Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

http://urlseek10.vmn.net

Started by AngieBatgirl , Apr 22 2011 12:24 PM

  • This topic is locked This topic is locked

#1
AngieBatgirl
Posted 22 April 2011 - 12:24 PM

AngieBatgirl

    Member

  • Member
  • PipPip
  • 24 posts
When I search or try to load websites, my browser (Firefox 4) keeps redirecting me to http://urlseek10.vmn.net. I did a google search for it but none of the solutions I found got rid of the redirect. I tried going into about: config and changing the keyworld.url, I uninstalled the add ons and reinstalled them one by one and I still can't get rid of it. I have a few toolbars but I made sure to uncheck the redirect option. I have Norton's antivirus and SuperAntiSpyware and neither of them pick up a virus or anything.

Hijack this:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:07:40 PM, on 4/22/2011
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Program Files (x86)\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\Dell Photo AIO Printer 926\dlcxmon.exe
C:\Program Files (x86)\Dell Photo AIO Printer 926\memcard.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\Digsby\lib\digsby-app.exe
C:\Users\Angie\AppData\Roaming\CBS Interactive\CNET TechTracker\TechTracker.exe
C:\Program Files (x86)\Freecorder\FLVSrvc.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManager.exe
C:\Program Files (x86)\Digsby\lib\aspell\bin\aspell.exe
C:\Program Files (x86)\Last.fm\LastFM.exe
C:\ProgramData\TVersity\Media Server\web\admin\TVersity.exe
C:\Program Files (x86)\Winamp\winamp.exe
C:\Program Files (x86)\twhirl\twhirl.exe
C:\Program Files (x86)\bfgclient\bfgclient.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Opera\opera.exe
C:\Program Files (x86)\Safari\Safari.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\4.3.0.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\4.3.0.5\IPSBHO.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Toolbar - Big Fish Games - {C7C9FC25-88B0-4682-9C9F-2608E9117647} - C:\Program Files (x86)\bfgbartb\BfgBarDx.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\4.3.0.5\coIEPlg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Toolbar - Big Fish Games - {C7C9FC25-88B0-4682-9C9F-2608E9117647} - C:\Program Files (x86)\bfgbartb\BfgBarDx.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
O4 - HKLM\..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Freecorder FLV Service] "C:\Program Files (x86)\Freecorder\FLVSrvc.exe" /run
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [Intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManager.lnk"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [DesktopIconToy] C:\Program Files (x86)\Desktop Icon Toy\DesktopIconToy.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [EADM] "C:\Program Files (x86)\Electronic Arts\EADM\EADMUI\EADMUI.exe"
O4 - HKCU\..\Run: [Cookienator] "C:\Program Files (x86)\Cookienator\cookienator.exe" /auto
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: CNET TechTracker.lnk = Angie\AppData\Roaming\CBS Interactive\CNET TechTracker\TechTracker.exe
O4 - Startup: OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Digsby.lnk = C:\Program Files (x86)\Digsby\digsby.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O13 - Gopher Prefix:
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: AMD Reservation Manager - Advanced Micro Devices - C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: dlcx_device - - C:\Windows\system32\dlcxcoms.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Health Check Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Auto (HPAuto) - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MotoHelper Service (MotoHelper) - Unknown owner - C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Norton Security Suite (N360) - Symantec Corporation - C:\Program Files (x86)\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files (x86)\PDF Complete\pdfsvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: RoxioNow Service - Roxio - C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: TVersity Media Server (TVersityMediaServer) - Unknown owner - C:\ProgramData\TVersity\Media Server\MediaServer.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 15992 bytes

OTL
OTL logfile created on: 4/22/2011 2:17:32 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Angie\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

12.00 Gb Total Physical Memory | 7.00 Gb Available Physical Memory | 62.00% Memory free
23.00 Gb Paging File | 19.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 685.34 Gb Total Space | 252.35 Gb Free Space | 36.82% Space Free | Partition Type: NTFS
Drive D: | 13.20 Gb Total Space | 1.62 Gb Free Space | 12.30% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive K: | 931.51 Gb Total Space | 361.64 Gb Free Space | 38.82% Space Free | Partition Type: NTFS
Drive M: | 931.51 Gb Total Space | 177.92 Gb Free Space | 19.10% Space Free | Partition Type: NTFS
Drive N: | 1.92 Gb Total Space | 1.88 Gb Free Space | 98.00% Space Free | Partition Type: NTFS

Computer Name: BATCOMPUTER | User Name: Angie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/22 14:12:44 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Angie\Downloads\OTL.exe
PRC - [2011/04/20 12:04:47 | 000,142,848 | ---- | M] () -- C:\Program Files (x86)\twhirl\twhirl.exe
PRC - [2011/04/18 01:26:51 | 000,403,240 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2011/04/14 09:51:13 | 000,941,936 | ---- | M] (Opera Software) -- C:\Program Files (x86)\Opera\opera.exe
PRC - [2011/04/12 13:41:53 | 000,122,040 | ---- | M] (dotSyntax, LLC) -- C:\Program Files (x86)\Digsby\lib\digsby-app.exe
PRC - [2011/03/29 13:33:46 | 000,399,736 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
PRC - [2011/03/22 14:38:10 | 001,596,032 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winamp.exe
PRC - [2011/03/22 14:37:06 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe
PRC - [2011/03/21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Safari\Safari.exe
PRC - [2011/03/18 13:53:06 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/03/09 08:30:08 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2011/03/03 20:26:06 | 002,621,952 | ---- | M] () -- C:\Users\Angie\AppData\Roaming\CBS Interactive\CNET TechTracker\TechTracker.exe
PRC - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/02/24 14:17:52 | 004,961,112 | ---- | M] () -- C:\Program Files (x86)\bfgclient\bfgclient.exe
PRC - [2011/02/14 21:32:52 | 001,230,704 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/02/12 01:47:11 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2011/01/30 11:45:14 | 000,821,144 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2010/12/01 10:26:42 | 000,574,216 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManager.exe
PRC - [2010/11/24 16:33:26 | 000,921,600 | ---- | M] () -- C:\ProgramData\TVersity\Media Server\MediaServer.exe
PRC - [2010/10/27 22:21:54 | 001,155,072 | ---- | M] (Last.fm) -- C:\Program Files (x86)\Last.fm\LastFM.exe
PRC - [2010/09/28 11:09:28 | 001,119,768 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe
PRC - [2010/09/11 04:02:22 | 000,399,344 | ---- | M] (Roxio) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
PRC - [2010/09/07 12:47:18 | 000,202,048 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
PRC - [2010/09/07 12:47:08 | 000,664,896 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
PRC - [2010/08/20 20:57:28 | 000,092,216 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010/06/26 14:09:18 | 000,167,936 | ---- | M] (Applian Technologies, Inc.) -- C:\Program Files (x86)\Freecorder\FLVSrvc.exe
PRC - [2010/02/25 20:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Security Suite\Engine\4.3.0.5\ccsvchst.exe
PRC - [2010/02/20 02:43:52 | 003,366,631 | ---- | M] () -- C:\ProgramData\TVersity\Media Server\web\admin\TVersity.exe
PRC - [2009/01/26 16:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/11/20 13:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
PRC - [2008/03/11 16:13:08 | 000,788,332 | ---- | M] () -- C:\Program Files (x86)\Digsby\lib\aspell\bin\aspell.exe
PRC - [2007/01/12 12:57:28 | 000,292,336 | ---- | M] () -- C:\Program Files (x86)\Dell Photo AIO Printer 926\dlcxmon.exe
PRC - [2006/11/03 18:04:46 | 000,304,008 | ---- | M] () -- C:\Program Files (x86)\Dell Photo AIO Printer 926\memcard.exe


========== Modules (SafeList) ==========

MOD - [2011/04/22 14:12:44 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Angie\Downloads\OTL.exe
MOD - [2010/11/20 07:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/12/28 22:50:34 | 000,354,304 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2010/08/05 22:51:08 | 000,291,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/08/05 22:47:48 | 000,681,528 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe -- (HPAuto)
SRV:64bit: - [2010/06/29 13:49:27 | 000,128,752 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2010/06/17 05:23:36 | 000,194,496 | ---- | M] (Advanced Micro Devices) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe -- (AMD Reservation Manager)
SRV:64bit: - [2010/05/11 11:16:12 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2006/10/11 18:36:58 | 000,561,152 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\dlcxcoms.exe -- (dlcx_device)
SRV - [2011/04/18 01:26:51 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/03/09 08:30:08 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2011/02/28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/11/24 16:33:26 | 000,921,600 | ---- | M] () [Auto | Running] -- C:\ProgramData\TVersity\Media Server\MediaServer.exe -- (TVersityMediaServer)
SRV - [2010/09/28 11:09:28 | 001,119,768 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2010/09/11 04:02:22 | 000,399,344 | ---- | M] (Roxio) [Auto | Running] -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service)
SRV - [2010/09/07 12:47:18 | 000,202,048 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
SRV - [2010/08/20 20:57:28 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/06/18 21:59:12 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/06/01 18:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/25 20:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe -- (N360)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Stopped] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2006/10/11 17:48:50 | 000,532,480 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWow64\dlcxcoms.exe -- (dlcx_device)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/04/16 14:24:49 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/02/11 22:45:22 | 000,173,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 09:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 09:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/09/03 02:59:26 | 000,349,800 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/08/13 09:35:36 | 000,075,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2010/08/13 09:35:36 | 000,038,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2010/06/18 16:09:42 | 000,030,208 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motmodem.sys -- (motmodem)
DRV:64bit: - [2010/06/18 15:42:40 | 000,020,992 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgp.sys -- (motccgp)
DRV:64bit: - [2010/05/11 11:46:18 | 006,790,656 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/05/11 10:24:20 | 000,221,184 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/05/06 00:01:59 | 000,451,120 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0403000.005\symtdiv.sys -- (SYMTDIv)
DRV:64bit: - [2010/04/29 01:03:51 | 000,150,064 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0403000.005\ironx64.sys -- (SymIRON)
DRV:64bit: - [2010/04/21 23:02:20 | 000,221,232 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0403000.005\symefa64.sys -- (SymEFA)
DRV:64bit: - [2010/04/21 22:29:51 | 000,505,392 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0403000.005\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2010/04/21 22:29:51 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0403000.005\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2010/04/01 15:44:06 | 000,026,624 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Motousbnet.sys -- (Motousbnet)
DRV:64bit: - [2010/03/10 11:33:52 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2010/02/25 20:22:52 | 000,615,040 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0403000.005\cchpx64.sys -- (ccHP)
DRV:64bit: - [2010/02/18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2010/02/17 14:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2010/02/17 14:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2010/01/25 20:57:54 | 000,010,240 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motusbdevice.sys -- (motusbdevice)
DRV:64bit: - [2009/12/22 05:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/10/14 23:50:05 | 000,433,200 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0403000.005\symds64.sys -- (SymDS)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/10 14:06:50 | 000,031,744 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motoandroid.sys -- (motandroidusb)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 18:17:08 | 000,034,152 | R--- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/01/29 18:18:12 | 000,009,216 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgpfl.sys -- (motccgpfl)
DRV:64bit: - [2009/01/29 18:11:38 | 000,006,144 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motfilt.sys -- (BTCFilterService)
DRV:64bit: - [2008/11/11 14:42:00 | 000,033,792 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem)
DRV:64bit: - [2008/11/11 14:42:00 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag)
DRV:64bit: - [2008/11/11 14:42:00 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus)
DRV:64bit: - [2007/11/02 16:52:02 | 000,008,576 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motswch.sys -- (MotoSwitchService)
DRV - [2011/04/15 16:29:04 | 001,127,032 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110419.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2011/03/31 06:08:59 | 001,828,984 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20110421.036\EX64.SYS -- (NAVEX15)
DRV - [2011/03/31 06:08:59 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20110421.036\ENG64.SYS -- (NAVENG)
DRV - [2011/03/14 14:58:28 | 000,476,792 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110421.001\IDSviA64.sys -- (IDSVia64)
DRV - [2011/02/11 02:00:00 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2011/02/11 02:00:00 | 000,132,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "Swag Bucks Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://search.swagbucks.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [email protected]:1.1.5
FF - prefs.js..extensions.enabledItems: [email protected]:1.2
FF - prefs.js..extensions.enabledItems: [email protected]:3.3.2.1
FF - prefs.js..extensions.enabledItems: [email protected]:3.9.5
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.2
FF - prefs.js..extensions.enabledItems: {1392b8d2-5c05-419f-a8f6-b9f15a596612}:3.3.2.1
FF - prefs.js..extensions.enabledItems: {3e0e7d2a-070f-4a47-b019-91fe5385ba79}:3.1.1
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.1.1
FF - prefs.js..extensions.enabledItems: {469CEB59-8266-438b-91D9-82F56D595E15}:2.5
FF - prefs.js..extensions.enabledItems: {64161300-e22b-11db-8314-0800200c9a66}:0.9.5.9
FF - prefs.js..extensions.enabledItems: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}:3.2.5.2
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908
FF - prefs.js..extensions.enabledItems: {ada4b710-8346-4b82-8199-5de2b400a6ae}:1.9.9.3
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1
FF - prefs.js..extensions.enabledItems: {ec268e28-22c6-4a6c-ac22-635cabee283c}:1.0.1
FF - prefs.js..extensions.enabledItems: {FBF6D7FB-F305-4445-BB3D-FEF66579A033}:5.0
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.12.1
FF - prefs.js..extensions.enabledItems: {6847DFAE-037A-400c-A524-27F0A281B692}:2.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: [email protected]:4.1.8
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {A79D8B60-1FF0-47F0-8E79-8CDE1FECB0FD}:1.0.0
FF - prefs.js..keyword.URL: "http://www.google.co...m.my/search?q="


FF - HKLM\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/11/06 15:52:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\ [2011/02/13 02:22:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\ [2011/02/11 22:45:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011/02/12 02:58:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011/03/21 23:30:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011/03/21 23:30:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/03/24 14:19:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/04/01 12:57:50 | 000,000,000 | ---D | M]

[2011/04/14 10:03:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Angie\AppData\Roaming\Mozilla\Extensions
[2011/04/14 10:03:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Angie\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/04/18 23:50:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Angie\AppData\Roaming\Mozilla\Firefox\Profiles\9eeqmm79.default\extensions
[2011/04/01 12:59:32 | 000,000,000 | ---D | M] ("Winamp Toolbar") -- C:\Users\Angie\AppData\Roaming\Mozilla\Firefox\Profiles\9eeqmm79.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2011/03/24 14:24:42 | 000,000,000 | ---D | M] (Freecorder Community Toolbar) -- C:\Users\Angie\AppData\Roaming\Mozilla\Firefox\Profiles\9eeqmm79.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
[2011/02/11 23:20:09 | 000,000,000 | ---D | M] (AddThis) -- C:\Users\Angie\AppData\Roaming\Mozilla\Firefox\Profiles\9eeqmm79.default\extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79}
[2011/03/24 14:24:58 | 000,000,000 | ---D | M] (FoxyTunes) -- C:\Users\Angie\AppData\Roaming\Mozilla\Firefox\Profiles\9eeqmm79.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
[2011/02/11 23:29:37 | 000,000,000 | ---D | M] (FoxyTunes Skin - Aqua Bubbles) -- C:\Users\Angie\AppData\Roaming\Mozilla\Firefox\Profiles\9eeqmm79.default\extensions\{469CEB59-8266-438b-91D9-82F56D595E15}
[2011/02/11 23:24:37 | 000,000,000 | ---D | M] (Speed Dial) -- C:\Users\Angie\AppData\Roaming\Mozilla\Firefox\Profiles\9eeqmm79.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}
[2011/02/22 18:23:13 | 000,000,000 | ---D | M] (Toolbar - Big Fish Games) -- C:\Users\Angie\AppData\Roaming\Mozilla\Firefox\Profiles\9eeqmm79.default\extensions\{6847DFAE-037A-400c-A524-27F0A281B692}
[2011/03/24 14:24:50 | 000,000,000 | ---D | M] (Swag Bucks Community Toolbar) -- C:\Users\Angie\AppData\Roaming\Mozilla\Firefox\Profiles\9eeqmm79.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}
[2011/03/23 11:33:45 | 000,000,000 | ---D | M] (Playboost Gamebar) -- C:\Users\Angie\AppData\Roaming\Mozilla\Firefox\Profiles\9eeqmm79.default\extensions\{A79D8B60-1FF0-47F0-8E79-8CDE1FECB0FD}
[2011/02/11 23:20:09 | 000,000,000 | ---D | M] (Plain Text Links) -- C:\Users\Angie\AppData\Roaming\Mozilla\Firefox\Profiles\9eeqmm79.default\extensions\{ec268e28-22c6-4a6c-ac22-635cabee283c}
[2011/03/26 10:14:40 | 000,000,000 | ---D | M] (Roomy Bookmarks Toolbar) -- C:\Users\Angie\AppData\Roaming\Mozilla\Firefox\Profiles\9eeqmm79.default\extensions\[email protected]
[2011/02/12 17:03:37 | 000,000,000 | ---D | M] (ChaCha Guide App Toolbar) -- C:\Users\Angie\AppData\Roaming\Mozilla\Firefox\Profiles\9eeqmm79.default\extensions\[email protected]
[2011/03/24 14:24:49 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Angie\AppData\Roaming\Mozilla\Firefox\Profiles\9eeqmm79.default\extensions\[email protected]
[2011/04/13 02:35:30 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Angie\AppData\Roaming\Mozilla\Firefox\Profiles\9eeqmm79.default\extensions\[email protected]
[2011/03/14 08:49:37 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Angie\AppData\Roaming\Mozilla\Firefox\Profiles\9eeqmm79.default\extensions\[email protected]
[2011/04/04 16:28:43 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Angie\AppData\Roaming\Mozilla\Firefox\Profiles\9eeqmm79.default\extensions\[email protected]
[2011/04/16 11:58:03 | 000,000,000 | ---D | M] (Echofon) -- C:\Users\Angie\AppData\Roaming\Mozilla\Firefox\Profiles\9eeqmm79.default\extensions\[email protected]
[2011/04/01 12:59:35 | 000,002,354 | ---- | M] () -- C:\Users\Angie\AppData\Roaming\Mozilla\Firefox\Profiles\9eeqmm79.default\searchplugins\aol-web-search.xml
[2010/12/30 18:26:06 | 000,000,923 | ---- | M] () -- C:\Users\Angie\AppData\Roaming\Mozilla\Firefox\Profiles\9eeqmm79.default\searchplugins\conduit.xml
[2011/04/18 17:29:43 | 000,001,540 | ---- | M] () -- C:\Users\Angie\AppData\Roaming\Mozilla\Firefox\Profiles\9eeqmm79.default\searchplugins\swagbuckscom.xml
[2011/02/17 12:51:43 | 000,001,196 | ---- | M] () -- C:\Users\Angie\AppData\Roaming\Mozilla\Firefox\Profiles\9eeqmm79.default\searchplugins\winamp-search.xml
[2011/03/24 14:19:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/02/12 01:47:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/03/04 12:12:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) --
[2011/02/13 02:22:43 | 000,000,000 | ---D | M] (Norton IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPLGN
() (No name found) -- C:\USERS\ANGIE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9EEQMM79.DEFAULT\EXTENSIONS\{46551EC9-40F0-4E47-8E18-8E5CF550CFB8}.XPI
() (No name found) -- C:\USERS\ANGIE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9EEQMM79.DEFAULT\EXTENSIONS\{4C7097F7-08F2-4EF2-9B9F-F95FA4CBB064}.XPI
() (No name found) -- C:\USERS\ANGIE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9EEQMM79.DEFAULT\EXTENSIONS\{A0D7CCB3-214D-498B-B4AA-0E8FDA9A7BF7}.XPI
() (No name found) -- C:\USERS\ANGIE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9EEQMM79.DEFAULT\EXTENSIONS\{ADA4B710-8346-4B82-8199-5DE2B400A6AE}.XPI
() (No name found) -- C:\USERS\ANGIE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9EEQMM79.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\ANGIE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9EEQMM79.DEFAULT\EXTENSIONS\{D2A6A719-7CBC-4594-85FD-C36AD881424F}.XPI
() (No name found) -- C:\USERS\ANGIE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9EEQMM79.DEFAULT\EXTENSIONS\{E4A8A97B-F2ED-450B-B12D-EE082BA24781}.XPI
() (No name found) -- C:\USERS\ANGIE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9EEQMM79.DEFAULT\EXTENSIONS\[email protected]
[2011/03/18 13:53:24 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
[2009/11/19 18:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
[2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/11/19 18:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
[2011/03/22 14:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\4.3.0.5\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Toolbar - Big Fish Games) - {C7C9FC25-88B0-4682-9C9F-2608E9117647} - C:\Program Files (x86)\bfgbartb\BfgBarDx.dll ()
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Toolbar - Big Fish Games) - {C7C9FC25-88B0-4682-9C9F-2608E9117647} - C:\Program Files (x86)\bfgbartb\BfgBarDx.dll ()
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [DLCXCATS] C:\Windows\SysNative\spool\DRIVERS\x64\3\DLCXtime.DLL ()
O4:64bit: - HKLM..\Run: [dlcxmon.exe] C:\Program Files (x86)\Dell Photo AIO Printer 926\dlcxmon.exe ()
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [MemoryCardManager] C:\Program Files (x86)\Dell Photo AIO Printer 926\memcard.exe ()
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Freecorder FLV Service] C:\Program Files (x86)\Freecorder\FLVSrvc.exe (Applian Technologies, Inc.)
O4 - HKLM..\Run: [Intel AppUp(SM) center] C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManager.lnk ()
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [Cookienator] C:\Program Files (x86)\Cookienator\cookienator.exe (CodeFromThe70s.org)
O4 - HKCU..\Run: [DesktopIconToy] C:\Program Files (x86)\Desktop Icon Toy\DesktopIconToy.exe (iDeskSoft)
O4 - HKCU..\Run: [EADM] C:\Program Files (x86)\Electronic Arts\EADM\EADMUI\EADMUI.exe (Electronic Arts)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CNET TechTracker.lnk = C:\Users\Angie\AppData\Roaming\CBS Interactive\CNET TechTracker\TechTracker.exe ()
O4 - Startup: C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysNative\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/01/21 22:06:14 | 000,000,000 | RH-D | M] - M:\autorun -- [ NTFS ]
O32 - AutoRun File - [2002/10/16 22:56:50 | 000,000,036 | RH-- | M] () - M:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{2ec52a38-4a26-11e0-9ecd-6431502ecdc4}\Shell - "" = AutoRun
O33 - MountPoints2\{2ec52a38-4a26-11e0-9ecd-6431502ecdc4}\Shell\AutoRun\command - "" = N:\setup.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/22 14:07:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis
[2011/04/22 14:07:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011/04/21 13:53:58 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Avalon Legends Solitaire
[2011/04/21 13:53:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avalon Legends Solitaire
[2011/04/21 13:53:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avalon Legends Solitaire
[2011/04/21 13:03:12 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Celtic Lore - Sidhe Hills
[2011/04/21 13:03:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Celtic Lore - Sidhe Hills
[2011/04/21 13:03:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Celtic Lore - Sidhe Hills
[2011/04/20 13:35:09 | 000,000,000 | ---D | C] -- C:\Users\Angie\Sweeney Todd
[2011/04/20 12:04:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\twhirl
[2011/04/18 12:38:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wild West Quest
[2011/04/18 12:38:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wild West Quest
[2011/04/18 12:38:26 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Laura Jones and the Gates of Good and Evil
[2011/04/18 12:38:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Laura Jones and the Gates of Good and Evil
[2011/04/18 12:38:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Laura Jones and the Gates of Good and Evil
[2011/04/18 12:29:08 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Robin's Quest - A Legend Born
[2011/04/18 12:29:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Robin's Quest - A Legend Born
[2011/04/18 12:29:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Robin's Quest - A Legend Born
[2011/04/18 01:32:42 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011/04/18 01:28:57 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Local\AMD
[2011/04/18 01:28:37 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2011/04/18 01:20:47 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD
[2011/04/16 14:29:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ATI Stream SDK v2
[2011/04/16 14:29:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Stream
[2011/04/16 14:29:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ATI Problem Report Wizard
[2011/04/16 14:29:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2011/04/16 14:27:58 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2011/04/16 14:27:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2011/04/15 22:17:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Recovery
[2011/04/14 10:03:41 | 000,000,000 | ---D | C] -- C:\Users\Angie\Documents\TomTom
[2011/04/14 10:03:25 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Roaming\TomTom
[2011/04/14 10:03:25 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Local\TomTom
[2011/04/14 10:03:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TomTom
[2011/04/14 10:03:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TomTom International B.V
[2011/04/14 10:02:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TomTom HOME 2
[2011/04/11 18:06:54 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Roaming\FairyTale
[2011/04/11 13:41:50 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Roaming\Malwarebytes
[2011/04/11 13:41:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/11 13:41:35 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/04/11 13:41:34 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/04/11 13:41:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/04/11 13:41:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/04/11 02:15:11 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Roaming\SUPERAntiSpyware.com
[2011/04/11 02:15:11 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/04/11 02:15:03 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2011/04/11 02:15:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/04/11 02:14:59 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/04/09 11:13:51 | 000,000,000 | ---D | C] -- C:\Users\Angie\.android
[2011/04/09 11:11:41 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/04/09 01:22:57 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Funkitron
[2011/04/09 01:22:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Funkitron
[2011/04/07 01:31:23 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Vesuvia
[2011/04/07 01:31:20 | 000,000,000 | ---D | C] -- C:\Windows\Vesuvia
[2011/04/04 12:11:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cookienator
[2011/04/04 12:07:29 | 000,000,000 | ---D | C] -- C:\Users\Angie\Documents\Downloads
[2011/04/04 12:06:28 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CNET TechTracker
[2011/04/04 12:06:28 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Roaming\CBS Interactive
[2011/04/04 12:00:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
[2011/04/04 12:00:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpywareBlaster
[2011/04/02 19:28:17 | 000,000,000 | ---D | C] -- C:\ProgramData\iWin
[2011/04/02 17:59:29 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Jewel Quest Mysteries The Seventh Gate Collectors Edition
[2011/04/02 17:59:14 | 000,000,000 | ---D | C] -- C:\Windows\Jewel Quest Mysteries The Seventh Gate Collectors Edition
[2011/04/02 16:03:10 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Roaming\MagicIndie
[2011/04/02 16:01:11 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The Fool
[2011/04/02 15:56:12 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Haunted Halls - Green Hills Sanitarium Collector's Edition
[2011/04/02 15:52:59 | 000,000,000 | ---D | C] -- C:\Windows\Haunted Halls - Green Hills Sanitarium Collector's Edition
[2011/04/01 12:57:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Winamp Toolbar
[2011/04/01 12:57:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp Toolbar
[2011/04/01 12:57:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Software Update Utility
[2011/04/01 02:45:32 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Local\Electronic Arts
[2011/03/29 13:34:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts
[2011/03/29 13:21:38 | 000,000,000 | ---D | C] -- C:\Users\Angie\Documents\Electronic Arts
[2011/03/29 13:21:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2011/03/29 13:21:38 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core
[2011/03/29 12:54:45 | 000,000,000 | ---D | C] -- C:\Users\Angie\Documents\SimCity 4
[2011/03/29 12:54:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maxis
[2011/03/29 12:44:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Maxis
[2011/03/29 11:56:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Electronic Arts
[2011/03/29 11:36:44 | 000,091,568 | ---- | C] (PowerISO Computing, Inc.) -- C:\Windows\SysNative\drivers\scdemu.sys
[2011/03/29 11:36:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO
[2011/03/29 11:36:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PowerISO
[2011/03/25 13:17:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft XNA
[2011/03/25 13:17:23 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Vanessa Saint-Pierre Delacroix And Her Nightmare DEMO
[2011/03/25 13:17:22 | 000,000,000 | ---D | C] -- C:\Users\Angie\Documents\Bad Pilcrow
[2011/03/25 13:17:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bad Pilcrow
[2011/03/25 13:16:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rovio
[2011/03/25 13:16:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rovio
[2011/03/25 13:11:43 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Local\Intel
[2011/03/25 13:09:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel AppUp(SM) center
[2011/03/25 13:09:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Intel
[2011/03/25 13:09:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2011/03/23 19:15:15 | 000,000,000 | ---D | C] -- C:\Users\Angie\Documents\Amazing Finds Data
[2011/03/23 19:14:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shockwave.com
[2011/03/23 19:14:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Shockwave.com
[2011/02/11 23:29:41 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcxpmui.dll
[2011/02/11 23:29:41 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcxinpa.dll
[2011/02/11 23:29:41 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcxiesc.dll
[2011/02/11 23:29:40 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcxserv.dll
[2011/02/11 23:29:40 | 000,991,232 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcxusb1.dll
[2011/02/11 23:29:40 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcxhbn3.dll
[2011/02/11 23:29:40 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcxcomc.dll
[2011/02/11 23:29:40 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcxlmpm.dll
[2011/02/11 23:29:40 | 000,532,480 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcxcoms.exe
[2011/02/11 23:29:40 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcxcomm.dll
[2011/02/11 23:29:40 | 000,381,832 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcxcfg.exe
[2011/02/11 23:29:40 | 000,380,928 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcxih.exe
[2011/02/11 23:29:40 | 000,176,128 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcxppls.exe
[2011/02/11 23:29:40 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcxprox.dll
[2011/02/11 23:29:40 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcxpplc.dll
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/22 14:18:49 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/22 14:18:49 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/22 14:07:31 | 000,002,095 | ---- | M] () -- C:\Users\Angie\Desktop\HijackThis.lnk
[2011/04/22 13:51:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/21 23:58:29 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/21 18:18:03 | 000,001,867 | ---- | M] () -- C:\Users\Public\Desktop\BookCAT.lnk
[2011/04/21 18:17:28 | 000,000,072 | ---- | M] () -- C:\Users\Angie\Desktop\Give Feedback On Solitaire Supreme.url
[2011/04/20 19:59:20 | 000,778,150 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/04/20 19:59:20 | 000,659,580 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/04/20 19:59:20 | 000,120,508 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/04/19 17:31:02 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motusbdevice_01007.Wdf
[2011/04/19 17:14:56 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2011/04/18 23:54:26 | 000,000,962 | ---- | M] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk
[2011/04/18 23:52:40 | 000,002,623 | ---- | M] () -- C:\Users\Public\Desktop\ClicksAndWhistles.lnk
[2011/04/18 23:42:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/04/18 23:41:58 | 871,849,982 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/18 19:53:37 | 000,006,144 | ---- | M] () -- C:\Users\Angie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/18 11:19:58 | 000,002,515 | ---- | M] () -- C:\Users\Angie\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/04/18 11:19:58 | 000,002,491 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2011/04/18 11:19:31 | 000,000,318 | ---- | M] () -- C:\Windows\tasks\Spybot - Search & Destroy - Scheduled Task.job
[2011/04/18 01:48:27 | 000,008,128 | ---- | M] () -- C:\Users\Angie\Documents\cc_20110418_014822.reg
[2011/04/18 01:26:30 | 000,149,574 | ---- | M] () -- C:\Windows\SysNative\log.xml
[2011/04/15 03:32:32 | 000,319,192 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/04/15 03:32:11 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForBATCOMPUTER$.job
[2011/04/14 20:11:46 | 000,090,963 | ---- | M] () -- C:\Users\Angie\Documents\Quiznos Q2 2011.pdf
[2011/04/14 17:09:33 | 000,002,342 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/04/11 12:52:35 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForAngie.job
[2011/04/09 11:24:39 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motmodem_01007.Wdf
[2011/04/09 11:24:34 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_Motousbnet_01007.Wdf
[2011/04/09 11:24:34 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motfilt_01007.Wdf
[2011/04/09 11:23:25 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motccgpfl_01007.Wdf
[2011/04/09 11:23:25 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motccgp_01007.Wdf
[2011/04/09 11:16:09 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motoandroid_01007.Wdf
[2011/04/08 17:41:40 | 000,002,734 | ---- | M] () -- C:\Users\Angie\Documents\cc_20110408_174137.reg
[2011/04/04 12:12:48 | 000,050,210 | ---- | M] () -- C:\Users\Angie\Documents\cc_20110404_121244.reg
[2011/04/04 12:06:30 | 000,001,181 | ---- | M] () -- C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CNET TechTracker.lnk
[2011/04/01 12:58:08 | 000,000,981 | ---- | M] () -- C:\Users\Public\Desktop\Winamp.lnk
[2011/04/01 12:58:07 | 000,001,005 | ---- | M] () -- C:\Users\Angie\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk
[2011/03/29 18:44:53 | 000,765,362 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/03/29 13:16:49 | 000,002,198 | ---- | M] () -- C:\Users\Public\Desktop\The Sims™ Medieval.lnk
[2011/03/29 12:44:42 | 000,000,482 | ---- | M] () -- C:\Windows\eReg.dat
[2011/03/29 11:36:47 | 000,001,009 | ---- | M] () -- C:\Users\Public\Desktop\PowerISO.lnk
[2011/03/24 17:25:57 | 000,001,789 | ---- | M] () -- C:\Users\Angie\Documents\Firefox Sync Key.html
[2011/03/24 14:25:14 | 000,002,050 | ---- | M] () -- C:\Users\Angie\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/03/24 14:19:54 | 000,001,136 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/03/24 14:18:25 | 000,025,277 | ---- | M] () -- C:\Users\Angie\Documents\CurrentSettings.speeddial
[2011/03/24 14:16:36 | 000,669,567 | ---- | M] () -- C:\Users\Angie\Documents\bookmarks.html
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/22 14:07:31 | 000,002,095 | ---- | C] () -- C:\Users\Angie\Desktop\HijackThis.lnk
[2011/04/20 12:04:48 | 000,000,861 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\twhirl.lnk
[2011/04/19 17:31:02 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motusbdevice_01007.Wdf
[2011/04/18 19:53:31 | 000,006,144 | ---- | C] () -- C:\Users\Angie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/18 01:48:24 | 000,008,128 | ---- | C] () -- C:\Users\Angie\Documents\cc_20110418_014822.reg
[2011/04/18 01:26:30 | 000,149,574 | ---- | C] () -- C:\Windows\SysNative\log.xml
[2011/04/14 20:11:46 | 000,090,963 | ---- | C] () -- C:\Users\Angie\Documents\Quiznos Q2 2011.pdf
[2011/04/09 11:24:39 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motmodem_01007.Wdf
[2011/04/09 11:24:34 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_Motousbnet_01007.Wdf
[2011/04/09 11:24:34 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motfilt_01007.Wdf
[2011/04/09 11:23:25 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motccgpfl_01007.Wdf
[2011/04/09 11:23:25 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motccgp_01007.Wdf
[2011/04/09 11:16:09 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motoandroid_01007.Wdf
[2011/04/09 01:22:59 | 000,000,072 | ---- | C] () -- C:\Users\Angie\Desktop\Give Feedback On Solitaire Supreme.url
[2011/04/08 17:41:39 | 000,002,734 | ---- | C] () -- C:\Users\Angie\Documents\cc_20110408_174137.reg
[2011/04/04 12:12:45 | 000,050,210 | ---- | C] () -- C:\Users\Angie\Documents\cc_20110404_121244.reg
[2011/04/04 12:11:36 | 000,002,991 | ---- | C] () -- C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cookienator.lnk
[2011/04/04 12:06:30 | 000,001,181 | ---- | C] () -- C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CNET TechTracker.lnk
[2011/04/01 12:58:08 | 000,000,981 | ---- | C] () -- C:\Users\Public\Desktop\Winamp.lnk
[2011/03/29 13:19:23 | 000,765,362 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/03/29 13:16:49 | 000,002,198 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ Medieval.lnk
[2011/03/29 12:44:42 | 000,000,482 | ---- | C] () -- C:\Windows\eReg.dat
[2011/03/29 11:36:47 | 000,001,009 | ---- | C] () -- C:\Users\Public\Desktop\PowerISO.lnk
[2011/03/24 17:25:55 | 000,001,789 | ---- | C] () -- C:\Users\Angie\Documents\Firefox Sync Key.html
[2011/03/24 14:19:48 | 000,001,148 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/03/24 14:18:25 | 000,025,277 | ---- | C] () -- C:\Users\Angie\Documents\CurrentSettings.speeddial
[2011/03/24 14:16:36 | 000,669,567 | ---- | C] () -- C:\Users\Angie\Documents\bookmarks.html
[2011/03/07 20:52:04 | 000,197,120 | ---- | C] () -- C:\Windows\patchw32.dll
[2011/03/06 04:31:13 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2011/02/22 22:39:28 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/02/22 18:23:04 | 000,000,059 | ---- | C] () -- C:\ProgramData\user.ini
[2011/02/12 02:46:55 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/02/11 23:29:41 | 000,454,656 | ---- | C] () -- C:\Windows\SysWow64\dlcxutil.dll
[2011/02/11 23:29:41 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\dlcxinst.dll
[2011/02/11 23:29:41 | 000,176,128 | ---- | C] () -- C:\Windows\SysWow64\dlcxinsb.dll
[2011/02/11 23:29:41 | 000,176,128 | ---- | C] () -- C:\Windows\SysWow64\dlcxins.dll
[2011/02/11 23:29:41 | 000,139,264 | ---- | C] () -- C:\Windows\SysWow64\dlcxjswr.dll
[2011/02/11 23:29:41 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\dlcxinsr.dll
[2011/02/11 23:29:41 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\dlcxcur.dll
[2011/02/11 23:29:40 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\dlcxcub.dll
[2011/02/11 23:29:40 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\dlcxcu.dll
[2011/02/11 23:29:40 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\DLCXcfg.dll
[2010/11/06 16:13:14 | 000,002,110 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/11/06 15:16:44 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/09/21 13:30:44 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/03/05 23:46:20 | 000,000,000 | -HSD | M] -- C:\Users\Angie\AppData\Roaming\.#
[2011/02/22 20:58:20 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\3Stars
[2011/03/04 23:19:44 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Akhra
[2011/03/05 23:23:08 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Alawar
[2011/03/22 19:05:49 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Amazon
[2011/02/22 21:01:59 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Ancient Quest of Saqqarah_alawar
[2011/03/07 20:41:07 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Arkadium
[2011/03/19 19:38:48 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Artogon
[2011/03/05 23:21:52 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Aveyond 3
[2011/02/21 15:48:42 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Aveyond II
[2011/02/21 18:23:24 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Batovi
[2011/03/06 04:33:31 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Beanbag Studios
[2011/03/05 23:22:28 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Big Fish Games
[2011/03/05 23:35:36 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\BloodTies
[2011/03/06 00:02:48 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Blue Tea Games
[2011/03/07 20:30:18 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Boomzap
[2011/02/12 18:34:34 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\calibre
[2011/04/04 12:06:28 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\CBS Interactive
[2011/03/06 00:47:46 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\DarkParablesBriarRose_BFG
[2011/03/06 01:55:55 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Dawn's Light 2
[2011/02/11 22:40:54 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\de.makesoft.twhirl.0EA062BC275E7ED1E6EC3762EFFD73C7158ADF33.1
[2011/03/07 20:32:38 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\DigirononGames
[2011/03/07 20:19:08 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\DivoGames
[2011/02/21 15:55:05 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Dreamsdwell Stories
[2011/03/06 04:05:23 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Dreamsdwell Stories 2
[2011/02/19 14:10:51 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Dying for Daylight
[2011/02/19 14:11:02 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Dying for Daylight Shared
[2011/02/21 19:03:12 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\EA
[2011/03/14 17:49:04 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Elephant Games
[2011/03/19 14:14:39 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Enki Games
[2011/03/19 14:10:58 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\ERS G-Studio
[2011/03/19 14:11:37 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\ERS Game Studios
[2011/03/06 04:07:20 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\EscapeFromParadise2
[2011/03/06 04:11:08 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\EternalEden
[2011/03/06 04:16:19 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Evoly
[2011/04/11 18:06:54 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\FairyTale
[2011/02/21 16:08:50 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Farm Mania
[2011/02/21 16:09:33 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\FirstColony
[2011/03/19 17:58:55 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Freezetag
[2011/03/19 14:52:07 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Friday's games
[2011/03/19 14:36:28 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Frogwares
[2011/02/22 18:11:59 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Fugazo
[2011/03/19 14:45:33 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\funkitron
[2011/02/28 20:45:04 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\GameHouse
[2011/03/06 04:32:45 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Gamers Digital
[2011/03/19 18:06:27 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\GOL_byHasbro
[2011/03/19 13:38:41 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\GuardiansOfMagic
[2011/03/06 04:04:47 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\HdO Adventure
[2011/02/15 20:16:54 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\i42 Software
[2011/04/02 19:28:17 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\iWin
[2011/02/22 21:03:05 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Ladia Group
[2011/03/07 20:52:10 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Leadertech
[2011/03/19 19:20:40 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\LegacyInteractive
[2011/03/19 19:29:19 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Ludia
[2011/04/02 16:03:10 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\MagicIndie
[2011/03/07 20:43:48 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\margrave3_full
[2011/02/26 14:40:02 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\md studio
[2011/03/07 20:46:56 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\MegaplexMadnessSummerBlockbuster
[2011/03/19 14:37:09 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Merscom
[2011/03/07 18:50:50 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Mystery of Mortlake Mansion
[2011/03/05 23:46:26 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Namco
[2011/03/19 19:24:55 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Oberon Media
[2011/02/12 18:10:13 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\OpenOffice.org
[2011/02/11 22:39:01 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Opera
[2011/03/19 19:52:59 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Orneon
[2011/03/06 00:01:42 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Ph03nixNewMedia
[2011/02/26 14:49:43 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Phantasmat_bf_se1
[2011/03/06 04:06:46 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\PlayFirst
[2011/03/06 00:46:18 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\PoBros
[2011/03/19 20:05:46 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Pogo Games
[2011/03/14 18:42:28 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\QB9
[2011/03/07 20:36:34 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Quirky Games
[2011/03/19 14:14:00 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\ReelDealSlotQuest_Alice
[2011/02/25 23:19:48 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Rovio
[2011/02/28 15:16:22 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Skip-Bo
[2011/03/19 20:04:41 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\SpinTop Games
[2011/03/19 19:35:25 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\TimeMachine
[2011/03/19 19:36:02 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\TimeQuest
[2011/04/14 10:03:25 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\TomTom
[2011/03/19 17:00:44 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Total Eclipse
[2011/02/25 16:52:07 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Unity
[2011/03/19 14:31:54 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\URSE Games
[2011/04/22 14:20:14 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\uTorrent
[2011/03/19 20:05:37 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\VampireSaga
[2011/02/21 19:01:21 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Virtual City
[2011/03/06 04:28:56 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\World-Loom
[2009/07/14 01:08:49 | 000,012,376 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\ProgramData\Temp:5C321E34
@Alternate Data Stream - 94 bytes -> C:\ProgramData\Temp:95198126
@Alternate Data Stream - 234 bytes -> C:\ProgramData\Temp:84BD8B63
@Alternate Data Stream - 232 bytes -> C:\ProgramData\Temp:93F3E4C9
@Alternate Data Stream - 231 bytes -> C:\ProgramData\Temp:16A4620C
@Alternate Data Stream - 229 bytes -> C:\ProgramData\Temp:BDD83DC4
@Alternate Data Stream - 226 bytes -> C:\ProgramData\Temp:1E5EC928
@Alternate Data Stream - 223 bytes -> C:\ProgramData\Temp:E6D148BC
@Alternate Data Stream - 221 bytes -> C:\ProgramData\Temp:ADE67221
@Alternate Data Stream - 217 bytes -> C:\ProgramData\Temp:5A437AC3
@Alternate Data Stream - 217 bytes -> C:\ProgramData\Temp:1F96ED45
@Alternate Data Stream - 215 bytes -> C:\ProgramData\Temp:885EBC91
@Alternate Data Stream - 215 bytes -> C:\ProgramData\Temp:72F57408
@Alternate Data Stream - 214 bytes -> C:\ProgramData\Temp:3AB8D21A
@Alternate Data Stream - 214 bytes -> C:\ProgramData\Temp:2CE15176
@Alternate Data Stream - 214 bytes -> C:\ProgramData\Temp:19C3BC3A
@Alternate Data Stream - 212 bytes -> C:\ProgramData\Temp:A4E7D25F
@Alternate Data Stream - 212 bytes -> C:\ProgramData\Temp:9857FAE3
@Alternate Data Stream - 212 bytes -> C:\ProgramData\Temp:5D17C178
@Alternate Data Stream - 212 bytes -> C:\ProgramData\Temp:3E06C78F
@Alternate Data Stream - 211 bytes -> C:\ProgramData\Temp:6E2A6B4A
@Alternate Data Stream - 211 bytes -> C:\ProgramData\Temp:67C320D1
@Alternate Data Stream - 210 bytes -> C:\ProgramData\Temp:D31BE97C
@Alternate Data Stream - 210 bytes -> C:\ProgramData\Temp:9E3E060F
@Alternate Data Stream - 209 bytes -> C:\ProgramData\Temp:8C6D2EC3
@Alternate Data Stream - 208 bytes -> C:\ProgramData\Temp:F422F8F1
@Alternate Data Stream - 207 bytes -> C:\ProgramData\Temp:6F1F66C0
@Alternate Data Stream - 207 bytes -> C:\ProgramData\Temp:4573A78F
@Alternate Data Stream - 206 bytes -> C:\ProgramData\Temp:7B2BB690
@Alternate Data Stream - 205 bytes -> C:\ProgramData\Temp:A4076A3B
@Alternate Data Stream - 205 bytes -> C:\ProgramData\Temp:16B49C20
@Alternate Data Stream - 205 bytes -> C:\ProgramData\Temp:0860D6D6
@Alternate Data Stream - 203 bytes -> C:\ProgramData\Temp:33DB8278
@Alternate Data Stream - 203 bytes -> C:\ProgramData\Temp:0F0A5896
@Alternate Data Stream - 202 bytes -> C:\ProgramData\Temp:1CE87230
@Alternate Data Stream - 202 bytes -> C:\ProgramData\Temp:102394C6
@Alternate Data Stream - 202 bytes -> C:\ProgramData\Temp:0AC32449
@Alternate Data Stream - 201 bytes -> C:\ProgramData\Temp:D4D3884D
@Alternate Data Stream - 200 bytes -> C:\ProgramData\Temp:F0762150
@Alternate Data Stream - 200 bytes -> C:\ProgramData\Temp:6BF0805F
@Alternate Data Stream - 196 bytes -> C:\ProgramData\Temp:592D7272
@Alternate Data Stream - 194 bytes -> C:\ProgramData\Temp:A7DA2BCD
@Alternate Data Stream - 193 bytes -> C:\ProgramData\Temp:FDD17FC9
@Alternate Data Stream - 193 bytes -> C:\ProgramData\Temp:6514A833
@Alternate Data Stream - 189 bytes -> C:\ProgramData\Temp:89E1BAF5
@Alternate Data Stream - 188 bytes -> C:\ProgramData\Temp:DEEA5B0E
@Alternate Data Stream - 188 bytes -> C:\ProgramData\Temp:2FC7B9E4
@Alternate Data Stream - 187 bytes -> C:\ProgramData\Temp:A688EF17
@Alternate Data Stream - 180 bytes -> C:\ProgramData\Temp:21F28B00
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:14A1BBE3
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:19474103
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:54380FEC
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:A5CD91DF
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:35629AE6
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:C76CFF82
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:697DDE2B
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:5080697C
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:0BBF232A
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:D6255023
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:207C4C79
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:E8C44CB4
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:4F28299B
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:3C9B05C4
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:34EFF1F2
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:B2735F9E
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:3BBB1871
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:CA0CE093
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:86B7FDDB
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:512E1728
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:AE75CCC8
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:7ADB695A
@Alternate Data Stream - 108 bytes -> C:\ProgramData\Temp:ABFEED8E
@Alternate Data Stream - 107 bytes -> C:\ProgramData\Temp:1A6AFE3D
@Alternate Data Stream - 106 bytes -> C:\ProgramData\Temp:BD9F7E4E
@Alternate Data Stream - 106 bytes -> C:\ProgramData\Temp:375FC7E7
@Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:E91ADC66
@Alternate Data Stream - 104 bytes -> C:\ProgramData\Temp:D48500F8

< End of report >
  • 0

Advertisements

#2
Render
Posted 28 April 2011 - 10:46 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi, AngieBatgirl! Welcome to GeeksToGo! My nick name is Render and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any queries or you are unsure about anything, just say and I'll help you out :)

It may well be worth you printing/saving the instructions throughout the fix, so you have them to hand just in case you are unable to access this site.

Please note:
  • Remember to post your logs, not attach them. So, any logs from any programs we run, should be just 'copied & pasted' into your reply.
  • Please only run the tools that I request. I know malware can be frustrating but running other tools in the meantime and between posts, only makes it harder for us to analyze and fix your PC in the long run.

Sorry for the delay. Please do the following:

Posted Image OTL Custom Scan

  • Double click on the Posted Image icon to run it.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top, make sure Stadard output is selected.
  • Check the boxes beside LOP Check and Purity Check.
  • Copy (select all lines inside quote box and press CTRL+C) and Paste (press CTRL+V) the following code into the Posted Image textbox.

    netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open OTL.Txt in Notepad window.
  • Please copy (Edit->Select All, Edit->Copy) the content of this file and post it with your next reply.

  • 0

#3
AngieBatgirl
Posted 28 April 2011 - 11:06 AM

AngieBatgirl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
OTL logfile created on: 4/28/2011 12:53:58 PM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Angie\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

12.00 Gb Total Physical Memory | 9.00 Gb Available Physical Memory | 79.00% Memory free
23.00 Gb Paging File | 20.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 685.34 Gb Total Space | 241.22 Gb Free Space | 35.20% Space Free | Partition Type: NTFS
Drive D: | 13.20 Gb Total Space | 1.62 Gb Free Space | 12.30% Space Free | Partition Type: NTFS

Computer Name: BATCOMPUTER | User Name: Angie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/26 17:08:02 | 000,403,240 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2011/04/22 14:12:44 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Angie\Downloads\OTL.exe
PRC - [2011/04/12 13:41:53 | 000,122,040 | ---- | M] (dotSyntax, LLC) -- C:\Program Files (x86)\Digsby\lib\digsby-app.exe
PRC - [2011/04/08 10:17:30 | 001,550,136 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
PRC - [2011/04/08 10:17:30 | 000,870,200 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2011/03/29 13:33:46 | 000,399,736 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
PRC - [2011/03/22 14:37:06 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe
PRC - [2011/03/09 08:30:08 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/02/14 21:32:52 | 001,230,704 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/02/12 01:47:11 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2011/01/30 11:45:14 | 000,821,144 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2010/12/01 10:26:42 | 000,574,216 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManager.exe
PRC - [2010/11/24 16:33:26 | 000,921,600 | ---- | M] () -- C:\ProgramData\TVersity\Media Server\MediaServer.exe
PRC - [2010/09/28 11:09:28 | 001,119,768 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe
PRC - [2010/09/11 04:02:22 | 000,399,344 | ---- | M] (Roxio) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
PRC - [2010/09/07 12:47:18 | 000,202,048 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
PRC - [2010/09/07 12:47:08 | 000,664,896 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
PRC - [2010/08/20 20:57:28 | 000,092,216 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010/06/26 14:09:18 | 000,167,936 | ---- | M] (Applian Technologies, Inc.) -- C:\Program Files (x86)\Freecorder\FLVSrvc.exe
PRC - [2010/02/25 20:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Security Suite\Engine\4.3.0.5\ccsvchst.exe
PRC - [2009/01/26 16:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/11/20 13:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
PRC - [2008/03/11 16:13:08 | 000,788,332 | ---- | M] () -- C:\Program Files (x86)\Digsby\lib\aspell\bin\aspell.exe
PRC - [2007/01/12 12:57:28 | 000,292,336 | ---- | M] () -- C:\Program Files (x86)\Dell Photo AIO Printer 926\dlcxmon.exe
PRC - [2006/11/03 18:04:46 | 000,304,008 | ---- | M] () -- C:\Program Files (x86)\Dell Photo AIO Printer 926\memcard.exe


========== Modules (SafeList) ==========

MOD - [2011/04/22 14:12:44 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Angie\Downloads\OTL.exe
MOD - [2010/11/20 07:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/12/28 22:50:34 | 000,354,304 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2010/08/05 22:51:08 | 000,291,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/08/05 22:47:48 | 000,681,528 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe -- (HPAuto)
SRV:64bit: - [2010/06/29 13:49:27 | 000,128,752 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2010/06/17 05:23:36 | 000,194,496 | ---- | M] (Advanced Micro Devices) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe -- (AMD Reservation Manager)
SRV:64bit: - [2010/05/11 11:16:12 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2006/10/11 18:36:58 | 000,561,152 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\dlcxcoms.exe -- (dlcx_device)
SRV - [2011/04/26 17:08:02 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/04/25 16:11:09 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\srvany.exe -- (KMService)
SRV - [2011/04/08 10:17:30 | 000,870,200 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2011/03/09 08:30:08 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2011/02/28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/11/24 16:33:26 | 000,921,600 | ---- | M] () [Auto | Running] -- C:\ProgramData\TVersity\Media Server\MediaServer.exe -- (TVersityMediaServer)
SRV - [2010/09/28 11:09:28 | 001,119,768 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2010/09/11 04:02:22 | 000,399,344 | ---- | M] (Roxio) [Auto | Running] -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service)
SRV - [2010/09/07 12:47:18 | 000,202,048 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
SRV - [2010/08/20 20:57:28 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/06/18 21:59:12 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/06/01 18:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/25 20:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe -- (N360)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2006/10/11 17:48:50 | 000,532,480 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWow64\dlcxcoms.exe -- (dlcx_device)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/04/16 14:24:49 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/11 22:45:22 | 000,173,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/09/03 02:59:26 | 000,349,800 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/08/13 09:35:36 | 000,075,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2010/08/13 09:35:36 | 000,038,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2010/06/18 16:09:42 | 000,030,208 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motmodem.sys -- (motmodem)
DRV:64bit: - [2010/06/18 15:42:40 | 000,020,992 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgp.sys -- (motccgp)
DRV:64bit: - [2010/05/11 11:46:18 | 006,790,656 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/05/11 10:24:20 | 000,221,184 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/05/06 00:01:59 | 000,451,120 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0403000.005\symtdiv.sys -- (SYMTDIv)
DRV:64bit: - [2010/04/29 01:03:51 | 000,150,064 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0403000.005\ironx64.sys -- (SymIRON)
DRV:64bit: - [2010/04/21 23:02:20 | 000,221,232 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0403000.005\symefa64.sys -- (SymEFA)
DRV:64bit: - [2010/04/21 22:29:51 | 000,505,392 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0403000.005\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2010/04/21 22:29:51 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0403000.005\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2010/04/01 15:44:06 | 000,026,624 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Motousbnet.sys -- (Motousbnet)
DRV:64bit: - [2010/03/10 11:33:52 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2010/02/25 20:22:52 | 000,615,040 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0403000.005\cchpx64.sys -- (ccHP)
DRV:64bit: - [2010/02/18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2010/02/17 14:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2010/02/17 14:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2010/01/25 20:57:54 | 000,010,240 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motusbdevice.sys -- (motusbdevice)
DRV:64bit: - [2009/12/22 05:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/10/14 23:50:05 | 000,433,200 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0403000.005\symds64.sys -- (SymDS)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/10 14:06:50 | 000,031,744 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motoandroid.sys -- (motandroidusb)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 18:17:08 | 000,034,152 | R--- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/01/29 18:18:12 | 000,009,216 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgpfl.sys -- (motccgpfl)
DRV:64bit: - [2009/01/29 18:11:38 | 000,006,144 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motfilt.sys -- (BTCFilterService)
DRV:64bit: - [2008/11/11 14:42:00 | 000,033,792 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem)
DRV:64bit: - [2008/11/11 14:42:00 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag)
DRV:64bit: - [2008/11/11 14:42:00 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus)
DRV:64bit: - [2007/11/02 16:52:02 | 000,008,576 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motswch.sys -- (MotoSwitchService)
DRV - [2011/04/15 16:29:04 | 001,127,032 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110419.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2011/04/08 10:17:46 | 000,061,200 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys -- (RapportPG64)
DRV - [2011/04/08 10:17:46 | 000,052,496 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys -- (RapportEI64)
DRV - [2011/03/31 06:08:59 | 001,828,984 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20110427.036\EX64.SYS -- (NAVEX15)
DRV - [2011/03/31 06:08:59 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20110427.036\ENG64.SYS -- (NAVENG)
DRV - [2011/03/14 14:58:28 | 000,476,792 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110426.001\IDSviA64.sys -- (IDSVia64)
DRV - [2011/02/11 02:00:00 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2011/02/11 02:00:00 | 000,132,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "Swag Bucks Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://search.swagbucks.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [email protected]:1.1.5
FF - prefs.js..extensions.enabledItems: [email protected]:1.2
FF - prefs.js..extensions.enabledItems: [email protected]:3.3.2.1
FF - prefs.js..extensions.enabledItems: [email protected]:3.9.5
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.2
FF - prefs.js..extensions.enabledItems: {1392b8d2-5c05-419f-a8f6-b9f15a596612}:3.3.2.1
FF - prefs.js..extensions.enabledItems: {3e0e7d2a-070f-4a47-b019-91fe5385ba79}:3.1.1
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.1.1
FF - prefs.js..extensions.enabledItems: {469CEB59-8266-438b-91D9-82F56D595E15}:2.5
FF - prefs.js..extensions.enabledItems: {64161300-e22b-11db-8314-0800200c9a66}:0.9.5.9
FF - prefs.js..extensions.enabledItems: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}:3.2.5.2
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908
FF - prefs.js..extensions.enabledItems: {ada4b710-8346-4b82-8199-5de2b400a6ae}:1.9.9.3
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1
FF - prefs.js..extensions.enabledItems: {ec268e28-22c6-4a6c-ac22-635cabee283c}:1.0.1
FF - prefs.js..extensions.enabledItems: {FBF6D7FB-F305-4445-BB3D-FEF66579A033}:5.0
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.12.1
FF - prefs.js..extensions.enabledItems: {6847DFAE-037A-400c-A524-27F0A281B692}:2.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: [email protected]:4.1.8
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {A79D8B60-1FF0-47F0-8E79-8CDE1FECB0FD}:1.0.0
FF - prefs.js..keyword.URL: "chrome://browser-region/locale/region.properties"


FF - HKLM\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/11/06 15:52:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\ [2011/02/13 02:22:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\ [2011/02/11 22:45:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011/02/12 02:58:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011/03/21 23:30:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011/03/21 23:30:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/03/24 14:19:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/04/01 12:57:50 | 000,000,000 | ---D | M]

[2011/04/14 10:03:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Angie\AppData\Roaming\Mozilla\Extensions
[2011/04/14 10:03:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Angie\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/04/26 17:12:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Angie\AppData\Roaming\Mozilla\Firefox\Profiles\9eeqmm79.default\extensions
[2011/04/01 12:59:32 | 000,000,000 | ---D | M] ("Winamp Toolbar") -- C:\Users\Angie\AppData\Roaming\Mozilla\Firefox\Profiles\9eeqmm79.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2011/03/24 14:24:42 | 000,000,000 | ---D | M] (Freecorder Community Toolbar) -- C:\Users\Angie\AppData\Roaming\Mozilla\Firefox\Profiles\9eeqmm79.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
[2011/02/11 23:20:09 | 000,000,000 | ---D | M] (AddThis) -- C:\Users\Angie\AppData\Roaming\Mozilla\Firefox\Profiles\9eeqmm79.default\extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79}
[2011/03/24 14:24:58 | 000,000,000 | ---D | M] (FoxyTunes) -- C:\Users\Angie\AppData\Roaming\Mozilla\Firefox\Profiles\9eeqmm79.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
[2011/02/11 23:29:37 | 000,000,000 | ---D | M] (FoxyTunes Skin - Aqua Bubbles) -- C:\Users\Angie\AppData\Roaming\Mozilla\Firefox\Profiles\9eeqmm79.default\extensions\{469CEB59-8266-438b-91D9-82F56D595E15}
[2011/02/11 23:24:37 | 000,000,000 | ---D | M] (Speed Dial) -- C:\Users\Angie\AppData\Roaming\Mozilla\Firefox\Profiles\9eeqmm79.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}
[2011/02/22 18:23:13 | 000,000,000 | ---D | M] (Toolbar - Big Fish Games) -- C:\Users\Angie\AppData\Roaming\Mozilla\Firefox\Profiles\9eeqmm79.default\extensions\{6847DFAE-037A-400c-A524-27F0A281B692}
[2011/03/24 14:24:50 | 000,000,000 | ---D | M] (Swag Bucks Community Toolbar) -- C:\Users\Angie\AppData\Roaming\Mozilla\Firefox\Profiles\9eeqmm79.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}
[2011/03/23 11:33:45 | 000,000,000 | ---D | M] (Playboost Gamebar) -- C:\Users\Angie\AppData\Roaming\Mozilla\Firefox\Profiles\9eeqmm79.default\extensions\{A79D8B60-1FF0-47F0-8E79-8CDE1FECB0FD}
[2011/02/11 23:20:09 | 000,000,000 | ---D | M] (Plain Text Links) -- C:\Users\Angie\AppData\Roaming\Mozilla\Firefox\Profiles\9eeqmm79.default\extensions\{ec268e28-22c6-4a6c-ac22-635cabee283c}
[2011/04/26 17:12:42 | 000,000,000 | ---D | M] (Roomy Bookmarks Toolbar) -- C:\Users\Angie\AppData\Roaming\Mozilla\Firefox\Profiles\9eeqmm79.default\extensions\[email protected]
[2011/02/12 17:03:37 | 000,000,000 | ---D | M] (ChaCha Guide App Toolbar) -- C:\Users\Angie\AppData\Roaming\Mozilla\Firefox\Profiles\9eeqmm79.default\extensions\[email protected]
[2011/03/24 14:24:49 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Angie\AppData\Roaming\Mozilla\Firefox\Profiles\9eeqmm79.default\extensions\[email protected]
[2011/04/13 02:35:30 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Angie\AppData\Roaming\Mozilla\Firefox\Profiles\9eeqmm79.default\extensions\[email protected]
[2011/03/14 08:49:37 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Angie\AppData\Roaming\Mozilla\Firefox\Profiles\9eeqmm79.default\extensions\[email protected]
[2011/04/04 16:28:43 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Angie\AppData\Roaming\Mozilla\Firefox\Profiles\9eeqmm79.default\extensions\[email protected]
[2011/04/16 11:58:03 | 000,000,000 | ---D | M] (Echofon) -- C:\Users\Angie\AppData\Roaming\Mozilla\Firefox\Profiles\9eeqmm79.default\extensions\[email protected]
[2011/04/01 12:59:35 | 000,002,354 | ---- | M] () -- C:\Users\Angie\AppData\Roaming\Mozilla\Firefox\Profiles\9eeqmm79.default\searchplugins\aol-web-search.xml
[2010/12/30 18:26:06 | 000,000,923 | ---- | M] () -- C:\Users\Angie\AppData\Roaming\Mozilla\Firefox\Profiles\9eeqmm79.default\searchplugins\conduit.xml
[2011/04/25 23:00:54 | 000,001,540 | ---- | M] () -- C:\Users\Angie\AppData\Roaming\Mozilla\Firefox\Profiles\9eeqmm79.default\searchplugins\swagbuckscom.xml
[2011/02/17 12:51:43 | 000,001,196 | ---- | M] () -- C:\Users\Angie\AppData\Roaming\Mozilla\Firefox\Profiles\9eeqmm79.default\searchplugins\winamp-search.xml
[2011/03/24 14:19:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/02/12 01:47:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/03/04 12:12:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) --
[2011/02/13 02:22:43 | 000,000,000 | ---D | M] (Norton IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPLGN
() (No name found) -- C:\USERS\ANGIE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9EEQMM79.DEFAULT\EXTENSIONS\{46551EC9-40F0-4E47-8E18-8E5CF550CFB8}.XPI
() (No name found) -- C:\USERS\ANGIE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9EEQMM79.DEFAULT\EXTENSIONS\{4C7097F7-08F2-4EF2-9B9F-F95FA4CBB064}.XPI
() (No name found) -- C:\USERS\ANGIE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9EEQMM79.DEFAULT\EXTENSIONS\{A0D7CCB3-214D-498B-B4AA-0E8FDA9A7BF7}.XPI
() (No name found) -- C:\USERS\ANGIE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9EEQMM79.DEFAULT\EXTENSIONS\{ADA4B710-8346-4B82-8199-5DE2B400A6AE}.XPI
() (No name found) -- C:\USERS\ANGIE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9EEQMM79.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\ANGIE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9EEQMM79.DEFAULT\EXTENSIONS\{D2A6A719-7CBC-4594-85FD-C36AD881424F}.XPI
() (No name found) -- C:\USERS\ANGIE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9EEQMM79.DEFAULT\EXTENSIONS\{E4A8A97B-F2ED-450B-B12D-EE082BA24781}.XPI
() (No name found) -- C:\USERS\ANGIE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9EEQMM79.DEFAULT\EXTENSIONS\[email protected]
[2011/03/18 13:53:24 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
[2009/11/19 18:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
[2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/11/19 18:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
[2011/03/22 14:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\4.3.0.5\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Toolbar - Big Fish Games) - {C7C9FC25-88B0-4682-9C9F-2608E9117647} - C:\Program Files (x86)\bfgbartb\BfgBarDx.dll ()
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Toolbar - Big Fish Games) - {C7C9FC25-88B0-4682-9C9F-2608E9117647} - C:\Program Files (x86)\bfgbartb\BfgBarDx.dll ()
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [DLCXCATS] C:\Windows\SysNative\spool\DRIVERS\x64\3\DLCXtime.DLL ()
O4:64bit: - HKLM..\Run: [dlcxmon.exe] C:\Program Files (x86)\Dell Photo AIO Printer 926\dlcxmon.exe ()
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [MemoryCardManager] C:\Program Files (x86)\Dell Photo AIO Printer 926\memcard.exe ()
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Freecorder FLV Service] C:\Program Files (x86)\Freecorder\FLVSrvc.exe (Applian Technologies, Inc.)
O4 - HKLM..\Run: [Intel AppUp(SM) center] C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManager.lnk ()
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [Cookienator] C:\Program Files (x86)\Cookienator\cookienator.exe (CodeFromThe70s.org)
O4 - HKCU..\Run: [DesktopIconToy] C:\Program Files (x86)\Desktop Icon Toy\DesktopIconToy.exe (iDeskSoft)
O4 - HKCU..\Run: [EADM] C:\Program Files (x86)\Electronic Arts\EADM\EADMUI\EADMUI.exe (Electronic Arts)
O4 - HKCU..\Run: [FileHippo.com] C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe (FileHippo.com)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysNative\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{2ec52a38-4a26-11e0-9ecd-6431502ecdc4}\Shell - "" = AutoRun
O33 - MountPoints2\{2ec52a38-4a26-11e0-9ecd-6431502ecdc4}\Shell\AutoRun\command - "" = N:\setup.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/04/28 05:37:21 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Local\Trusteer
[2011/04/28 03:04:59 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amanda Rose - The Game of Time
[2011/04/28 03:04:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amanda Rose - The Game of Time
[2011/04/28 03:04:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Amanda Rose - The Game of Time
[2011/04/28 00:35:56 | 000,064,272 | ---- | C] (Trusteer Ltd.) -- C:\Windows\SysNative\drivers\RapportKE64.sys
[2011/04/28 00:35:47 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Roaming\Trusteer
[2011/04/28 00:35:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Rapport
[2011/04/28 00:35:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trusteer
[2011/04/28 00:34:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Trusteer
[2011/04/26 17:17:17 | 000,189,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe
[2011/04/26 17:17:17 | 000,171,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe
[2011/04/26 17:17:17 | 000,171,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe
[2011/04/26 13:43:06 | 002,871,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2011/04/26 13:43:06 | 002,616,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2011/04/26 13:43:01 | 001,465,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2011/04/26 13:43:01 | 000,870,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2011/04/26 13:42:45 | 002,565,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\esent.dll
[2011/04/26 13:42:44 | 001,699,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\esent.dll
[2011/04/26 13:42:44 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fsutil.exe
[2011/04/26 13:42:44 | 000,027,008 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdxata.sys
[2011/04/26 13:42:43 | 000,189,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys
[2011/04/26 13:42:43 | 000,107,904 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdsata.sys
[2011/04/26 13:42:43 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fsutil.exe
[2011/04/26 13:42:36 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\prevhost.exe
[2011/04/26 13:42:36 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\prevhost.exe
[2011/04/25 16:08:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2011/04/25 16:08:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Synchronization Services
[2011/04/25 16:08:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2011/04/25 16:06:41 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2011/04/25 16:06:32 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Local\Microsoft Help
[2011/04/25 16:06:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2011/04/25 16:06:15 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2011/04/25 12:59:51 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Roaming\Colibri Games
[2011/04/25 12:59:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Colibri Games
[2011/04/25 12:20:42 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The Tiny Bang Story
[2011/04/22 18:47:05 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Roaming\Gogii
[2011/04/22 18:33:14 | 000,000,000 | ---D | C] -- C:\Users\Angie\Documents\Mystery Seekers The Secret of the Haunted Mansion
[2011/04/22 17:52:16 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Roaming\Ghost Ship Studios
[2011/04/22 17:45:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Astar Games
[2011/04/22 17:36:00 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nightmare Adventures - The Witch's Prison
[2011/04/22 17:36:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nightmare Adventures - The Witch's Prison
[2011/04/22 17:36:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nightmare Adventures - The Witch's Prison
[2011/04/22 17:33:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Avalon-Legends-Solitaire
[2011/04/22 15:39:49 | 000,404,128 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/04/22 15:36:27 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/04/22 15:35:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
[2011/04/22 15:35:24 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy
[2011/04/22 15:34:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/04/22 15:34:55 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/04/22 15:34:50 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2011/04/22 15:05:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileHippo.com
[2011/04/22 14:52:44 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Roaming\OpenDNS Updater
[2011/04/22 14:52:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenDNS Updater
[2011/04/22 14:07:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis
[2011/04/22 14:07:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011/04/21 13:53:58 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Avalon Legends Solitaire
[2011/04/21 13:53:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avalon Legends Solitaire
[2011/04/21 13:53:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avalon Legends Solitaire
[2011/04/21 13:03:12 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Celtic Lore - Sidhe Hills
[2011/04/21 13:03:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Celtic Lore - Sidhe Hills
[2011/04/21 13:03:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Celtic Lore - Sidhe Hills
[2011/04/20 13:35:09 | 000,000,000 | ---D | C] -- C:\Users\Angie\Sweeney Todd
[2011/04/20 12:04:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\twhirl
[2011/04/18 12:38:26 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Laura Jones and the Gates of Good and Evil
[2011/04/18 12:38:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Laura Jones and the Gates of Good and Evil
[2011/04/18 12:38:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Laura Jones and the Gates of Good and Evil
[2011/04/18 12:29:08 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Robin's Quest - A Legend Born
[2011/04/18 12:29:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Robin's Quest - A Legend Born
[2011/04/18 12:29:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Robin's Quest - A Legend Born
[2011/04/18 01:32:42 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011/04/18 01:28:57 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Local\AMD
[2011/04/18 01:28:37 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2011/04/18 01:20:47 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD
[2011/04/16 14:29:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ATI Stream SDK v2
[2011/04/16 14:29:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Stream
[2011/04/16 14:29:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ATI Problem Report Wizard
[2011/04/16 14:29:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2011/04/16 14:28:02 | 000,046,136 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdiox64.sys
[2011/04/16 14:27:58 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2011/04/16 14:27:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2011/04/16 14:25:45 | 000,115,216 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\AtihdW76.sys
[2011/04/15 22:17:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Recovery
[2011/04/14 23:06:11 | 000,476,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2011/04/14 23:06:11 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2011/04/14 23:05:34 | 000,919,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011/04/14 23:05:34 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011/04/14 23:05:34 | 000,613,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2011/04/14 23:05:21 | 001,395,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42.dll
[2011/04/14 23:05:21 | 001,359,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42u.dll
[2011/04/14 23:05:21 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42u.dll
[2011/04/14 23:05:21 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42.dll
[2011/04/14 23:05:04 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2011/04/14 23:05:04 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2011/04/14 23:05:04 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2011/04/14 23:05:04 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2011/04/14 23:04:59 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/04/14 23:04:59 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/04/14 23:04:21 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnsapi.dll
[2011/04/14 23:04:21 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnscacheugc.exe
[2011/04/14 23:04:21 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dnscacheugc.exe
[2011/04/14 23:04:14 | 000,642,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi
[2011/04/14 23:04:14 | 000,605,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.exe
[2011/04/14 23:04:14 | 000,566,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi
[2011/04/14 23:04:14 | 000,518,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.exe
[2011/04/14 23:04:14 | 000,020,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdusb.dll
[2011/04/14 23:04:14 | 000,019,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kd1394.dll
[2011/04/14 23:04:14 | 000,017,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdcom.dll
[2011/04/14 22:59:09 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FXSCOVER.exe
[2011/04/14 10:03:41 | 000,000,000 | ---D | C] -- C:\Users\Angie\Documents\TomTom
[2011/04/14 10:03:25 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Roaming\TomTom
[2011/04/14 10:03:25 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Local\TomTom
[2011/04/14 10:03:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TomTom
[2011/04/14 10:03:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TomTom International B.V
[2011/04/14 10:02:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TomTom HOME 2
[2011/04/11 18:06:54 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Roaming\FairyTale
[2011/04/11 13:41:50 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Roaming\Malwarebytes
[2011/04/11 13:41:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/11 13:41:35 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/04/11 13:41:34 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/04/11 13:41:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/04/11 13:41:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/04/11 02:15:11 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Roaming\SUPERAntiSpyware.com
[2011/04/11 02:15:11 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/04/11 02:15:03 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2011/04/11 02:15:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/04/11 02:14:59 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/04/09 11:13:51 | 000,000,000 | ---D | C] -- C:\Users\Angie\.android
[2011/04/09 11:13:09 | 000,521,448 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deployJava1.dll
[2011/04/09 11:11:41 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/04/09 01:22:57 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Funkitron
[2011/04/09 01:22:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Funkitron
[2011/04/07 01:31:23 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Vesuvia
[2011/04/07 01:31:20 | 000,000,000 | ---D | C] -- C:\Windows\Vesuvia
[2011/04/04 12:11:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cookienator
[2011/04/04 12:07:29 | 000,000,000 | ---D | C] -- C:\Users\Angie\Documents\Downloads
[2011/04/04 12:06:28 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CNET TechTracker
[2011/04/04 12:06:28 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Roaming\CBS Interactive
[2011/04/04 12:00:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
[2011/04/04 12:00:29 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSSTDFMT.DLL
[2011/04/04 12:00:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpywareBlaster
[2011/04/03 11:39:17 | 002,872,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\explorer.exe
[2011/04/02 19:28:17 | 000,000,000 | ---D | C] -- C:\ProgramData\iWin
[2011/04/02 17:59:29 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Jewel Quest Mysteries The Seventh Gate Collectors Edition
[2011/04/02 17:59:14 | 000,000,000 | ---D | C] -- C:\Windows\Jewel Quest Mysteries The Seventh Gate Collectors Edition
[2011/04/02 16:03:10 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Roaming\MagicIndie
[2011/04/02 16:01:11 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The Fool
[2011/04/02 15:56:12 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Haunted Halls - Green Hills Sanitarium Collector's Edition
[2011/04/02 15:52:59 | 000,000,000 | ---D | C] -- C:\Windows\Haunted Halls - Green Hills Sanitarium Collector's Edition
[2011/04/01 12:57:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Winamp Toolbar
[2011/04/01 12:57:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp Toolbar
[2011/04/01 12:57:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Software Update Utility
[2011/04/01 02:45:32 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Local\Electronic Arts
[2011/03/29 13:34:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts
[2011/03/29 13:21:38 | 000,000,000 | ---D | C] -- C:\Users\Angie\Documents\Electronic Arts
[2011/03/29 13:21:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2011/03/29 13:21:38 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core
[2011/02/11 23:29:41 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcxpmui.dll
[2011/02/11 23:29:41 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcxinpa.dll
[2011/02/11 23:29:41 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcxiesc.dll
[2011/02/11 23:29:40 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcxserv.dll
[2011/02/11 23:29:40 | 000,991,232 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcxusb1.dll
[2011/02/11 23:29:40 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcxhbn3.dll
[2011/02/11 23:29:40 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcxcomc.dll
[2011/02/11 23:29:40 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcxlmpm.dll
[2011/02/11 23:29:40 | 000,532,480 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcxcoms.exe
[2011/02/11 23:29:40 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcxcomm.dll
[2011/02/11 23:29:40 | 000,381,832 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcxcfg.exe
[2011/02/11 23:29:40 | 000,380,928 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcxih.exe
[2011/02/11 23:29:40 | 000,176,128 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcxppls.exe
[2011/02/11 23:29:40 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcxprox.dll
[2011/02/11 23:29:40 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcxpplc.dll
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/28 12:51:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/27 23:51:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/27 22:24:17 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/27 22:24:17 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/26 17:17:12 | 000,521,448 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deployJava1.dll
[2011/04/26 17:17:12 | 000,189,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe
[2011/04/26 17:17:12 | 000,171,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe
[2011/04/26 17:17:12 | 000,171,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe
[2011/04/26 17:06:18 | 000,349,232 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/04/26 17:05:39 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForAngie.job
[2011/04/26 17:05:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/04/26 17:04:45 | 871,849,982 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/25 16:11:09 | 000,008,192 | ---- | M] () -- C:\Windows\SysWow64\srvany.exe
[2011/04/25 10:58:23 | 000,000,318 | ---- | M] () -- C:\Windows\tasks\Spybot - Search & Destroy - Scheduled Task.job
[2011/04/23 13:38:45 | 000,778,150 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/04/23 13:38:45 | 000,659,580 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/04/23 13:38:45 | 000,120,508 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/04/22 15:39:49 | 000,404,128 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/04/21 18:18:03 | 000,001,867 | ---- | M] () -- C:\Users\Public\Desktop\BookCAT.lnk
[2011/04/19 17:31:02 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motusbdevice_01007.Wdf
[2011/04/19 17:14:56 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2011/04/18 23:54:26 | 000,000,962 | ---- | M] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk
[2011/04/18 23:52:40 | 000,002,623 | ---- | M] () -- C:\Users\Public\Desktop\ClicksAndWhistles.lnk
[2011/04/18 19:53:37 | 000,006,144 | ---- | M] () -- C:\Users\Angie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/18 11:19:58 | 000,002,491 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2011/04/18 01:48:27 | 000,008,128 | ---- | M] () -- C:\Users\Angie\Documents\cc_20110418_014822.reg
[2011/04/18 01:26:30 | 000,149,574 | ---- | M] () -- C:\Windows\SysNative\log.xml
[2011/04/16 14:24:49 | 000,115,216 | ---- | M] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\AtihdW76.sys
[2011/04/15 03:32:11 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForBATCOMPUTER$.job
[2011/04/14 20:11:46 | 000,090,963 | ---- | M] () -- C:\Users\Angie\Documents\Quiznos Q2 2011.pdf
[2011/04/14 17:09:33 | 000,002,342 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/04/09 11:24:39 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motmodem_01007.Wdf
[2011/04/09 11:24:34 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_Motousbnet_01007.Wdf
[2011/04/09 11:24:34 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motfilt_01007.Wdf
[2011/04/09 11:23:25 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motccgpfl_01007.Wdf
[2011/04/09 11:23:25 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motccgp_01007.Wdf
[2011/04/09 11:16:09 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motoandroid_01007.Wdf
[2011/04/08 17:41:40 | 000,002,734 | ---- | M] () -- C:\Users\Angie\Documents\cc_20110408_174137.reg
[2011/04/08 10:17:46 | 000,064,272 | ---- | M] (Trusteer Ltd.) -- C:\Windows\SysNative\drivers\RapportKE64.sys
[2011/04/04 12:12:48 | 000,050,210 | ---- | M] () -- C:\Users\Angie\Documents\cc_20110404_121244.reg
[2011/04/01 12:58:08 | 000,000,981 | ---- | M] () -- C:\Users\Public\Desktop\Winamp.lnk
[2011/03/29 18:44:53 | 000,765,362 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/03/29 13:16:49 | 000,002,198 | ---- | M] () -- C:\Users\Public\Desktop\The Sims™ Medieval.lnk
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/25 16:11:38 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe
[2011/04/22 15:05:55 | 000,002,001 | ---- | C] () -- C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Update Checker.lnk
[2011/04/22 14:52:46 | 000,002,022 | ---- | C] () -- C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenDNS Updater.lnk
[2011/04/20 12:04:48 | 000,000,861 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\twhirl.lnk
[2011/04/19 17:31:02 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motusbdevice_01007.Wdf
[2011/04/18 19:53:31 | 000,006,144 | ---- | C] () -- C:\Users\Angie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/18 01:48:24 | 000,008,128 | ---- | C] () -- C:\Users\Angie\Documents\cc_20110418_014822.reg
[2011/04/18 01:26:30 | 000,149,574 | ---- | C] () -- C:\Windows\SysNative\log.xml
[2011/04/14 20:11:46 | 000,090,963 | ---- | C] () -- C:\Users\Angie\Documents\Quiznos Q2 2011.pdf
[2011/04/09 11:24:39 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motmodem_01007.Wdf
[2011/04/09 11:24:34 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_Motousbnet_01007.Wdf
[2011/04/09 11:24:34 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motfilt_01007.Wdf
[2011/04/09 11:23:25 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motccgpfl_01007.Wdf
[2011/04/09 11:23:25 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motccgp_01007.Wdf
[2011/04/09 11:16:09 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motoandroid_01007.Wdf
[2011/04/08 17:41:39 | 000,002,734 | ---- | C] () -- C:\Users\Angie\Documents\cc_20110408_174137.reg
[2011/04/04 12:12:45 | 000,050,210 | ---- | C] () -- C:\Users\Angie\Documents\cc_20110404_121244.reg
[2011/04/04 12:11:36 | 000,002,991 | ---- | C] () -- C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cookienator.lnk
[2011/04/01 12:58:08 | 000,000,981 | ---- | C] () -- C:\Users\Public\Desktop\Winamp.lnk
[2011/03/29 13:19:23 | 000,765,362 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/03/29 13:16:49 | 000,002,198 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ Medieval.lnk
[2011/03/29 12:44:42 | 000,000,482 | ---- | C] () -- C:\Windows\eReg.dat
[2011/03/07 20:52:04 | 000,197,120 | ---- | C] () -- C:\Windows\patchw32.dll
[2011/03/06 04:31:13 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2011/02/22 22:39:28 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/02/22 18:23:04 | 000,000,059 | ---- | C] () -- C:\ProgramData\user.ini
[2011/02/12 02:46:55 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/02/11 23:29:41 | 000,454,656 | ---- | C] () -- C:\Windows\SysWow64\dlcxutil.dll
[2011/02/11 23:29:41 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\dlcxinst.dll
[2011/02/11 23:29:41 | 000,176,128 | ---- | C] () -- C:\Windows\SysWow64\dlcxinsb.dll
[2011/02/11 23:29:41 | 000,176,128 | ---- | C] () -- C:\Windows\SysWow64\dlcxins.dll
[2011/02/11 23:29:41 | 000,139,264 | ---- | C] () -- C:\Windows\SysWow64\dlcxjswr.dll
[2011/02/11 23:29:41 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\dlcxinsr.dll
[2011/02/11 23:29:41 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\dlcxcur.dll
[2011/02/11 23:29:40 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\dlcxcub.dll
[2011/02/11 23:29:40 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\dlcxcu.dll
[2011/02/11 23:29:40 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\DLCXcfg.dll
[2010/11/06 16:13:14 | 000,002,110 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/11/06 15:16:44 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/09/21 13:30:44 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/03/05 23:46:20 | 000,000,000 | -HSD | M] -- C:\Users\Angie\AppData\Roaming\.#
[2011/02/22 20:58:20 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\3Stars
[2011/03/04 23:19:44 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Akhra
[2011/03/05 23:23:08 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Alawar
[2011/03/22 19:05:49 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Amazon
[2011/02/22 21:01:59 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Ancient Quest of Saqqarah_alawar
[2011/03/07 20:41:07 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Arkadium
[2011/03/19 19:38:48 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Artogon
[2011/03/05 23:21:52 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Aveyond 3
[2011/02/21 15:48:42 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Aveyond II
[2011/02/21 18:23:24 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Batovi
[2011/03/06 04:33:31 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Beanbag Studios
[2011/03/05 23:22:28 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Big Fish Games
[2011/03/05 23:35:36 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\BloodTies
[2011/03/06 00:02:48 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Blue Tea Games
[2011/03/07 20:30:18 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Boomzap
[2011/02/12 18:34:34 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\calibre
[2011/04/04 12:06:28 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\CBS Interactive
[2011/04/25 12:59:51 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Colibri Games
[2011/03/06 00:47:46 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\DarkParablesBriarRose_BFG
[2011/03/06 01:55:55 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Dawn's Light 2
[2011/02/11 22:40:54 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\de.makesoft.twhirl.0EA062BC275E7ED1E6EC3762EFFD73C7158ADF33.1
[2011/03/07 20:32:38 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\DigirononGames
[2011/03/07 20:19:08 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\DivoGames
[2011/02/21 15:55:05 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Dreamsdwell Stories
[2011/03/06 04:05:23 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Dreamsdwell Stories 2
[2011/02/19 14:10:51 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Dying for Daylight
[2011/02/19 14:11:02 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Dying for Daylight Shared
[2011/02/21 19:03:12 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\EA
[2011/03/14 17:49:04 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Elephant Games
[2011/03/19 14:14:39 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Enki Games
[2011/03/19 14:10:58 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\ERS G-Studio
[2011/03/19 14:11:37 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\ERS Game Studios
[2011/03/06 04:07:20 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\EscapeFromParadise2
[2011/03/06 04:11:08 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\EternalEden
[2011/03/06 04:16:19 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Evoly
[2011/04/11 18:06:54 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\FairyTale
[2011/02/21 16:08:50 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Farm Mania
[2011/02/21 16:09:33 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\FirstColony
[2011/03/19 17:58:55 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Freezetag
[2011/03/19 14:52:07 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Friday's games
[2011/03/19 14:36:28 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Frogwares
[2011/02/22 18:11:59 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Fugazo
[2011/03/19 14:45:33 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\funkitron
[2011/02/28 20:45:04 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\GameHouse
[2011/03/06 04:32:45 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Gamers Digital
[2011/04/22 17:52:16 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Ghost Ship Studios
[2011/04/22 18:47:05 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Gogii
[2011/03/19 18:06:27 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\GOL_byHasbro
[2011/03/19 13:38:41 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\GuardiansOfMagic
[2011/03/06 04:04:47 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\HdO Adventure
[2011/02/15 20:16:54 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\i42 Software
[2011/04/02 19:28:17 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\iWin
[2011/02/22 21:03:05 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Ladia Group
[2011/03/07 20:52:10 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Leadertech
[2011/03/19 19:20:40 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\LegacyInteractive
[2011/03/19 19:29:19 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Ludia
[2011/04/02 16:03:10 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\MagicIndie
[2011/03/07 20:43:48 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\margrave3_full
[2011/02/26 14:40:02 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\md studio
[2011/03/07 20:46:56 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\MegaplexMadnessSummerBlockbuster
[2011/03/19 14:37:09 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Merscom
[2011/03/07 18:50:50 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Mystery of Mortlake Mansion
[2011/03/05 23:46:26 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Namco
[2011/03/19 19:24:55 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Oberon Media
[2011/04/22 14:52:44 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\OpenDNS Updater
[2011/02/12 18:10:13 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\OpenOffice.org
[2011/02/11 22:39:01 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Opera
[2011/03/19 19:52:59 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Orneon
[2011/03/06 00:01:42 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Ph03nixNewMedia
[2011/02/26 14:49:43 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Phantasmat_bf_se1
[2011/03/06 04:06:46 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\PlayFirst
[2011/03/06 00:46:18 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\PoBros
[2011/03/19 20:05:46 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Pogo Games
[2011/03/14 18:42:28 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\QB9
[2011/03/07 20:36:34 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Quirky Games
[2011/03/19 14:14:00 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\ReelDealSlotQuest_Alice
[2011/02/25 23:19:48 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Rovio
[2011/02/28 15:16:22 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Skip-Bo
[2011/03/19 20:04:41 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\SpinTop Games
[2011/03/19 19:35:25 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\TimeMachine
[2011/03/19 19:36:02 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\TimeQuest
[2011/04/14 10:03:25 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\TomTom
[2011/03/19 17:00:44 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Total Eclipse
[2011/04/28 00:35:47 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Trusteer
[2011/02/25 16:52:07 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Unity
[2011/03/19 14:31:54 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\URSE Games
[2011/04/28 12:55:03 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\uTorrent
[2011/03/19 20:05:37 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\VampireSaga
[2011/02/21 19:01:21 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Virtual City
[2011/03/06 04:28:56 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\World-Loom
[2009/07/14 01:08:49 | 000,012,876 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 02:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/20 09:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\SysNative\explorer.exe
[2010/11/20 09:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: SVCHOST.EXE >
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/03/18 13:53:26 | 000,711,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/03/18 13:53:26 | 000,711,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/03/18 13:53:26 | 000,711,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2011/03/18 13:53:06 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2011/03/18 13:53:06 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2011/03/18 13:53:06 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --show-icons [2011/04/12 20:51:02 | 001,004,088 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --hide-icons [2011/04/12 20:51:02 | 001,004,088 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/04/12 20:51:02 | 001,004,088 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [2011/04/12 20:51:02 | 001,004,088 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2010/11/20 08:17:13 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2010/11/20 08:17:13 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2010/11/20 08:17:13 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2010/11/20 08:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe [2010/11/20 08:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Opera\Opera.exe" /ShowIconsCommand [2011/04/14 09:51:13 | 000,941,936 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Opera\Opera.exe" /HideIconsCommand [2011/04/14 09:51:13 | 000,941,936 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Opera\Opera.exe" /ReInstallBrowser [2011/04/14 09:51:13 | 000,941,936 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\shell\open\command\\: "C:\Program Files (x86)\Opera\Opera.exe" [2011/04/14 09:51:13 | 000,941,936 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Safari\Safari.exe" /reinstall [2011/03/21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Safari\Safari.exe" /hideicons [2011/03/21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Safari\Safari.exe" /showicons [2011/03/21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files (x86)\Safari\Safari.exe" [2011/03/21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS [2011/03/18 13:53:26 | 000,711,632 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS [2011/03/18 13:53:26 | 000,711,632 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL [2011/03/18 13:53:26 | 000,711,632 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE [2011/03/18 13:53:06 | 000,924,632 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES [2011/03/18 13:53:06 | 000,924,632 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -SAFE-MODE [2011/03/18 13:53:06 | 000,924,632 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --SHOW-ICONS [2011/04/12 20:51:02 | 001,004,088 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --HIDE-ICONS [2011/04/12 20:51:02 | 001,004,088 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --MAKE-DEFAULT-BROWSER [2011/04/12 20:51:02 | 001,004,088 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" [2011/04/12 20:51:02 | 001,004,088 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2009/07/13 21:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2009/07/13 21:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2009/07/13 21:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2010/11/20 08:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE [2010/11/20 08:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\OPERA\OPERA.EXE" /SHOWICONSCOMMAND [2011/04/14 09:51:13 | 000,941,936 | ---- | M] (Opera Software)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\OPERA\OPERA.EXE" /HIDEICONSCOMMAND [2011/04/14 09:51:13 | 000,941,936 | ---- | M] (Opera Software)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\OPERA\OPERA.EXE" /REINSTALLBROWSER [2011/04/14 09:51:13 | 000,941,936 | ---- | M] (Opera Software)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\shell\open\command\\: "C:\PROGRAM FILES (X86)\OPERA\OPERA.EXE" [2011/04/14 09:51:13 | 000,941,936 | ---- | M] (Opera Software)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\SAFARI\SAFARI.EXE" /REINSTALL [2011/03/21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\SAFARI\SAFARI.EXE" /HIDEICONS [2011/03/21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\SAFARI\SAFARI.EXE" /SHOWICONS [2011/03/21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\PROGRAM FILES (X86)\SAFARI\SAFARI.EXE" [2011/03/21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.)

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\ProgramData\Temp:5C321E34
@Alternate Data Stream - 234 bytes -> C:\ProgramData\Temp:84BD8B63
@Alternate Data Stream - 232 bytes -> C:\ProgramData\Temp:93F3E4C9
@Alternate Data Stream - 231 bytes -> C:\ProgramData\Temp:16A4620C
@Alternate Data Stream - 229 bytes -> C:\ProgramData\Temp:BDD83DC4
@Alternate Data Stream - 226 bytes -> C:\ProgramData\Temp:1E5EC928
@Alternate Data Stream - 223 bytes -> C:\ProgramData\Temp:E6D148BC
@Alternate Data Stream - 221 bytes -> C:\ProgramData\Temp:ADE67221
@Alternate Data Stream - 217 bytes -> C:\ProgramData\Temp:5A437AC3
@Alternate Data Stream - 217 bytes -> C:\ProgramData\Temp:1F96ED45
@Alternate Data Stream - 215 bytes -> C:\ProgramData\Temp:885EBC91
@Alternate Data Stream - 215 bytes -> C:\ProgramData\Temp:72F57408
@Alternate Data Stream - 214 bytes -> C:\ProgramData\Temp:3AB8D21A
@Alternate Data Stream - 214 bytes -> C:\ProgramData\Temp:2CE15176
@Alternate Data Stream - 214 bytes -> C:\ProgramData\Temp:19C3BC3A
@Alternate Data Stream - 212 bytes -> C:\ProgramData\Temp:A4E7D25F
@Alternate Data Stream - 212 bytes -> C:\ProgramData\Temp:9857FAE3
@Alternate Data Stream - 212 bytes -> C:\ProgramData\Temp:5D17C178
@Alternate Data Stream - 212 bytes -> C:\ProgramData\Temp:3E06C78F
@Alternate Data Stream - 211 bytes -> C:\ProgramData\Temp:6E2A6B4A
@Alternate Data Stream - 211 bytes -> C:\ProgramData\Temp:67C320D1
@Alternate Data Stream - 210 bytes -> C:\ProgramData\Temp:D31BE97C
@Alternate Data Stream - 210 bytes -> C:\ProgramData\Temp:9E3E060F
@Alternate Data Stream - 209 bytes -> C:\ProgramData\Temp:8C6D2EC3
@Alternate Data Stream - 208 bytes -> C:\ProgramData\Temp:F422F8F1
@Alternate Data Stream - 207 bytes -> C:\ProgramData\Temp:6F1F66C0
@Alternate Data Stream - 207 bytes -> C:\ProgramData\Temp:4573A78F
@Alternate Data Stream - 206 bytes -> C:\ProgramData\Temp:7B2BB690
@Alternate Data Stream - 205 bytes -> C:\ProgramData\Temp:AE75CCC8
@Alternate Data Stream - 205 bytes -> C:\ProgramData\Temp:A4076A3B
@Alternate Data Stream - 205 bytes -> C:\ProgramData\Temp:16B49C20
@Alternate Data Stream - 205 bytes -> C:\ProgramData\Temp:0860D6D6
@Alternate Data Stream - 203 bytes -> C:\ProgramData\Temp:33DB8278
@Alternate Data Stream - 203 bytes -> C:\ProgramData\Temp:0F0A5896
@Alternate Data Stream - 202 bytes -> C:\ProgramData\Temp:1CE87230
@Alternate Data Stream - 202 bytes -> C:\ProgramData\Temp:102394C6
@Alternate Data Stream - 202 bytes -> C:\ProgramData\Temp:0AC32449
@Alternate Data Stream - 201 bytes -> C:\ProgramData\Temp:D4D3884D
@Alternate Data Stream - 200 bytes -> C:\ProgramData\Temp:F0762150
@Alternate Data Stream - 200 bytes -> C:\ProgramData\Temp:6BF0805F
@Alternate Data Stream - 196 bytes -> C:\ProgramData\Temp:592D7272
@Alternate Data Stream - 194 bytes -> C:\ProgramData\Temp:A7DA2BCD
@Alternate Data Stream - 193 bytes -> C:\ProgramData\Temp:FDD17FC9
@Alternate Data Stream - 193 bytes -> C:\ProgramData\Temp:6514A833
@Alternate Data Stream - 189 bytes -> C:\ProgramData\Temp:89E1BAF5
@Alternate Data Stream - 188 bytes -> C:\ProgramData\Temp:DEEA5B0E
@Alternate Data Stream - 188 bytes -> C:\ProgramData\Temp:2FC7B9E4
@Alternate Data Stream - 187 bytes -> C:\ProgramData\Temp:A688EF17
@Alternate Data Stream - 187 bytes -> C:\ProgramData\Temp:95198126
@Alternate Data Stream - 180 bytes -> C:\ProgramData\Temp:21F28B00
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:14A1BBE3
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:19474103
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:A819A132
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:54380FEC
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:A5CD91DF
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:35629AE6
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:C76CFF82
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:697DDE2B
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:5080697C
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:0BBF232A
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:D6255023
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:207C4C79
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:E8C44CB4
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:4F28299B
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:3C9B05C4
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:34EFF1F2
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:B2735F9E
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:8204AA35
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:3BBB1871
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:CA0CE093
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:86B7FDDB
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:512E1728
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:7ADB695A
@Alternate Data Stream - 108 bytes -> C:\ProgramData\Temp:ABFEED8E
@Alternate Data Stream - 107 bytes -> C:\ProgramData\Temp:1A6AFE3D
@Alternate Data Stream - 106 bytes -> C:\ProgramData\Temp:BD9F7E4E
@Alternate Data Stream - 106 bytes -> C:\ProgramData\Temp:375FC7E7
@Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:E91ADC66
@Alternate Data Stream - 104 bytes -> C:\ProgramData\Temp:D48500F8

< End of report >
  • 0

#4
Render
Posted 28 April 2011 - 11:23 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi,

So redirects are present only in Firefox?

We will try with this now:

Download AVPTool from Here to your desktop

Run the program you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan
  • On the first tab select all elements down to Computer (excluding Computer) and then select start scan
  • Once it has finished select report and post that.

Posted Image

Do not close AVPTool or it will self uninstall, if it does uninstall - then just rerun the setup file on your desktop

Now an analysis scan
  • Select the Manual Disinfection tab
  • Press the Gather System Information button
  • Once done Open the last report saved folder then attach the zip file to your next post zip
  • The file is located at C:\Users\your name\Desktop\Virus Removal Tool\setup_9.0.0.722_05.01.2011_20-34\LOG\avptool_sysinfo.zip

Posted Image

How to add an attachment to a new topic or reply
  • 0

#5
AngieBatgirl
Posted 28 April 2011 - 12:27 PM

AngieBatgirl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Hi :) Yes, the redirect only happens in Firefox. I also use Safari and Opera and I don't have a problem with either one of those.

This is all it said in the report:

Autoscan: completed 2 minutes ago (events: 2, objects: 18527, time: 00:52:37)
4/28/2011 1:29:40 PM Task started
4/28/2011 2:22:17 PM Task completed


Attached File  avptool_sysinfo.zip   54.58KB   127 downloads
  • 0

#6
Render
Posted 28 April 2011 - 12:40 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi,

http://urlseek10.vmn.net

Is the site above the only site that you get sent to?

Please do the following below and once done please check for redirects.

We need to run an OTL Fix

  • Please reopen Posted Image on your desktop.
  • Copy (select all lines inside quote box and press CTRL+C) and Paste (press CTRL+V) the following code into the Posted Image textbox.

    :OTL

    :Files
    ipconfig /flushdns /c

    :Reg

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Click on Posted Image button.
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click on Posted Image button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

  • 0

#7
AngieBatgirl
Posted 28 April 2011 - 01:40 PM

AngieBatgirl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Here you go:

All processes killed
========== OTL ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Angie\Downloads\cmd.bat deleted successfully.
C:\Users\Angie\Downloads\cmd.txt deleted successfully.
========== REGISTRY ==========
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Angie
->Temp folder emptied: 10115101 bytes
->Temporary Internet Files folder emptied: 8130904 bytes
->Java cache emptied: 82813355 bytes
->FireFox cache emptied: 668183328 bytes
->Google Chrome cache emptied: 1905008 bytes
->Apple Safari cache emptied: 208609280 bytes
->Opera cache emptied: 19973389 bytes
->Flash cache emptied: 17298564 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56468 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Mcx1-BATCOMPUTER
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 159682 bytes
->Flash cache emptied: 56502 bytes

User: Mcx2-BATCOMPUTER
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 88570 bytes
->Flash cache emptied: 56466 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 107552 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 608 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67563 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 757 bytes
RecycleBin emptied: 5152855243 bytes

Total Files Cleaned = 5,885.00 mb


[EMPTYFLASH]

User: All Users

User: Angie
->Flash cache emptied: 0 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Mcx1-BATCOMPUTER
->Flash cache emptied: 0 bytes

User: Mcx2-BATCOMPUTER
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.22.3 log created on 04282011_151404

Files\Folders moved on Reboot...
C:\Users\Angie\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...


ETA: The redirect just happened. I clicked on 'My Profile' on this page and then 'Topics' and I was redirected to "http://urlseek10.vmn...-angiebatgirl/"

Edited by AngieBatgirl, 28 April 2011 - 01:46 PM.

  • 0

#8
Render
Posted 28 April 2011 - 02:05 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Let's try with this:

Please download ComboFix from Here or Here to your Desktop.

Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop.

  • If you are using Firefox, make sure that your download settings are as follows:
  • Tools->Options->Main tab
  • Set to "Always ask me where to Save the files".
During the download, rename Combofix to Combo-Fix as follows:

Posted Image

Posted Image

<li>It is important you rename Combofix during the download, but not after.
<li>Please do not rename Combofix to other names, but only to the one indicated.
<li>Close any open browsers.
<li>Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection

<li>Double click on combo-Fix.exe & follow the prompts.
<li>When finished, it will produce a report for you.
<li>Please post the "C:\Combo-Fix.txt" for further review

Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall.
  • 0

#9
AngieBatgirl
Posted 28 April 2011 - 05:16 PM

AngieBatgirl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
ComboFix 11-04-28.01 - Angie 04/28/2011 19:02:22.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.12031.10269 [GMT -4:00]
Running from: c:\users\Angie\Desktop\Combo-Fix.exe
AV: Norton Security Suite *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Norton Security Suite *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Norton Security Suite *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Thumbs.db
c:\users\Angie\AppData\Roaming\.#
c:\users\Angie\AppData\Roaming\Evoly
c:\users\Angie\AppData\Roaming\Evoly\Save.xml
c:\users\Angie\hjsplit.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-03-28 to 2011-04-28 )))))))))))))))))))))))))))))))
.
.
2011-04-28 23:08 . 2011-04-28 23:08 -------- d-----w- c:\users\Mcx1-BATCOMPUTER\AppData\Local\temp
2011-04-28 23:08 . 2011-04-28 23:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-28 19:14 . 2011-04-28 19:14 -------- d-----w- C:\_OTL
2011-04-28 17:28 . 2011-04-28 17:29 -------- d-----w- c:\programdata\Kaspersky Lab
2011-04-28 09:37 . 2011-04-28 09:37 -------- d-----w- c:\users\Angie\AppData\Local\Trusteer
2011-04-28 07:04 . 2011-04-28 07:05 -------- d-----w- c:\program files (x86)\Amanda Rose - The Game of Time
2011-04-28 04:35 . 2011-04-08 14:17 64272 ----a-w- c:\windows\system32\drivers\RapportKE64.sys
2011-04-28 04:35 . 2011-04-28 04:35 -------- d-----w- c:\users\Angie\AppData\Roaming\Trusteer
2011-04-28 04:35 . 2011-04-28 04:35 -------- d-----w- c:\program files (x86)\Trusteer
2011-04-28 04:34 . 2011-04-28 04:34 -------- d-----w- c:\programdata\Trusteer
2011-04-26 17:43 . 2011-02-25 06:19 2871808 ----a-w- c:\windows\explorer.exe
2011-04-26 17:43 . 2011-02-25 05:30 2616320 ----a-w- c:\windows\SysWow64\explorer.exe
2011-04-26 17:43 . 2011-03-12 12:08 1465344 ----a-w- c:\windows\system32\XpsPrint.dll
2011-04-26 17:43 . 2011-03-12 11:23 870912 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2011-04-25 20:11 . 2011-04-25 20:11 8192 ----a-w- c:\windows\SysWow64\srvany.exe
2011-04-25 20:08 . 2011-04-25 20:08 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services
2011-04-25 20:06 . 2011-04-25 20:06 -------- d-----w- c:\users\Angie\AppData\Local\Microsoft Help
2011-04-25 20:06 . 2011-04-26 05:18 -------- d-----w- c:\programdata\Microsoft Help
2011-04-25 20:06 . 2011-04-25 20:06 -------- d-----r- C:\MSOCache
2011-04-25 16:59 . 2011-04-25 16:59 -------- d-----w- c:\users\Angie\AppData\Roaming\Colibri Games
2011-04-25 16:59 . 2011-04-25 16:59 -------- d-----w- c:\programdata\Colibri Games
2011-04-22 22:47 . 2011-04-22 22:47 -------- d-----w- c:\users\Angie\AppData\Roaming\Gogii
2011-04-22 21:52 . 2011-04-22 21:52 -------- d-----w- c:\users\Angie\AppData\Roaming\Ghost Ship Studios
2011-04-22 21:45 . 2011-04-22 21:45 -------- d-----w- c:\programdata\Astar Games
2011-04-22 21:36 . 2011-04-22 21:36 -------- d-----w- c:\program files (x86)\Nightmare Adventures - The Witch's Prison
2011-04-22 21:33 . 2011-04-22 21:33 -------- d-----w- c:\programdata\Avalon-Legends-Solitaire
2011-04-22 19:39 . 2011-04-22 19:39 404128 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-04-22 19:36 . 2011-04-22 19:36 388096 ----a-r- c:\users\Angie\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-04-22 19:35 . 2011-04-22 19:35 -------- d-----w- c:\program files\Speccy
2011-04-22 19:05 . 2011-04-22 19:05 -------- d-----w- c:\program files (x86)\FileHippo.com
2011-04-22 18:52 . 2011-04-22 18:52 -------- d-----w- c:\users\Angie\AppData\Roaming\OpenDNS Updater
2011-04-22 18:52 . 2011-04-22 18:52 -------- d-----w- c:\program files (x86)\OpenDNS Updater
2011-04-22 18:07 . 2011-04-22 18:07 -------- d-----w- c:\program files (x86)\Trend Micro
2011-04-21 17:53 . 2011-04-21 17:54 -------- d-----w- c:\program files (x86)\Avalon Legends Solitaire
2011-04-21 17:03 . 2011-04-21 17:03 -------- d-----w- c:\program files (x86)\Celtic Lore - Sidhe Hills
2011-04-20 17:35 . 2011-04-20 17:38 -------- d-----w- c:\users\Angie\Sweeney Todd
2011-04-20 16:04 . 2011-04-20 16:04 -------- d-----w- c:\program files (x86)\twhirl
2011-04-19 21:15 . 2011-04-19 21:15 -------- d-----w- c:\users\Mcx2-BATCOMPUTER
2011-04-18 16:38 . 2011-04-18 16:38 -------- d-----w- c:\program files (x86)\Laura Jones and the Gates of Good and Evil
2011-04-18 16:29 . 2011-04-18 16:29 -------- d-----w- c:\program files (x86)\Robin's Quest - A Legend Born
2011-04-18 05:28 . 2011-04-18 05:28 -------- d-----w- c:\users\Angie\AppData\Local\AMD
2011-04-18 05:28 . 2011-04-18 05:28 -------- d-----w- c:\programdata\ATI
2011-04-18 05:20 . 2011-04-18 05:20 -------- d-----w- c:\programdata\AMD
2011-04-16 18:29 . 2011-04-16 18:29 -------- d-----w- c:\program files (x86)\ATI Stream
2011-04-16 18:28 . 2010-02-18 13:18 46136 ----a-w- c:\windows\system32\drivers\amdiox64.sys
2011-04-16 18:27 . 2011-04-16 18:27 -------- d-----w- c:\program files\ATI Technologies
2011-04-16 18:27 . 2011-04-16 18:29 -------- d-----w- c:\program files (x86)\ATI Technologies
2011-04-16 18:25 . 2011-04-16 18:24 115216 ----a-w- c:\windows\system32\drivers\AtihdW76.sys
2011-04-16 02:17 . 2011-04-16 02:17 -------- d-----w- c:\programdata\Recovery
2011-04-15 03:06 . 2011-02-24 06:15 476160 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-04-15 03:06 . 2011-02-24 05:38 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2011-04-15 03:04 . 2011-03-07 06:31 1188864 ----a-w- c:\windows\system32\wininet.dll
2011-04-15 02:59 . 2011-02-12 11:34 267776 ----a-w- c:\windows\system32\FXSCOVER.exe
2011-04-15 02:58 . 2011-02-23 04:56 158208 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-15 02:58 . 2011-02-23 04:55 287744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-04-15 02:58 . 2011-02-23 04:55 128000 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-04-15 02:58 . 2011-02-23 04:55 90624 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-04-14 14:03 . 2011-04-14 14:03 -------- d-----w- c:\users\Angie\AppData\Roaming\TomTom
2011-04-14 14:03 . 2011-04-14 14:03 -------- d-----w- c:\users\Angie\AppData\Local\TomTom
2011-04-14 14:03 . 2011-04-14 14:03 -------- d-----w- c:\program files (x86)\TomTom International B.V
2011-04-14 14:02 . 2011-04-14 14:02 -------- d-----w- c:\program files (x86)\TomTom HOME 2
2011-04-13 13:49 . 2011-04-13 13:49 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-04-11 22:06 . 2011-04-11 22:06 -------- d-----w- c:\users\Angie\AppData\Roaming\FairyTale
2011-04-11 17:41 . 2011-04-11 17:41 -------- d-----w- c:\users\Angie\AppData\Roaming\Malwarebytes
2011-04-11 17:41 . 2010-12-20 22:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-04-11 17:41 . 2011-04-26 21:04 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-04-11 17:41 . 2011-04-11 17:41 -------- d-----w- c:\programdata\Malwarebytes
2011-04-11 17:41 . 2010-12-20 22:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-11 06:15 . 2011-04-11 06:15 -------- d-----w- c:\users\Angie\AppData\Roaming\SUPERAntiSpyware.com
2011-04-11 06:15 . 2011-04-11 06:15 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-04-11 06:15 . 2011-04-11 06:15 -------- d-----w- c:\programdata\!SASCORE
2011-04-11 06:14 . 2011-04-21 23:25 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-04-09 15:13 . 2011-04-09 15:30 -------- d-----w- c:\users\Angie\.android
2011-04-09 15:13 . 2011-04-26 21:17 521448 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-09 15:11 . 2011-04-26 21:17 -------- d-----w- c:\program files\Java
2011-04-09 05:22 . 2011-04-09 05:22 -------- d-----w- c:\program files (x86)\Funkitron
2011-04-07 05:31 . 2011-04-07 05:31 -------- d-----w- c:\windows\Vesuvia
2011-04-04 16:11 . 2011-04-04 16:11 -------- d-----w- c:\program files (x86)\Cookienator
2011-04-04 16:06 . 2011-04-04 16:06 -------- d-----w- c:\users\Angie\AppData\Roaming\CBS Interactive
2011-04-04 16:00 . 2010-01-10 23:40 118784 ----a-w- c:\windows\SysWow64\MSSTDFMT.DLL
2011-04-04 16:00 . 2011-04-26 14:19 -------- d-----w- c:\program files (x86)\SpywareBlaster
2011-04-03 15:39 . 2010-11-20 13:24 2872320 ----a-w- c:\windows\system32\explorer.exe
2011-04-02 23:28 . 2011-04-02 23:28 -------- d-----w- c:\programdata\iWin
2011-04-02 21:59 . 2011-04-02 21:59 -------- d-----w- c:\windows\Jewel Quest Mysteries The Seventh Gate Collectors Edition
2011-04-02 20:03 . 2011-04-02 20:03 -------- d-----w- c:\users\Angie\AppData\Roaming\MagicIndie
2011-04-02 19:52 . 2011-04-02 19:52 -------- d-----w- c:\windows\Haunted Halls - Green Hills Sanitarium Collector's Edition
2011-04-01 16:57 . 2011-04-01 16:57 -------- d-----w- c:\program files (x86)\Winamp Toolbar
2011-04-01 16:57 . 2011-04-01 16:57 -------- d-----w- c:\programdata\Winamp Toolbar
2011-04-01 16:57 . 2011-04-01 16:57 -------- d-----w- c:\program files (x86)\Common Files\Software Update Utility
2011-04-01 06:45 . 2011-04-01 06:45 -------- d-----w- c:\users\Angie\AppData\Local\Electronic Arts
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-13 13:49 . 2011-02-23 02:39 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-03-29 17:30 . 2010-06-24 18:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-15 15:30 . 2011-03-15 15:30 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2011-03-15 15:30 . 2011-02-23 03:40 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-03-15 14:29 . 2011-02-23 02:40 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2011-03-08 20:11 . 2011-03-08 20:11 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-3\Microsoft.MediaCenter.Sports.UI.dll
2011-03-08 18:11 . 2011-03-08 18:11 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-7\markup.dll
2011-03-08 18:10 . 2011-02-23 02:39 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-03-08 17:57 . 2011-03-08 17:57 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-4\Microsoft.MediaCenter.Sports.UI.dll
2011-03-08 17:57 . 2011-03-08 17:16 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-03-08 17:37 . 2011-03-08 17:00 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-3\StartResources.dll
2011-03-08 17:25 . 2011-03-08 17:16 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2011-03-04 06:19 . 2011-04-26 17:42 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2011-03-04 06:19 . 2011-04-26 17:42 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2011-02-23 08:41 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-02-23 08:41 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-02-19 18:44 . 2011-02-19 18:44 419840 ----a-w- c:\windows\system32\wrap_oal.dll
2011-02-19 18:44 . 2011-02-19 18:44 413696 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2011-02-19 18:44 . 2011-02-19 18:44 133632 ----a-w- c:\windows\system32\OpenAL32.dll
2011-02-19 18:44 . 2011-02-19 18:44 110592 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2011-02-19 12:05 . 2011-03-09 04:43 1139200 ----a-w- c:\windows\system32\FntCache.dll
2011-02-19 12:04 . 2011-03-09 04:43 1544192 ----a-w- c:\windows\system32\DWrite.dll
2011-02-19 12:04 . 2011-03-09 04:43 902656 ----a-w- c:\windows\system32\d2d1.dll
2011-02-19 06:30 . 2011-03-09 04:43 1076736 ----a-w- c:\windows\SysWow64\DWrite.dll
2011-02-19 06:30 . 2011-03-09 04:43 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2011-02-12 02:45 . 2011-02-12 02:45 173104 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2011-02-03 02:40 . 2011-02-12 04:13 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-02-02 22:11 . 2011-02-12 02:37 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-02-02 22:10 . 2011-02-12 02:37 7844688 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{97220ABB-4170-4FC3-8558-0A5482447DB8}\mpengine.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DesktopIconToy"="c:\program files (x86)\Desktop Icon Toy\DesktopIconToy.exe" [2010-10-04 604672]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2011-03-29 399736]
"EADM"="c:\program files (x86)\Electronic Arts\EADM\EADMUI\EADMUI.exe" [2011-04-03 11857920]
"Cookienator"="c:\program files (x86)\Cookienator\cookienator.exe" [2009-10-19 1333472]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-04-21 2988488]
"FileHippo.com"="c:\program files (x86)\FileHippo.com\UpdateChecker.exe" [2010-08-09 248832]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2010-09-28 664600]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-03-22 74752]
"Freecorder FLV Service"="c:\program files (x86)\Freecorder\FLVSrvc.exe" [2010-06-26 167936]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-10-25 932288]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2011-01-30 36760]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2011-01-30 821144]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-02-15 1230704]
"Intel AppUp(SM) center"="c:\program files (x86)\Intel\IntelAppStore\bin\serviceManager.lnk" [2011-03-25 1304]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-12-29 336384]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
.
c:\users\Angie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
_uninst_setup_9.0.0.722_28.04.2011_19-30.exe.lnk - c:\users\Angie\AppData\Local\Temp\_uninst_setup_9.0.0.722_28.04.2011_19-30.exe.bat [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digsby.lnk - c:\program files (x86)\Digsby\digsby.exe [2010-3-3 141488]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-12 136176]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [x]
R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys [x]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [x]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [x]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [x]
S0 RapportKE64;RapportKE64;c:\windows\System32\Drivers\RapportKE64.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0403000.005\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0403000.005\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110419.001\BHDrvx64.sys [2011-04-15 1127032]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360x64\0403000.005\ccHPx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110426.001\IDSvia64.sys [2011-03-14 476792]
S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2011-04-08 52496]
S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2011-04-08 61200]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0403000.005\Ironx64.SYS [x]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\N360x64\0403000.005\SYMTDIV.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2010-06-29 128752]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2010-12-29 354304]
S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 194496]
S2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe [2006-10-11 561152]
S2 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [2010-08-06 681528]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-08-21 92216]
S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2010-09-07 202048]
S2 N360;Norton Security Suite;c:\program files (x86)\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe [2010-02-26 126392]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2010-09-28 1119768]
S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2011-04-08 870200]
S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-09-11 399344]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2011-03-09 92592]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-02-11 132656]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - RAPPORTKE64
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-12 04:46]
.
2011-04-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-12 04:46]
.
2011-04-26 c:\windows\Tasks\HPCeeScheduleForAngie.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
2011-04-15 c:\windows\Tasks\HPCeeScheduleForBATCOMPUTER$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
2011-04-25 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files (x86)\Spybot - Search & Destroy\SpybotSD.exe [2011-02-12 20:31]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-09-15 611896]
"dlcxmon.exe"="c:\program files (x86)\Dell Photo AIO Printer 926\dlcxmon.exe" [2007-01-12 292336]
"MemoryCardManager"="c:\program files (x86)\Dell Photo AIO Printer 926\memcard.exe" [2006-11-03 304008]
"DLCXCATS"="c:\windows\system32\spool\DRIVERS\x64\3\DLCXtime.dll" [2006-10-16 31744]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
FF - ProfilePath - c:\users\Angie\AppData\Roaming\Mozilla\Firefox\Profiles\9eeqmm79.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://search.swagbucks.com
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-{B1A4A13D-4665-4ED3-9DFE-F845725FBBD8} - c:\program files (x86)\InstallShield Installation Information\{B1A4A13D-4665-4ED3-9DFE-F845725FBBD8}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Security Suite\Engine\4.3.0.5\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-04-28 19:10:03
ComboFix-quarantined-files.txt 2011-04-28 23:10
.
Pre-Run: 261,653,512,192 bytes free
Post-Run: 261,597,679,616 bytes free
.
- - End Of File - - C3F755FE2DE63B87C755577D75EEFFDB
  • 0

#10
Render
Posted 28 April 2011 - 05:33 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
OK. Redirects are probably still present?

If yes we will take a simple approach. Firefox re-install. So backup you bookmarks, certificates, passwords etc and un-install Firefox from Add and remove Programs in Control Panel. Un-install also all add-ins for Firefox.

Do not install Firefox yet. First make a fresh OTL scan and post the log here. I want to see if everything is properly un-installed.

Posted Image OTL Custom Scan

  • Double click on the Posted Image icon to run it.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top, make sure Stadard output is selected.
  • Check the boxes beside LOP Check and Purity Check.
  • Copy (select all lines inside quote box and press CTRL+C) and Paste (press CTRL+V) the following code into the Posted Image textbox.

    netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open OTL.Txt in Notepad window.
  • Please copy (Edit->Select All, Edit->Copy) the content of this file and post it with your next reply.

  • 0

Advertisements

#11
AngieBatgirl
Posted 28 April 2011 - 09:59 PM

AngieBatgirl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
OTL logfile created on: 4/28/2011 11:44:20 PM - Run 3
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Angie\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

12.00 Gb Total Physical Memory | 9.00 Gb Available Physical Memory | 73.00% Memory free
23.00 Gb Paging File | 20.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 685.34 Gb Total Space | 243.36 Gb Free Space | 35.51% Space Free | Partition Type: NTFS
Drive D: | 13.20 Gb Total Space | 1.62 Gb Free Space | 12.30% Space Free | Partition Type: NTFS

Computer Name: BATCOMPUTER | User Name: Angie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/22 14:12:44 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Angie\Downloads\OTL.exe
PRC - [2011/04/20 12:04:47 | 000,142,848 | ---- | M] () -- C:\Program Files (x86)\twhirl\twhirl.exe
PRC - [2011/04/14 09:51:13 | 000,941,936 | ---- | M] (Opera Software) -- C:\Program Files (x86)\Opera\opera.exe
PRC - [2011/04/12 13:41:53 | 000,122,040 | ---- | M] (dotSyntax, LLC) -- C:\Program Files (x86)\Digsby\lib\digsby-app.exe
PRC - [2011/04/08 10:17:30 | 001,550,136 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
PRC - [2011/04/08 10:17:30 | 000,870,200 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2011/03/29 13:33:46 | 000,399,736 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
PRC - [2011/03/22 14:37:06 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe
PRC - [2011/03/21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Safari\Safari.exe
PRC - [2011/03/09 08:30:08 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/02/14 21:32:52 | 001,230,704 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/01/30 11:45:14 | 000,821,144 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2010/12/01 10:26:42 | 000,574,216 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManager.exe
PRC - [2010/11/24 16:33:26 | 000,921,600 | ---- | M] () -- C:\ProgramData\TVersity\Media Server\MediaServer.exe
PRC - [2010/09/28 11:09:28 | 001,119,768 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe
PRC - [2010/09/11 04:02:22 | 000,399,344 | ---- | M] (Roxio) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
PRC - [2010/09/07 12:47:18 | 000,202,048 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
PRC - [2010/09/07 12:47:08 | 000,664,896 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
PRC - [2010/08/20 20:57:28 | 000,092,216 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010/06/26 14:09:18 | 000,167,936 | ---- | M] (Applian Technologies, Inc.) -- C:\Program Files (x86)\Freecorder\FLVSrvc.exe
PRC - [2010/02/25 20:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Security Suite\Engine\4.3.0.5\ccsvchst.exe
PRC - [2009/01/26 16:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/11/20 13:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
PRC - [2007/01/12 12:57:28 | 000,292,336 | ---- | M] () -- C:\Program Files (x86)\Dell Photo AIO Printer 926\dlcxmon.exe
PRC - [2006/11/03 18:04:46 | 000,304,008 | ---- | M] () -- C:\Program Files (x86)\Dell Photo AIO Printer 926\memcard.exe


========== Modules (SafeList) ==========

MOD - [2011/04/22 14:12:44 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Angie\Downloads\OTL.exe
MOD - [2010/11/20 07:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/12/28 22:50:34 | 000,354,304 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2010/08/05 22:51:08 | 000,291,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/08/05 22:47:48 | 000,681,528 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe -- (HPAuto)
SRV:64bit: - [2010/06/29 13:49:27 | 000,128,752 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2010/06/17 05:23:36 | 000,194,496 | ---- | M] (Advanced Micro Devices) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe -- (AMD Reservation Manager)
SRV:64bit: - [2010/05/11 11:16:12 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2006/10/11 18:36:58 | 000,561,152 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\dlcxcoms.exe -- (dlcx_device)
SRV - [2011/04/26 17:08:02 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/04/25 16:11:09 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\srvany.exe -- (KMService)
SRV - [2011/04/08 10:17:30 | 000,870,200 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2011/03/09 08:30:08 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2011/02/28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/11/24 16:33:26 | 000,921,600 | ---- | M] () [Auto | Running] -- C:\ProgramData\TVersity\Media Server\MediaServer.exe -- (TVersityMediaServer)
SRV - [2010/09/28 11:09:28 | 001,119,768 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2010/09/11 04:02:22 | 000,399,344 | ---- | M] (Roxio) [Auto | Running] -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service)
SRV - [2010/09/07 12:47:18 | 000,202,048 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
SRV - [2010/08/20 20:57:28 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/06/18 21:59:12 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/06/01 18:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/25 20:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe -- (N360)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2006/10/11 17:48:50 | 000,532,480 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWow64\dlcxcoms.exe -- (dlcx_device)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/04/16 14:24:49 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/04/08 10:17:46 | 000,064,272 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\RapportKE64.sys -- (RapportKE64)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/11 22:45:22 | 000,173,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/09/03 02:59:26 | 000,349,800 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/08/13 09:35:36 | 000,075,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2010/08/13 09:35:36 | 000,038,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2010/06/18 16:09:42 | 000,030,208 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motmodem.sys -- (motmodem)
DRV:64bit: - [2010/06/18 15:42:40 | 000,020,992 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgp.sys -- (motccgp)
DRV:64bit: - [2010/05/11 11:46:18 | 006,790,656 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/05/11 10:24:20 | 000,221,184 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/05/06 00:01:59 | 000,451,120 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0403000.005\symtdiv.sys -- (SYMTDIv)
DRV:64bit: - [2010/04/29 01:03:51 | 000,150,064 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0403000.005\ironx64.sys -- (SymIRON)
DRV:64bit: - [2010/04/21 23:02:20 | 000,221,232 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0403000.005\symefa64.sys -- (SymEFA)
DRV:64bit: - [2010/04/21 22:29:51 | 000,505,392 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0403000.005\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2010/04/21 22:29:51 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0403000.005\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2010/04/01 15:44:06 | 000,026,624 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Motousbnet.sys -- (Motousbnet)
DRV:64bit: - [2010/03/10 11:33:52 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2010/02/25 20:22:52 | 000,615,040 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0403000.005\cchpx64.sys -- (ccHP)
DRV:64bit: - [2010/02/18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2010/02/17 14:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2010/02/17 14:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2010/01/25 20:57:54 | 000,010,240 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motusbdevice.sys -- (motusbdevice)
DRV:64bit: - [2009/12/22 05:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/10/14 23:50:05 | 000,433,200 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0403000.005\symds64.sys -- (SymDS)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/10 14:06:50 | 000,031,744 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motoandroid.sys -- (motandroidusb)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 18:17:08 | 000,034,152 | R--- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/01/29 18:18:12 | 000,009,216 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgpfl.sys -- (motccgpfl)
DRV:64bit: - [2009/01/29 18:11:38 | 000,006,144 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motfilt.sys -- (BTCFilterService)
DRV:64bit: - [2008/11/11 14:42:00 | 000,033,792 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem)
DRV:64bit: - [2008/11/11 14:42:00 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag)
DRV:64bit: - [2008/11/11 14:42:00 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus)
DRV:64bit: - [2007/11/02 16:52:02 | 000,008,576 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motswch.sys -- (MotoSwitchService)
DRV - [2011/04/15 16:29:04 | 001,127,032 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110419.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2011/04/08 10:17:46 | 000,061,200 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys -- (RapportPG64)
DRV - [2011/04/08 10:17:46 | 000,052,496 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys -- (RapportEI64)
DRV - [2011/03/31 06:08:59 | 001,828,984 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20110428.019\EX64.SYS -- (NAVEX15)
DRV - [2011/03/31 06:08:59 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20110428.019\ENG64.SYS -- (NAVENG)
DRV - [2011/03/14 14:58:28 | 000,476,792 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110428.002\IDSviA64.sys -- (IDSVia64)
DRV - [2011/02/11 02:00:00 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2011/02/11 02:00:00 | 000,132,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:1.7.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.2

FF - HKLM\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/11/06 15:52:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\ [2011/02/13 02:22:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\ [2011/02/11 22:45:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011/02/12 02:58:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011/03/21 23:30:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011/03/21 23:30:29 | 000,000,000 | ---D | M]

[2011/04/28 23:42:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Angie\AppData\Roaming\Mozilla\Extensions
[2011/04/14 10:03:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Angie\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/04/28 23:42:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/02/12 01:47:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/03/04 12:12:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/04/14 10:02:37 | 000,000,000 | ---D | M] (Map status indicator) -- C:\PROGRAM FILES (X86)\TOMTOM HOME 2\XUL\EXTENSIONS\[email protected]
[2009/11/19 18:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
[2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/11/19 18:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
[2011/03/22 14:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll

O1 HOSTS File: ([2011/04/28 19:08:30 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\4.3.0.5\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Toolbar - Big Fish Games) - {C7C9FC25-88B0-4682-9C9F-2608E9117647} - C:\Program Files (x86)\bfgbartb\BfgBarDx.dll ()
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Toolbar - Big Fish Games) - {C7C9FC25-88B0-4682-9C9F-2608E9117647} - C:\Program Files (x86)\bfgbartb\BfgBarDx.dll ()
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [DLCXCATS] C:\Windows\SysNative\spool\DRIVERS\x64\3\DLCXtime.DLL ()
O4:64bit: - HKLM..\Run: [dlcxmon.exe] C:\Program Files (x86)\Dell Photo AIO Printer 926\dlcxmon.exe ()
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [MemoryCardManager] C:\Program Files (x86)\Dell Photo AIO Printer 926\memcard.exe ()
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Freecorder FLV Service] C:\Program Files (x86)\Freecorder\FLVSrvc.exe (Applian Technologies, Inc.)
O4 - HKLM..\Run: [Intel AppUp(SM) center] C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManager.lnk ()
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [Cookienator] C:\Program Files (x86)\Cookienator\cookienator.exe (CodeFromThe70s.org)
O4 - HKCU..\Run: [DesktopIconToy] C:\Program Files (x86)\Desktop Icon Toy\DesktopIconToy.exe (iDeskSoft)
O4 - HKCU..\Run: [EADM] C:\Program Files (x86)\Electronic Arts\EADM\EADMUI\EADMUI.exe (Electronic Arts)
O4 - HKCU..\Run: [FileHippo.com] C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe (FileHippo.com)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_setup_9.0.0.722_28.04.2011_19-30.exe.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysNative\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/04/28 19:12:00 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/04/28 19:10:05 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/04/28 18:59:14 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/04/28 18:59:14 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/04/28 18:59:14 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/04/28 18:58:46 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/04/28 18:58:22 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/04/28 18:56:38 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/04/28 15:14:04 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/04/28 13:28:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011/04/28 05:37:21 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Local\Trusteer
[2011/04/28 03:04:59 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amanda Rose - The Game of Time
[2011/04/28 03:04:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amanda Rose - The Game of Time
[2011/04/28 03:04:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Amanda Rose - The Game of Time
[2011/04/28 00:35:56 | 000,064,272 | ---- | C] (Trusteer Ltd.) -- C:\Windows\SysNative\drivers\RapportKE64.sys
[2011/04/28 00:35:47 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Roaming\Trusteer
[2011/04/28 00:35:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Rapport
[2011/04/28 00:35:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trusteer
[2011/04/28 00:34:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Trusteer
[2011/04/26 17:17:17 | 000,189,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe
[2011/04/26 17:17:17 | 000,171,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe
[2011/04/26 17:17:17 | 000,171,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe
[2011/04/26 13:43:06 | 002,871,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2011/04/26 13:43:06 | 002,616,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2011/04/26 13:43:01 | 001,465,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2011/04/26 13:43:01 | 000,870,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2011/04/26 13:42:45 | 002,565,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\esent.dll
[2011/04/26 13:42:44 | 001,699,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\esent.dll
[2011/04/26 13:42:44 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fsutil.exe
[2011/04/26 13:42:44 | 000,027,008 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdxata.sys
[2011/04/26 13:42:43 | 000,189,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys
[2011/04/26 13:42:43 | 000,107,904 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdsata.sys
[2011/04/26 13:42:43 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fsutil.exe
[2011/04/26 13:42:36 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\prevhost.exe
[2011/04/26 13:42:36 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\prevhost.exe
[2011/04/25 16:08:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2011/04/25 16:08:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Synchronization Services
[2011/04/25 16:08:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2011/04/25 16:06:41 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2011/04/25 16:06:32 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Local\Microsoft Help
[2011/04/25 16:06:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2011/04/25 16:06:15 | 000,000,000 | R--D | C] -- C:\MSOCache
[2011/04/25 12:59:51 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Roaming\Colibri Games
[2011/04/25 12:59:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Colibri Games
[2011/04/25 12:20:42 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The Tiny Bang Story
[2011/04/22 18:47:05 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Roaming\Gogii
[2011/04/22 18:33:14 | 000,000,000 | ---D | C] -- C:\Users\Angie\Documents\Mystery Seekers The Secret of the Haunted Mansion
[2011/04/22 17:52:16 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Roaming\Ghost Ship Studios
[2011/04/22 17:45:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Astar Games
[2011/04/22 17:36:00 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nightmare Adventures - The Witch's Prison
[2011/04/22 17:36:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nightmare Adventures - The Witch's Prison
[2011/04/22 17:36:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nightmare Adventures - The Witch's Prison
[2011/04/22 17:33:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Avalon-Legends-Solitaire
[2011/04/22 15:39:49 | 000,404,128 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/04/22 15:36:27 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/04/22 15:35:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
[2011/04/22 15:35:24 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy
[2011/04/22 15:34:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/04/22 15:34:55 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/04/22 15:34:50 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2011/04/22 15:05:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileHippo.com
[2011/04/22 14:52:44 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Roaming\OpenDNS Updater
[2011/04/22 14:52:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenDNS Updater
[2011/04/22 14:07:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis
[2011/04/22 14:07:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011/04/21 13:53:58 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Avalon Legends Solitaire
[2011/04/21 13:53:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avalon Legends Solitaire
[2011/04/21 13:53:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avalon Legends Solitaire
[2011/04/21 13:03:12 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Celtic Lore - Sidhe Hills
[2011/04/21 13:03:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Celtic Lore - Sidhe Hills
[2011/04/21 13:03:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Celtic Lore - Sidhe Hills
[2011/04/20 13:35:09 | 000,000,000 | ---D | C] -- C:\Users\Angie\Sweeney Todd
[2011/04/20 12:04:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\twhirl
[2011/04/18 12:38:26 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Laura Jones and the Gates of Good and Evil
[2011/04/18 12:38:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Laura Jones and the Gates of Good and Evil
[2011/04/18 12:38:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Laura Jones and the Gates of Good and Evil
[2011/04/18 12:29:08 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Robin's Quest - A Legend Born
[2011/04/18 12:29:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Robin's Quest - A Legend Born
[2011/04/18 12:29:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Robin's Quest - A Legend Born
[2011/04/18 01:32:42 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011/04/18 01:28:57 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Local\AMD
[2011/04/18 01:28:37 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2011/04/18 01:20:47 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD
[2011/04/16 14:29:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ATI Stream SDK v2
[2011/04/16 14:29:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Stream
[2011/04/16 14:29:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ATI Problem Report Wizard
[2011/04/16 14:29:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2011/04/16 14:28:02 | 000,046,136 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdiox64.sys
[2011/04/16 14:27:58 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2011/04/16 14:27:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2011/04/16 14:25:45 | 000,115,216 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\AtihdW76.sys
[2011/04/15 22:17:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Recovery
[2011/04/14 23:06:11 | 000,476,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2011/04/14 23:06:11 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2011/04/14 23:05:34 | 000,919,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011/04/14 23:05:34 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011/04/14 23:05:34 | 000,613,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2011/04/14 23:05:21 | 001,395,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42.dll
[2011/04/14 23:05:21 | 001,359,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42u.dll
[2011/04/14 23:05:21 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42u.dll
[2011/04/14 23:05:21 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42.dll
[2011/04/14 23:05:04 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2011/04/14 23:05:04 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2011/04/14 23:05:04 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2011/04/14 23:05:04 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2011/04/14 23:04:59 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/04/14 23:04:59 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/04/14 23:04:21 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnsapi.dll
[2011/04/14 23:04:21 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnscacheugc.exe
[2011/04/14 23:04:21 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dnscacheugc.exe
[2011/04/14 23:04:14 | 000,642,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi
[2011/04/14 23:04:14 | 000,605,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.exe
[2011/04/14 23:04:14 | 000,566,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi
[2011/04/14 23:04:14 | 000,518,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.exe
[2011/04/14 23:04:14 | 000,020,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdusb.dll
[2011/04/14 23:04:14 | 000,019,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kd1394.dll
[2011/04/14 23:04:14 | 000,017,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdcom.dll
[2011/04/14 22:59:09 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FXSCOVER.exe
[2011/04/14 10:03:41 | 000,000,000 | ---D | C] -- C:\Users\Angie\Documents\TomTom
[2011/04/14 10:03:25 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Roaming\TomTom
[2011/04/14 10:03:25 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Local\TomTom
[2011/04/14 10:03:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TomTom
[2011/04/14 10:03:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TomTom International B.V
[2011/04/14 10:02:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TomTom HOME 2
[2011/04/11 18:06:54 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Roaming\FairyTale
[2011/04/11 13:41:50 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Roaming\Malwarebytes
[2011/04/11 13:41:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/11 13:41:35 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/04/11 13:41:34 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/04/11 13:41:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/04/11 13:41:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/04/11 02:15:11 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Roaming\SUPERAntiSpyware.com
[2011/04/11 02:15:11 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/04/11 02:15:03 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2011/04/11 02:15:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/04/11 02:14:59 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/04/09 11:13:51 | 000,000,000 | ---D | C] -- C:\Users\Angie\.android
[2011/04/09 11:13:09 | 000,521,448 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deployJava1.dll
[2011/04/09 11:11:41 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/04/09 01:22:57 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Funkitron
[2011/04/09 01:22:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Funkitron
[2011/04/07 01:31:23 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Vesuvia
[2011/04/07 01:31:20 | 000,000,000 | ---D | C] -- C:\Windows\Vesuvia
[2011/04/04 12:11:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cookienator
[2011/04/04 12:07:29 | 000,000,000 | ---D | C] -- C:\Users\Angie\Documents\Downloads
[2011/04/04 12:06:28 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CNET TechTracker
[2011/04/04 12:06:28 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Roaming\CBS Interactive
[2011/04/04 12:00:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
[2011/04/04 12:00:29 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSSTDFMT.DLL
[2011/04/04 12:00:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpywareBlaster
[2011/04/03 11:39:17 | 002,872,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\explorer.exe
[2011/04/02 19:28:17 | 000,000,000 | ---D | C] -- C:\ProgramData\iWin
[2011/04/02 17:59:29 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Jewel Quest Mysteries The Seventh Gate Collectors Edition
[2011/04/02 17:59:14 | 000,000,000 | ---D | C] -- C:\Windows\Jewel Quest Mysteries The Seventh Gate Collectors Edition
[2011/04/02 16:03:10 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Roaming\MagicIndie
[2011/04/02 16:01:11 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The Fool
[2011/04/02 15:56:12 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Haunted Halls - Green Hills Sanitarium Collector's Edition
[2011/04/02 15:52:59 | 000,000,000 | ---D | C] -- C:\Windows\Haunted Halls - Green Hills Sanitarium Collector's Edition
[2011/04/01 12:57:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Winamp Toolbar
[2011/04/01 12:57:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp Toolbar
[2011/04/01 12:57:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Software Update Utility
[2011/04/01 02:45:32 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Local\Electronic Arts
[2011/02/11 23:29:41 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcxpmui.dll
[2011/02/11 23:29:41 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcxinpa.dll
[2011/02/11 23:29:41 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcxiesc.dll
[2011/02/11 23:29:40 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcxserv.dll
[2011/02/11 23:29:40 | 000,991,232 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcxusb1.dll
[2011/02/11 23:29:40 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcxhbn3.dll
[2011/02/11 23:29:40 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcxcomc.dll
[2011/02/11 23:29:40 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcxlmpm.dll
[2011/02/11 23:29:40 | 000,532,480 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcxcoms.exe
[2011/02/11 23:29:40 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcxcomm.dll
[2011/02/11 23:29:40 | 000,381,832 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcxcfg.exe
[2011/02/11 23:29:40 | 000,380,928 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcxih.exe
[2011/02/11 23:29:40 | 000,176,128 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcxppls.exe
[2011/02/11 23:29:40 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcxprox.dll
[2011/02/11 23:29:40 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcxpplc.dll

========== Files - Modified Within 30 Days ==========

[2011/04/28 23:38:04 | 000,003,517 | ---- | M] () -- C:\Users\Angie\Documents\ReFo2.js
[2011/04/28 23:37:55 | 000,004,944 | ---- | M] () -- C:\Users\Angie\Documents\ReFo.ics
[2011/04/28 23:01:28 | 000,845,241 | ---- | M] () -- C:\Users\Angie\Documents\bookmarks-2011-04-28.json
[2011/04/28 23:01:12 | 000,025,534 | ---- | M] () -- C:\Users\Angie\Documents\CurrentSettings.speeddial
[2011/04/28 22:58:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/28 21:58:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/28 19:21:00 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/28 19:21:00 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/28 19:11:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/04/28 19:11:02 | 871,849,982 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/28 19:08:30 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/04/28 18:58:38 | 004,332,535 | R--- | M] () -- C:\Users\Angie\Desktop\Combo-Fix.exe
[2011/04/28 15:13:52 | 000,001,247 | ---- | M] () -- C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_setup_9.0.0.722_28.04.2011_19-30.exe.lnk
[2011/04/26 17:17:12 | 000,521,448 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deployJava1.dll
[2011/04/26 17:17:12 | 000,189,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe
[2011/04/26 17:17:12 | 000,171,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe
[2011/04/26 17:17:12 | 000,171,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe
[2011/04/26 17:06:18 | 000,349,232 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/04/26 17:05:39 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForAngie.job
[2011/04/25 16:11:09 | 000,008,192 | ---- | M] () -- C:\Windows\SysWow64\srvany.exe
[2011/04/25 10:58:23 | 000,000,318 | ---- | M] () -- C:\Windows\tasks\Spybot - Search & Destroy - Scheduled Task.job
[2011/04/23 13:38:45 | 000,778,150 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/04/23 13:38:45 | 000,659,580 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/04/23 13:38:45 | 000,120,508 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/04/22 15:39:49 | 000,404,128 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/04/21 18:18:03 | 000,001,867 | ---- | M] () -- C:\Users\Public\Desktop\BookCAT.lnk
[2011/04/19 17:31:02 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motusbdevice_01007.Wdf
[2011/04/19 17:14:56 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2011/04/18 23:54:26 | 000,000,962 | ---- | M] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk
[2011/04/18 23:52:40 | 000,002,623 | ---- | M] () -- C:\Users\Public\Desktop\ClicksAndWhistles.lnk
[2011/04/18 19:53:37 | 000,006,144 | ---- | M] () -- C:\Users\Angie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/18 11:19:58 | 000,002,491 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2011/04/18 01:48:27 | 000,008,128 | ---- | M] () -- C:\Users\Angie\Documents\cc_20110418_014822.reg
[2011/04/18 01:26:30 | 000,149,574 | ---- | M] () -- C:\Windows\SysNative\log.xml
[2011/04/16 14:24:49 | 000,115,216 | ---- | M] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\AtihdW76.sys
[2011/04/15 03:32:11 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForBATCOMPUTER$.job
[2011/04/14 20:11:46 | 000,090,963 | ---- | M] () -- C:\Users\Angie\Documents\Quiznos Q2 2011.pdf
[2011/04/14 17:09:33 | 000,002,342 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/04/09 11:24:39 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motmodem_01007.Wdf
[2011/04/09 11:24:34 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_Motousbnet_01007.Wdf
[2011/04/09 11:24:34 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motfilt_01007.Wdf
[2011/04/09 11:23:25 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motccgpfl_01007.Wdf
[2011/04/09 11:23:25 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motccgp_01007.Wdf
[2011/04/09 11:16:09 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motoandroid_01007.Wdf
[2011/04/08 17:41:40 | 000,002,734 | ---- | M] () -- C:\Users\Angie\Documents\cc_20110408_174137.reg
[2011/04/08 10:17:46 | 000,064,272 | ---- | M] (Trusteer Ltd.) -- C:\Windows\SysNative\drivers\RapportKE64.sys
[2011/04/04 12:12:48 | 000,050,210 | ---- | M] () -- C:\Users\Angie\Documents\cc_20110404_121244.reg
[2011/04/01 12:58:08 | 000,000,981 | ---- | M] () -- C:\Users\Public\Desktop\Winamp.lnk

========== Files Created - No Company Name ==========

[2011/04/28 23:38:04 | 000,003,517 | ---- | C] () -- C:\Users\Angie\Documents\ReFo2.js
[2011/04/28 23:37:55 | 000,004,944 | ---- | C] () -- C:\Users\Angie\Documents\ReFo.ics
[2011/04/28 22:48:35 | 000,845,241 | ---- | C] () -- C:\Users\Angie\Documents\bookmarks-2011-04-28.json
[2011/04/28 18:59:14 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/04/28 18:59:14 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/04/28 18:59:14 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/04/28 18:59:14 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/04/28 18:59:14 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/04/28 18:55:14 | 004,332,535 | R--- | C] () -- C:\Users\Angie\Desktop\Combo-Fix.exe
[2011/04/28 15:13:52 | 000,001,247 | ---- | C] () -- C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_setup_9.0.0.722_28.04.2011_19-30.exe.lnk
[2011/04/25 16:11:38 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe
[2011/04/22 15:05:55 | 000,002,001 | ---- | C] () -- C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Update Checker.lnk
[2011/04/22 14:52:46 | 000,002,022 | ---- | C] () -- C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenDNS Updater.lnk
[2011/04/20 12:04:48 | 000,000,861 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\twhirl.lnk
[2011/04/19 17:31:02 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motusbdevice_01007.Wdf
[2011/04/18 19:53:31 | 000,006,144 | ---- | C] () -- C:\Users\Angie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/18 01:48:24 | 000,008,128 | ---- | C] () -- C:\Users\Angie\Documents\cc_20110418_014822.reg
[2011/04/18 01:26:30 | 000,149,574 | ---- | C] () -- C:\Windows\SysNative\log.xml
[2011/04/14 20:11:46 | 000,090,963 | ---- | C] () -- C:\Users\Angie\Documents\Quiznos Q2 2011.pdf
[2011/04/09 11:24:39 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motmodem_01007.Wdf
[2011/04/09 11:24:34 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_Motousbnet_01007.Wdf
[2011/04/09 11:24:34 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motfilt_01007.Wdf
[2011/04/09 11:23:25 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motccgpfl_01007.Wdf
[2011/04/09 11:23:25 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motccgp_01007.Wdf
[2011/04/09 11:16:09 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motoandroid_01007.Wdf
[2011/04/08 17:41:39 | 000,002,734 | ---- | C] () -- C:\Users\Angie\Documents\cc_20110408_174137.reg
[2011/04/04 12:12:45 | 000,050,210 | ---- | C] () -- C:\Users\Angie\Documents\cc_20110404_121244.reg
[2011/04/04 12:11:36 | 000,002,991 | ---- | C] () -- C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cookienator.lnk
[2011/04/01 12:58:08 | 000,000,981 | ---- | C] () -- C:\Users\Public\Desktop\Winamp.lnk
[2011/03/29 13:19:23 | 000,765,362 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/03/29 12:44:42 | 000,000,482 | ---- | C] () -- C:\Windows\eReg.dat
[2011/03/07 20:52:04 | 000,197,120 | ---- | C] () -- C:\Windows\patchw32.dll
[2011/03/06 04:31:13 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2011/02/22 22:39:28 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/02/22 18:23:04 | 000,000,059 | ---- | C] () -- C:\ProgramData\user.ini
[2011/02/12 02:46:55 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/02/11 23:29:41 | 000,454,656 | ---- | C] () -- C:\Windows\SysWow64\dlcxutil.dll
[2011/02/11 23:29:41 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\dlcxinst.dll
[2011/02/11 23:29:41 | 000,176,128 | ---- | C] () -- C:\Windows\SysWow64\dlcxinsb.dll
[2011/02/11 23:29:41 | 000,176,128 | ---- | C] () -- C:\Windows\SysWow64\dlcxins.dll
[2011/02/11 23:29:41 | 000,139,264 | ---- | C] () -- C:\Windows\SysWow64\dlcxjswr.dll
[2011/02/11 23:29:41 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\dlcxinsr.dll
[2011/02/11 23:29:41 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\dlcxcur.dll
[2011/02/11 23:29:40 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\dlcxcub.dll
[2011/02/11 23:29:40 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\dlcxcu.dll
[2011/02/11 23:29:40 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\DLCXcfg.dll
[2010/11/06 16:13:14 | 000,002,110 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/11/06 15:16:44 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/09/21 13:30:44 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/02/22 20:58:20 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\3Stars
[2011/03/04 23:19:44 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Akhra
[2011/03/05 23:23:08 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Alawar
[2011/03/22 19:05:49 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Amazon
[2011/02/22 21:01:59 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Ancient Quest of Saqqarah_alawar
[2011/03/07 20:41:07 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Arkadium
[2011/03/19 19:38:48 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Artogon
[2011/03/05 23:21:52 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Aveyond 3
[2011/02/21 15:48:42 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Aveyond II
[2011/02/21 18:23:24 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Batovi
[2011/03/06 04:33:31 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Beanbag Studios
[2011/03/05 23:22:28 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Big Fish Games
[2011/03/05 23:35:36 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\BloodTies
[2011/03/06 00:02:48 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Blue Tea Games
[2011/03/07 20:30:18 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Boomzap
[2011/02/12 18:34:34 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\calibre
[2011/04/04 12:06:28 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\CBS Interactive
[2011/04/25 12:59:51 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Colibri Games
[2011/03/06 00:47:46 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\DarkParablesBriarRose_BFG
[2011/03/06 01:55:55 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Dawn's Light 2
[2011/02/11 22:40:54 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\de.makesoft.twhirl.0EA062BC275E7ED1E6EC3762EFFD73C7158ADF33.1
[2011/03/07 20:32:38 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\DigirononGames
[2011/03/07 20:19:08 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\DivoGames
[2011/02/21 15:55:05 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Dreamsdwell Stories
[2011/03/06 04:05:23 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Dreamsdwell Stories 2
[2011/02/19 14:10:51 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Dying for Daylight
[2011/02/19 14:11:02 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Dying for Daylight Shared
[2011/02/21 19:03:12 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\EA
[2011/03/14 17:49:04 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Elephant Games
[2011/03/19 14:14:39 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Enki Games
[2011/03/19 14:10:58 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\ERS G-Studio
[2011/03/19 14:11:37 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\ERS Game Studios
[2011/03/06 04:07:20 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\EscapeFromParadise2
[2011/03/06 04:11:08 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\EternalEden
[2011/04/11 18:06:54 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\FairyTale
[2011/02/21 16:08:50 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Farm Mania
[2011/02/21 16:09:33 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\FirstColony
[2011/03/19 17:58:55 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Freezetag
[2011/03/19 14:52:07 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Friday's games
[2011/03/19 14:36:28 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Frogwares
[2011/02/22 18:11:59 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Fugazo
[2011/03/19 14:45:33 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\funkitron
[2011/02/28 20:45:04 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\GameHouse
[2011/03/06 04:32:45 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Gamers Digital
[2011/04/22 17:52:16 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Ghost Ship Studios
[2011/04/22 18:47:05 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Gogii
[2011/03/19 18:06:27 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\GOL_byHasbro
[2011/03/19 13:38:41 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\GuardiansOfMagic
[2011/03/06 04:04:47 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\HdO Adventure
[2011/02/15 20:16:54 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\i42 Software
[2011/04/02 19:28:17 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\iWin
[2011/02/22 21:03:05 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Ladia Group
[2011/03/07 20:52:10 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Leadertech
[2011/03/19 19:20:40 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\LegacyInteractive
[2011/03/19 19:29:19 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Ludia
[2011/04/02 16:03:10 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\MagicIndie
[2011/03/07 20:43:48 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\margrave3_full
[2011/02/26 14:40:02 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\md studio
[2011/03/07 20:46:56 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\MegaplexMadnessSummerBlockbuster
[2011/03/19 14:37:09 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Merscom
[2011/03/07 18:50:50 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Mystery of Mortlake Mansion
[2011/03/05 23:46:26 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Namco
[2011/03/19 19:24:55 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Oberon Media
[2011/04/22 14:52:44 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\OpenDNS Updater
[2011/02/12 18:10:13 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\OpenOffice.org
[2011/02/11 22:39:01 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Opera
[2011/03/19 19:52:59 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Orneon
[2011/03/06 00:01:42 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Ph03nixNewMedia
[2011/02/26 14:49:43 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Phantasmat_bf_se1
[2011/03/06 04:06:46 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\PlayFirst
[2011/03/06 00:46:18 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\PoBros
[2011/03/19 20:05:46 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Pogo Games
[2011/03/14 18:42:28 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\QB9
[2011/03/07 20:36:34 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Quirky Games
[2011/03/19 14:14:00 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\ReelDealSlotQuest_Alice
[2011/02/25 23:19:48 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Rovio
[2011/02/28 15:16:22 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Skip-Bo
[2011/03/19 20:04:41 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\SpinTop Games
[2011/03/19 19:35:25 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\TimeMachine
[2011/03/19 19:36:02 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\TimeQuest
[2011/04/14 10:03:25 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\TomTom
[2011/03/19 17:00:44 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Total Eclipse
[2011/04/28 00:35:47 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Trusteer
[2011/02/25 16:52:07 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Unity
[2011/03/19 14:31:54 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\URSE Games
[2011/04/28 23:48:57 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\uTorrent
[2011/03/19 20:05:37 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\VampireSaga
[2011/02/21 19:01:21 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Virtual City
[2011/03/06 04:28:56 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\World-Loom
[2009/07/14 01:08:49 | 000,013,376 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\ERDNT\cache86\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 02:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/20 09:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\SysNative\explorer.exe
[2010/11/20 09:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: SVCHOST.EXE >
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache86\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\ERDNT\cache64\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache86\userinit.exe
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\ERDNT\cache64\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\ERDNT\cache64\winlogon.exe
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --show-icons [2011/04/12 20:51:02 | 001,004,088 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --hide-icons [2011/04/12 20:51:02 | 001,004,088 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/04/12 20:51:02 | 001,004,088 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [2011/04/12 20:51:02 | 001,004,088 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2010/11/20 08:17:13 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2010/11/20 08:17:13 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2010/11/20 08:17:13 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2010/11/20 08:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" [2010/11/20 08:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Opera\Opera.exe" /ShowIconsCommand [2011/04/14 09:51:13 | 000,941,936 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Opera\Opera.exe" /HideIconsCommand [2011/04/14 09:51:13 | 000,941,936 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Opera\Opera.exe" /ReInstallBrowser [2011/04/14 09:51:13 | 000,941,936 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\shell\open\command\\: "C:\Program Files (x86)\Opera\Opera.exe" [2011/04/14 09:51:13 | 000,941,936 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Safari\Safari.exe" /reinstall [2011/03/21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Safari\Safari.exe" /hideicons [2011/03/21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Safari\Safari.exe" /showicons [2011/03/21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files (x86)\Safari\Safari.exe" [2011/03/21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --SHOW-ICONS [2011/04/12 20:51:02 | 001,004,088 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --HIDE-ICONS [2011/04/12 20:51:02 | 001,004,088 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --MAKE-DEFAULT-BROWSER [2011/04/12 20:51:02 | 001,004,088 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" [2011/04/12 20:51:02 | 001,004,088 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2009/07/13 21:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2009/07/13 21:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2009/07/13 21:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2010/11/20 08:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" [2010/11/20 08:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\OPERA\OPERA.EXE" /SHOWICONSCOMMAND [2011/04/14 09:51:13 | 000,941,936 | ---- | M] (Opera Software)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\OPERA\OPERA.EXE" /HIDEICONSCOMMAND [2011/04/14 09:51:13 | 000,941,936 | ---- | M] (Opera Software)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\OPERA\OPERA.EXE" /REINSTALLBROWSER [2011/04/14 09:51:13 | 000,941,936 | ---- | M] (Opera Software)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\shell\open\command\\: "C:\PROGRAM FILES (X86)\OPERA\OPERA.EXE" [2011/04/14 09:51:13 | 000,941,936 | ---- | M] (Opera Software)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\SAFARI\SAFARI.EXE" /REINSTALL [2011/03/21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\SAFARI\SAFARI.EXE" /HIDEICONS [2011/03/21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\SAFARI\SAFARI.EXE" /SHOWICONS [2011/03/21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\PROGRAM FILES (X86)\SAFARI\SAFARI.EXE" [2011/03/21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.)

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\ProgramData\Temp:5C321E34
@Alternate Data Stream - 234 bytes -> C:\ProgramData\Temp:84BD8B63
@Alternate Data Stream - 232 bytes -> C:\ProgramData\Temp:93F3E4C9
@Alternate Data Stream - 231 bytes -> C:\ProgramData\Temp:16A4620C
@Alternate Data Stream - 229 bytes -> C:\ProgramData\Temp:BDD83DC4
@Alternate Data Stream - 226 bytes -> C:\ProgramData\Temp:1E5EC928
@Alternate Data Stream - 223 bytes -> C:\ProgramData\Temp:E6D148BC
@Alternate Data Stream - 221 bytes -> C:\ProgramData\Temp:ADE67221
@Alternate Data Stream - 217 bytes -> C:\ProgramData\Temp:5A437AC3
@Alternate Data Stream - 217 bytes -> C:\ProgramData\Temp:1F96ED45
@Alternate Data Stream - 215 bytes -> C:\ProgramData\Temp:885EBC91
@Alternate Data Stream - 215 bytes -> C:\ProgramData\Temp:72F57408
@Alternate Data Stream - 214 bytes -> C:\ProgramData\Temp:3AB8D21A
@Alternate Data Stream - 214 bytes -> C:\ProgramData\Temp:2CE15176
@Alternate Data Stream - 214 bytes -> C:\ProgramData\Temp:19C3BC3A
@Alternate Data Stream - 212 bytes -> C:\ProgramData\Temp:A4E7D25F
@Alternate Data Stream - 212 bytes -> C:\ProgramData\Temp:9857FAE3
@Alternate Data Stream - 212 bytes -> C:\ProgramData\Temp:5D17C178
@Alternate Data Stream - 212 bytes -> C:\ProgramData\Temp:3E06C78F
@Alternate Data Stream - 211 bytes -> C:\ProgramData\Temp:6E2A6B4A
@Alternate Data Stream - 211 bytes -> C:\ProgramData\Temp:67C320D1
@Alternate Data Stream - 210 bytes -> C:\ProgramData\Temp:D31BE97C
@Alternate Data Stream - 210 bytes -> C:\ProgramData\Temp:9E3E060F
@Alternate Data Stream - 209 bytes -> C:\ProgramData\Temp:8C6D2EC3
@Alternate Data Stream - 208 bytes -> C:\ProgramData\Temp:F422F8F1
@Alternate Data Stream - 207 bytes -> C:\ProgramData\Temp:6F1F66C0
@Alternate Data Stream - 207 bytes -> C:\ProgramData\Temp:4573A78F
@Alternate Data Stream - 206 bytes -> C:\ProgramData\Temp:7B2BB690
@Alternate Data Stream - 205 bytes -> C:\ProgramData\Temp:AE75CCC8
@Alternate Data Stream - 205 bytes -> C:\ProgramData\Temp:A4076A3B
@Alternate Data Stream - 205 bytes -> C:\ProgramData\Temp:16B49C20
@Alternate Data Stream - 205 bytes -> C:\ProgramData\Temp:0860D6D6
@Alternate Data Stream - 203 bytes -> C:\ProgramData\Temp:33DB8278
@Alternate Data Stream - 203 bytes -> C:\ProgramData\Temp:0F0A5896
@Alternate Data Stream - 202 bytes -> C:\ProgramData\Temp:1CE87230
@Alternate Data Stream - 202 bytes -> C:\ProgramData\Temp:102394C6
@Alternate Data Stream - 202 bytes -> C:\ProgramData\Temp:0AC32449
@Alternate Data Stream - 201 bytes -> C:\ProgramData\Temp:D4D3884D
@Alternate Data Stream - 200 bytes -> C:\ProgramData\Temp:F0762150
@Alternate Data Stream - 200 bytes -> C:\ProgramData\Temp:6BF0805F
@Alternate Data Stream - 196 bytes -> C:\ProgramData\Temp:592D7272
@Alternate Data Stream - 194 bytes -> C:\ProgramData\Temp:A7DA2BCD
@Alternate Data Stream - 193 bytes -> C:\ProgramData\Temp:FDD17FC9
@Alternate Data Stream - 193 bytes -> C:\ProgramData\Temp:6514A833
@Alternate Data Stream - 189 bytes -> C:\ProgramData\Temp:89E1BAF5
@Alternate Data Stream - 188 bytes -> C:\ProgramData\Temp:DEEA5B0E
@Alternate Data Stream - 188 bytes -> C:\ProgramData\Temp:2FC7B9E4
@Alternate Data Stream - 187 bytes -> C:\ProgramData\Temp:A688EF17
@Alternate Data Stream - 187 bytes -> C:\ProgramData\Temp:95198126
@Alternate Data Stream - 180 bytes -> C:\ProgramData\Temp:21F28B00
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:14A1BBE3
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:19474103
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:A819A132
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:54380FEC
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:A5CD91DF
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:35629AE6
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:C76CFF82
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:697DDE2B
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:5080697C
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:0BBF232A
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:D6255023
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:207C4C79
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:E8C44CB4
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:4F28299B
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:3C9B05C4
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:34EFF1F2
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:B2735F9E
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:8204AA35
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:3BBB1871
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:CA0CE093
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:86B7FDDB
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:512E1728
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:7ADB695A
@Alternate Data Stream - 108 bytes -> C:\ProgramData\Temp:ABFEED8E
@Alternate Data Stream - 107 bytes -> C:\ProgramData\Temp:1A6AFE3D
@Alternate Data Stream - 106 bytes -> C:\ProgramData\Temp:BD9F7E4E
@Alternate Data Stream - 106 bytes -> C:\ProgramData\Temp:375FC7E7
@Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:E91ADC66
@Alternate Data Stream - 104 bytes -> C:\ProgramData\Temp:D48500F8

< End of report >
  • 0

#12
Render
Posted 29 April 2011 - 02:29 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Please do the following:

We need to run an OTL Fix

  • Please reopen Posted Image on your desktop.
  • Copy (select all lines inside quote box and press CTRL+C) and Paste (press CTRL+V) the following code into the Posted Image textbox.

    :OTL
FF - prefs.js..extensions.enabledItems: [email protected]:1.7.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.2
FF - HKLM\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/11/06 15:52:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\ [2011/02/13 02:22:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\ [2011/02/11 22:45:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011/02/12 02:58:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011/03/21 23:30:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011/03/21 23:30:29 | 000,000,000 | ---D | M]
[2011/04/28 23:42:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Angie\AppData\Roaming\Mozilla\Extensions
[2011/04/14 10:03:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Angie\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/04/28 23:42:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/02/12 01:47:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/03/04 12:12:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/04/14 10:02:37 | 000,000,000 | ---D | M] (Map status indicator) -- C:\PROGRAM FILES (X86)\TOMTOM HOME 2\XUL\EXTENSIONS\[email protected]
[2009/11/19 18:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
[2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/11/19 18:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
[2011/03/22 14:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll

:Files
c:\users\Angie\AppData\Roaming\Mozilla
ipconfig /flushdns /c

:Reg

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]
  • Click on Posted Image button.
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click on Posted Image button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

NEXT...

Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Please don't install Firefox yet.
  • 0

#13
AngieBatgirl
Posted 29 April 2011 - 10:24 AM

AngieBatgirl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}\ not found.
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\content folder moved successfully.
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\components folder moved successfully.
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension folder moved successfully.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BBDA0591-3099-440a-AA10-41764D9DB4DB}\ not found.
Folder move failed. C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\components scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\chrome\skin scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\chrome scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn scheduled to be moved on reboot.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}\ not found.
Folder move failed. C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\content scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\components scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\chrome\skin scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\chrome scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn scheduled to be moved on reboot.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected] deleted successfully.
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn\defaults\preferences folder moved successfully.
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn\defaults folder moved successfully.
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn\components folder moved successfully.
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn\chrome folder moved successfully.
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn folder moved successfully.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}\ not found.
C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video\content folder moved successfully.
C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video folder moved successfully.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6904342A-8307-11DF-A508-4AE2DFD72085}\ not found.
C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa\chrome\content\images folder moved successfully.
C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa\chrome\content folder moved successfully.
C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa\chrome folder moved successfully.
C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa folder moved successfully.
C:\Users\Angie\AppData\Roaming\Mozilla\Extensions\[email protected] folder moved successfully.
C:\Users\Angie\AppData\Roaming\Mozilla\Extensions folder moved successfully.
Folder C:\Users\Angie\AppData\Roaming\Mozilla\Extensions\[email protected]\ not found.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions folder moved successfully.
Folder C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Folder C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ not found.
C:\PROGRAM FILES (X86)\TOMTOM HOME 2\XUL\EXTENSIONS\[email protected]\defaults\preferences folder moved successfully.
C:\PROGRAM FILES (X86)\TOMTOM HOME 2\XUL\EXTENSIONS\[email protected]\defaults folder moved successfully.
C:\PROGRAM FILES (X86)\TOMTOM HOME 2\XUL\EXTENSIONS\[email protected]\chrome\skin folder moved successfully.
C:\PROGRAM FILES (X86)\TOMTOM HOME 2\XUL\EXTENSIONS\[email protected]\chrome\locale\zh-TW folder moved successfully.
C:\PROGRAM FILES (X86)\TOMTOM HOME 2\XUL\EXTENSIONS\[email protected]\chrome\locale\zh-CN folder moved successfully.
C:\PROGRAM FILES (X86)\TOMTOM HOME 2\XUL\EXTENSIONS\[email protected]\chrome\locale\tr-TR folder moved successfully.
C:\PROGRAM FILES (X86)\TOMTOM HOME 2\XUL\EXTENSIONS\[email protected]\chrome\locale\sv-SE folder moved successfully.
C:\PROGRAM FILES (X86)\TOMTOM HOME 2\XUL\EXTENSIONS\[email protected]\chrome\locale\sk-SK folder moved successfully.
C:\PROGRAM FILES (X86)\TOMTOM HOME 2\XUL\EXTENSIONS\[email protected]\chrome\locale\ru-RU folder moved successfully.
C:\PROGRAM FILES (X86)\TOMTOM HOME 2\XUL\EXTENSIONS\[email protected]\chrome\locale\pt-PT folder moved successfully.
C:\PROGRAM FILES (X86)\TOMTOM HOME 2\XUL\EXTENSIONS\[email protected]\chrome\locale\pt-BR folder moved successfully.
C:\PROGRAM FILES (X86)\TOMTOM HOME 2\XUL\EXTENSIONS\[email protected]\chrome\locale\pl-PL folder moved successfully.
C:\PROGRAM FILES (X86)\TOMTOM HOME 2\XUL\EXTENSIONS\[email protected]\chrome\locale\no-NO folder moved successfully.
C:\PROGRAM FILES (X86)\TOMTOM HOME 2\XUL\EXTENSIONS\[email protected]\chrome\locale\nl-NL folder moved successfully.
C:\PROGRAM FILES (X86)\TOMTOM HOME 2\XUL\EXTENSIONS\[email protected]\chrome\locale\ms-MY folder moved successfully.
C:\PROGRAM FILES (X86)\TOMTOM HOME 2\XUL\EXTENSIONS\[email protected]\chrome\locale\lv-LV folder moved successfully.
C:\PROGRAM FILES (X86)\TOMTOM HOME 2\XUL\EXTENSIONS\[email protected]\chrome\locale\lt-LT folder moved successfully.
C:\PROGRAM FILES (X86)\TOMTOM HOME 2\XUL\EXTENSIONS\[email protected]\chrome\locale\it-IT folder moved successfully.
C:\PROGRAM FILES (X86)\TOMTOM HOME 2\XUL\EXTENSIONS\[email protected]\chrome\locale\hu-HU folder moved successfully.
C:\PROGRAM FILES (X86)\TOMTOM HOME 2\XUL\EXTENSIONS\[email protected]\chrome\locale\fr-FR folder moved successfully.
C:\PROGRAM FILES (X86)\TOMTOM HOME 2\XUL\EXTENSIONS\[email protected]\chrome\locale\fi-FI folder moved successfully.
C:\PROGRAM FILES (X86)\TOMTOM HOME 2\XUL\EXTENSIONS\[email protected]\chrome\locale\et-EE folder moved successfully.
C:\PROGRAM FILES (X86)\TOMTOM HOME 2\XUL\EXTENSIONS\[email protected]\chrome\locale\es-MX folder moved successfully.
C:\PROGRAM FILES (X86)\TOMTOM HOME 2\XUL\EXTENSIONS\[email protected]\chrome\locale\es-ES folder moved successfully.
C:\PROGRAM FILES (X86)\TOMTOM HOME 2\XUL\EXTENSIONS\[email protected]\chrome\locale\en-US folder moved successfully.
C:\PROGRAM FILES (X86)\TOMTOM HOME 2\XUL\EXTENSIONS\[email protected]\chrome\locale\en-GB folder moved successfully.
C:\PROGRAM FILES (X86)\TOMTOM HOME 2\XUL\EXTENSIONS\[email protected]\chrome\locale\el-GR folder moved successfully.
C:\PROGRAM FILES (X86)\TOMTOM HOME 2\XUL\EXTENSIONS\[email protected]\chrome\locale\de-DE folder moved successfully.
C:\PROGRAM FILES (X86)\TOMTOM HOME 2\XUL\EXTENSIONS\[email protected]\chrome\locale\da-DK folder moved successfully.
C:\PROGRAM FILES (X86)\TOMTOM HOME 2\XUL\EXTENSIONS\[email protected]\chrome\locale\cs-CZ folder moved successfully.
C:\PROGRAM FILES (X86)\TOMTOM HOME 2\XUL\EXTENSIONS\[email protected]\chrome\locale\ca-ES folder moved successfully.
C:\PROGRAM FILES (X86)\TOMTOM HOME 2\XUL\EXTENSIONS\[email protected]\chrome\locale\af-ZA folder moved successfully.
C:\PROGRAM FILES (X86)\TOMTOM HOME 2\XUL\EXTENSIONS\[email protected]\chrome\locale folder moved successfully.
C:\PROGRAM FILES (X86)\TOMTOM HOME 2\XUL\EXTENSIONS\[email protected]\chrome\content folder moved successfully.
C:\PROGRAM FILES (X86)\TOMTOM HOME 2\XUL\EXTENSIONS\[email protected]\chrome folder moved successfully.
C:\PROGRAM FILES (X86)\TOMTOM HOME 2\XUL\EXTENSIONS\[email protected] folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll moved successfully.
C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll moved successfully.
C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll moved successfully.
C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll moved successfully.
========== FILES ==========
c:\users\Angie\AppData\Roaming\Mozilla folder moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Angie\Downloads\cmd.bat deleted successfully.
C:\Users\Angie\Downloads\cmd.txt deleted successfully.
========== REGISTRY ==========
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Angie
->Temp folder emptied: 867596 bytes
->Temporary Internet Files folder emptied: 795454 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 95587328 bytes
->Opera cache emptied: 14371359 bytes
->Flash cache emptied: 8618101 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Mcx1-BATCOMPUTER
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Mcx2-BATCOMPUTER
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 115.00 mb


[EMPTYFLASH]

User: All Users

User: Angie
->Flash cache emptied: 0 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Mcx1-BATCOMPUTER
->Flash cache emptied: 0 bytes

User: Mcx2-BATCOMPUTER
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.22.3 log created on 04292011_121558

Files\Folders moved on Reboot...
Folder move failed. C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\components scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\chrome\skin scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\chrome\skin scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\chrome scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\components scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\chrome\skin scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\chrome scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\content scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\components scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\chrome\skin scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\chrome\skin scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\chrome scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\content scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\components scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\chrome\skin scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\chrome scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn scheduled to be moved on reboot.
C:\Users\Angie\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...
  • 0

#14
Render
Posted 29 April 2011 - 10:59 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Thank you. Please post also OTL Quick scan log.
  • 0

#15
AngieBatgirl
Posted 29 April 2011 - 12:08 PM

AngieBatgirl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
OTL logfile created on: 4/29/2011 2:03:33 PM - Run 4
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Angie\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

12.00 Gb Total Physical Memory | 10.00 Gb Available Physical Memory | 85.00% Memory free
23.00 Gb Paging File | 21.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 685.34 Gb Total Space | 245.58 Gb Free Space | 35.83% Space Free | Partition Type: NTFS
Drive D: | 13.20 Gb Total Space | 1.62 Gb Free Space | 12.30% Space Free | Partition Type: NTFS

Computer Name: BATCOMPUTER | User Name: Angie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/22 14:12:44 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Angie\Downloads\OTL.exe
PRC - [2011/04/20 12:04:47 | 000,142,848 | ---- | M] () -- C:\Program Files (x86)\twhirl\twhirl.exe
PRC - [2011/04/14 09:51:13 | 000,941,936 | ---- | M] (Opera Software) -- C:\Program Files (x86)\Opera\opera.exe
PRC - [2011/04/08 10:17:30 | 001,550,136 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
PRC - [2011/04/08 10:17:30 | 000,870,200 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2011/03/09 08:30:08 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/02/14 21:32:52 | 001,230,704 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/01/30 11:45:14 | 000,821,144 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2010/12/01 10:26:42 | 000,574,216 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManager.exe
PRC - [2010/11/24 16:33:26 | 000,921,600 | ---- | M] () -- C:\ProgramData\TVersity\Media Server\MediaServer.exe
PRC - [2010/09/28 11:09:28 | 001,119,768 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe
PRC - [2010/09/11 04:02:22 | 000,399,344 | ---- | M] (Roxio) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
PRC - [2010/09/07 12:47:18 | 000,202,048 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
PRC - [2010/09/07 12:47:08 | 000,664,896 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
PRC - [2010/08/20 20:57:28 | 000,092,216 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010/06/26 14:09:18 | 000,167,936 | ---- | M] (Applian Technologies, Inc.) -- C:\Program Files (x86)\Freecorder\FLVSrvc.exe
PRC - [2010/02/25 20:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Security Suite\Engine\4.3.0.5\ccsvchst.exe
PRC - [2009/01/26 16:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/11/20 13:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
PRC - [2007/01/12 12:57:28 | 000,292,336 | ---- | M] () -- C:\Program Files (x86)\Dell Photo AIO Printer 926\dlcxmon.exe
PRC - [2006/11/03 18:04:46 | 000,304,008 | ---- | M] () -- C:\Program Files (x86)\Dell Photo AIO Printer 926\memcard.exe


========== Modules (SafeList) ==========

MOD - [2011/04/22 14:12:44 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Angie\Downloads\OTL.exe
MOD - [2010/11/20 07:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/12/28 22:50:34 | 000,354,304 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2010/08/05 22:51:08 | 000,291,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/08/05 22:47:48 | 000,681,528 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe -- (HPAuto)
SRV:64bit: - [2010/06/29 13:49:27 | 000,128,752 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2010/06/17 05:23:36 | 000,194,496 | ---- | M] (Advanced Micro Devices) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe -- (AMD Reservation Manager)
SRV:64bit: - [2010/05/11 11:16:12 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2006/10/11 18:36:58 | 000,561,152 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\dlcxcoms.exe -- (dlcx_device)
SRV - [2011/04/26 17:08:02 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/04/25 16:11:09 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\srvany.exe -- (KMService)
SRV - [2011/04/08 10:17:30 | 000,870,200 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2011/03/09 08:30:08 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2011/02/28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/11/24 16:33:26 | 000,921,600 | ---- | M] () [Auto | Running] -- C:\ProgramData\TVersity\Media Server\MediaServer.exe -- (TVersityMediaServer)
SRV - [2010/09/28 11:09:28 | 001,119,768 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2010/09/11 04:02:22 | 000,399,344 | ---- | M] (Roxio) [Auto | Running] -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service)
SRV - [2010/09/07 12:47:18 | 000,202,048 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
SRV - [2010/08/20 20:57:28 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/06/18 21:59:12 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/06/01 18:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/25 20:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe -- (N360)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2006/10/11 17:48:50 | 000,532,480 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWow64\dlcxcoms.exe -- (dlcx_device)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/04/16 14:24:49 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/04/08 10:17:46 | 000,064,272 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\RapportKE64.sys -- (RapportKE64)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/11 22:45:22 | 000,173,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/09/03 02:59:26 | 000,349,800 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/08/13 09:35:36 | 000,075,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2010/08/13 09:35:36 | 000,038,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2010/06/18 16:09:42 | 000,030,208 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motmodem.sys -- (motmodem)
DRV:64bit: - [2010/06/18 15:42:40 | 000,020,992 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgp.sys -- (motccgp)
DRV:64bit: - [2010/05/11 11:46:18 | 006,790,656 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/05/11 10:24:20 | 000,221,184 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/05/06 00:01:59 | 000,451,120 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0403000.005\symtdiv.sys -- (SYMTDIv)
DRV:64bit: - [2010/04/29 01:03:51 | 000,150,064 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0403000.005\ironx64.sys -- (SymIRON)
DRV:64bit: - [2010/04/21 23:02:20 | 000,221,232 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0403000.005\symefa64.sys -- (SymEFA)
DRV:64bit: - [2010/04/21 22:29:51 | 000,505,392 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0403000.005\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2010/04/21 22:29:51 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0403000.005\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2010/04/01 15:44:06 | 000,026,624 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Motousbnet.sys -- (Motousbnet)
DRV:64bit: - [2010/03/10 11:33:52 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2010/02/25 20:22:52 | 000,615,040 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0403000.005\cchpx64.sys -- (ccHP)
DRV:64bit: - [2010/02/18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2010/02/17 14:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2010/02/17 14:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2010/01/25 20:57:54 | 000,010,240 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motusbdevice.sys -- (motusbdevice)
DRV:64bit: - [2009/12/22 05:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/10/14 23:50:05 | 000,433,200 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0403000.005\symds64.sys -- (SymDS)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/10 14:06:50 | 000,031,744 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motoandroid.sys -- (motandroidusb)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 18:17:08 | 000,034,152 | R--- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/01/29 18:18:12 | 000,009,216 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgpfl.sys -- (motccgpfl)
DRV:64bit: - [2009/01/29 18:11:38 | 000,006,144 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motfilt.sys -- (BTCFilterService)
DRV:64bit: - [2008/11/11 14:42:00 | 000,033,792 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem)
DRV:64bit: - [2008/11/11 14:42:00 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag)
DRV:64bit: - [2008/11/11 14:42:00 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus)
DRV:64bit: - [2007/11/02 16:52:02 | 000,008,576 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motswch.sys -- (MotoSwitchService)
DRV - [2011/04/15 16:29:04 | 001,127,032 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110419.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2011/04/08 10:17:46 | 000,061,200 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys -- (RapportPG64)
DRV - [2011/04/08 10:17:46 | 000,052,496 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys -- (RapportEI64)
DRV - [2011/03/31 06:08:59 | 001,828,984 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20110428.034\EX64.SYS -- (NAVEX15)
DRV - [2011/03/31 06:08:59 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20110428.034\ENG64.SYS -- (NAVENG)
DRV - [2011/03/14 14:58:28 | 000,476,792 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110428.002\IDSviA64.sys -- (IDSVia64)
DRV - [2011/02/11 02:00:00 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2011/02/11 02:00:00 | 000,132,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:1.7.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.2


File not found (No name found) -- C:\PROGRAM FILES (X86)\TOMTOM HOME 2\XUL\EXTENSIONS\[email protected]

O1 HOSTS File: ([2011/04/29 12:16:15 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\4.3.0.5\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Toolbar - Big Fish Games) - {C7C9FC25-88B0-4682-9C9F-2608E9117647} - C:\Program Files (x86)\bfgbartb\BfgBarDx.dll ()
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Toolbar - Big Fish Games) - {C7C9FC25-88B0-4682-9C9F-2608E9117647} - C:\Program Files (x86)\bfgbartb\BfgBarDx.dll ()
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [DLCXCATS] C:\Windows\SysNative\spool\DRIVERS\x64\3\DLCXtime.DLL ()
O4:64bit: - HKLM..\Run: [dlcxmon.exe] C:\Program Files (x86)\Dell Photo AIO Printer 926\dlcxmon.exe ()
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [MemoryCardManager] C:\Program Files (x86)\Dell Photo AIO Printer 926\memcard.exe ()
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Freecorder FLV Service] C:\Program Files (x86)\Freecorder\FLVSrvc.exe (Applian Technologies, Inc.)
O4 - HKLM..\Run: [Intel AppUp(SM) center] C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManager.lnk ()
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [Cookienator] C:\Program Files (x86)\Cookienator\cookienator.exe (CodeFromThe70s.org)
O4 - HKCU..\Run: [DesktopIconToy] C:\Program Files (x86)\Desktop Icon Toy\DesktopIconToy.exe (iDeskSoft)
O4 - HKCU..\Run: [EADM] C:\Program Files (x86)\Electronic Arts\EADM\EADMUI\EADMUI.exe (Electronic Arts)
O4 - HKCU..\Run: [FileHippo.com] C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe (FileHippo.com)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_setup_9.0.0.722_28.04.2011_19-30.exe.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysNative\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/29 01:16:17 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Local\Winamp Toolbar
[2011/04/28 19:12:00 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/04/28 19:10:05 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/04/28 18:59:14 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/04/28 18:59:14 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/04/28 18:59:14 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/04/28 18:58:46 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/04/28 18:58:22 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/04/28 18:56:38 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/04/28 15:14:04 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/04/28 13:28:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011/04/28 05:37:21 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Local\Trusteer
[2011/04/28 03:04:59 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amanda Rose - The Game of Time
[2011/04/28 03:04:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amanda Rose - The Game of Time
[2011/04/28 03:04:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Amanda Rose - The Game of Time
[2011/04/28 00:35:56 | 000,064,272 | ---- | C] (Trusteer Ltd.) -- C:\Windows\SysNative\drivers\RapportKE64.sys
[2011/04/28 00:35:47 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Roaming\Trusteer
[2011/04/28 00:35:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Rapport
[2011/04/28 00:35:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trusteer
[2011/04/28 00:34:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Trusteer
[2011/04/25 16:08:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2011/04/25 16:08:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Synchronization Services
[2011/04/25 16:08:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2011/04/25 16:06:41 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2011/04/25 16:06:32 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Local\Microsoft Help
[2011/04/25 16:06:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2011/04/25 16:06:15 | 000,000,000 | R--D | C] -- C:\MSOCache
[2011/04/25 12:59:51 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Roaming\Colibri Games
[2011/04/25 12:59:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Colibri Games
[2011/04/25 12:20:42 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The Tiny Bang Story
[2011/04/22 18:47:05 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Roaming\Gogii
[2011/04/22 18:33:14 | 000,000,000 | ---D | C] -- C:\Users\Angie\Documents\Mystery Seekers The Secret of the Haunted Mansion
[2011/04/22 17:52:16 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Roaming\Ghost Ship Studios
[2011/04/22 17:45:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Astar Games
[2011/04/22 17:36:00 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nightmare Adventures - The Witch's Prison
[2011/04/22 17:36:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nightmare Adventures - The Witch's Prison
[2011/04/22 17:36:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nightmare Adventures - The Witch's Prison
[2011/04/22 17:33:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Avalon-Legends-Solitaire
[2011/04/22 15:36:27 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/04/22 15:35:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
[2011/04/22 15:35:24 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy
[2011/04/22 15:34:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/04/22 15:34:55 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/04/22 15:34:50 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2011/04/22 15:05:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileHippo.com
[2011/04/22 14:52:44 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Roaming\OpenDNS Updater
[2011/04/22 14:52:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenDNS Updater
[2011/04/22 14:07:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis
[2011/04/22 14:07:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011/04/21 13:53:58 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Avalon Legends Solitaire
[2011/04/21 13:53:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avalon Legends Solitaire
[2011/04/21 13:53:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avalon Legends Solitaire
[2011/04/21 13:03:12 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Celtic Lore - Sidhe Hills
[2011/04/21 13:03:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Celtic Lore - Sidhe Hills
[2011/04/21 13:03:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Celtic Lore - Sidhe Hills
[2011/04/20 13:35:09 | 000,000,000 | ---D | C] -- C:\Users\Angie\Sweeney Todd
[2011/04/20 12:04:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\twhirl
[2011/04/18 12:38:26 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Laura Jones and the Gates of Good and Evil
[2011/04/18 12:38:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Laura Jones and the Gates of Good and Evil
[2011/04/18 12:38:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Laura Jones and the Gates of Good and Evil
[2011/04/18 12:29:08 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Robin's Quest - A Legend Born
[2011/04/18 12:29:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Robin's Quest - A Legend Born
[2011/04/18 12:29:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Robin's Quest - A Legend Born
[2011/04/18 01:32:42 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011/04/18 01:28:57 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Local\AMD
[2011/04/18 01:28:37 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2011/04/18 01:20:47 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD
[2011/04/16 14:29:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ATI Stream SDK v2
[2011/04/16 14:29:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Stream
[2011/04/16 14:29:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ATI Problem Report Wizard
[2011/04/16 14:29:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2011/04/16 14:27:58 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2011/04/16 14:27:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2011/04/15 22:17:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Recovery
[2011/04/14 10:03:41 | 000,000,000 | ---D | C] -- C:\Users\Angie\Documents\TomTom
[2011/04/14 10:03:25 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Roaming\TomTom
[2011/04/14 10:03:25 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Local\TomTom
[2011/04/14 10:03:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TomTom
[2011/04/14 10:03:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TomTom International B.V
[2011/04/14 10:02:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TomTom HOME 2
[2011/04/11 18:06:54 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Roaming\FairyTale
[2011/04/11 13:41:50 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Roaming\Malwarebytes
[2011/04/11 13:41:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/11 13:41:35 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/04/11 13:41:34 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/04/11 13:41:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/04/11 13:41:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/04/11 02:15:11 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Roaming\SUPERAntiSpyware.com
[2011/04/11 02:15:11 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/04/11 02:15:03 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2011/04/11 02:15:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/04/11 02:14:59 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/04/09 11:13:51 | 000,000,000 | ---D | C] -- C:\Users\Angie\.android
[2011/04/09 11:11:41 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/04/09 01:22:57 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Funkitron
[2011/04/09 01:22:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Funkitron
[2011/04/07 01:31:23 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Vesuvia
[2011/04/07 01:31:20 | 000,000,000 | ---D | C] -- C:\Windows\Vesuvia
[2011/04/04 12:11:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cookienator
[2011/04/04 12:07:29 | 000,000,000 | ---D | C] -- C:\Users\Angie\Documents\Downloads
[2011/04/04 12:06:28 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CNET TechTracker
[2011/04/04 12:06:28 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Roaming\CBS Interactive
[2011/04/04 12:00:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
[2011/04/04 12:00:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpywareBlaster
[2011/04/02 19:28:17 | 000,000,000 | ---D | C] -- C:\ProgramData\iWin
[2011/04/02 17:59:29 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Jewel Quest Mysteries The Seventh Gate Collectors Edition
[2011/04/02 17:59:14 | 000,000,000 | ---D | C] -- C:\Windows\Jewel Quest Mysteries The Seventh Gate Collectors Edition
[2011/04/02 16:03:10 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Roaming\MagicIndie
[2011/04/02 16:01:11 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The Fool
[2011/04/02 15:56:12 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Haunted Halls - Green Hills Sanitarium Collector's Edition
[2011/04/02 15:52:59 | 000,000,000 | ---D | C] -- C:\Windows\Haunted Halls - Green Hills Sanitarium Collector's Edition
[2011/04/01 12:57:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Winamp Toolbar
[2011/04/01 12:57:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp Toolbar
[2011/04/01 12:57:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Software Update Utility
[2011/04/01 02:45:32 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Local\Electronic Arts
[2011/02/11 23:29:41 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcxpmui.dll
[2011/02/11 23:29:41 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcxinpa.dll
[2011/02/11 23:29:41 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcxiesc.dll
[2011/02/11 23:29:40 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcxserv.dll
[2011/02/11 23:29:40 | 000,991,232 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcxusb1.dll
[2011/02/11 23:29:40 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcxhbn3.dll
[2011/02/11 23:29:40 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcxcomc.dll
[2011/02/11 23:29:40 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcxlmpm.dll
[2011/02/11 23:29:40 | 000,532,480 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcxcoms.exe
[2011/02/11 23:29:40 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcxcomm.dll
[2011/02/11 23:29:40 | 000,381,832 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcxcfg.exe
[2011/02/11 23:29:40 | 000,380,928 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcxih.exe
[2011/02/11 23:29:40 | 000,176,128 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcxppls.exe
[2011/02/11 23:29:40 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcxprox.dll
[2011/02/11 23:29:40 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcxpplc.dll

========== Files - Modified Within 30 Days ==========

[2011/04/29 13:58:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/29 12:38:28 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/29 12:38:28 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/29 12:30:27 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/29 12:29:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/04/29 12:29:24 | 871,849,982 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/29 12:16:15 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2011/04/29 02:30:27 | 000,778,150 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/04/29 02:30:27 | 000,659,580 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/04/29 02:30:27 | 000,120,508 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/04/28 23:38:04 | 000,003,517 | ---- | M] () -- C:\Users\Angie\Documents\ReFo2.js
[2011/04/28 23:37:55 | 000,004,944 | ---- | M] () -- C:\Users\Angie\Documents\ReFo.ics
[2011/04/28 23:01:28 | 000,845,241 | ---- | M] () -- C:\Users\Angie\Documents\bookmarks-2011-04-28.json
[2011/04/28 23:01:12 | 000,025,534 | ---- | M] () -- C:\Users\Angie\Documents\CurrentSettings.speeddial
[2011/04/28 18:58:38 | 004,332,535 | R--- | M] () -- C:\Users\Angie\Desktop\Combo-Fix.exe
[2011/04/28 15:13:52 | 000,001,247 | ---- | M] () -- C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_setup_9.0.0.722_28.04.2011_19-30.exe.lnk
[2011/04/26 17:06:18 | 000,349,232 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/04/26 17:05:39 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForAngie.job
[2011/04/25 16:11:09 | 000,008,192 | ---- | M] () -- C:\Windows\SysWow64\srvany.exe
[2011/04/25 10:58:23 | 000,000,318 | ---- | M] () -- C:\Windows\tasks\Spybot - Search & Destroy - Scheduled Task.job
[2011/04/21 18:18:03 | 000,001,867 | ---- | M] () -- C:\Users\Public\Desktop\BookCAT.lnk
[2011/04/19 17:31:02 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motusbdevice_01007.Wdf
[2011/04/19 17:14:56 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2011/04/18 23:54:26 | 000,000,962 | ---- | M] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk
[2011/04/18 23:52:40 | 000,002,623 | ---- | M] () -- C:\Users\Public\Desktop\ClicksAndWhistles.lnk
[2011/04/18 19:53:37 | 000,006,144 | ---- | M] () -- C:\Users\Angie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/18 11:19:58 | 000,002,491 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2011/04/18 01:48:27 | 000,008,128 | ---- | M] () -- C:\Users\Angie\Documents\cc_20110418_014822.reg
[2011/04/18 01:26:30 | 000,149,574 | ---- | M] () -- C:\Windows\SysNative\log.xml
[2011/04/15 03:32:11 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForBATCOMPUTER$.job
[2011/04/14 20:11:46 | 000,090,963 | ---- | M] () -- C:\Users\Angie\Documents\Quiznos Q2 2011.pdf
[2011/04/14 17:09:33 | 000,002,342 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/04/09 11:24:39 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motmodem_01007.Wdf
[2011/04/09 11:24:34 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_Motousbnet_01007.Wdf
[2011/04/09 11:24:34 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motfilt_01007.Wdf
[2011/04/09 11:23:25 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motccgpfl_01007.Wdf
[2011/04/09 11:23:25 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motccgp_01007.Wdf
[2011/04/09 11:16:09 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motoandroid_01007.Wdf
[2011/04/08 17:41:40 | 000,002,734 | ---- | M] () -- C:\Users\Angie\Documents\cc_20110408_174137.reg
[2011/04/08 10:17:46 | 000,064,272 | ---- | M] (Trusteer Ltd.) -- C:\Windows\SysNative\drivers\RapportKE64.sys
[2011/04/04 12:12:48 | 000,050,210 | ---- | M] () -- C:\Users\Angie\Documents\cc_20110404_121244.reg
[2011/04/01 12:58:08 | 000,000,981 | ---- | M] () -- C:\Users\Public\Desktop\Winamp.lnk

========== Files Created - No Company Name ==========

[2011/04/28 23:38:04 | 000,003,517 | ---- | C] () -- C:\Users\Angie\Documents\ReFo2.js
[2011/04/28 23:37:55 | 000,004,944 | ---- | C] () -- C:\Users\Angie\Documents\ReFo.ics
[2011/04/28 22:48:35 | 000,845,241 | ---- | C] () -- C:\Users\Angie\Documents\bookmarks-2011-04-28.json
[2011/04/28 18:59:14 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/04/28 18:59:14 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/04/28 18:59:14 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/04/28 18:59:14 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/04/28 18:59:14 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/04/28 18:55:14 | 004,332,535 | R--- | C] () -- C:\Users\Angie\Desktop\Combo-Fix.exe
[2011/04/28 15:13:52 | 000,001,247 | ---- | C] () -- C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_setup_9.0.0.722_28.04.2011_19-30.exe.lnk
[2011/04/25 16:11:38 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe
[2011/04/22 15:05:55 | 000,002,001 | ---- | C] () -- C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Update Checker.lnk
[2011/04/22 14:52:46 | 000,002,022 | ---- | C] () -- C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenDNS Updater.lnk
[2011/04/20 12:04:48 | 000,000,861 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\twhirl.lnk
[2011/04/19 17:31:02 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motusbdevice_01007.Wdf
[2011/04/18 19:53:31 | 000,006,144 | ---- | C] () -- C:\Users\Angie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/18 01:48:24 | 000,008,128 | ---- | C] () -- C:\Users\Angie\Documents\cc_20110418_014822.reg
[2011/04/18 01:26:30 | 000,149,574 | ---- | C] () -- C:\Windows\SysNative\log.xml
[2011/04/14 20:11:46 | 000,090,963 | ---- | C] () -- C:\Users\Angie\Documents\Quiznos Q2 2011.pdf
[2011/04/09 11:24:39 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motmodem_01007.Wdf
[2011/04/09 11:24:34 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_Motousbnet_01007.Wdf
[2011/04/09 11:24:34 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motfilt_01007.Wdf
[2011/04/09 11:23:25 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motccgpfl_01007.Wdf
[2011/04/09 11:23:25 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motccgp_01007.Wdf
[2011/04/09 11:16:09 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motoandroid_01007.Wdf
[2011/04/08 17:41:39 | 000,002,734 | ---- | C] () -- C:\Users\Angie\Documents\cc_20110408_174137.reg
[2011/04/04 12:12:45 | 000,050,210 | ---- | C] () -- C:\Users\Angie\Documents\cc_20110404_121244.reg
[2011/04/04 12:11:36 | 000,002,991 | ---- | C] () -- C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cookienator.lnk
[2011/04/01 12:58:08 | 000,000,981 | ---- | C] () -- C:\Users\Public\Desktop\Winamp.lnk
[2011/03/29 13:19:23 | 000,765,362 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/03/29 12:44:42 | 000,000,482 | ---- | C] () -- C:\Windows\eReg.dat
[2011/03/07 20:52:04 | 000,197,120 | ---- | C] () -- C:\Windows\patchw32.dll
[2011/03/06 04:31:13 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2011/02/22 22:39:28 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/02/22 18:23:04 | 000,000,059 | ---- | C] () -- C:\ProgramData\user.ini
[2011/02/12 02:46:55 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/02/11 23:29:41 | 000,454,656 | ---- | C] () -- C:\Windows\SysWow64\dlcxutil.dll
[2011/02/11 23:29:41 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\dlcxinst.dll
[2011/02/11 23:29:41 | 000,176,128 | ---- | C] () -- C:\Windows\SysWow64\dlcxinsb.dll
[2011/02/11 23:29:41 | 000,176,128 | ---- | C] () -- C:\Windows\SysWow64\dlcxins.dll
[2011/02/11 23:29:41 | 000,139,264 | ---- | C] () -- C:\Windows\SysWow64\dlcxjswr.dll
[2011/02/11 23:29:41 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\dlcxinsr.dll
[2011/02/11 23:29:41 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\dlcxcur.dll
[2011/02/11 23:29:40 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\dlcxcub.dll
[2011/02/11 23:29:40 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\dlcxcu.dll
[2011/02/11 23:29:40 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\DLCXcfg.dll
[2010/11/06 16:13:14 | 000,002,110 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/11/06 15:16:44 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/09/21 13:30:44 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/02/22 20:58:20 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\3Stars
[2011/03/04 23:19:44 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Akhra
[2011/03/05 23:23:08 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Alawar
[2011/03/22 19:05:49 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Amazon
[2011/02/22 21:01:59 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Ancient Quest of Saqqarah_alawar
[2011/03/07 20:41:07 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Arkadium
[2011/03/19 19:38:48 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Artogon
[2011/03/05 23:21:52 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Aveyond 3
[2011/02/21 15:48:42 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Aveyond II
[2011/02/21 18:23:24 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Batovi
[2011/03/06 04:33:31 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Beanbag Studios
[2011/03/05 23:22:28 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Big Fish Games
[2011/03/05 23:35:36 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\BloodTies
[2011/03/06 00:02:48 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Blue Tea Games
[2011/03/07 20:30:18 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Boomzap
[2011/02/12 18:34:34 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\calibre
[2011/04/04 12:06:28 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\CBS Interactive
[2011/04/25 12:59:51 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Colibri Games
[2011/03/06 00:47:46 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\DarkParablesBriarRose_BFG
[2011/03/06 01:55:55 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Dawn's Light 2
[2011/02/11 22:40:54 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\de.makesoft.twhirl.0EA062BC275E7ED1E6EC3762EFFD73C7158ADF33.1
[2011/03/07 20:32:38 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\DigirononGames
[2011/03/07 20:19:08 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\DivoGames
[2011/02/21 15:55:05 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Dreamsdwell Stories
[2011/03/06 04:05:23 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Dreamsdwell Stories 2
[2011/02/19 14:10:51 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Dying for Daylight
[2011/02/19 14:11:02 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Dying for Daylight Shared
[2011/02/21 19:03:12 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\EA
[2011/03/14 17:49:04 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Elephant Games
[2011/03/19 14:14:39 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Enki Games
[2011/03/19 14:10:58 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\ERS G-Studio
[2011/03/19 14:11:37 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\ERS Game Studios
[2011/03/06 04:07:20 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\EscapeFromParadise2
[2011/03/06 04:11:08 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\EternalEden
[2011/04/11 18:06:54 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\FairyTale
[2011/02/21 16:08:50 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Farm Mania
[2011/02/21 16:09:33 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\FirstColony
[2011/03/19 17:58:55 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Freezetag
[2011/03/19 14:52:07 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Friday's games
[2011/03/19 14:36:28 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Frogwares
[2011/02/22 18:11:59 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Fugazo
[2011/03/19 14:45:33 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\funkitron
[2011/02/28 20:45:04 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\GameHouse
[2011/03/06 04:32:45 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Gamers Digital
[2011/04/22 17:52:16 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Ghost Ship Studios
[2011/04/22 18:47:05 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Gogii
[2011/03/19 18:06:27 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\GOL_byHasbro
[2011/03/19 13:38:41 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\GuardiansOfMagic
[2011/03/06 04:04:47 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\HdO Adventure
[2011/02/15 20:16:54 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\i42 Software
[2011/04/02 19:28:17 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\iWin
[2011/02/22 21:03:05 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Ladia Group
[2011/03/07 20:52:10 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Leadertech
[2011/03/19 19:20:40 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\LegacyInteractive
[2011/03/19 19:29:19 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Ludia
[2011/04/02 16:03:10 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\MagicIndie
[2011/03/07 20:43:48 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\margrave3_full
[2011/02/26 14:40:02 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\md studio
[2011/03/07 20:46:56 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\MegaplexMadnessSummerBlockbuster
[2011/03/19 14:37:09 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Merscom
[2011/03/07 18:50:50 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Mystery of Mortlake Mansion
[2011/03/05 23:46:26 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Namco
[2011/03/19 19:24:55 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Oberon Media
[2011/04/22 14:52:44 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\OpenDNS Updater
[2011/02/12 18:10:13 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\OpenOffice.org
[2011/02/11 22:39:01 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Opera
[2011/03/19 19:52:59 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Orneon
[2011/03/06 00:01:42 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Ph03nixNewMedia
[2011/02/26 14:49:43 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Phantasmat_bf_se1
[2011/03/06 04:06:46 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\PlayFirst
[2011/03/06 00:46:18 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\PoBros
[2011/03/19 20:05:46 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Pogo Games
[2011/03/14 18:42:28 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\QB9
[2011/03/07 20:36:34 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Quirky Games
[2011/03/19 14:14:00 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\ReelDealSlotQuest_Alice
[2011/02/25 23:19:48 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Rovio
[2011/02/28 15:16:22 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Skip-Bo
[2011/03/19 20:04:41 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\SpinTop Games
[2011/03/19 19:35:25 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\TimeMachine
[2011/03/19 19:36:02 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\TimeQuest
[2011/04/14 10:03:25 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\TomTom
[2011/03/19 17:00:44 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Total Eclipse
[2011/04/28 00:35:47 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Trusteer
[2011/02/25 16:52:07 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Unity
[2011/03/19 14:31:54 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\URSE Games
[2011/04/29 12:56:25 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\uTorrent
[2011/03/19 20:05:37 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\VampireSaga
[2011/02/21 19:01:21 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Virtual City
[2011/03/06 04:28:56 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\World-Loom
[2009/07/14 01:08:49 | 000,013,880 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\ProgramData\Temp:5C321E34
@Alternate Data Stream - 234 bytes -> C:\ProgramData\Temp:84BD8B63
@Alternate Data Stream - 232 bytes -> C:\ProgramData\Temp:93F3E4C9
@Alternate Data Stream - 231 bytes -> C:\ProgramData\Temp:16A4620C
@Alternate Data Stream - 229 bytes -> C:\ProgramData\Temp:BDD83DC4
@Alternate Data Stream - 226 bytes -> C:\ProgramData\Temp:1E5EC928
@Alternate Data Stream - 223 bytes -> C:\ProgramData\Temp:E6D148BC
@Alternate Data Stream - 221 bytes -> C:\ProgramData\Temp:ADE67221
@Alternate Data Stream - 217 bytes -> C:\ProgramData\Temp:5A437AC3
@Alternate Data Stream - 217 bytes -> C:\ProgramData\Temp:1F96ED45
@Alternate Data Stream - 215 bytes -> C:\ProgramData\Temp:885EBC91
@Alternate Data Stream - 215 bytes -> C:\ProgramData\Temp:72F57408
@Alternate Data Stream - 214 bytes -> C:\ProgramData\Temp:3AB8D21A
@Alternate Data Stream - 214 bytes -> C:\ProgramData\Temp:2CE15176
@Alternate Data Stream - 214 bytes -> C:\ProgramData\Temp:19C3BC3A
@Alternate Data Stream - 212 bytes -> C:\ProgramData\Temp:A4E7D25F
@Alternate Data Stream - 212 bytes -> C:\ProgramData\Temp:9857FAE3
@Alternate Data Stream - 212 bytes -> C:\ProgramData\Temp:5D17C178
@Alternate Data Stream - 212 bytes -> C:\ProgramData\Temp:3E06C78F
@Alternate Data Stream - 211 bytes -> C:\ProgramData\Temp:6E2A6B4A
@Alternate Data Stream - 211 bytes -> C:\ProgramData\Temp:67C320D1
@Alternate Data Stream - 210 bytes -> C:\ProgramData\Temp:D31BE97C
@Alternate Data Stream - 210 bytes -> C:\ProgramData\Temp:9E3E060F
@Alternate Data Stream - 209 bytes -> C:\ProgramData\Temp:8C6D2EC3
@Alternate Data Stream - 208 bytes -> C:\ProgramData\Temp:F422F8F1
@Alternate Data Stream - 207 bytes -> C:\ProgramData\Temp:6F1F66C0
@Alternate Data Stream - 207 bytes -> C:\ProgramData\Temp:4573A78F
@Alternate Data Stream - 206 bytes -> C:\ProgramData\Temp:7B2BB690
@Alternate Data Stream - 205 bytes -> C:\ProgramData\Temp:AE75CCC8
@Alternate Data Stream - 205 bytes -> C:\ProgramData\Temp:A4076A3B
@Alternate Data Stream - 205 bytes -> C:\ProgramData\Temp:16B49C20
@Alternate Data Stream - 205 bytes -> C:\ProgramData\Temp:0860D6D6
@Alternate Data Stream - 203 bytes -> C:\ProgramData\Temp:33DB8278
@Alternate Data Stream - 203 bytes -> C:\ProgramData\Temp:0F0A5896
@Alternate Data Stream - 202 bytes -> C:\ProgramData\Temp:1CE87230
@Alternate Data Stream - 202 bytes -> C:\ProgramData\Temp:102394C6
@Alternate Data Stream - 202 bytes -> C:\ProgramData\Temp:0AC32449
@Alternate Data Stream - 201 bytes -> C:\ProgramData\Temp:D4D3884D
@Alternate Data Stream - 200 bytes -> C:\ProgramData\Temp:F0762150
@Alternate Data Stream - 200 bytes -> C:\ProgramData\Temp:6BF0805F
@Alternate Data Stream - 196 bytes -> C:\ProgramData\Temp:592D7272
@Alternate Data Stream - 194 bytes -> C:\ProgramData\Temp:A7DA2BCD
@Alternate Data Stream - 193 bytes -> C:\ProgramData\Temp:FDD17FC9
@Alternate Data Stream - 193 bytes -> C:\ProgramData\Temp:6514A833
@Alternate Data Stream - 189 bytes -> C:\ProgramData\Temp:89E1BAF5
@Alternate Data Stream - 188 bytes -> C:\ProgramData\Temp:DEEA5B0E
@Alternate Data Stream - 188 bytes -> C:\ProgramData\Temp:2FC7B9E4
@Alternate Data Stream - 187 bytes -> C:\ProgramData\Temp:A688EF17
@Alternate Data Stream - 187 bytes -> C:\ProgramData\Temp:95198126
@Alternate Data Stream - 180 bytes -> C:\ProgramData\Temp:21F28B00
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:14A1BBE3
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:19474103
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:A819A132
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:54380FEC
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:A5CD91DF
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:35629AE6
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:C76CFF82
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:697DDE2B
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:5080697C
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:0BBF232A
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:D6255023
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:207C4C79
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:E8C44CB4
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:4F28299B
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:3C9B05C4
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:34EFF1F2
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:B2735F9E
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:8204AA35
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:3BBB1871
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:CA0CE093
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:86B7FDDB
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:512E1728
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:7ADB695A
@Alternate Data Stream - 108 bytes -> C:\ProgramData\Temp:ABFEED8E
@Alternate Data Stream - 107 bytes -> C:\ProgramData\Temp:1A6AFE3D
@Alternate Data Stream - 106 bytes -> C:\ProgramData\Temp:BD9F7E4E
@Alternate Data Stream - 106 bytes -> C:\ProgramData\Temp:375FC7E7
@Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:E91ADC66
@Alternate Data Stream - 104 bytes -> C:\ProgramData\Temp:D48500F8

< End of report >
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP