OTL by OldTimer - Version 3.1.30.1 Folder = C:\Users\Nichole\Downloads\HELP
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16609)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 64.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.52 Gb Total Space | 163.85 Gb Free Space | 56.79% Space Free | Partition Type: NTFS
Drive D: | 9.57 Gb Total Space | 1.30 Gb Free Space | 13.61% Space Free | Partition Type: NTFS
Drive E: | 298.09 Gb Total Space | 146.26 Gb Free Space | 49.07% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
Drive G: | 6.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive L: | 981.05 Mb Total Space | 973.89 Mb Free Space | 99.27% Space Free | Partition Type: FAT
Computer Name: FAITH
Current User Name: Nichole
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2010/02/22 17:52:01 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\Nichole\Downloads\HELP\OTL(2).exe
PRC - [2010/02/08 11:02:10 | 002,343,632 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
PRC - [2010/01/15 22:09:37 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2008/01/20 03:04:37 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/12/02 08:20:20 | 001,183,744 | ---- | M] (JC&MB) -- C:\Program Files\Quicknote\quicknote.exe
PRC - [2006/11/10 07:12:08 | 000,054,832 | ---- | M] (AOL, LLC.) -- C:\Program Files\AOL 9.0\shellmon.exe
PRC - [2006/11/10 07:11:58 | 000,039,472 | ---- | M] (AOL, LLC.) -- C:\Program Files\AOL 9.0\waol.exe
PRC - [2006/10/23 07:50:35 | 000,046,640 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
PRC - [2006/09/25 19:52:48 | 000,050,736 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\1200618788\ee\aolsoftware.exe
PRC - [2003/05/15 19:36:40 | 000,446,464 | ---- | M] (Provtech Limited) -- C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe
========== Modules (SafeList) ==========
MOD - [2010/02/22 17:52:01 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\Nichole\Downloads\HELP\OTL(2).exe
MOD - [2006/11/02 04:38:57 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV - [2010/01/11 22:18:00 | 000,129,640 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Windows\System32\nvvsvc.exe -- (nvsvc)
SRV - [2009/07/21 13:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/05/13 15:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008/10/19 20:27:49 | 000,000,024 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\System32\iptools.INI -- (IPTools)
SRV - [2007/11/23 11:16:22 | 001,245,064 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2007/11/23 10:04:39 | 000,265,912 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/10/25 14:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007/10/18 15:37:04 | 000,386,560 | ---- | M] (Conexant Systems, Inc.) [Disabled | Stopped] -- C:\Windows\System32\drivers\XAudio.exe -- (XAudioService)
SRV - [2007/09/19 20:30:52 | 000,065,536 | ---- | M] (Hewlett-Packard) [Disabled | Stopped] -- c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe -- (HP Health Check Service)
SRV - [2006/11/02 07:35:29 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2006/10/23 07:50:35 | 000,046,640 | ---- | M] (AOL LLC) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.11.2
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.1
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/21 20:20:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2007/01/01 00:38:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/21 20:20:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2007/01/01 00:38:21 | 000,000,000 | ---D | M]
[2009/07/08 08:16:32 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\Mozilla\Extensions
[2009/07/08 08:16:32 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\Mozilla\Extensions\[email protected]
[2010/03/04 12:19:31 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\Mozilla\Firefox\Profiles\8fmkogpr.default\extensions
[2010/02/09 06:42:40 | 000,000,000 | ---D | M] (FlashGot) -- C:\Users\Nichole\AppData\Roaming\Mozilla\Firefox\Profiles\8fmkogpr.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2010/02/05 07:18:55 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\Nichole\AppData\Roaming\Mozilla\Firefox\Profiles\8fmkogpr.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2010/02/05 07:18:55 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Users\Nichole\AppData\Roaming\Mozilla\Firefox\Profiles\8fmkogpr.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
[2009/08/17 19:42:28 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Users\Nichole\AppData\Roaming\Mozilla\Firefox\Profiles\8fmkogpr.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}(2370)
[2009/07/22 02:55:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nichole\AppData\Roaming\Mozilla\Firefox\Profiles\8fmkogpr.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/04/19 14:50:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nichole\AppData\Roaming\Mozilla\Firefox\Profiles\8fmkogpr.default\extensions\{e1170235-2845-420c-acc3-42261a29dd46}
[2010/02/05 07:18:54 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Nichole\AppData\Roaming\Mozilla\Firefox\Profiles\8fmkogpr.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/02/02 10:03:02 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\Mozilla\Firefox\Profiles\8fmkogpr.default\extensions\[email protected]
[2010/02/09 06:42:40 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\Mozilla\Firefox\Profiles\8fmkogpr.default\extensions\[email protected]
[2010/02/05 07:18:55 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\Mozilla\Firefox\Profiles\8fmkogpr.default\extensions\[email protected]
[2010/03/04 12:19:31 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/08/24 08:52:00 | 000,300,400 | ---- | M] (Symantec Corporation) -- C:\Program Files\Mozilla Firefox\components\coFFPlgn.dll
[2008/11/11 02:38:54 | 000,663,552 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll
[2008/10/15 04:53:11 | 001,140,200 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPFxViewer.dll
O1 HOSTS File: ([2010/02/27 03:00:51 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - Reg Error: Value error. File not found
O2 - BHO: (FDMIECookiesBHO Class) - {7A780B7B-DCF1-4ec4-BB13-2DF92CAD27DB} - C:\Program Files\Light Downloader\ldmie2.dll ()
O2 - BHO: (CatcherBHO Class) - {9B4DF450-DCC7-4B07-935D-0CD757A64583} - C:\Program Files\Moyea\YouTube FLV Downloader\MoyeaCatcher.dll (Moyea Software Co., Ltd.)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ScreenPrint32] C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe (Provtech Limited)
O4 - HKCU..\Run: [AOL Fast Start] C:\Program Files\AOL 9.0\AOL.EXE (AOL, LLC.)
O4 - HKCU..\Run: [Quicknote] C:\Program Files\Quicknote\quicknote.exe (JC&MB)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Download all with Light Downloader - C:\Program Files\Light Downloader\dlall.htm ()
O8 - Extra context menu item: Download selected with Light Downloader - C:\Program Files\Light Downloader\dlselected.htm ()
O8 - Extra context menu item: Download with Light Downloader - C:\Program Files\Light Downloader\dllink.htm ()
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll File not found
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://pcpitstop.com...t/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1262300281720 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} http://download.micr...44/igdtoolx.cab (IGDTester Class)
O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} http://support.micro...gWebControl.cab (Diagnostics ActiveX WebControl)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 67.142.167.10 67.142.167.11
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Nichole\Pictures\Desktop\smiley7_1024x768.jpg
O24 - Desktop BackupWallPaper: C:\Users\Nichole\Pictures\Desktop\smiley7_1024x768.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/11/23 10:58:41 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/05/06 07:26:23 | 000,000,309 | R--- | M] () - G:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
========== Files/Folders - Created Within 14 Days ==========
[2010/03/05 06:54:25 | 000,068,200 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2010/03/05 02:22:24 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2010/02/28 15:22:29 | 000,000,000 | ---D | C] -- C:\Program Files\Emsa DLL Register Tool
[2010/02/28 14:50:50 | 000,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate
[2010/02/27 03:08:14 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/02/27 03:00:53 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2010/02/27 03:00:53 | 000,000,000 | ---D | C] -- \$RECYCLE.BIN
[2010/02/27 02:36:47 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/02/27 02:36:47 | 000,000,000 | ---D | C] -- \_OTL
[2010/02/22 17:49:31 | 000,096,104 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010/02/22 17:49:31 | 000,056,816 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010/02/22 17:49:30 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2010/02/22 17:49:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010/02/22 17:49:28 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010/02/22 03:47:25 | 000,000,000 | ---D | C] -- C:\Users\Nichole\DoctorWeb
[2010/02/22 02:44:34 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/02/22 02:44:34 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/02/22 02:44:34 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/02/22 02:44:34 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/02/21 22:43:49 | 000,000,000 | ---D | C] -- C:\Program Files\ProcessExplorer
[2010/02/21 18:58:28 | 000,000,000 | ---D | C] -- C:\Users\Nichole\Documents\My PSP8 Files
[2010/02/21 10:39:13 | 000,000,000 | ---D | C] -- C:\Windows\System32\pt-BR
[2010/02/21 08:21:31 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/02/21 08:04:40 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/02/21 08:04:40 | 000,000,000 | ---D | C] -- \Qoobox
[2010/02/21 06:43:48 | 000,000,000 | ---D | C] -- C:\Avenger
[2010/02/21 06:43:48 | 000,000,000 | ---D | C] -- \Avenger
[2010/02/20 08:59:57 | 000,000,000 | ---D | C] -- C:\Users\Nichole\Documents\cp1_0218001717
[2008/01/20 21:45:01 | 000,824,216 | ---- | C] (PC Pitstop LLC ) -- C:\Program Files\diskmd-setup-1052.exe
[2008/01/20 21:44:26 | 000,846,008 | ---- | C] (Duality Software ) -- C:\Program Files\alarm clocksetupdsc160r.exe
[2008/01/20 21:44:03 | 004,279,120 | ---- | C] (Lime Wire LLC) -- C:\Program Files\LimeWire PRO 4.12.6.exe
[2008/01/20 21:43:55 | 006,113,439 | ---- | C] (InstallShield Software Corporation) -- C:\Program Files\pci_filerecovery.exe
[2008/01/20 05:45:35 | 000,703,122 | R--- | C] (JAM Software ) -- C:\Program Files\TreeSizeSetup.exe
[2008/01/20 00:38:09 | 000,773,497 | ---- | C] (Cro-Code Software ) -- C:\Program Files\tls_setup.exe
[6 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
========== Files - Modified Within 14 Days ==========
[2010/03/05 07:23:27 | 006,815,744 | -HS- | M] () -- C:\Users\Nichole\ntuser.dat
[2010/03/05 07:22:54 | 000,000,290 | ---- | M] () -- C:\Windows\win.ini
[2010/03/05 07:19:34 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2010/03/05 07:19:27 | 000,003,600 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/03/05 07:19:27 | 000,003,600 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/03/05 07:19:25 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\AWC Startup.job
[2010/03/05 07:19:24 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/03/05 07:19:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/03/05 07:17:55 | 002,800,111 | -H-- | M] () -- C:\Users\Nichole\AppData\Local\IconCache.db
[2010/03/05 06:59:46 | 000,716,774 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/03/05 06:59:46 | 000,618,410 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/03/05 06:59:46 | 000,103,818 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/03/05 01:36:20 | 000,069,632 | ---- | M] () -- C:\Users\Nichole\Documents\jasc events.evtx
[2010/03/04 23:46:19 | 000,208,080 | ---- | M] () -- C:\Users\Nichole\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/03/01 11:11:57 | 000,524,288 | -HS- | M] () -- C:\Users\Nichole\ntuser.dat{d9aa8252-2541-11df-aa9e-00038a000015}.TMContainer00000000000000000002.regtrans-ms
[2010/03/01 11:11:57 | 000,524,288 | -HS- | M] () -- C:\Users\Nichole\ntuser.dat{d9aa8252-2541-11df-aa9e-00038a000015}.TMContainer00000000000000000001.regtrans-ms
[2010/03/01 11:11:57 | 000,065,536 | -HS- | M] () -- C:\Users\Nichole\ntuser.dat{d9aa8252-2541-11df-aa9e-00038a000015}.TM.blf
[2010/03/01 08:52:23 | 000,851,968 | ---- | M] () -- C:\Windows\SPInstall.etl
[2010/03/01 00:49:19 | 000,007,620 | ---- | M] () -- C:\Users\Nichole\AppData\Roaming\mainhst.zgh
[2010/02/28 21:46:28 | 000,069,632 | ---- | M] () -- C:\Users\Nichole\Documents\wusa.evtx
[2010/02/28 15:47:49 | 000,035,085 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/02/28 15:47:48 | 000,035,085 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/02/28 11:30:23 | 000,000,000 | -H-- | M] () -- C:\Windows\wusa.lock
[2010/02/28 10:22:16 | 000,011,827 | ---- | M] () -- C:\Users\Nichole\Documents\errors.rtf
[2010/02/27 23:50:50 | 000,000,258 | ---- | M] () -- C:\Windows\system.ini
[2010/02/27 21:40:28 | 000,003,732 | ---- | M] () -- C:\Users\Nichole\Documents\katie.rtf
[2010/02/27 03:40:51 | 000,002,631 | ---- | M] () -- C:\Users\Public\Desktop\Jasc Paint Shop Pro 8.lnk
[2010/02/27 03:00:51 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/02/27 00:32:23 | 000,008,473 | ---- | M] () -- C:\Users\Nichole\Documents\piecrust dad.rtf
[2010/02/23 19:39:22 | 000,006,594 | ---- | M] () -- C:\Users\Nichole\Documents\pie crust.rtf
[2010/02/23 17:51:12 | 000,056,816 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010/02/22 17:49:35 | 000,001,849 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010/02/22 17:36:16 | 000,000,739 | ---- | M] () -- C:\Users\Nichole\Documents\DrWeb.csv
[2010/02/22 14:17:03 | 000,000,147 | ---- | M] () -- C:\Windows\System32\tmp.files0
[2010/02/22 03:28:14 | 000,082,813 | ---- | M] () -- C:\Users\Nichole\Documents\Baddies.zip
[2010/02/21 21:30:14 | 000,000,038 | ---- | M] () -- C:\Windows\avisplitter.INI
[2010/02/20 09:04:54 | 000,076,433 | ---- | M] () -- C:\Users\Nichole\Documents\0514091931.jpg
[2010/02/20 09:04:37 | 000,061,300 | ---- | M] () -- C:\Users\Nichole\Documents\Pink.jpg
[2010/02/20 09:04:22 | 000,013,259 | ---- | M] () -- C:\Users\Nichole\Documents\0126001819a.jpg
[2010/02/20 09:04:04 | 000,086,636 | ---- | M] () -- C:\Users\Nichole\Documents\0219000747.jpg
[2010/02/20 08:59:57 | 000,052,302 | ---- | M] () -- C:\Users\Nichole\Documents\cp1_0218001717.zip
[6 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010/03/05 06:54:25 | 000,007,437 | ---- | C] () -- C:\Windows\System32\nvinfo.pb
[2010/03/05 01:36:18 | 000,069,632 | ---- | C] () -- C:\Users\Nichole\Documents\jasc events.evtx
[2010/03/01 10:08:27 | 000,524,288 | -HS- | C] () -- C:\Users\Nichole\ntuser.dat{d9aa8252-2541-11df-aa9e-00038a000015}.TMContainer00000000000000000002.regtrans-ms
[2010/03/01 10:08:27 | 000,524,288 | -HS- | C] () -- C:\Users\Nichole\ntuser.dat{d9aa8252-2541-11df-aa9e-00038a000015}.TMContainer00000000000000000001.regtrans-ms
[2010/03/01 10:08:27 | 000,065,536 | -HS- | C] () -- C:\Users\Nichole\ntuser.dat{d9aa8252-2541-11df-aa9e-00038a000015}.TM.blf
[2010/02/28 21:46:15 | 000,069,632 | ---- | C] () -- C:\Users\Nichole\Documents\wusa.evtx
[2010/02/28 16:50:43 | 000,000,802 | ---- | C] () -- C:\Users\Nichole\WuPackages.xml
[2010/02/28 11:30:23 | 000,000,000 | -H-- | C] () -- C:\Windows\wusa.lock
[2010/02/28 10:22:16 | 000,011,827 | ---- | C] () -- C:\Users\Nichole\Documents\errors.rtf
[2010/02/28 08:16:24 | 000,000,016 | ---- | C] () -- \RootRepeal report 02-28-10 (08-16-24).txt
[2010/02/27 21:40:28 | 000,003,732 | ---- | C] () -- C:\Users\Nichole\Documents\katie.rtf
[2010/02/27 03:08:12 | 000,033,608 | ---- | C] () -- \ComboFix.txt
[2010/02/27 00:32:22 | 000,008,473 | ---- | C] () -- C:\Users\Nichole\Documents\piecrust dad.rtf
[2010/02/23 19:39:22 | 000,006,594 | ---- | C] () -- C:\Users\Nichole\Documents\pie crust.rtf
[2010/02/22 17:49:35 | 000,001,849 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010/02/22 17:34:58 | 000,000,739 | ---- | C] () -- C:\Users\Nichole\Documents\DrWeb.csv
[2010/02/22 04:14:18 | 000,000,147 | ---- | C] () -- C:\Windows\System32\tmp.files0
[2010/02/22 03:28:13 | 000,082,813 | ---- | C] () -- C:\Users\Nichole\Documents\Baddies.zip
[2010/02/22 02:44:34 | 000,261,632 | ---- | C] () -- C:\Windows\PEV.exe
[2010/02/22 02:44:34 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/02/22 02:44:34 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/02/22 02:44:34 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/02/22 02:44:34 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/02/22 02:35:38 | 000,001,053 | ---- | C] () -- \CFScript.txt
[2010/02/21 22:43:34 | 001,615,732 | ---- | C] () -- C:\Program Files\ProcessExplorer.zip
[2010/02/21 14:27:40 | 000,029,555 | ---- | C] () -- \LOG 2010.txt
[2010/02/21 14:07:27 | 000,008,710 | ---- | C] () -- \avenger.txt
[2010/02/21 08:49:11 | 000,032,260 | ---- | C] () -- \log 2-21-2010.txt
[2010/02/21 06:54:21 | 000,015,514 | ---- | C] () -- \avenger2.txt
[2010/02/20 09:04:49 | 000,076,433 | ---- | C] () -- C:\Users\Nichole\Documents\0514091931.jpg
[2010/02/20 09:04:34 | 000,061,300 | ---- | C] () -- C:\Users\Nichole\Documents\Pink.jpg
[2010/02/20 09:04:18 | 000,013,259 | ---- | C] () -- C:\Users\Nichole\Documents\0126001819a.jpg
[2010/02/20 09:03:59 | 000,086,636 | ---- | C] () -- C:\Users\Nichole\Documents\0219000747.jpg
[2010/02/20 08:59:53 | 000,052,302 | ---- | C] () -- C:\Users\Nichole\Documents\cp1_0218001717.zip
[2010/02/12 03:01:26 | 000,071,168 | ---- | C] () -- C:\Windows\System32\drivers\kernel.sys
[2010/02/05 03:01:07 | 000,025,641 | ---- | C] () -- C:\Windows\Q-Dir.ini
[2010/01/09 00:42:28 | 000,002,131 | ---- | C] () -- \aaw7boot.log
[2009/12/29 05:23:18 | 000,000,036 | ---- | C] () -- C:\Users\Nichole\AppData\Local\housecall.guid.cache
[2009/12/24 17:01:35 | 001,703,968 | ---- | C] () -- C:\Program Files\VirtualDub-1.9.7.zip
[2009/11/24 21:54:35 | 000,000,028 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009/09/27 14:41:07 | 000,002,560 | ---- | C] () -- \stub.log
[2009/08/04 04:37:19 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2009/08/04 04:36:53 | 000,006,211 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2009/05/10 07:08:44 | 004,376,305 | ---- | C] () -- \MWAV.LOG
[2009/05/10 06:02:00 | 000,000,074 | ---- | C] () -- \23990098.$$$
[2009/03/24 00:57:54 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.INI
[2009/03/14 12:16:55 | 000,230,454 | ---- | C] () -- \cam0000.bmp
[2009/03/13 16:26:45 | 000,057,654 | ---- | C] () -- \img.BMP
[2008/10/28 12:04:15 | 000,010,920 | ---- | C] () -- \aolconnfix.exe
[2008/10/28 12:04:15 | 000,001,039 | ---- | C] () -- \aolconnfix.txt
[2008/10/19 20:27:49 | 000,000,024 | ---- | C] () -- C:\Windows\System32\iptools.INI
[2008/10/15 04:26:38 | 000,067,334 | ---- | C] () -- \ProcessList.txt
[2008/08/07 17:57:20 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2008/08/07 17:57:19 | 002,041,363 | ---- | C] () -- C:\Windows\System32\x264vfw.dll
[2008/08/07 17:57:19 | 000,755,027 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008/08/07 17:57:19 | 000,159,839 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008/08/07 17:57:18 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/08/07 17:57:18 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008/08/07 17:57:18 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2008/05/07 06:00:05 | 000,000,146 | ---- | C] () -- \YServer.txt
[2008/05/04 10:08:55 | 000,020,480 | ---- | C] () -- C:\Windows\System32\CPUINFO2.DLL
[2008/02/15 05:21:44 | 000,000,178 | ---- | C] () -- C:\Windows\wininit.ini
[2008/01/30 03:54:52 | 000,000,458 | ---- | C] () -- C:\Windows\justnote.ini
[2008/01/26 08:56:55 | 001,474,385 | ---- | C] () -- C:\Program Files\sprint32v2.zip
[2008/01/26 00:43:06 | 000,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2008/01/20 21:47:26 | 000,048,489 | ---- | C] () -- C:\Program Files\ipnetinfo.zip
[2008/01/20 21:02:25 | 000,049,152 | ---- | C] () -- C:\Windows\System32\OctaneARM.dll
[2008/01/20 20:50:10 | 000,000,164 | ---- | C] () -- C:\Windows\RECMGRUN.INI
[2008/01/20 20:49:59 | 000,003,455 | ---- | C] () -- C:\Windows\RECVCALL.INI
[2008/01/20 19:59:51 | 000,065,024 | ---- | C] () -- C:\Users\Nichole\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/01/20 17:50:52 | 000,007,620 | ---- | C] () -- C:\Users\Nichole\AppData\Roaming\mainhst.zgh
[2008/01/20 06:03:25 | 000,011,114 | ---- | C] () -- C:\Users\Nichole\AppData\Roaming\wklnhst.dat
[2008/01/20 05:45:48 | 192,152,327 | R--- | C] () -- C:\Program Files\AllProgramFilesZipped.zip
[2008/01/20 05:45:35 | 000,905,216 | ---- | C] () -- C:\Program Files\iview398.exe
[2008/01/20 05:00:15 | 001,680,921 | ---- | C] () -- C:\Program Files\lingvosoft-dictionary-pkpc-engbul-f.zip
[2008/01/20 05:00:14 | 003,155,350 | ---- | C] () -- C:\Program Files\lingvosoft-dictionary-pkpc-engspa-f.exe
[2008/01/20 01:40:31 | 000,043,352 | ---- | C] () -- C:\Windows\System32\wups2.dll
[2008/01/20 00:38:43 | 003,154,009 | ---- | C] () -- C:\Program Files\audacity-win-1.2.6.zip
[2008/01/20 00:38:19 | 000,000,011 | ---- | C] () -- C:\Program Files\productid.txt
[2008/01/20 00:38:02 | 001,363,968 | ---- | C] () -- C:\Program Files\stickerlite.exe
[2008/01/20 00:37:36 | 000,687,733 | ---- | C] () -- C:\Program Files\notes170.exe
[2008/01/20 00:33:19 | 000,000,000 | ---- | C] () -- \MSDOS.SYS
[2008/01/20 00:33:19 | 000,000,000 | ---- | C] () -- \IO.SYS
[2008/01/17 20:25:33 | 000,007,944 | ---- | C] () -- C:\Users\Nichole\AppData\Local\d3d9caps.dat
[2007/11/23 10:30:00 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2007/11/23 10:30:00 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2007/11/23 10:19:20 | 2325,676,032 | -HS- | C] () --
[2007/11/23 10:02:45 | 000,008,192 | R-S- | C] () -- \BOOTSECT.BAK
[2007/11/23 10:02:44 | 000,438,840 | RHS- | C] () -- \bootmgr
[2007/03/27 09:45:22 | 000,004,096 | ---- | C] () -- C:\Windows\System32\sysres.dll
[2007/01/01 01:48:46 | 001,603,760 | ---- | C] () -- C:\Program Files\Paint.NET.3.36.zip
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:23:09 | 000,000,074 | ---- | C] () -- \autoexec.bat
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 01:25:08 | 000,000,010 | ---- | C] () -- \config.sys
[2006/06/18 00:17:26 | 000,000,212 | ---- | C] () -- C:\Windows\cr8type2lightins.ini
[2002/06/28 04:43:44 | 000,438,272 | ---- | C] () -- C:\Windows\System32\xvid.dll
[2002/05/15 18:38:40 | 000,091,136 | ---- | C] () -- C:\Windows\System32\mp4fil32.dll
[2002/05/04 08:19:00 | 000,049,152 | ---- | C] () -- C:\Windows\System32\avisynthEx.dll
[1998/03/14 12:16:04 | 000,000,136 | ---- | C] () -- C:\Windows\System32\mssrina.dll
========== LOP Check ==========
[2008/11/30 17:46:47 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\AMPSoft
[2009/04/20 22:32:38 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\ArmorSurf
[2009/12/28 19:39:51 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\Ashampoo
[2008/12/16 11:07:10 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\Auslogics
[2009/05/08 03:32:57 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\Bearshare Premium P2P
[2008/08/02 19:20:45 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\BPK
[2009/07/21 03:19:35 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\BRAVIS
[2010/02/01 13:55:44 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\CBS Interactive
[2009/08/03 02:00:35 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\Digital Support
[2008/12/01 05:41:10 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\FontCreator
[2006/12/31 23:36:00 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\Free&Easy Font Viewer
[2006/12/31 23:36:00 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\GetRightToGo
[2009/05/08 03:07:50 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\GlarySoft
[2009/05/10 09:04:07 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\HouseCall 6.6
[2010/01/16 17:35:26 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\ImgBurn
[2009/12/20 03:09:58 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\Improved Software
[2010/01/16 20:40:38 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\InfraRecorder
[2009/05/22 22:22:27 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\IObit
[2009/09/17 13:03:18 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\JAM Software
[2010/02/21 06:22:52 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\Light Downloader
[2010/03/04 21:39:19 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\LimeWire
[2009/08/04 04:38:09 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\MAGIX
[2008/12/01 03:35:40 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\MainType
[2009/05/10 00:51:22 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\minimem
[2009/12/20 03:07:53 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\Moyea
[2009/12/20 04:51:53 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\NeoDownloader
[2008/01/26 07:54:45 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\NoteTab Light
[2010/02/18 07:37:45 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\Orbit
[2010/02/10 00:24:53 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\Power Sound Editor Free
[2010/02/05 03:18:53 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\Q-Dir
[2010/02/16 18:29:16 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\Screaming Bee
[2008/10/17 23:28:52 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\Se Analyzer Tool SA
[2010/01/18 14:16:26 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\SystemRequirementsLab
[2009/07/29 17:26:19 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\TamoSoft
[2008/01/20 06:03:26 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\Template
[2007/01/01 00:38:22 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\UltraExplorer
[2009/12/23 20:38:30 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\UltraGet
[2009/05/06 05:43:22 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\Uniblue
[2007/01/01 00:38:22 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\uTorrent
[2008/12/16 09:59:33 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\WinBatch
[2008/01/21 03:41:36 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\ZipGenius
[2010/03/05 07:19:25 | 000,000,374 | ---- | M] () -- C:\Windows\Tasks\AWC Startup.job
[2010/03/05 07:18:05 | 000,032,544 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:0CE7F3C9
@Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 12 bytes -> C:\Users\Nichole\My Documents:{726B6F7C-E889-4EFE-8CA3-AEF4943DBD38}
@Alternate Data Stream - 12 bytes -> C:\Users\Nichole\Documents:{726B6F7C-E889-4EFE-8CA3-AEF4943DBD38}
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:8423A1CF
< End of report >