008/01/21 02:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
    DRV - [2008/01/21 02:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
    DRV - [2008/01/21 02:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
    DRV - [2008/01/21 02:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
    DRV - [2008/01/21 02:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
    DRV - [2008/01/21 02:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
    DRV - [2008/01/21 02:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
    DRV - [2008/01/21 02:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
    DRV - [2008/01/21 02:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
    DRV - [2008/01/21 02:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
    DRV - [2008/01/21 02:23:22 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
    DRV - [2008/01/21 02:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
    DRV - [2008/01/21 02:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
    DRV - [2008/01/21 02:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
    DRV - [2008/01/21 02:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
    DRV - [2008/01/21 02:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
    DRV - [2008/01/21 02:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
    DRV - [2008/01/21 02:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
    DRV - [2006/11/02 13:29:38 | 000,021,264 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\DKbFltr.sys -- (DKbFltr)
    DRV - [2006/11/02 13:27:36 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO)
    DRV - [2006/11/02 09:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
    DRV - [2006/11/02 09:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
    DRV - [2006/11/02 09:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
    DRV - [2006/11/02 09:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
    DRV - [2006/11/02 09:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
    DRV - [2006/11/02 09:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
    DRV - [2006/11/02 09:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
    DRV - [2006/11/02 09:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
    DRV - [2006/11/02 09:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
    DRV - [2006/11/02 09:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
    DRV - [2006/11/02 09:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
    DRV - [2006/11/02 08:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
    DRV - [2006/11/02 08:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
    DRV - [2006/11/02 08:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
    DRV - [2006/11/02 08:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
    DRV - [2006/11/02 08:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
    DRV - [2006/11/02 08:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
    DRV - [2006/11/02 07:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0809&s=2&o=vp32&d=0509&m=easynote_lj61
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0809&s=2&o=vp32&d=0509&m=easynote_lj61
    IE - HKLM\..\URLSearchHook: {D3F669EB-57CE-4f45-8FBD-E245CBB46366} - C:\Program Files\STOPzilla!\Toolbar\SZIESearchHook.dll (iS3 Inc.)

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0809&s=2&o=vp32&d=0509&m=easynote_lj61
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ig?hl=en
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/ig?hl=en"
    FF - prefs.js..extensions.enabledItems: [email protected]:4.0
    FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778

    FF - HKLM\software\mozilla\Firefox\Extensions\\{780044d1-e8c0-488f-8059-4522ddbfc2ea}: C:\Program Files\Stopzilla!\Toolbar\Extension [2010/01/31 21:01:33 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/04 18:05:39 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/04 18:05:39 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\THBExt [2010/01/30 19:38:48 | 000,000,000 | ---D | M]

    [2010/02/04 18:17:01 | 000,000,000 | ---D | M] -- C:\Users\Rachel\AppData\Roaming\Mozilla\Extensions
    [2009/11/08 01:26:04 | 000,000,000 | ---D | M] -- C:\Users\Rachel\AppData\Roaming\Mozilla\Extensions\[email protected]
    [2010/12/20 14:34:19 | 000,000,000 | ---D | M] -- C:\Users\Rachel\AppData\Roaming\Mozilla\Firefox\Profiles\p9nd33ag.default\extensions
    [2010/08/31 20:46:22 | 000,000,000 | ---D | M] -- C:\Users\Rachel\AppData\Roaming\Mozilla\Firefox\Profiles\p9nd33ag.default\extensions\[email protected]
    [2010/10/22 17:24:46 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
    [2010/10/22 17:24:47 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
    [2010/09/01 18:47:34 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
    [2010/09/01 18:47:34 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
    [2010/09/01 18:47:34 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
    [2010/09/01 18:47:34 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

    O1 HOSTS File: ([2010/01/31 21:38:39 | 000,377,782 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O1 - Hosts: 127.0.0.1 www.007guard.com
    O1 - Hosts: 127.0.0.1 007guard.com
    O1 - Hosts: 127.0.0.1 008i.com
    O1 - Hosts: 127.0.0.1 www.008k.com
    O1 - Hosts: 127.0.0.1 008k.com
    O1 - Hosts: 127.0.0.1 www.00hq.com
    O1 - Hosts: 127.0.0.1 00hq.com
    O1 - Hosts: 127.0.0.1 010402.com
    O1 - Hosts: 127.0.0.1 www.032439.com
    O1 - Hosts: 127.0.0.1 032439.com
    O1 - Hosts: 127.0.0.1 www.0scan.com
    O1 - Hosts: 127.0.0.1 0scan.com
    O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
    O1 - Hosts: 127.0.0.1 1000gratisproben.com
    O1 - Hosts: 127.0.0.1 www.1001namen.com
    O1 - Hosts: 127.0.0.1 1001namen.com
    O1 - Hosts: 127.0.0.1 www.100888290cs.com
    O1 - Hosts: 127.0.0.1 100888290cs.com
    O1 - Hosts: 127.0.0.1 www.100sexlinks.com
    O1 - Hosts: 127.0.0.1 100sexlinks.com
    O1 - Hosts: 127.0.0.1 10sek.com
    O1 - Hosts: 127.0.0.1 www.10sek.com
    O1 - Hosts: 127.0.0.1 1-2005-search.com
    O1 - Hosts: 13023 more lines...
    O2 - BHO: (ZILLAbar Browser Helper Object) - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\Toolbar\SZSG.dll (iS3, Inc)
    O2 - BHO: (no name) - {474597C5-AB09-49d6-A4D5-2E8D7341384E} - No CLSID value found.
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll (Kaspersky Lab)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
    O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
    O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
    O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
    O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (STOPzilla) - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\Toolbar\SZSG.dll (iS3, Inc)
    O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - SITEguard - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
    O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O4 - HKLM..\Run: [Acer ePower Management] C:\Program Files\PACKARD BELL\Packard Bell PowerSave Solution\ePowerTrayLauncher.exe (Acer Incorporated)
    O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe (Kaspersky Lab)
    O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
    O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe ()
    O4 - HKLM..\Run: [RemoteControl8] C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
    O4 - HKCU..\Run: [cacaoweb] C:\Users\Rachel\AppData\Roaming\cacaoweb\cacaoweb.exe ()
    O4 - HKCU..\Run: [Home Typist] C:\Program Files\Invention Pilot\Home Typist\HTypist.exe File not found
    O4 - HKCU..\Run: [SmpcSys] C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe (Acer Incorporated)
    O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
    O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
    O4 - Startup: C:\Users\Rachel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk = C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe File not found
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm ()
    O9 - Extra Button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll (Kaspersky Lab)
    O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
    O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\mzvkbd.dll (Kaspersky Lab)
    O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\adialhk.dll (Kaspersky Lab)
    O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\kloehk.dll (Kaspersky Lab)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - C:\Windows\System32\klogon.dll (Kaspersky Lab)
    O24 - Desktop WallPaper: C:\Users\Rachel\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O24 - Desktop BackupWallPaper: C:\Users\Rachel\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O33 - MountPoints2\{c84ce878-aec4-11de-914a-00235a966eac}\Shell - "" = AutoRun
    O33 - MountPoints2\{c84ce878-aec4-11de-914a-00235a966eac}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
    O33 - MountPoints2\F\Shell - "" = AutoRun
    O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found

    Drivers32: msacm.l3acm - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
    Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/12/26 14:29:03 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
    [2010/12/26 14:28:57 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2010/12/25 10:01:41 | 000,000,000 | ---D | C] -- C:\ProgramData\gCmLl08200
    [2010/12/20 14:48:21 | 000,000,000 | ---D | C] -- C:\Users\Rachel\AppData\Roaming\cacaoweb
    [2010/12/15 19:44:28 | 002,038,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
    [2010/12/15 19:44:26 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
    [2010/12/15 19:44:26 | 000,345,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
    [2010/12/15 19:44:26 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
    [2010/12/15 19:44:24 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
    [2010/12/15 19:44:23 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
    [2010/12/15 19:44:22 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
    [2010/12/15 19:44:22 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
    [2010/12/15 19:44:19 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
    [2010/12/15 19:44:18 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
    [2010/12/15 19:44:18 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
    [2010/12/15 19:44:18 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
    [2010/12/15 19:44:18 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
    [2010/12/15 19:44:18 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
    [2010/12/15 19:44:18 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
    [2010/12/15 19:44:18 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
    [2010/12/15 19:44:18 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
    [2010/12/15 19:44:18 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
    [2010/12/15 19:44:18 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
    [2010/12/15 19:44:18 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
    [2010/12/15 19:44:18 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
    [2010/12/15 19:44:18 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
    [2010/12/15 19:44:17 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
    [2010/12/15 19:44:17 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
    [2010/12/15 19:44:17 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
    [2010/12/15 19:44:05 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
    [1 C:\Users\Rachel\Documents\*.tmp files -> C:\Users\Rachel\Documents\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2010/12/26 19:40:21 | 000,604,520 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2010/12/26 19:40:21 | 000,107,796 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2010/12/26 19:40:04 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2010/12/26 19:34:41 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2010/12/26 19:34:35 | 000,004,384 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2010/12/26 19:34:35 | 000,004,384 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2010/12/26 19:34:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2010/12/26 19:34:22 | 2949,070,848 | -HS- | M] () -- C:\hiberfil.sys
    [2010/12/26 19:33:42 | 004,501,536 | -HS- | M] () -- C:\Windows\System32\drivers\fidbox.dat
    [2010/12/26 19:33:42 | 000,925,728 | -HS- | M] () -- C:\Windows\System32\drivers\fidbox2.dat
    [2010/12/26 19:33:42 | 000,036,248 | -HS- | M] () -- C:\Windows\System32\drivers\fidbox.idx
    [2010/12/26 19:33:42 | 000,004,244 | -HS- | M] () -- C:\Windows\System32\drivers\fidbox2.idx
    [2010/12/26 16:13:00 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4127821002-2094884117-1205626698-1000UA.job
    [2010/12/26 15:19:20 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{8A8FA6DB-374E-496D-BBD3-FFC4D5D3548E}.job
    [2010/12/26 14:29:03 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/12/26 14:19:58 | 000,001,356 | ---- | M] () -- C:\Users\Rachel\AppData\Local\d3d9caps.dat
    [2010/12/24 18:13:00 | 000,000,858 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4127821002-2094884117-1205626698-1000Core.job
    [2010/12/20 19:19:23 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
    [2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
    [2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2010/12/20 16:06:50 | 000,026,624 | ---- | M] () -- C:\Users\Rachel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/12/20 14:48:25 | 000,307,440 | ---- | M] () -- C:\Users\Rachel\Desktop\cacaoweb.exe
    [2010/12/16 07:44:10 | 000,301,072 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2010/12/15 23:14:25 | 000,002,049 | ---- | M] () -- C:\Users\Rachel\Desktop\Google Chrome.lnk
    [2010/12/08 22:59:10 | 000,002,627 | ---- | M] () -- C:\Users\Rachel\Desktop\Microsoft Office Word 2007.lnk
    [2010/12/01 21:32:38 | 000,016,462 | ---- | M] () -- C:\Users\Rachel\Documents\Coompare and Contarast how April de Angelis in Playouse Creatures nand Brian Friel in Living Quarters Explore the Theme of Betrayal.docx
    [1 C:\Users\Rachel\Documents\*.tmp files -> C:\Users\Rachel\Documents\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2010/12/26 15:17:04 | 2949,070,848 | -HS- | C] () -- C:\hiberfil.sys
    [2010/12/26 14:29:03 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/12/20 14:48:21 | 000,307,440 | ---- | C] () -- C:\Users\Rachel\Desktop\cacaoweb.exe
    [2010/12/17 19:25:08 | 000,111,857 | ---- | C] () -- C:\Users\Rachel\Documents\P1000249.JPG
    [2010/12/17 19:24:29 | 025,591,296 | ---- | C] () -- C:\Users\Rachel\Documents\P1000248.MOV
    [2010/12/17 19:24:29 | 000,115,498 | ---- | C] () -- C:\Users\Rachel\Documents\P1000248.JPG
    [2010/11/30 22:52:03 | 000,016,462 | ---- | C] () -- C:\Users\Rachel\Documents\Coompare and Contarast how April de Angelis in Playouse Creatures nand Brian Friel in Living Quarters Explore the Theme of Betrayal.docx
    [2010/10/22 18:03:24 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
    [2010/09/27 15:46:27 | 000,001,356 | ---- | C] () -- C:\Users\Rachel\AppData\Local\d3d9caps.dat
    [2010/03/24 23:38:20 | 000,000,000 | ---- | C] () -- C:\Users\Rachel\AppData\Roaming\wklnhst.dat
    [2010/02/15 17:20:37 | 000,069,632 | ---- | C] () -- C:\Windows\System32\MobOlExt.dll
    [2010/01/29 20:01:40 | 000,012,762 | -HS- | C] () -- C:\Users\Rachel\AppData\Local\rifW
    [2010/01/23 04:22:55 | 000,000,000 | ---- | C] () -- C:\Users\Rachel\AppData\Roaming\apocalyps32.exe
    [2010/01/13 20:30:05 | 000,000,203 | ---- | C] () -- C:\Windows\gsp_gcse.ini
    [2010/01/13 20:29:32 | 000,000,036 | ---- | C] () -- C:\Windows\Tiny_Run.ini
    [2009/12/02 21:00:52 | 000,076,407 | ---- | C] () -- C:\Users\Rachel\AppData\Roaming\Smiley.ico
    [2009/09/17 18:15:41 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
    [2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
    [2009/08/02 09:42:19 | 000,026,624 | ---- | C] () -- C:\Users\Rachel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009/08/02 09:37:17 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
    [2009/03/12 18:26:53 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
    [2009/03/12 08:10:13 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
    [2006/11/02 12:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
    [2006/11/02 07:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

    ========== LOP Check ==========

    [2010/01/23 04:22:55 | 000,000,000 | ---D | M] -- C:\Users\Rachel\AppData\Roaming\ap0calypse_68C0B067
    [2009/08/03 22:13:58 | 000,000,000 | ---D | M] -- C:\Users\Rachel\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
    [2010/12/25 09:51:48 | 000,000,000 | ---D | M] -- C:\Users\Rachel\AppData\Roaming\cacaoweb
    [2009/10/26 18:45:37 | 000,000,000 | ---D | M] -- C:\Users\Rachel\AppData\Roaming\Home Sweet Home
    [2010/12/07 00:03:10 | 000,000,000 | ---D | M] -- C:\Users\Rachel\AppData\Roaming\LimeWire
    [2009/08/02 08:55:56 | 000,000,000 | ---D | M] -- C:\Users\Rachel\AppData\Roaming\Packard Bell
    [2010/10/25 22:45:54 | 000,000,000 | ---D | M] -- C:\Users\Rachel\AppData\Roaming\Spotify
    [2010/12/26 19:33:35 | 000,032,626 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
    [2010/12/26 15:19:20 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{8A8FA6DB-374E-496D-BBD3-FFC4D5D3548E}.job

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
    [2009/04/11 06:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
    [2009/03/12 08:12:30 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
    [2006/09/18 21:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
    [2010/12/26 19:34:22 | 2949,070,848 | -HS- | M] () -- C:\hiberfil.sys
    [2010/01/13 20:29:57 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2010/01/13 20:29:57 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2010/12/26 19:34:20 | 3264,925,696 | -HS- | M] () -- C:\pagefile.sys
    [2009/03/12 18:14:27 | 000,002,917 | ---- | M] () -- C:\RHDSetup.log
    [2010/12/26 14:25:45 | 000,000,778 | ---- | M] () -- C:\rkill.log

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2008/01/21 03:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
    [2008/01/21 03:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
    [2008/01/21 03:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
    [2006/11/02 10:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
    [2006/11/02 10:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-12-24 15:32:20

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:2AF40C07
    @Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:67518200
    @Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:6ECD2470
    @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:AED4FFF5
    @Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:A8ADE5D8
    @Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:517B507A
    @Alternate Data Stream - 103 bytes -> C:\ProgramData\Temp:DFC5A2B2

    < End of report >


    And the Extras.Txt


    OTL Extras logfile created on: 26/12/2010 19:37:51 - Run 1
    OTL by OldTimer - Version 3.2.18.0 Folder = C:\Users\Rachel\Downloads
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18999)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 55.00% Memory free
    6.00 Gb Paging File | 5.00 Gb Available in Paging File | 79.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 219.88 Gb Total Space | 144.77 Gb Free Space | 65.84% Space Free | Partition Type: NTFS

    Computer Name: RACHELS_PC | User Name: Rachel | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
    "DisableMonitoring" = 1
    "" =

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "VistaSp2" = Reg Error: Unknown registry data type -- File not found

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{1465E364-9704-4E33-9A2D-7AB2E7E64972}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{3583A215-998A-4FAB-8FFD-CC218053C8FA}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
    "{4569E902-1A7A-44B6-AF35-846E1688537E}" = lport=138 | protocol=17 | dir=in | app=system |
    "{6069E45F-E7AA-49D7-85D6-7F7A3C4F8334}" = lport=445 | protocol=6 | dir=in | app=system |
    "{66A8DAEC-2B28-4A09-80FE-1836AF63F8A8}" = rport=137 | protocol=17 | dir=out | app=system |
    "{76E870EE-78A2-4E72-90D2-B4E1554AFE03}" = rport=139 | protocol=6 | dir=out | app=system |
    "{8AF53A9E-C14A-444A-81D2-F5AF4F1477AC}" = rport=138 | protocol=17 | dir=out | app=system |
    "{90BC8990-FF3F-4279-ADF9-7BFCC7889DEA}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{A4259609-71DF-4EE3-92C8-7B5A058915C6}" = lport=139 | protocol=6 | dir=in | app=system |
    "{C23DB4E6-B81A-41C9-B37B-498381DB8504}" = rport=445 | protocol=6 | dir=out | app=system |
    "{CFEE7672-D6EA-4C12-848B-5E55D0D8718A}" = lport=137 | protocol=17 | dir=in | app=system |
    "{D481669E-16A4-4861-8FB4-713C0C22FE3C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{059ADD6C-1B89-43F8-96A0-3CE34542FE45}" = protocol=1 | dir=in | [email protected],-28543 |
    "{11BDF117-A7A8-4B67-B545-391CA74767D8}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{305C8E89-3C22-47EC-8586-FDD257E2454B}" = dir=in | app=c:\program files\cyberlink\powerdvd8\powerdvd8.exe |
    "{37DF88B7-913D-487B-8D15-DBBAA52F8B85}" = dir=in | app=c:\program files\itunes\itunes.exe |
    "{790664C5-ED8B-403B-B187-7E52FABE668B}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
    "{84DD1C8E-B5E5-4F3B-A7AA-D6C1D0595473}" = protocol=58 | dir=in | [email protected],-28545 |
    "{A3E81368-32FF-43C5-B5C2-C02B6BF08E20}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{B03DEF0E-1668-4939-9E86-9F85B211BEC1}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{C628213E-0D1E-46C0-9F8B-C553884218A3}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{D692F026-0D9F-4C77-80F8-6F6866248DE5}" = protocol=58 | dir=out | [email protected],-28546 |
    "{DF4E0890-6CF0-427B-BE0C-513AF957C8A6}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
    "{EAB16143-99A3-46FF-A3D2-1876C44F1E3F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{EB30B746-B0E0-48AA-8C51-FDC0C3FEC8A4}" = protocol=1 | dir=out | [email protected],-28544 |
    "TCP Query User{1C283AF7-C958-4D9B-BFEC-76AA5799089A}C:\program files\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\program files\spotify\spotify.exe |
    "TCP Query User{3BF37B16-D17B-406D-90D3-7C2AED7C1ACA}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
    "TCP Query User{8D6D5A75-B4A0-48D0-A18E-5BED08B7888F}C:\program files\imesh applications\imesh\imesh.exe" = protocol=6 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |
    "TCP Query User{8EE0EA87-BFC3-477F-BB3F-156ACB084220}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
    "TCP Query User{DE9C537C-182B-41AB-8EEF-7B313E1621F2}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
    "UDP Query User{0224218E-6DA7-4CBA-9349-0B4261D2574C}C:\program files\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\program files\spotify\spotify.exe |
    "UDP Query User{851F7FF4-0508-405E-968A-38F90E7AC94D}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
    "UDP Query User{987F684E-DE95-4960-A61B-87FFD8940C17}C:\program files\imesh applications\imesh\imesh.exe" = protocol=17 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |
    "UDP Query User{BED8D804-977D-4983-8EB8-34ECDB728AFA}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
    "UDP Query User{D727727B-D38E-47F4-8792-2F8A11FDCFA7}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{01F8AA87-0B08-DFE7-6248-4ACAC76A3656}" = CCC Help Hungarian
    "{02D75F37-8ADF-545D-B51D-81D41C10AE2B}" = CCC Help Russian
    "{03216980-BEFF-F79E-D158-2D9F8D908982}" = CCC Help Korean
    "{05BDE771-F0AC-8BFF-6394-2FB8D14DCB09}" = CCC Help Portuguese
    "{09AA42C9-5867-5DCD-38AB-80EF357CE8FB}" = CCC Help Chinese Traditional
    "{0D295166-28F5-3839-7072-762C9B77DB72}" = Catalyst Control Center Localization Russian
    "{114A21FC-E15A-EE2F-5BBE-B7F675E97075}" = Catalyst Control Center Localization French
    "{123ED099-5872-85F8-7228-8A4B6B9AB115}" = Catalyst Control Center Graphics Full New
    "{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety
    "{14169761-2E91-F471-A2B8-C3D70AAFF62E}" = Catalyst Control Center Localization Spanish
    "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{1B6E1845-5454-0351-5E45-6A378B77F163}" = CCC Help Italian
    "{1BBEE7E7-82EF-7DB5-D2B0-5D9481F72587}" = CCC Help Turkish
    "{1FC2584D-B6F3-8C91-61D2-C60778D1B210}" = Catalyst Control Center Localization Chinese Standard
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 17
    "{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
    "{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
    "{30062FDB-7F63-5179-A263-58BED9B4D33B}" = ccc-utility
    "{3032B823-6AA5-8BD1-72F5-BD045D9D5547}" = Catalyst Control Center Localization Czech
    "{32B09F2B-6241-6A8D-5D2C-C30763C6A90E}" = CCC Help French
    "{34E15301-FBA0-1A24-288C-7FADC3A52A70}" = CCC Help Greek
    "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
    "{3DB0448D-AD82-4923-B305-D001E521A964}" = Packard Bell PowerSave Solution
    "{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
    "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
    "{45FFF505-8CA6-9CDF-9749-D589AD8BDBF0}" = CCC Help Dutch
    "{486B5BE1-0C46-401A-2AFE-86B69168C172}" = CCC Help Polish
    "{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
    "{4E5EAE73-9329-12EE-64B1-2945D94BBCBB}" = CCC Help Norwegian
    "{520782BB-ECB5-65CD-60F6-994A417CD9B9}" = Catalyst Control Center Localization Korean
    "{52AA5EF7-D840-1D03-8A1C-4A030F204437}" = Catalyst Control Center Localization Greek
    "{52DDAE8B-FFBF-2FAF-B3A9-154564630C35}" = ccc-core-static
    "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
    "{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
    "{5959122F-0D76-DEE2-089D-16948CE63102}" = CCC Help Czech
    "{5B729ADC-5F03-07F4-CABB-AD10906431EF}" = Catalyst Control Center Localization Danish
    "{5C1BF3AC-B19D-4C26-B0A0-90833A521033}" = Nero 8 Essentials
    "{625E0A65-5C45-33C2-9442-025B5F82AC99}" = Catalyst Control Center Graphics Full Existing
    "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
    "{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
    "{6CAEDBFE-86BC-89C9-084A-1F3F35D5ECE8}" = Catalyst Control Center Localization Dutch
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
    "{73290804-96DA-1E25-6997-5D678E85AD71}" = Catalyst Control Center Localization Finnish
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
    "{7A857D15-7CE4-FC05-1F68-95A9A7407F21}" = CCC Help Chinese Standard
    "{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
    "{7E67C8B8-77AA-CB5A-74F3-1703FE0EE1CE}" = Catalyst Control Center Localization Italian
    "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Packard Bell Recovery Management
    "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{84A20CDB-73BA-105D-5C9A-BBF2F5C17DF7}" = Catalyst Control Center Localization Japanese
    "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
    "{8ABA8EAC-503A-684A-5CA1-E4E45B624724}" = Catalyst Control Center InstallProxy
    "{8B5EB09E-CF76-396A-72D7-A2779A48D841}" = Catalyst Control Center Localization Norwegian
    "{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55}" = Kaspersky Internet Security 2009
    "{8F5BDB91-4EC4-56D7-1312-8F197B325044}" = ATI Catalyst Install Manager
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{92ABBA93-EE00-41C7-8D44-67D0C9DEF51E}" = Catalyst Control Center - Branding
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9B10C3A2-D43D-ADAD-191B-2FA0CD2FAA17}" = Catalyst Control Center Localization Hungarian
    "{9CB497F2-2420-CBFA-5685-0E63781A0386}" = CCC Help Thai
    "{9D8BC7F4-661A-F902-4DD1-74B5826DEB28}" = Catalyst Control Center Localization Swedish
    "{A2297386-0DB1-18D4-193C-885E6AD09707}" = Catalyst Control Center Core Implementation
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A5653E98-C00B-421B-86A2-E7DA75BFD97A}" = STOPzilla Toolbar
    "{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Video Web Camera
    "{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
    "{AFD10BFE-21A6-EB0A-6177-7B037A8A479E}" = CCC Help Danish
    "{B1F876C9-0226-29FD-E829-B7E9A56DBF01}" = Catalyst Control Center Localization Chinese Traditional
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{B3D26119-3F6B-5E13-50E6-53C9473986E4}" = CCC Help Japanese
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
    "{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
    "{C2F62AF2-8748-4CAE-BE53-1AF4763CFC15}" = AMD USB Audio Driver Filter
    "{C320F434-AFAC-9F46-46E3-B7066E2E5A17}" = Catalyst Control Center Localization Thai
    "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
    "{C7CB1394-DF88-7110-D9B2-C500133B66DE}" = Catalyst Control Center Localization Turkish
    "{C9223CC9-19F4-78A9-AF1E-8D5DB16678C1}" = CCC Help Finnish
    "{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
    "{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D2182DE0-F06D-A736-95D8-6B60AA0CA353}" = Catalyst Control Center Localization Polish
    "{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
    "{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
    "{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
    "{DE710185-AEB4-946E-7F34-82FB1B8E9B5A}" = Catalyst Control Center Localization Portuguese
    "{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
    "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
    "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
    "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
    "{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
    "{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
    "{E9AF6504-976A-A370-337C-26E97C1B4E2D}" = CCC Help Swedish
    "{EA36B873-F44D-0362-8785-813DA1A71AD6}" = CCC Help German
    "{F0000760-930B-AA6B-F26F-D7A9D7385093}" = CCC Help English
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
    "{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0
    "{F6977E72-CB30-656B-BFCB-DF6F2A642AFB}" = Catalyst Control Center Localization German
    "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
    "{FE528266-7604-8657-3B46-B7AB72B2A566}" = Catalyst Control Center Graphics Light
    "{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "{FF8AFB53-F39D-1713-FB1D-66D2D5E5C4DD}" = CCC Help Spanish
    "Ad-Aware" = Ad-Aware
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "ALCATEL PC Suite_is1" = ALCATEL PC Suite V6.3.19
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "EADM" = EA Download Manager
    "HOMESTUDENTR" = Microsoft Office Home and Student 2007
    "Identity Card" = Identity Card
    "InfoCentre" = InfoCentre
    "InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
    "InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Packard Bell MyBackup
    "InstallWIX_{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55}" = Kaspersky Internet Security 2009
    "LimeWire" = LimeWire 5.5.14
    "LManager" = Launch Manager
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Messenger Plus! Live" = Messenger Plus! Live
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
    "Packard Bell Customer Registration" = Packard Bell Customer Registration
    "PackardBell Screensaver" = PackardBell ScreenSaver
    "Recuva" = Recuva
    "SetUpMyPC" = SetUpMyPC
    "Spotify" = Spotify
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "Updator" = Updator
    "VLC media player" = VLC media player 1.1.4
    "WinLiveSuite_Wave3" = Windows Live Essentials

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Google Chrome" = Google Chrome

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 06/12/2010 12:53:23 | Computer Name = rachels_pc | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksdb.exe".
    Dependent
    Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 06/12/2010 12:53:23 | Computer Name = rachels_pc | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe".
    Dependent
    Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 06/12/2010 12:53:23 | Computer Name = rachels_pc | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".
    Dependent
    Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 06/12/2010 17:25:10 | Computer Name = rachels_pc | Source = Windows Search Service | ID = 3013
    Description =

    Error - 06/12/2010 18:45:09 | Computer Name = rachels_pc | Source = Application Error | ID = 1000
    Description = Faulting application chrome.exe, version 0.0.0.0, time stamp 0x4cf490bf,
    faulting module gcswf32.dll, version 10.1.103.20, time stamp 0x4cd9f257, exception
    code 0xc0000005, fault offset 0x00182a4b, process id 0x5f4, application start time
    0x01cb95669e483b5d.

    Error - 06/12/2010 19:04:49 | Computer Name = rachels_pc | Source = Application Error | ID = 1000
    Description = Faulting application chrome.exe, version 0.0.0.0, time stamp 0x4cf490bf,
    faulting module gcswf32.dll, version 10.1.103.20, time stamp 0x4cd9f257, exception
    code 0xc0000005, fault offset 0x00182a45, process id 0x12cc, application start time
    0x01cb95974f95f8a0.

    Error - 06/12/2010 20:03:20 | Computer Name = rachels_pc | Source = Bonjour Service | ID = 100
    Description = 400: ERROR: read_msg errno 10054 (An existing connection was forcibly
    closed by the remote host.)

    Error - 06/12/2010 20:03:20 | Computer Name = rachels_pc | Source = Bonjour Service | ID = 100
    Description = 408: ERROR: read_msg errno 10054 (An existing connection was forcibly
    closed by the remote host.)

    Error - 06/12/2010 20:03:20 | Computer Name = rachels_pc | Source = Bonjour Service | ID = 100
    Description = 404: ERROR: read_msg errno 10054 (An existing connection was forcibly
    closed by the remote host.)

    Error - 06/12/2010 20:03:20 | Computer Name = rachels_pc | Source = Bonjour Service | ID = 100
    Description = 412: ERROR: read_msg errno 10054 (An existing connection was forcibly
    closed by the remote host.)

    [ OSession Events ]
    Error - 30/04/2010 19:25:25 | Computer Name = rachels_pc | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 13912
    seconds with 120 seconds of active time. This session ended with a crash.

    Error - 25/06/2010 20:38:03 | Computer Name = rachels_pc | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6535.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3464
    seconds with 240 seconds of active time. This session ended with a crash.

    [ System Events ]
    Error - 26/12/2010 11:24:00 | Computer Name = rachels_pc | Source = bowser | ID = 8003
    Description =

    Error - 26/12/2010 15:16:55 | Computer Name = rachels_pc | Source = Service Control Manager | ID = 7000
    Description =

    Error - 26/12/2010 15:16:55 | Computer Name = rachels_pc | Source = Service Control Manager | ID = 7009
    Description =

    Error - 26/12/2010 15:16:55 | Computer Name = rachels_pc | Source = Service Control Manager | ID = 7000
    Description =

    Error - 26/12/2010 15:19:29 | Computer Name = rachels_pc | Source = bowser | ID = 8003
    Description =

    Error - 26/12/2010 15:20:16 | Computer Name = rachels_pc | Source = Service Control Manager | ID = 7034
    Description =

    Error - 26/12/2010 15:34:37 | Computer Name = rachels_pc | Source = Service Control Manager | ID = 7000
    Description =

    Error - 26/12/2010 15:34:37 | Computer Name = rachels_pc | Source = Service Control Manager | ID = 7009
    Description =

    Error - 26/12/2010 15:34:37 | Computer Name = rachels_pc | Source = Service Control Manager | ID = 7000
    Description =

    Error - 26/12/2010 15:35:22 | Computer Name = rachels_pc | Source = bowser | ID = 8003
    Description =


    < End of report >
     
  7. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    How is your system responding, any issues?
     
  8. Shiningbright

    Shiningbright Thread Starter

    Joined:
    Dec 25, 2010
    Messages:
    11
    Um it seems to be working now, thank you so much! Do you think it's been cleared up now, or is there anything else I need to do?
     
  9. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Hiya Shiningbright,

    Proceed as follows :-

    Step 1

    • Re-open [​IMG] to run it. (Vista and Win 7 users, right click on OTL and "Run as administrator")
    • Click on the [​IMG] button.
    • Click Yes to begin the cleanup process and remove tools, including this application
    • You may be asked to reboot the machine to finish the cleanup process - if so, choose Yes

    Step 2

    You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version.
    For this reason, it's extremely important that you keep the program up to date, and also remove the older more vulnerable versions from your system.
    The most current version of Sun Java is: Java Runtime Environment Version 6 Update 23.

    • Go to Sun Java
    • Select Windows 7/XP/Vista/2000/2003/2008 If using 64 bit OS Select Information about the 64-bit Java plug-in and follow prompts
    • Install the new version by running the newly-downloaded file with the java icon which will be at your desktop, and follow the on-screen instructions.
    • Reboot your computer

    Step 3

    Your Adobe Acrobat Reader is out of date. Older versions are vulnerable to attack and exploitation.

    Please go to the link below to update.

    Adobe Reader Untick the Free McAfee® Security Scan Plus (optional) unless you want it.

    Let me know if the above completed OK, also any remaining issues?

    Kevin
     
  10. Shiningbright

    Shiningbright Thread Starter

    Joined:
    Dec 25, 2010
    Messages:
    11
    It seems to be OK now, except that Java didn't go onto my desktop, so is it properly installed?
    And, SpyBot keeps coming up with it's little pop up box saying:
    category: System Startup Global entry
    Change: Value deleted
    Entry: Skytel
    Old Data: C:\ProgramFiles\Realtek\Audio\HDA\Skytel

    should i deny, accept or what?
    Thanks!
     
  11. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    The Java installer will have gone where ever your downloads go, if you ran the installer it should be OK, have a look in Uninstall a Program via the Control Panel, if the install went OK you should see the new Java version 6 update 23 in the list. Any older ones should be uninstalled.

    Accept the alert from Spybot, that is OK.

    Let me know if Java is OK, also any other problems
     
  12. Shiningbright

    Shiningbright Thread Starter

    Joined:
    Dec 25, 2010
    Messages:
    11
    Java is all fine, which is great thank you :)
    are there any other precautions i can do to help stop this happening again? I've looked it up, and I think it's something like the blue screen of death? The websites i looked at said it could be a one time thing or keep happening regularly - will have to do all of these steps again, should that happen?
     
  13. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    I think you`re getting mixed up, you were infected with a rogue program (Security Tools) its sole purpose is to try and extort money from you under false pretenses. It will take over your system completely and cause you a lot of pain
    I never actually saw any reference to a BSOD, the usual cause for that is a corrupt driver.

    Your latest logs are clean and you say that your system is running well, it would be an excellent idea to keep it that way. The following advice will go along way to keeping you secure so that you can enjoy safe and happy surfing.

    Here are some tips to reduce the potential for malware infection in the future; I strongly recommend that you read them and take them to heart so that you don't have to endure the process of cleaning your computer again.

    Make proper use of your antivirus and firewall

    Antivirus and Firewall programs are integral to your computer security. However, just having them installed isn't enough. The definitions of these programs are frequently updated to detect the latest malware, if you don't keep up with these updates then you'll be vulnerable to infection. Many antivirus and firewall programs have automatic update features, make use of those if you can. If your program doesn't, then get in the habit of routinely performing manual updates, because it's important.

    You should keep your antivirus and firewall guard enabled at all times, NEVER turn them off unless there's a specific reason to do so. Also, regularly performing a full system scan with your antivirus program is a good idea to make sure you're system remains clean. Once a week should be adequate. You can set the scan to run during a time when you don't plan to use the computer and just leave it to complete on its own.

    Install and use WinPatrol This will inform you of any attempted unauthorized changes to your system.

    WinPatrol features explained Here

    You will have several programs installed, these maybe outdated and vulnerable to exploits also. To be certain, please run the free online scan by Secunia, available Here Before clicking the Start scan button, please check the box for the option Enable thorough system inspection. Just below the "Scan Options:" section, you'll see the status of what's currently processing.... [​IMG]
    ...when the scan completes, the message "Detection completed successfully" will appear in the Programs/Result section. For each problem detected, Secunia will offer a "Solution" option. Please follow those instructions to download updated versions of the programs as recommended by Secunia.


    Use a safer web browser

    Internet Explorer is not the most secure tool for browsing the web. It has been known to be very susceptible to infection, and there are a few good free alternatives:

    Firefox,

    Opera, and

    Chrome.

    All of these are excellent faster, safer, more powerful and functional free alternatives to Internet Explorer. It's definitely worth the short period of adjustment to start using one of these. If you wish to continue using Internet Explorer, it would be a good idea to follow the tutorial HERE which will help you to make IE MUCH safer.

    These browser add-ons will help to make your browser safer:

    Web of Trust warns you about risky websites that try to scam visitors, deliver malware or send spam. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous ones:

    Available for Firefox and Internet Explorer.

    Green to go,
    Yellow for caution, and
    Red to stop.


    Available for Firefox only. NoScript helps to block malicious scripts and in general gives you much better control over what types of things webpages can do to your computer while you're browsing.

    These are just a couple of the most popular add-ons, if you're interested in more, take a look at THIS article.

    Here a couple of links by two security experts that will give some excellent tips and advice.

    So how did I get infected in the first place by Tony Klein

    How to prevent Malware by Miekiemoes

    Finally this link HERE will give a comprehensive upto date list of free Security programs. To include - Antivirus, Antispyware, Firewall, Antimalware, Online scanners and rescue CD`s.

    Let me know if you have any remaining issues or questions. Don`t forget, the best form of defense is common sense. If you don`t recognize it, don`t open it. If something looks to good to be true, then it aint.

    If you have no remaining issues hit the Mark Solved tab at the top of the thread,

    Kevin
     
  14. Shiningbright

    Shiningbright Thread Starter

    Joined:
    Dec 25, 2010
    Messages:
    11
    I've done all of the above, thanks so much for your help! You've truly been amazing! :)
     
  15. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/970539

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice