Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Can't run .exe files


  • This topic is locked This topic is locked

#16
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Be a divil and I will look at both - any problems so far in normal mode ?
  • 0

Advertisements


#17
betctru

betctru

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts
Also, when the system rebooted, my virus scan software (AVG) ran and a window opened which says "Multiple thread detection" and lists the same file twice
File: c:\WINDOWS]zipexe_r.exe
Infection: Trojan horseSHeur4.W
Result: Infected

it gives me these options:
Remove Selected Infections
Remove all unheled infections
Close

And below that it says:
Process name c:\Documents and Settings\Betsy True\Desktop\OTL.scr
Process ID: 5844
Detected on open.


...understanding it's late at night now in Cornwall... :)
  • 0

#18
betctru

betctru

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts
Here's the OTL.txt log after the quick scan:

OTL logfile created on: 9/6/2011 3:32:51 PM - Run 2
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Documents and Settings\Betsy True\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.09 Mb Total Physical Memory | 587.52 Mb Available Physical Memory | 57.48% Memory free
2.40 Gb Paging File | 1.70 Gb Available in Paging File | 70.70% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.21 Gb Total Space | 63.04 Gb Free Space | 43.71% Space Free | Partition Type: NTFS

Computer Name: DELLA | User Name: Betsy True | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/06 15:31:51 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2011/09/06 14:27:22 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Betsy True\Desktop\OTL.scr
PRC - [2011/07/20 17:10:36 | 001,463,120 | ---- | M] (Billeo, Inc.) -- C:\Program Files\Billeo\billeo.exe
PRC - [2011/07/14 20:54:57 | 000,136,584 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2011/07/14 20:54:13 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2011/05/26 11:16:24 | 000,357,832 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files\IncrediMail\bin\IncMail.exe
PRC - [2011/05/26 11:16:24 | 000,255,432 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files\IncrediMail\bin\ImApp.exe
PRC - [2011/05/25 16:07:14 | 024,176,560 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\Betsy True\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2011/03/14 12:56:34 | 002,071,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2011/03/14 12:51:07 | 001,053,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgupd.exe
PRC - [2010/12/01 11:02:12 | 000,491,168 | ---- | M] (RealNetworks, Inc.) -- c:\Program Files\Real\RealPlayer\realplay.exe
PRC - [2010/12/01 11:02:06 | 000,274,608 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2010/11/30 11:23:52 | 000,221,184 | ---- | M] (Readdle) -- C:\Program Files\Printer Pro Desktop\PrinterProDesktop.exe
PRC - [2010/11/24 10:14:33 | 002,331,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgfws9.exe
PRC - [2010/11/24 10:14:33 | 000,725,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/11/08 13:04:20 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2010/09/20 08:30:02 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/09/17 16:40:06 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2010/07/27 13:49:04 | 000,405,384 | ---- | M] (Chaos Software Group, Inc.) -- C:\Program Files\Chaos Software\Intellect\alarm.exe
PRC - [2010/07/23 09:35:44 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/06/22 11:08:09 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/06/22 11:08:04 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/06/22 11:07:58 | 005,897,808 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010/06/22 11:07:58 | 000,596,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2010/06/22 11:07:52 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/06/22 11:07:51 | 000,842,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgam.exe
PRC - [2009/08/20 18:12:38 | 002,896,896 | ---- | M] () -- C:\Program Files\EasyDeskTicker\easydeskticker.exe
PRC - [2009/07/08 03:53:36 | 000,472,112 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Pure Networks\Network Magic\nmapp.exe
PRC - [2009/07/07 15:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2009/07/01 08:44:56 | 001,273,856 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\PDF Professional 6\PdfPro6Hook.exe
PRC - [2009/06/30 16:49:06 | 000,134,944 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\PDF Professional 6\PDFProFiltSrv.exe
PRC - [2008/11/06 12:33:56 | 000,288,088 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe
PRC - [2008/09/23 11:20:00 | 000,415,072 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files\WinZip\WZQKPICK.EXE
PRC - [2008/08/08 18:30:44 | 000,016,712 | R--- | M] () -- C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
PRC - [2008/08/08 18:30:40 | 000,532,808 | R--- | M] (Corel, Inc.) -- C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
PRC - [2007/12/24 11:07:38 | 000,067,128 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
PRC - [2007/07/24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/10/03 18:42:38 | 000,747,104 | ---- | M] (Audible, Inc.) -- C:\Program Files\Audible\Bin\ADHelper.exe
PRC - [2006/08/25 16:47:54 | 000,724,992 | ---- | M] () -- C:\Program Files\NETGEAR\PS121v2\PS121v2.exe
PRC - [2005/04/25 09:50:08 | 000,139,264 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2005/04/25 09:49:52 | 000,086,142 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2004/08/10 07:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/08/10 07:00:00 | 000,419,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntvdm.exe
PRC - [2004/06/09 14:27:34 | 000,471,040 | ---- | M] (PalmSource, Inc) -- C:\Program Files\palmOne\Hotsync.exe
PRC - [2003/12/04 16:21:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2003/09/17 11:43:36 | 000,057,344 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
PRC - [2002/06/11 10:32:22 | 000,147,456 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
PRC - [2002/06/11 10:31:50 | 000,323,646 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
PRC - [2002/04/11 04:19:36 | 000,077,824 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
PRC - [2002/04/11 04:19:34 | 000,069,632 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
PRC - [1999/04/22 20:49:30 | 000,126,976 | ---- | M] (Vision X Software, Inc.) -- C:\DigiDay\dd_clock.exe


========== Modules (No Company Name) ==========

MOD - [2011/05/26 11:16:25 | 000,071,112 | ---- | M] () -- C:\Program Files\IncrediMail\bin\wlessfp1.dll
MOD - [2011/05/26 11:16:24 | 000,267,720 | ---- | M] () -- C:\Program Files\IncrediMail\bin\ImLookExU.dll
MOD - [2011/05/26 11:16:24 | 000,132,552 | ---- | M] () -- C:\Program Files\IncrediMail\bin\ImComUtlU.dll
MOD - [2011/05/26 11:16:24 | 000,079,304 | ---- | M] () -- C:\Program Files\IncrediMail\bin\ImAppRU.dll
MOD - [2009/10/26 10:28:45 | 000,077,824 | ---- | M] () -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\boost_log-vc71-mt-1_32.dll
MOD - [2009/10/26 10:28:45 | 000,057,344 | ---- | M] () -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\boost_thread-vc71-mt-1_32.dll
MOD - [2009/09/04 23:15:06 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009/08/20 18:12:38 | 002,896,896 | ---- | M] () -- C:\Program Files\EasyDeskTicker\easydeskticker.exe
MOD - [2009/07/13 18:37:04 | 000,152,112 | ---- | M] () -- C:\Program Files\Common Files\Pure Networks Shared\Platform\CAntiVirusCOM.dll
MOD - [2009/07/13 18:37:04 | 000,098,304 | ---- | M] () -- C:\Program Files\Common Files\Pure Networks Shared\Platform\CFirewallCOM.dll
MOD - [2008/08/08 18:30:44 | 000,016,712 | R--- | M] () -- C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
MOD - [2008/03/18 20:21:48 | 000,094,208 | ---- | M] () -- C:\Program Files\Yahoo!\Yahoo! Widget Engine\jsd.dll
MOD - [2008/03/18 20:21:20 | 000,512,000 | ---- | M] () -- C:\Program Files\Yahoo!\Yahoo! Widget Engine\js32.dll
MOD - [2008/01/08 18:50:10 | 000,349,147 | ---- | M] () -- C:\Program Files\Yahoo!\Yahoo! Widget Engine\sqlite3.dll
MOD - [2007/12/24 11:07:35 | 000,061,496 | ---- | M] () -- C:\Program Files\Logitech\Desktop Messenger\8876480\8.1.1.50-8876480SL\Program\clntutil.dll
MOD - [2006/08/25 16:47:54 | 000,724,992 | ---- | M] () -- C:\Program Files\NETGEAR\PS121v2\PS121v2.exe
MOD - [2006/08/24 11:18:44 | 000,192,512 | ---- | M] () -- C:\Program Files\NETGEAR\PS121v2\Utility.dll
MOD - [2006/02/24 15:00:14 | 000,135,168 | ---- | M] () -- C:\Program Files\ScreenThemes\scthemes.exe
MOD - [2005/12/12 12:58:24 | 000,102,400 | ---- | M] () -- C:\Program Files\Ilium Software\ListPro\ListProAlarms.exe
MOD - [2004/08/10 07:00:00 | 001,287,680 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2004/08/10 07:00:00 | 000,268,288 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2004/08/10 07:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2004/08/10 07:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2004/06/10 17:51:00 | 000,060,928 | ---- | M] () -- C:\WINDOWS\system32\P17.dll
MOD - [2003/04/08 11:13:18 | 000,049,152 | ---- | M] () -- C:\WINDOWS\system32\PRTSERV.dll
MOD - [2002/06/11 11:20:34 | 000,192,512 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpodvd08.dll
MOD - [2002/04/18 01:22:36 | 000,118,784 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxm08.dll
MOD - [2002/04/11 04:19:42 | 000,024,576 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnfps.dll
MOD - [2002/04/11 04:19:36 | 000,077,824 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (getPlusHelper) getPlus®
SRV - [2011/09/06 15:31:51 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2011/07/14 20:54:57 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2011/07/14 20:54:13 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2011/03/18 08:11:02 | 000,947,528 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2010/11/24 10:14:33 | 002,331,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgfws9.exe -- (avgfws9)
SRV - [2010/11/08 13:04:20 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2010/07/23 09:35:44 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/06/22 11:08:04 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/06/22 11:07:58 | 005,897,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2009/09/16 18:01:16 | 000,020,480 | ---- | M] (Intuit) [Disabled | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2009/06/30 16:49:06 | 000,134,944 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files\Nuance\PDF Professional 6\PDFProFiltSrv.exe -- (PDFProFiltSrv)
SRV - [2007/07/24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007/07/11 17:25:20 | 000,025,640 | R--- | M] (Amazon.com) [Auto | Stopped] -- C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe -- (ADVService)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/11/09 15:30:14 | 000,065,536 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2006/09/25 09:18:10 | 000,069,120 | ---- | M] (element5) [On_Demand | Stopped] -- C:\Program Files\Common Files\element5 Shared\Service\Licence Manager ESD.exe -- (License Management Service ESD)
SRV - [2005/09/04 07:14:08 | 000,068,096 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service)
SRV - [2005/08/02 17:18:49 | 000,086,016 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2005/04/25 09:49:52 | 000,086,142 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMon) Intel®
SRV - [2003/12/04 16:21:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2002/03/15 16:37:46 | 000,081,920 | R--- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2011/07/14 20:54:19 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2011/05/05 11:41:13 | 000,243,152 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/09/17 16:40:06 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2010/09/17 16:40:06 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2010/06/22 11:08:00 | 000,122,448 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys -- (AVGIDSDriverxpx)
DRV - [2010/06/22 11:08:00 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys -- (AVGIDSFilterxpx)
DRV - [2010/06/22 11:08:00 | 000,026,192 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys -- (AVGIDSShimxpx)
DRV - [2010/06/22 11:08:00 | 000,025,168 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\AVGIDSxx.sys -- (AVGIDSErHrxpx)
DRV - [2010/06/22 11:07:54 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/06/01 10:16:08 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/03/12 19:22:11 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\System32\Drivers\avgrkx86.sys -- (AvgRkx86)
DRV - [2009/10/26 10:28:45 | 000,030,104 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwfd)
DRV - [2009/10/26 10:28:45 | 000,030,104 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwdx)
DRV - [2009/07/07 15:48:44 | 000,026,672 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)
DRV - [2009/07/07 15:48:44 | 000,025,392 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)
DRV - [2008/03/02 04:28:00 | 000,206,608 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TMPassthru.sys -- (TMPassthruMP)
DRV - [2008/03/02 04:28:00 | 000,206,608 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TMPassthru.sys -- (TMPassthru)
DRV - [2007/08/20 18:05:27 | 000,016,694 | ---- | M] (PalmSource, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - [2007/04/02 15:33:04 | 000,217,600 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\MobiCap.sys -- (MobiCap)
DRV - [2006/11/29 01:46:24 | 000,028,224 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\APLMp50.sys -- (APLMp50)
DRV - [2006/08/17 16:04:18 | 000,010,752 | ---- | M] (SerComm) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETGEARUHOST.sys -- (NETGEARUHOST)
DRV - [2006/08/17 16:04:12 | 000,037,120 | ---- | M] (SerComm) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETGEARUHUB.sys -- (NETGEARUHUB)
DRV - [2006/05/18 09:48:50 | 000,047,249 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2005/10/20 17:48:03 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Haspnt.sys -- (Haspnt)
DRV - [2005/08/02 17:10:13 | 000,032,512 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2005/07/28 08:18:40 | 000,685,056 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock)
DRV - [2005/07/20 18:08:28 | 000,100,096 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\aksusb.sys -- (aksusb)
DRV - [2005/07/20 18:08:26 | 000,327,808 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\akshasp.sys -- (akshasp)
DRV - [2005/06/17 11:20:20 | 000,119,424 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2005/04/15 03:14:58 | 001,130,496 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/11/02 16:12:14 | 000,019,456 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iqvw32.sys -- (NAL)
DRV - [2004/10/07 21:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/08/10 07:00:00 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2004/06/09 18:16:00 | 000,840,960 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\P17.sys -- (P17)
DRV - [2003/11/17 22:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 22:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 22:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/09/22 14:48:00 | 000,130,192 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2003/09/22 14:47:00 | 000,178,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2003/09/19 17:45:48 | 000,021,248 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/04/29 05:00:56 | 000,014,336 | R--- | M] (Linksys Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BEFCM3XP.sys -- (BEFCMV3XP)
DRV - [2002/11/08 20:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)
DRV - [2002/05/28 11:37:26 | 000,018,458 | R--- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Adpusbst.sys -- (ADPUSBMS)
DRV - [2002/05/28 11:37:25 | 000,027,472 | R--- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Adpusbld.sys -- (ADPUSBLD)
DRV - [2002/02/07 03:41:24 | 000,033,991 | R--- | M] (Viking Sewing Machines AB) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RWSE.sys -- (RWSE)
DRV - [1997/12/22 21:02:46 | 000,023,936 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\aspi32.sys -- (Aspi32)
DRV - [1997/11/26 06:32:18 | 000,041,984 | ---- | M] (Husqvarna Sewing Machines AB) [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\SEMLPT.SYS -- (SemLPT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = http://search.msn.com/spbasic.htm
IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.kindleboards.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
IE - HKCU\..\URLSearchHook: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files\Swag_Bucks\prxtbSwa2.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Program Files\PageRage\prxtbPag0.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\..\URLSearchHook: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files\IncrediMail_MediaBar_2\prxtbIncr.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaultthis.engineName: "PageRage Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.swagbucks.com/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872
FF - prefs.js..extensions.enabledItems: [email protected]:6.103.018.001
FF - prefs.js..extensions.enabledItems: [email protected]:4.0.3
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}:3.5.0.12
FF - prefs.js..extensions.enabledItems: [email protected]:4.0.1
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..extensions.enabledItems: {4be68a18-deba-49e0-9e09-ee7796f3b62a}:2.5.1.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.3.8.20110620112826
FF - prefs.js..extensions.enabledItems: {c2f863cd-0429-48c7-bb54-db756a951760}:5.96.10.6984
FF - prefs.js..extensions.enabledItems: [email protected]:1.10.01
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [email protected]:3.3.3.2
FF - prefs.js..keyword.URL: "http://us.yhs.search...2-tb-web_us&p="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/npmozax: C:\PROGRA~1\Mozilla Firefox\plugins\ [2011/07/28 20:45:38 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/npracplug;version=1.0.0.0: C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll (RealNetworks)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.609: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.1: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@realarcade.com/RAClient: C:\Documents and Settings\All Users\Application Data\RealArcade\npraclient.dll (RealNetworks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files\Nuance\PDF Professional 6\bin\nppdf.dll (Zeon Corporation)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Betsy True\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Betsy True\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\PayPal\PayPal Plug-In [2008/01/03 09:08:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/11/24 10:15:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVG\AVG9\Toolbar\Firefox\[email protected] [2011/05/09 17:17:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/12/01 11:02:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/28 20:45:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/28 20:45:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 8\components [2011/07/25 11:38:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 8\plugins

[2010/01/09 14:12:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Betsy True\Application Data\Mozilla\Extensions
[2011/09/06 14:28:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Betsy True\Application Data\Mozilla\Firefox\Profiles\nuj11eia.default\extensions
[2010/07/15 23:56:01 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Betsy True\Application Data\Mozilla\Firefox\Profiles\nuj11eia.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/07/20 17:11:07 | 000,000,000 | ---D | M] (Billeo) -- C:\Documents and Settings\Betsy True\Application Data\Mozilla\Firefox\Profiles\nuj11eia.default\extensions\{4be68a18-deba-49e0-9e09-ee7796f3b62a}
[2011/06/24 15:05:48 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Betsy True\Application Data\Mozilla\Firefox\Profiles\nuj11eia.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/09/06 14:28:55 | 000,000,000 | ---D | M] (Swag Bucks Community Toolbar) -- C:\Documents and Settings\Betsy True\Application Data\Mozilla\Firefox\Profiles\nuj11eia.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}
[2011/06/29 18:23:08 | 000,000,000 | ---D | M] ("AOL Messaging Toolbar") -- C:\Documents and Settings\Betsy True\Application Data\Mozilla\Firefox\Profiles\nuj11eia.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
[2011/09/06 14:28:54 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Documents and Settings\Betsy True\Application Data\Mozilla\Firefox\Profiles\nuj11eia.default\extensions\[email protected]
[2010/01/09 14:14:15 | 000,000,000 | ---D | M] (Friendbar) -- C:\Documents and Settings\Betsy True\Application Data\Mozilla\Firefox\Profiles\nuj11eia.default\extensions\[email protected]
[2010/10/06 08:24:10 | 000,001,820 | ---- | M] () -- C:\Documents and Settings\Betsy True\Application Data\Mozilla\Firefox\Profiles\nuj11eia.default\searchplugins\bing.xml
[2010/01/09 14:14:23 | 000,001,432 | ---- | M] () -- C:\Documents and Settings\Betsy True\Application Data\Mozilla\Firefox\Profiles\nuj11eia.default\searchplugins\google-search-for-friendbar-toolbar.xml
[2011/04/15 23:17:23 | 000,002,183 | ---- | M] () -- C:\Documents and Settings\Betsy True\Application Data\Mozilla\Firefox\Profiles\nuj11eia.default\searchplugins\MyStart Search.xml
[2010/01/09 14:14:22 | 000,001,192 | ---- | M] () -- C:\Documents and Settings\Betsy True\Application Data\Mozilla\Firefox\Profiles\nuj11eia.default\searchplugins\twitter-search.xml
[2011/04/07 10:39:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/20 09:59:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/11/13 18:22:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2007/04/23 08:09:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\Access Privileges Test
[2009/04/01 21:10:21 | 000,000,000 | ---D | M] (RealArcade V3 Plugin) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2010/11/13 18:22:26 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2008/01/04 18:21:46 | 000,019,104 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\mozilla firefox\plugins\atgpcdec.dll
[2008/01/04 18:21:46 | 000,105,632 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\mozilla firefox\plugins\atgpcext.dll
[2008/01/04 18:21:43 | 000,057,504 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\mozilla firefox\plugins\npatgpc.dll
[2003/10/02 14:44:00 | 000,142,848 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npcpbrk7.dll
[2010/11/13 18:22:25 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2008/04/28 16:13:00 | 000,114,688 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npmozax.dll
[2009/03/30 17:13:54 | 000,098,304 | ---- | M] (RealNetworks) -- C:\Program Files\mozilla firefox\plugins\npraclient.dll
[2005/04/27 16:10:49 | 000,102,400 | ---- | M] (RealNetworks) -- C:\Program Files\mozilla firefox\plugins\npracplug.dll
[2008/01/08 22:37:18 | 000,159,744 | ---- | M] (CNN) -- C:\Program Files\mozilla firefox\plugins\NPTURNMED.dll
[2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll
[2007/03/09 19:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\mozilla firefox\plugins\npyaxmpb.dll
[2009/03/03 10:51:42 | 000,098,304 | ---- | M] (Zylom) -- C:\Program Files\mozilla firefox\plugins\npzylomgamesplayer.dll

O1 HOSTS File: ([2011/09/06 15:23:43 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngin0.dll (Conduit Ltd.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Billeo) - {465E08E7-F005-4389-980F-1D8764B3486C} - c:\Program Files\Billeo\billeo.dll (Billeo, Inc.)
O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files\Nuance\PDF Professional 6\bin\PlusIEContextMenu.dll (Zeon Corporation)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Swag Bucks Toolbar) - {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files\Swag_Bucks\prxtbSwa2.dll (Conduit Ltd.)
O2 - BHO: (PageRage Toolbar) - {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Program Files\PageRage\prxtbPag0.dll (Conduit Ltd.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
O2 - BHO: (IncrediMail MediaBar 2 Toolbar) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files\IncrediMail_MediaBar_2\prxtbIncr.dll (Conduit Ltd.)
O2 - BHO: (ZeonIEEventHelper Class) - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files\Nuance\PDF Professional 6\bin\ZeonIEFavClient.dll (Zeon Corporation)
O2 - BHO: (OToolbarHelper Class) - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll ()
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Client\YontooIEClient.dll (Yontoo Technology, Inc.)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngin0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
O3 - HKLM\..\Toolbar: (Billeo) - {6ADB0F93-1AA5-4BCF-9DF4-CEA689A3C111} - c:\Program Files\Billeo\billeo.dll (Billeo, Inc.)
O3 - HKLM\..\Toolbar: (Swag Bucks Toolbar) - {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files\Swag_Bucks\prxtbSwa2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (PageRage Toolbar) - {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Program Files\PageRage\prxtbPag0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (IncrediMail MediaBar 2 Toolbar) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files\IncrediMail_MediaBar_2\prxtbIncr.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (PayPal Plug-In) - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll ()
O3 - HKLM\..\Toolbar: (Nuance PDF) - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files\Nuance\PDF Professional 6\bin\ZeonIEFavClient.dll (Zeon Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Billeo) - {6ADB0F93-1AA5-4BCF-9DF4-CEA689A3C111} - c:\Program Files\Billeo\billeo.dll (Billeo, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Swag Bucks Toolbar) - {8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94} - C:\Program Files\Swag_Bucks\prxtbSwa2.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (PageRage Toolbar) - {9565115D-C7D6-46D3-BD63-B67B481A4368} - C:\Program Files\PageRage\prxtbPag0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (IncrediMail MediaBar 2 Toolbar) - {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - C:\Program Files\IncrediMail_MediaBar_2\prxtbIncr.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe ()
O4 - HKLM..\Run: [Corel Photo Downloader] C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe (Corel, Inc.)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [nmapp] C:\Program Files\Pure Networks\Network Magic\nmapp.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [Nuance PDF Professional 6-reminder] C:\Program Files\Nuance\PDF Professional 6\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [P17Helper] C:\WINDOWS\System32\P17.dll ()
O4 - HKLM..\Run: [PDF6 Registry Controller] C:\Program Files\Nuance\PDF Professional 6\RegistryController.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDFHook] C:\Program Files\Nuance\PDF Professional 6\PdfPro6Hook.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PS121v2] C:\Program Files\NETGEAR\PS121v2\PS121v2.exe ()
O4 - HKLM..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TMRUBottedTray] C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKCU..\Run: [alarm.exe] C:\Program Files\Chaos Software\Intellect\alarm.exe (Chaos Software Group, Inc.)
O4 - HKCU..\Run: [EasyDeskTicker] C:\Program Files\EasyDeskTicker\easydeskticker.exe ()
O4 - HKCU..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.)
O4 - HKCU..\Run: [Livestation] File not found
O4 - HKCU..\Run: [Philips Intelligent Agent] File not found
O4 - HKCU..\Run: [PrinterProDesktop] C:\Program Files\Printer Pro Desktop\PrinterProDesktop.exe (Readdle)
O4 - HKCU..\Run: [updateMgr] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Amazon Unbox.lnk = C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe (Amazon.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Audible Download Manager.lnk = C:\Program Files\Audible\Bin\ADHelper.exe (Audible, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Billeo.lnk = C:\Program Files\Billeo\billeo.exe (Billeo, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe (PalmSource, Inc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\officejet 6100.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
O4 - Startup: C:\Documents and Settings\Betsy True\Start Menu\Programs\Startup\!ntellect.lnk = C:\Program Files\Chaos Software\Intellect\Intellect.exe (Chaos Software Group, Inc.)
O4 - Startup: C:\Documents and Settings\Betsy True\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\Betsy True\Start Menu\Programs\Startup\DigiDay Clock.lnk = C:\DigiDay\dd_clock.exe (Vision X Software, Inc.)
O4 - Startup: C:\Documents and Settings\Betsy True\Start Menu\Programs\Startup\DigiDay Reminder.lnk = C:\DigiDay\dd_rem.exe ()
O4 - Startup: C:\Documents and Settings\Betsy True\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Betsy True\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Documents and Settings\Betsy True\Start Menu\Programs\Startup\ListProAlarms.lnk = C:\Program Files\Ilium Software\ListPro\ListProAlarms.exe ()
O4 - Startup: C:\Documents and Settings\Betsy True\Start Menu\Programs\Startup\ScreenThemes.lnk = C:\Program Files\ScreenThemes\scthemes.exe ()
O4 - Startup: C:\Documents and Settings\Betsy True\Start Menu\Programs\Startup\Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgets.exe (Yahoo! Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append the content of the link to existing PDF file - C:\Program Files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Append the content of the selected links to existing PDF file - C:\Program Files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Append to existing PDF file - C:\Program Files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Create PDF file - C:\Program Files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Create PDF file from the content of the link - C:\Program Files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Create PDF files from the selected links - C:\Program Files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Open with Nuance PDF Converter 6.0 - C:\Program Files\Nuance\PDF Professional 6\cnvres_eng.dll ()
O8 - Extra context menu item: Open with PDF Professional 6 - C:\Program Files\Nuance\PDF Professional 6\Bin\PlusIEContextMenu.dll (Zeon Corporation)
O8 - Extra context menu item: Subscribe with RSSRadio - c:\program files\dorada software\rssradio\subscribe.htm ()
O9 - Extra Button: Movies Extractor Scout - {02659636-B21B-4665-97E2-38733FDDEE53} - C:\Program Files\Bytescout Movies Extractor Scout\flashextract.exe ()
O9 - Extra Button: Bytescout SWF To Video Scout - {282D81E2-F254-4F7B-A533-0B7435EF7BBF} - C:\Program Files\Bytescout SWF To Video Scout\flashextract.exe (Bytescout)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {00000161-9980-0010-8000-00AA00389B71} http://codecs.micros.../i386/msaud.cab (Reg Error: Key error.)
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} http://symantec.atgn...oad/tgctlsi.cab (SupportSoft SmartIssue)
O16 - DPF: {01118F00-3E00-11D2-8470-0060089874ED} http://symantec.atgn...wnload/ssrc.cab (SupportSoft RemoteControl Class)
O16 - DPF: {01119400-3E00-11D2-8470-0060089874ED} http://symantec.atgn...d/sprtctlln.cab (SupportSoft Listener Control)
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} http://housecall60.t...all/xscan60.cab (HouseCall Control)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://active.macrom...tor/cabs/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} http://dlm.tools.aka...vex-2.2.1.0.cab (DownloadManager Control)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.syma...bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase5483.cab (Windows Live Safety Center Base Module)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.syma...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1219884559546 (MUWebControl Class)
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} http://housecall65.t...ivex/hcImpl.cab (Housecall ActiveX 6.5)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} http://acs.pandasoft...free/asinst.cab (ActiveScan Installer Class)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.micros...ntent/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F6F03AEF-DCBD-42B0-A41E-82D98324842B}: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\Program Files\ScreenThemes\data\Betsy True\ScreenThemes.bmp
O24 - Desktop BackupWallPaper: C:\Program Files\ScreenThemes\data\Betsy True\ScreenThemes.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/12/01 23:24:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/06 15:23:33 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/09/06 14:27:18 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Betsy True\Desktop\OTL.scr
[2011/09/06 13:00:16 | 002,002,320 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Betsy True\Desktop\HousecallLauncher.exe
[2008/03/31 15:54:57 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll
[2005/08/17 02:54:50 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll

========== Files - Modified Within 30 Days ==========

[2011/09/06 15:52:26 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/09/06 15:51:11 | 000,000,998 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2444962988-477438111-2672112748-1006UA.job
[2011/09/06 15:47:08 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/06 15:44:37 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Betsy True\Local Settings\Application Data\prvlcl.dat
[2011/09/06 15:42:35 | 000,000,946 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2444962988-477438111-2672112748-1006Core.job
[2011/09/06 15:38:28 | 000,660,847 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavifw.avm
[2011/09/06 15:38:27 | 085,456,596 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2011/09/06 15:32:08 | 000,000,650 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Billeo.lnk
[2011/09/06 15:30:29 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/09/06 15:29:27 | 008,405,015 | ---- | M] () -- C:\WINDOWS\TempFile
[2011/09/06 15:28:39 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2444962988-477438111-2672112748-1006.job
[2011/09/06 15:28:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/09/06 15:28:09 | 1071,812,608 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/06 15:23:43 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/09/06 15:14:51 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/09/06 14:27:22 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Betsy True\Desktop\OTL.scr
[2011/09/06 13:07:05 | 000,570,368 | ---- | M] () -- C:\Documents and Settings\Betsy True\Desktop\RogueKiller.exe
[2011/09/06 13:00:17 | 002,002,320 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Betsy True\Desktop\HousecallLauncher.exe
[2011/09/06 12:50:29 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

========== Files Created - No Company Name ==========

[2011/09/06 15:28:09 | 1071,812,608 | -HS- | C] () -- C:\hiberfil.sys
[2011/09/06 13:07:05 | 000,570,368 | ---- | C] () -- C:\Documents and Settings\Betsy True\Desktop\RogueKiller.exe
[2011/07/26 11:50:03 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/01/16 11:51:27 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Betsy True\Local Settings\Application Data\prvlcl.dat
[2010/01/07 16:20:27 | 008,892,928 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\atscie.msi
[2010/01/06 13:32:15 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Betsy True\Local Settings\Application Data\housecall.guid.cache
[2010/01/06 08:18:53 | 000,000,011 | ---- | C] () -- C:\WINDOWS\SA2005.ini
[2009/10/05 10:55:35 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2009/06/08 09:44:34 | 000,000,036 | -H-- | C] () -- C:\WINDOWS\System32\f9t.dat
[2009/04/14 16:58:44 | 000,002,281 | ---- | C] () -- C:\WINDOWS\ips.INI
[2008/09/29 16:43:24 | 000,082,868 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2008/06/25 10:30:27 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\8735126C49.sys
[2008/06/25 10:30:26 | 000,003,350 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2008/05/17 21:19:35 | 000,000,075 | ---- | C] () -- C:\WINDOWS\FileNamesinQueue.ini
[2008/02/04 18:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2008/01/04 18:22:03 | 000,051,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys
[2008/01/01 14:43:44 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008/01/01 14:43:33 | 001,559,040 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/01/01 14:43:33 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/01/01 14:43:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/12/24 11:11:42 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2007/11/07 21:22:18 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\zshp1018.exe
[2007/11/07 21:22:18 | 000,106,496 | R--- | C] () -- C:\WINDOWS\System32\vshp1018.dll
[2007/10/09 21:41:54 | 000,000,040 | ---- | C] () -- C:\Documents and Settings\Betsy True\Application Data\favSellers.awt
[2007/07/30 08:34:19 | 000,023,254 | ---- | C] () -- C:\Documents and Settings\Betsy True\Application Data\closedList.awt
[2007/07/30 08:34:19 | 000,000,005 | ---- | C] () -- C:\Documents and Settings\Betsy True\Application Data\openList.awt
[2007/06/26 20:02:37 | 000,002,304 | ---- | C] () -- C:\WINDOWS\System32\Machnm32.sys
[2007/06/12 20:29:06 | 000,000,162 | ---- | C] () -- C:\WINDOWS\System32\ftdiun2k.ini
[2007/05/03 13:54:38 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS4O.DLL
[2007/04/16 23:38:25 | 001,936,528 | ---- | C] () -- C:\WINDOWS\System32\ltmm15.dll
[2007/03/21 15:29:24 | 000,400,782 | ---- | C] () -- C:\Documents and Settings\Betsy True\Application Data\fontlst2.opf
[2007/03/09 03:12:32 | 000,027,648 | -HS- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2007/03/06 05:14:48 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2007/01/07 01:03:48 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\PRTSERV.dll
[2006/11/01 08:57:54 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\ZPORT4AS.dll
[2006/10/28 10:21:16 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\Betsy True\Application Data\WavCodec.wff
[2006/10/24 08:33:01 | 000,000,779 | ---- | C] () -- C:\WINDOWS\GUEmap.INI
[2006/10/23 08:39:08 | 000,057,344 | ---- | C] () -- C:\WINDOWS\TADSUINS.EXE
[2006/09/25 09:39:11 | 000,000,074 | -H-- | C] () -- C:\WINDOWS\sysdws.dat
[2006/07/26 08:43:07 | 000,000,072 | ---- | C] () -- C:\WINDOWS\mOceanSync.ini
[2006/06/09 21:22:23 | 000,000,023 | ---- | C] () -- C:\WINDOWS\ZDPLUSSEARCH.INI
[2006/06/02 18:15:44 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\LDecVorbis.dll
[2006/05/24 13:37:27 | 000,045,568 | RHS- | C] () -- C:\WINDOWS\System32\cygz.dll
[2006/05/24 10:40:42 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\ftdiunin.exe
[2006/05/14 10:32:12 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\FileOps.exe
[2006/05/05 08:51:18 | 001,895,026 | ---- | C] () -- C:\WINDOWS\System32\nowutils.dll
[2006/05/05 08:49:40 | 000,077,824 | ---- | C] () -- C:\WINDOWS\zipexe_r.exe
[2006/05/04 12:28:24 | 000,039,424 | ---- | C] () -- C:\WINDOWS\System32\hpi_scsi.dll
[2006/05/04 12:28:21 | 000,004,176 | ---- | C] () -- C:\WINDOWS\System32\Hpi_icon.dll
[2006/04/21 12:37:41 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2006/04/21 12:37:41 | 000,015,840 | ---- | C] () -- C:\WINDOWS\System32\Machnm1.exe
[2006/04/10 13:56:16 | 000,000,099 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2006/02/24 04:41:59 | 000,438,272 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2006/02/24 04:41:59 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\libfaac.dll
[2006/02/23 12:36:20 | 001,798,144 | ---- | C] () -- C:\WINDOWS\System32\ltmm_n.dll
[2006/02/23 12:36:20 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\LMOggSpl.dll
[2006/02/23 12:36:20 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\LMOggMux.dll
[2006/01/29 12:47:04 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/01/26 08:51:56 | 000,110,080 | ---- | C] () -- C:\WINDOWS\System32\nlame.dll
[2006/01/22 23:55:18 | 000,000,139 | ---- | C] () -- C:\WINDOWS\LODERUNN.INI
[2005/12/28 09:53:53 | 000,000,293 | ---- | C] () -- C:\WINDOWS\SerMagic.ini
[2005/11/21 11:34:25 | 000,022,635 | ---- | C] () -- C:\Documents and Settings\Betsy True\Application Data\Comma Separated Values (Windows).ADR
[2005/11/15 00:08:44 | 000,037,027 | ---- | C] () -- C:\WINDOWS\atmoUn.exe
[2005/11/11 22:28:45 | 000,001,782 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/11/03 20:33:31 | 000,000,004 | ---- | C] () -- C:\WINDOWS\uccspecb.sys
[2005/10/24 12:13:58 | 000,066,560 | RHS- | C] () -- C:\WINDOWS\MOTA113.exe
[2005/10/22 21:19:41 | 000,000,054 | ---- | C] () -- C:\WINDOWS\CmdFile.INI
[2005/10/20 19:32:02 | 000,647,168 | ---- | C] () -- C:\WINDOWS\System32\pqdvdb.dll
[2005/10/20 17:47:29 | 000,000,383 | ---- | C] () -- C:\WINDOWS\System32\haspdos.sys
[2005/10/20 17:47:28 | 000,164,864 | ---- | C] () -- C:\WINDOWS\System32\UNWISE.EXE
[2005/10/20 17:47:28 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\hdduinst.exe
[2005/10/13 22:27:00 | 000,422,400 | RHS- | C] () -- C:\WINDOWS\x2.64.exe
[2005/10/12 21:20:39 | 000,000,848 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2005/10/07 10:47:46 | 000,035,808 | ---- | C] () -- C:\WINDOWS\overlay.bin
[2005/10/01 21:08:00 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2005/10/01 20:47:16 | 000,000,040 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2005/09/30 10:07:45 | 000,132,608 | ---- | C] () -- C:\Documents and Settings\Betsy True\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/09/25 08:05:31 | 000,000,534 | ---- | C] () -- C:\WINDOWS\scthemes.ini
[2005/09/09 09:32:30 | 000,001,126 | ---- | C] () -- C:\WINDOWS\DD_CLOCK.INI
[2005/09/08 16:08:42 | 000,000,011 | ---- | C] () -- C:\WINDOWS\SA2005HH.ini
[2005/09/08 13:46:17 | 000,000,041 | ---- | C] () -- C:\WINDOWS\loc2.INI
[2005/09/08 13:46:12 | 000,000,041 | ---- | C] () -- C:\WINDOWS\FindServ.INI
[2005/09/02 11:05:00 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\Isb.dll
[2005/09/02 10:56:59 | 000,000,014 | ---- | C] () -- C:\WINDOWS\pagesuit.ini
[2005/09/02 10:47:00 | 000,027,801 | ---- | C] () -- C:\WINDOWS\hpoins01.dat
[2005/09/02 10:47:00 | 000,007,765 | ---- | C] () -- C:\WINDOWS\hpomdl01.dat
[2005/08/29 23:48:36 | 000,000,004 | ---- | C] () -- C:\WINDOWS\RM_RESULT.DAT
[2005/08/29 23:48:28 | 000,000,170 | ---- | C] () -- C:\WINDOWS\GetServer.ini
[2005/08/29 20:29:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2005/08/29 17:19:24 | 000,552,960 | R--- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2005/08/24 21:30:36 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2005/08/24 21:28:48 | 000,002,879 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2005/08/24 18:36:01 | 000,107,132 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2005/08/24 18:35:56 | 000,005,173 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2005/08/24 09:11:45 | 003,785,550 | -H-- | C] () -- C:\Documents and Settings\Betsy True\Local Settings\Application Data\BackupIconCache.db
[2005/08/24 09:11:45 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\Betsy True\Local Settings\Application Data\fusioncache.dat
[2005/08/17 03:34:46 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/08/17 03:23:27 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/08/17 03:20:02 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/08/17 03:17:41 | 001,048,576 | ---- | C] () -- C:\WINDOWS\System32\SFMAN.DAT
[2005/08/17 03:17:41 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2005/08/17 03:17:32 | 000,003,278 | ---- | C] () -- C:\WINDOWS\System32\LudaP17.ini
[2005/08/17 03:17:32 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2005/08/17 03:17:26 | 000,000,072 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2005/08/17 02:55:18 | 000,000,430 | ---- | C] () -- C:\WINDOWS\System32\dlbuplc.ini
[2005/08/17 02:54:52 | 000,060,928 | ---- | C] () -- C:\WINDOWS\System32\P17.dll
[2005/08/17 02:54:52 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\P17CPI.dll
[2005/08/17 02:54:40 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2005/08/17 02:54:36 | 000,087,540 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2005/08/17 02:54:08 | 000,000,375 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/08/02 17:24:01 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2005/05/13 18:12:00 | 000,217,073 | RHS- | C] () -- C:\WINDOWS\meta4.exe
[2005/05/04 20:58:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/05/03 11:44:44 | 000,025,157 | ---- | C] () -- C:\WINDOWS\RMAgentOutput.dll
[2005/05/03 11:43:44 | 000,126,976 | ---- | C] () -- C:\WINDOWS\dllTSCLIBMT.dll
[2005/03/22 18:38:24 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/22 18:38:24 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005/03/03 16:16:42 | 000,000,256 | ---- | C] () -- C:\WINDOWS\aucfg.ini
[2005/02/28 14:16:22 | 000,240,128 | RHS- | C] () -- C:\WINDOWS\System32\x.264.exe
[2004/11/18 16:43:03 | 004,902,912 | ---- | C] () -- C:\WINDOWS\System32\qt-mt332.dll
[2004/10/01 17:33:46 | 000,000,679 | ---- | C] () -- C:\WINDOWS\TSC.ini
[2004/08/19 17:20:39 | 000,000,890 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/19 17:12:27 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/19 17:03:04 | 000,034,380 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/19 16:57:50 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/19 16:57:07 | 000,391,184 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/19 16:49:47 | 000,562,050 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/19 16:49:47 | 000,122,090 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/19 16:49:43 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/19 16:49:36 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\pglyx2x.dll
[2004/08/19 16:49:36 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth2.dll
[2004/08/19 16:49:36 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth1.dll
[2004/08/19 16:49:36 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2004/08/19 16:49:36 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2004/08/19 16:49:36 | 000,000,339 | ---- | C] () -- C:\WINDOWS\System32\wgv7azl.dll
[2004/08/19 16:49:36 | 000,000,100 | ---- | C] () -- C:\WINDOWS\System32\prsgrc.dll
[2004/08/19 16:49:36 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2004/08/19 16:49:36 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\uh8zwc0.dll
[2004/08/19 16:49:36 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\itb7ycx.dll
[2004/08/10 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 07:00:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004/08/10 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 07:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/08/10 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 07:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/06/30 15:04:46 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\SDelete.dll
[2004/03/07 13:51:00 | 000,024,924 | ---- | C] () -- C:\WINDOWS\System32\openports.dll
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/07/04 15:05:34 | 000,000,269 | ---- | C] () -- C:\WINDOWS\tmupdate.ini
[2001/12/14 13:34:46 | 000,164,864 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[1999/07/23 14:46:48 | 000,000,116 | ---- | C] () -- C:\WINDOWS\AuHCcup1.ini
[1999/07/23 11:53:20 | 000,129,536 | ---- | C] () -- C:\WINDOWS\AuHCcup1.dll
[1996/10/14 02:38:00 | 000,001,266 | ---- | C] () -- C:\WINDOWS\System32\syswltag.bin
[1899/12/31 20:30:49 | 000,000,111 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[1617/11/08 20:57:57 | 000,003,120 | ---- | C] () -- C:\WINDOWS\JEQDOI.ini

========== LOP Check ==========

[2009/04/22 21:08:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2006/12/23 01:53:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2010/05/07 07:39:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
[2010/05/07 07:39:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM Toolbar
[2009/05/03 21:15:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alawar Stargaze
[2009/08/23 06:11:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Amazon
[2009/01/28 21:29:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ashtons Family Resort
[2010/09/12 13:23:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2009/10/26 10:28:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/04/23 13:25:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\billeo
[2007/05/03 13:54:35 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2007/04/18 16:57:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Chaos Software
[2011/03/14 12:58:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2008/08/06 08:21:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DataViz
[2009/08/28 23:34:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2006/09/25 09:18:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\element5
[2006/09/25 15:00:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
[2009/08/22 16:15:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flood Light Games
[2009/06/12 22:53:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN
[2007/08/23 07:40:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2005/10/13 17:09:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
[2008/05/21 10:52:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IM
[2008/05/21 10:46:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IncrediMail
[2011/09/06 15:29:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2006/10/28 08:13:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2009/07/22 01:18:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2010/12/26 13:06:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Photo Notifier and Animation Creator
[2008/12/18 19:04:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2009/07/22 07:06:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2006/01/28 08:35:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft(2)
[2006/10/30 14:04:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2010/05/18 15:14:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2011/09/06 15:31:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/08/27 17:28:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\The Journal
[2006/10/22 21:28:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2009/01/11 15:48:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VertusTech
[2009/06/13 08:14:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/06/09 15:12:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WholeSecurity
[2009/03/19 15:35:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2006/05/16 13:35:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\zeon
[2009/05/03 22:35:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2010/04/02 13:39:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/18 10:53:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/24 11:07:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/06/08 09:48:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{A8FB99CB-780B-4CA6-A91A-964EDA9D25C0}
[2009/06/08 09:50:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{B0AFCE64-DF3F-4824-8985-B21DB0EEE07B}
[2009/04/22 21:15:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\acccore
[2006/11/30 00:03:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\ACD Systems
[2010/07/14 10:54:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\Amazon
[2009/01/28 21:59:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\Ashtons Family Resort
[2010/07/29 18:00:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\AVG9
[2006/11/26 00:51:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\Beep Industries
[2008/01/01 13:57:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\Bytescout SWF To Video Scout
[2011/09/06 15:34:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\Chaos Software
[2006/11/10 08:04:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\CNN
[2010/07/15 13:59:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/05/15 17:15:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1
[2011/09/06 15:53:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\Dropbox
[2011/09/06 16:02:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\EasyDeskTicker
[2006/07/19 16:09:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\eFax Messenger
[2010/10/18 11:58:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\EurekaLog
[2008/03/31 16:05:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\Eyeblaster
[2009/08/22 16:15:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\Flood Light Games
[2009/01/29 23:55:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\Friday's games
[2008/04/08 08:17:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\funkitron
[2009/08/22 20:55:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\GameHousev1001
[2010/05/27 11:14:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\GARMIN
[2009/06/06 23:47:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\GetRightToGo
[2007/12/14 21:14:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\Helios
[2005/10/13 17:09:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\HotSync
[2009/04/08 17:31:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\HouseCall 6.6
[2008/03/31 22:05:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\Jane s Hotel Family Hero
[2005/08/25 18:38:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\Leadertech
[2008/12/11 22:48:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\Livestation
[2008/04/25 01:12:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\Mobipocket
[2008/01/01 12:46:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\Movies Extractor Scout
[2008/08/15 16:56:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\Musicmatch
[2010/01/22 15:59:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\MyPublisher
[2006/12/25 08:47:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\NCH Swift Sound
[2006/05/12 08:06:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\Now Software
[2009/11/27 16:43:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\Nuance
[2008/03/20 07:16:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\OfficeUpdate12
[2010/12/31 19:33:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\Opera
[2008/05/17 13:32:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\OverDrive
[2007/12/18 14:07:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\PDM
[2008/12/18 19:04:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\PlayFirst
[2008/12/17 17:38:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\Pogo Games
[2010/09/02 17:57:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\PriceGong
[2006/03/31 16:22:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\Qumana
[2006/10/28 08:13:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\RecordPad
[2005/11/10 08:53:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\RSSRadio
[2006/05/16 13:41:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\ScanSoft
[2009/07/14 18:08:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\Stamps.com Internet Postage
[2008/01/05 18:28:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\Super-Cow
[2009/04/29 06:57:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\TweetDeckFast.F9107117265DB7542C1A806C8DB837742CE14C21.1
[2006/10/22 21:28:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\Ulead Systems
[2009/05/03 22:37:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\URSE Games
[2009/10/23 09:42:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\Viewpoint
[2005/10/01 21:32:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\Wildfire
[2009/06/01 22:20:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\YoudaGames
[2006/05/16 13:35:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\Zeon
[2006/01/28 08:35:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\Zeon(2)
[2011/07/29 10:57:00 | 000,000,400 | ---- | M] () -- C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2200 series#1125673024.job

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2010/01/31 11:52:08 | 000,000,036 | ---- | M] ()(C:\WINDOWS\System32\?) -- C:\WINDOWS\System32\縀
[2010/01/31 11:52:08 | 000,000,036 | ---- | C] ()(C:\WINDOWS\System32\?) -- C:\WINDOWS\System32\縀
[2010/01/30 13:15:38 | 000,000,036 | ---- | M] ()(C:\WINDOWS\System32\??) -- C:\WINDOWS\System32\麠Ȇ
[2010/01/30 13:15:38 | 000,000,036 | ---- | C] ()(C:\WINDOWS\System32\??) -- C:\WINDOWS\System32\麠Ȇ
[2010/01/29 12:49:22 | 000,000,036 | ---- | M] ()(C:\WINDOWS\System32\??) -- C:\WINDOWS\System32\ȵ
[2010/01/29 12:49:22 | 000,000,036 | ---- | C] ()(C:\WINDOWS\System32\??) -- C:\WINDOWS\System32\ȵ
[2010/01/18 13:05:19 | 000,000,036 | ---- | M] ()(C:\WINDOWS\System32\?) -- C:\WINDOWS\System32\┈
[2010/01/18 13:05:19 | 000,000,036 | ---- | C] ()(C:\WINDOWS\System32\?) -- C:\WINDOWS\System32\┈
[2010/01/07 13:36:45 | 000,000,036 | ---- | M] ()(C:\WINDOWS\System32\??) -- C:\WINDOWS\System32\㓐•
[2010/01/07 13:36:45 | 000,000,036 | ---- | C] ()(C:\WINDOWS\System32\??) -- C:\WINDOWS\System32\㓐•
[2009/12/29 15:31:57 | 000,000,036 | ---- | M] ()(C:\WINDOWS\System32\?) -- C:\WINDOWS\System32\᜘
[2009/12/29 15:31:57 | 000,000,036 | ---- | C] ()(C:\WINDOWS\System32\?) -- C:\WINDOWS\System32\᜘
[2009/12/23 12:38:01 | 000,000,036 | ---- | M] ()(C:\WINDOWS\System32\??) -- C:\WINDOWS\System32\䋨˜
[2009/12/23 12:38:01 | 000,000,036 | ---- | C] ()(C:\WINDOWS\System32\??) -- C:\WINDOWS\System32\䋨˜
[2009/12/16 17:15:14 | 000,000,036 | ---- | M] ()(C:\WINDOWS\System32\?) -- C:\WINDOWS\System32\您
[2009/12/16 17:15:14 | 000,000,036 | ---- | C] ()(C:\WINDOWS\System32\?) -- C:\WINDOWS\System32\您
[2009/12/11 21:04:41 | 000,000,036 | ---- | M] ()(C:\WINDOWS\System32\?) -- C:\WINDOWS\System32\硨
[2009/12/11 21:04:41 | 000,000,036 | ---- | C] ()(C:\WINDOWS\System32\?) -- C:\WINDOWS\System32\硨
[2009/12/09 13:07:58 | 000,000,036 | ---- | M] ()(C:\WINDOWS\System32\?) -- C:\WINDOWS\System32\钘
[2009/12/09 13:07:58 | 000,000,036 | ---- | C] ()(C:\WINDOWS\System32\?) -- C:\WINDOWS\System32\钘
[2009/12/08 13:11:33 | 000,000,036 | ---- | M] ()(C:\WINDOWS\System32\??) -- C:\WINDOWS\System32\葀ɞ
[2009/12/08 13:11:33 | 000,000,036 | ---- | C] ()(C:\WINDOWS\System32\??) -- C:\WINDOWS\System32\葀ɞ
[2009/11/19 11:38:57 | 000,000,036 | ---- | M] ()(C:\WINDOWS\System32\??) -- C:\WINDOWS\System32\짰›
[2009/11/19 11:38:57 | 000,000,036 | ---- | C] ()(C:\WINDOWS\System32\??) -- C:\WINDOWS\System32\짰›
[2009/10/29 16:08:22 | 000,000,036 | ---- | M] ()(C:\WINDOWS\System32\?) -- C:\WINDOWS\System32\⋘
[2009/10/29 16:08:22 | 000,000,036 | ---- | C] ()(C:\WINDOWS\System32\?) -- C:\WINDOWS\System32\⋘

========== Alternate Data Streams ==========

@Alternate Data Stream - 241 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8E55808C
@Alternate Data Stream - 229 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:527B6DAD
@Alternate Data Stream - 181 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2C321309
@Alternate Data Stream - 175 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0C1D7085
@Alternate Data Stream - 156 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:52562F72
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:182D85B1

< End of report >

And the 9062011_152333.log file:

All processes killed
========== OTL ==========
Prefs.js: "MyStart Search" removed from browser.search.defaultenginename
Prefs.js: "MyStart Search" removed from browser.search.selectedEngine
Registry value HKEY_USERS\S-1-5-21-2444962988-477438111-2672112748-1006\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_USERS\S-1-5-21-2444962988-477438111-2672112748-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry value HKEY_USERS\S-1-5-21-2444962988-477438111-2672112748-1006_Classes\exefile\shell\open\command\\'' updated successfully.
File "C:\Documents and Settings\Betsy True\Local Settings\Application Data\tru.exe" -a "%1" %* not found.
Registry key HKEY_USERS\S-1-5-21-2444962988-477438111-2672112748-1006_Classes\.exe\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2444962988-477438111-2672112748-1006_Classes\exefile\ deleted successfully.
HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!
C:\Documents and Settings\Betsy True\Local Settings\Application Data\255fm0en288l moved successfully.
C:\Documents and Settings\All Users\Application Data\255fm0en288l moved successfully.
C:\Documents and Settings\Betsy True\Application Data\85d0f5e61a0389c28fdeaec7f07d80fa.8A83BD0BE459142F50C111755484E359D8DBFFF2.1\Local Store\#SharedObjects folder moved successfully.
C:\Documents and Settings\Betsy True\Application Data\85d0f5e61a0389c28fdeaec7f07d80fa.8A83BD0BE459142F50C111755484E359D8DBFFF2.1\Local Store folder moved successfully.
C:\Documents and Settings\Betsy True\Application Data\85d0f5e61a0389c28fdeaec7f07d80fa.8A83BD0BE459142F50C111755484E359D8DBFFF2.1 folder moved successfully.
C:\Documents and Settings\Betsy True\Application Data\c8dbe8efd4647dc2bc71ac80461b8677.8A83BD0BE459142F50C111755484E359D8DBFFF2.1\Local Store\#SharedObjects folder moved successfully.
C:\Documents and Settings\Betsy True\Application Data\c8dbe8efd4647dc2bc71ac80461b8677.8A83BD0BE459142F50C111755484E359D8DBFFF2.1\Local Store folder moved successfully.
C:\Documents and Settings\Betsy True\Application Data\c8dbe8efd4647dc2bc71ac80461b8677.8A83BD0BE459142F50C111755484E359D8DBFFF2.1 folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Betsy True\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Betsy True\Desktop\cmd.txt deleted successfully.
File\Folder C:\Documents and Settings\Betsy True\Local Settings\Application Data\tru.exe not found.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Betsy True
->Temp folder emptied: 12345397 bytes
->Temporary Internet Files folder emptied: 93111582 bytes
->Java cache emptied: 361950 bytes
->FireFox cache emptied: 143844116 bytes
->Google Chrome cache emptied: 6607666 bytes
->Apple Safari cache emptied: 0 bytes
->Opera cache emptied: 26203685 bytes
->Flash cache emptied: 20233 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LogMeInRemoteUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 69698210 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 120149788 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 94777097 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 1094340729 bytes

Total Files Cleaned = 1,585.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Betsy True
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: LogMeInRemoteUser
->Flash cache emptied: 0 bytes

User: NetworkService

Total Flash Files Cleaned = 0.00 mb

Error starting restore point: The function was called in safe mode.
Error closing restore point: The sequence number is invalid.

OTL by OldTimer - Version 3.2.27.0 log created on 09062011_152333

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
  • 0

#19
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Nice of AVG to join in :)

I guess you are running malwarebytes now ? How is the system behaving now in normal mode ?
  • 0

#20
betctru

betctru

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts
Yes, Malwarebytes ran while I took a nap. It said the scan completed successfully, no malicious items were detected.

Did AVG found a false positive on the OTL.scr? And I can ignore that?

The system is running about the way it did before the .exe files stopped working, which is to say it wasn't running great, but since I had two other computers, I wasn't pursuing it as hard as I should have been. I've been getting a lot of Windows errors for some time....

Here's the log:

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7665

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

9/6/2011 5:15:17 PM
mbam-log-2011-09-06 (17-15-17).txt

Scan type: Quick scan
Objects scanned: 218765
Time elapsed: 27 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#21
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets see if we can see a reason for these errors. What do they present themselves as ? Are they blue screens or slowdowns ?

OTL is very safe

Lets use OTL now to do an all user check in specific areas


  • Run OTL.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    C:\Windows\assembly\tmp\U /s
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

  • 0

#22
betctru

betctru

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts

OK lets see if we can see a reason for these errors. What do they present themselves as ? Are they blue screens or slowdowns ?

OTL is very safe

Lets use OTL now to do an all user check in specific areas


  • Run OTL.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    C:\Windows\assembly\tmp\U /s
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.


The errors are generally errors on boot up, I get a dialog box telling me that a file doesn't exist or that there is a wrong version of a Windows file.. Also, lately I've been having trouble installing new or updated software; the install will often tell me something that is needed isn't there.

Here is the log for the OTL scan:

OTL logfile created on: 9/7/2011 4:32:47 PM - Run 3
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Documents and Settings\Betsy True\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.09 Mb Total Physical Memory | 244.80 Mb Available Physical Memory | 23.95% Memory free
2.40 Gb Paging File | 1.28 Gb Available in Paging File | 53.47% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.21 Gb Total Space | 62.72 Gb Free Space | 43.49% Space Free | Partition Type: NTFS

Computer Name: DELLA | User Name: Betsy True | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/07 08:57:56 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2011/09/06 14:27:22 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Betsy True\Desktop\OTL.scr
PRC - [2011/07/25 11:38:41 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox 4.0 Beta 8\firefox.exe
PRC - [2011/07/25 11:38:39 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox 4.0 Beta 8\plugin-container.exe
PRC - [2011/07/20 17:10:36 | 001,463,120 | ---- | M] (Billeo, Inc.) -- C:\Program Files\Billeo\billeo.exe
PRC - [2011/07/14 20:54:57 | 000,136,584 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2011/07/14 20:54:13 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2011/07/06 19:52:38 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/05/26 11:16:24 | 000,357,832 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files\IncrediMail\bin\IncMail.exe
PRC - [2011/05/25 16:07:14 | 024,176,560 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\Betsy True\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2011/03/14 12:56:34 | 002,071,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/12/01 11:02:06 | 000,274,608 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2010/11/30 11:23:52 | 000,221,184 | ---- | M] (Readdle) -- C:\Program Files\Printer Pro Desktop\PrinterProDesktop.exe
PRC - [2010/11/24 10:14:33 | 002,331,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgfws9.exe
PRC - [2010/11/24 10:14:33 | 000,725,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/11/08 13:04:20 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2010/10/05 15:39:06 | 002,380,656 | ---- | M] (Chaos Software Group, Inc.) -- C:\Program Files\Chaos Software\Intellect\Intellect.exe
PRC - [2010/09/20 08:30:02 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/09/17 16:40:06 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2010/07/27 13:49:04 | 000,405,384 | ---- | M] (Chaos Software Group, Inc.) -- C:\Program Files\Chaos Software\Intellect\alarm.exe
PRC - [2010/07/23 09:35:44 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/06/22 11:08:09 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/06/22 11:08:04 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/06/22 11:07:58 | 005,897,808 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010/06/22 11:07:58 | 000,596,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2010/06/22 11:07:52 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/06/22 11:07:51 | 000,842,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgam.exe
PRC - [2010/05/14 12:44:46 | 000,501,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2009/08/20 18:12:38 | 002,896,896 | ---- | M] () -- C:\Program Files\EasyDeskTicker\easydeskticker.exe
PRC - [2009/07/08 03:53:36 | 000,472,112 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Pure Networks\Network Magic\nmapp.exe
PRC - [2009/07/07 15:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2009/07/01 08:44:56 | 001,273,856 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\PDF Professional 6\PdfPro6Hook.exe
PRC - [2009/06/30 16:49:06 | 000,134,944 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\PDF Professional 6\PDFProFiltSrv.exe
PRC - [2008/11/06 12:33:56 | 000,288,088 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe
PRC - [2008/09/23 11:20:00 | 000,415,072 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files\WinZip\WZQKPICK.EXE
PRC - [2008/08/08 18:30:44 | 000,016,712 | R--- | M] () -- C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
PRC - [2008/08/08 18:30:40 | 000,532,808 | R--- | M] (Corel, Inc.) -- C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
PRC - [2008/03/18 20:31:20 | 004,742,184 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgets.exe
PRC - [2007/12/24 11:07:38 | 000,067,128 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
PRC - [2007/07/24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/10/03 18:42:38 | 000,747,104 | ---- | M] (Audible, Inc.) -- C:\Program Files\Audible\Bin\ADHelper.exe
PRC - [2006/08/25 16:47:54 | 000,724,992 | ---- | M] () -- C:\Program Files\NETGEAR\PS121v2\PS121v2.exe
PRC - [2006/02/24 15:00:14 | 000,135,168 | ---- | M] () -- C:\Program Files\ScreenThemes\scthemes.exe
PRC - [2005/12/12 12:58:24 | 000,102,400 | ---- | M] () -- C:\Program Files\Ilium Software\ListPro\ListProAlarms.exe
PRC - [2005/04/25 09:50:08 | 000,139,264 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2005/04/25 09:49:52 | 000,086,142 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2004/08/10 07:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/08/10 07:00:00 | 000,419,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntvdm.exe
PRC - [2004/06/09 14:27:34 | 000,471,040 | ---- | M] (PalmSource, Inc) -- C:\Program Files\palmOne\Hotsync.exe
PRC - [2003/12/04 16:21:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2003/09/17 11:43:36 | 000,057,344 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
PRC - [2002/06/11 11:03:12 | 000,303,104 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe
PRC - [2002/06/11 10:45:10 | 000,286,720 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
PRC - [2002/06/11 10:32:22 | 000,147,456 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
PRC - [2002/06/11 10:31:50 | 000,323,646 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
PRC - [2002/04/11 04:19:36 | 000,077,824 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
PRC - [2002/04/11 04:19:34 | 000,069,632 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
PRC - [1999/04/22 20:49:30 | 000,126,976 | ---- | M] (Vision X Software, Inc.) -- C:\DigiDay\dd_clock.exe


========== Modules (No Company Name) ==========

MOD - [2011/08/26 23:39:50 | 000,077,312 | ---- | M] () -- C:\Documents and Settings\Betsy True\Application Data\Mozilla\Firefox\Profiles\nuj11eia.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\components\RadioWMPCoreGecko6.dll
MOD - [2011/07/25 11:38:41 | 001,846,232 | ---- | M] () -- C:\Program Files\Mozilla Firefox 4.0 Beta 8\mozjs.dll
MOD - [2011/05/26 11:16:25 | 000,071,112 | ---- | M] () -- C:\Program Files\IncrediMail\bin\wlessfp1.dll
MOD - [2011/05/26 11:16:24 | 000,267,720 | ---- | M] () -- C:\Program Files\IncrediMail\bin\ImLookExU.dll
MOD - [2011/05/26 11:16:24 | 000,132,552 | ---- | M] () -- C:\Program Files\IncrediMail\bin\ImComUtlU.dll
MOD - [2011/05/26 10:41:03 | 006,271,136 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2010/12/29 04:40:24 | 000,107,896 | ---- | M] () -- C:\Program Files\IncrediMail\bin\PMC.dll
MOD - [2009/10/26 10:28:45 | 000,077,824 | ---- | M] () -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\boost_log-vc71-mt-1_32.dll
MOD - [2009/10/26 10:28:45 | 000,057,344 | ---- | M] () -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\boost_thread-vc71-mt-1_32.dll
MOD - [2009/09/04 23:15:06 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009/08/20 18:12:38 | 002,896,896 | ---- | M] () -- C:\Program Files\EasyDeskTicker\easydeskticker.exe
MOD - [2009/07/13 18:37:04 | 000,152,112 | ---- | M] () -- C:\Program Files\Common Files\Pure Networks Shared\Platform\CAntiVirusCOM.dll
MOD - [2009/07/13 18:37:04 | 000,098,304 | ---- | M] () -- C:\Program Files\Common Files\Pure Networks Shared\Platform\CFirewallCOM.dll
MOD - [2009/06/30 16:29:14 | 002,271,232 | ---- | M] () -- C:\Program Files\Nuance\PDF Professional 6\cnvres_eng.dll
MOD - [2008/08/08 18:30:44 | 000,016,712 | R--- | M] () -- C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
MOD - [2008/03/18 20:21:48 | 000,094,208 | ---- | M] () -- C:\Program Files\Yahoo!\Yahoo! Widget Engine\jsd.dll
MOD - [2008/03/18 20:21:20 | 000,512,000 | ---- | M] () -- C:\Program Files\Yahoo!\Yahoo! Widget Engine\js32.dll
MOD - [2008/01/08 18:50:10 | 000,349,147 | ---- | M] () -- C:\Program Files\Yahoo!\Yahoo! Widget Engine\sqlite3.dll
MOD - [2007/12/24 11:07:35 | 000,061,496 | ---- | M] () -- C:\Program Files\Logitech\Desktop Messenger\8876480\8.1.1.50-8876480SL\Program\clntutil.dll
MOD - [2007/01/01 02:00:00 | 000,126,976 | ---- | M] () -- C:\WINDOWS\system32\Isb.dll
MOD - [2006/08/25 16:47:54 | 000,724,992 | ---- | M] () -- C:\Program Files\NETGEAR\PS121v2\PS121v2.exe
MOD - [2006/08/24 11:18:44 | 000,192,512 | ---- | M] () -- C:\Program Files\NETGEAR\PS121v2\Utility.dll
MOD - [2006/02/24 15:00:14 | 000,135,168 | ---- | M] () -- C:\Program Files\ScreenThemes\scthemes.exe
MOD - [2005/12/12 12:58:24 | 000,102,400 | ---- | M] () -- C:\Program Files\Ilium Software\ListPro\ListProAlarms.exe
MOD - [2004/08/10 07:00:00 | 001,287,680 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2004/08/10 07:00:00 | 000,268,288 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2004/08/10 07:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2004/08/10 07:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2004/06/10 17:51:00 | 000,060,928 | ---- | M] () -- C:\WINDOWS\system32\P17.dll
MOD - [2003/04/08 11:13:18 | 000,049,152 | ---- | M] () -- C:\WINDOWS\system32\PRTSERV.dll
MOD - [2002/06/11 11:20:34 | 000,192,512 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpodvd08.dll
MOD - [2002/04/18 01:22:36 | 000,118,784 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxm08.dll
MOD - [2002/04/11 04:19:42 | 000,024,576 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnfps.dll
MOD - [2002/04/11 04:19:36 | 000,077,824 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (getPlusHelper) getPlus®
SRV - [2011/09/07 08:57:56 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2011/07/14 20:54:57 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2011/07/14 20:54:13 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/03/18 08:11:02 | 000,947,528 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2010/11/24 10:14:33 | 002,331,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgfws9.exe -- (avgfws9)
SRV - [2010/11/08 13:04:20 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2010/07/23 09:35:44 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/06/22 11:08:04 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/06/22 11:07:58 | 005,897,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2009/09/16 18:01:16 | 000,020,480 | ---- | M] (Intuit) [Disabled | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2009/06/30 16:49:06 | 000,134,944 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files\Nuance\PDF Professional 6\PDFProFiltSrv.exe -- (PDFProFiltSrv)
SRV - [2007/07/24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007/07/11 17:25:20 | 000,025,640 | R--- | M] (Amazon.com) [Auto | Stopped] -- C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe -- (ADVService)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/11/09 15:30:14 | 000,065,536 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2006/09/25 09:18:10 | 000,069,120 | ---- | M] (element5) [On_Demand | Stopped] -- C:\Program Files\Common Files\element5 Shared\Service\Licence Manager ESD.exe -- (License Management Service ESD)
SRV - [2005/09/04 07:14:08 | 000,068,096 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service)
SRV - [2005/08/02 17:18:49 | 000,086,016 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2005/04/25 09:49:52 | 000,086,142 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMon) Intel®
SRV - [2003/12/04 16:21:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2002/03/15 16:37:46 | 000,081,920 | R--- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2011/07/14 20:54:19 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/05/05 11:41:13 | 000,243,152 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/09/17 16:40:06 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2010/09/17 16:40:06 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2010/06/22 11:08:00 | 000,122,448 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys -- (AVGIDSDriverxpx)
DRV - [2010/06/22 11:08:00 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys -- (AVGIDSFilterxpx)
DRV - [2010/06/22 11:08:00 | 000,026,192 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys -- (AVGIDSShimxpx)
DRV - [2010/06/22 11:08:00 | 000,025,168 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\AVGIDSxx.sys -- (AVGIDSErHrxpx)
DRV - [2010/06/22 11:07:54 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/06/01 10:16:08 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/03/12 19:22:11 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\System32\Drivers\avgrkx86.sys -- (AvgRkx86)
DRV - [2009/10/26 10:28:45 | 000,030,104 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwfd)
DRV - [2009/10/26 10:28:45 | 000,030,104 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwdx)
DRV - [2009/07/07 15:48:44 | 000,026,672 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)
DRV - [2009/07/07 15:48:44 | 000,025,392 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)
DRV - [2008/03/02 04:28:00 | 000,206,608 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TMPassthru.sys -- (TMPassthruMP)
DRV - [2008/03/02 04:28:00 | 000,206,608 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TMPassthru.sys -- (TMPassthru)
DRV - [2007/08/20 18:05:27 | 000,016,694 | ---- | M] (PalmSource, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - [2007/04/02 15:33:04 | 000,217,600 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\MobiCap.sys -- (MobiCap)
DRV - [2006/11/29 01:46:24 | 000,028,224 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\APLMp50.sys -- (APLMp50)
DRV - [2006/08/17 16:04:18 | 000,010,752 | ---- | M] (SerComm) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETGEARUHOST.sys -- (NETGEARUHOST)
DRV - [2006/08/17 16:04:12 | 000,037,120 | ---- | M] (SerComm) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETGEARUHUB.sys -- (NETGEARUHUB)
DRV - [2006/05/18 09:48:50 | 000,047,249 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2005/10/20 17:48:03 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Haspnt.sys -- (Haspnt)
DRV - [2005/08/02 17:10:13 | 000,032,512 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2005/07/28 08:18:40 | 000,685,056 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock)
DRV - [2005/07/20 18:08:28 | 000,100,096 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\aksusb.sys -- (aksusb)
DRV - [2005/07/20 18:08:26 | 000,327,808 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\akshasp.sys -- (akshasp)
DRV - [2005/06/17 11:20:20 | 000,119,424 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2005/04/15 03:14:58 | 001,130,496 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/11/02 16:12:14 | 000,019,456 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iqvw32.sys -- (NAL)
DRV - [2004/10/07 21:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/08/10 07:00:00 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2004/06/09 18:16:00 | 000,840,960 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\P17.sys -- (P17)
DRV - [2003/11/17 22:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 22:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 22:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/09/22 14:48:00 | 000,130,192 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2003/09/22 14:47:00 | 000,178,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2003/09/19 17:45:48 | 000,021,248 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/04/29 05:00:56 | 000,014,336 | R--- | M] (Linksys Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BEFCM3XP.sys -- (BEFCMV3XP)
DRV - [2002/11/08 20:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)
DRV - [2002/05/28 11:37:26 | 000,018,458 | R--- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Adpusbst.sys -- (ADPUSBMS)
DRV - [2002/05/28 11:37:25 | 000,027,472 | R--- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Adpusbld.sys -- (ADPUSBLD)
DRV - [2002/02/07 03:41:24 | 000,033,991 | R--- | M] (Viking Sewing Machines AB) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RWSE.sys -- (RWSE)
DRV - [1997/12/22 21:02:46 | 000,023,936 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\aspi32.sys -- (Aspi32)
DRV - [1997/11/26 06:32:18 | 000,041,984 | ---- | M] (Husqvarna Sewing Machines AB) [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\SEMLPT.SYS -- (SemLPT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = http://search.msn.com/spbasic.htm
IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2444962988-477438111-2672112748-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\S-1-5-21-2444962988-477438111-2672112748-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-2444962988-477438111-2672112748-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-2444962988-477438111-2672112748-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\S-1-5-21-2444962988-477438111-2672112748-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-2444962988-477438111-2672112748-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.kindleboards.com/
IE - HKU\S-1-5-21-2444962988-477438111-2672112748-1006\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-2444962988-477438111-2672112748-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-2444962988-477438111-2672112748-1006\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
IE - HKU\S-1-5-21-2444962988-477438111-2672112748-1006\..\URLSearchHook: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files\Swag_Bucks\prxtbSwa2.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2444962988-477438111-2672112748-1006\..\URLSearchHook: {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Program Files\PageRage\prxtbPag0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2444962988-477438111-2672112748-1006\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-21-2444962988-477438111-2672112748-1006\..\URLSearchHook: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files\IncrediMail_MediaBar_2\prxtbIncr.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2444962988-477438111-2672112748-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2444962988-477438111-2672112748-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaultthis.engineName: "PageRage Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.swagbucks.com/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872
FF - prefs.js..extensions.enabledItems: [email protected]:6.103.018.001
FF - prefs.js..extensions.enabledItems: [email protected]:4.0.3
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}:3.5.0.12
FF - prefs.js..extensions.enabledItems: [email protected]:4.0.1
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..extensions.enabledItems: {4be68a18-deba-49e0-9e09-ee7796f3b62a}:2.5.1.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.3.8.20110620112826
FF - prefs.js..extensions.enabledItems: {c2f863cd-0429-48c7-bb54-db756a951760}:5.96.10.6984
FF - prefs.js..extensions.enabledItems: [email protected]:1.10.01
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [email protected]:3.3.3.2
FF - prefs.js..keyword.URL: "http://us.yhs.search...2-tb-web_us&p="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/npmozax: C:\PROGRA~1\Mozilla Firefox\plugins\ [2011/07/28 20:45:38 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/npracplug;version=1.0.0.0: C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll (RealNetworks)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.609: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.1: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@realarcade.com/RAClient: C:\Documents and Settings\All Users\Application Data\RealArcade\npraclient.dll (RealNetworks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files\Nuance\PDF Professional 6\bin\nppdf.dll (Zeon Corporation)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Betsy True\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Betsy True\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\PayPal\PayPal Plug-In [2008/01/03 09:08:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/11/24 10:15:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVG\AVG9\Toolbar\Firefox\[email protected] [2011/05/09 17:17:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/12/01 11:02:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/28 20:45:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/28 20:45:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 8\components [2011/07/25 11:38:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 8\plugins

[2010/01/09 14:12:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Betsy True\Application Data\Mozilla\Extensions
[2011/09/06 14:28:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Betsy True\Application Data\Mozilla\Firefox\Profiles\nuj11eia.default\extensions
[2010/07/15 23:56:01 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Betsy True\Application Data\Mozilla\Firefox\Profiles\nuj11eia.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/07/20 17:11:07 | 000,000,000 | ---D | M] (Billeo) -- C:\Documents and Settings\Betsy True\Application Data\Mozilla\Firefox\Profiles\nuj11eia.default\extensions\{4be68a18-deba-49e0-9e09-ee7796f3b62a}
[2011/06/24 15:05:48 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Betsy True\Application Data\Mozilla\Firefox\Profiles\nuj11eia.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/09/06 14:28:55 | 000,000,000 | ---D | M] (Swag Bucks Community Toolbar) -- C:\Documents and Settings\Betsy True\Application Data\Mozilla\Firefox\Profiles\nuj11eia.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}
[2011/06/29 18:23:08 | 000,000,000 | ---D | M] ("AOL Messaging Toolbar") -- C:\Documents and Settings\Betsy True\Application Data\Mozilla\Firefox\Profiles\nuj11eia.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
[2011/09/06 14:28:54 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Documents and Settings\Betsy True\Application Data\Mozilla\Firefox\Profiles\nuj11eia.default\extensions\[email protected]
[2010/01/09 14:14:15 | 000,000,000 | ---D | M] (Friendbar) -- C:\Documents and Settings\Betsy True\Application Data\Mozilla\Firefox\Profiles\nuj11eia.default\extensions\[email protected]
[2010/10/06 08:24:10 | 000,001,820 | ---- | M] () -- C:\Documents and Settings\Betsy True\Application Data\Mozilla\Firefox\Profiles\nuj11eia.default\searchplugins\bing.xml
[2010/01/09 14:14:23 | 000,001,432 | ---- | M] () -- C:\Documents and Settings\Betsy True\Application Data\Mozilla\Firefox\Profiles\nuj11eia.default\searchplugins\google-search-for-friendbar-toolbar.xml
[2011/04/15 23:17:23 | 000,002,183 | ---- | M] () -- C:\Documents and Settings\Betsy True\Application Data\Mozilla\Firefox\Profiles\nuj11eia.default\searchplugins\MyStart Search.xml
[2010/01/09 14:14:22 | 000,001,192 | ---- | M] () -- C:\Documents and Settings\Betsy True\Application Data\Mozilla\Firefox\Profiles\nuj11eia.default\searchplugins\twitter-search.xml
[2011/04/07 10:39:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/20 09:59:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/11/13 18:22:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2007/04/23 08:09:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\Access Privileges Test
[2009/04/01 21:10:21 | 000,000,000 | ---D | M] (RealArcade V3 Plugin) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2010/11/13 18:22:26 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2008/01/04 18:21:46 | 000,019,104 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\mozilla firefox\plugins\atgpcdec.dll
[2008/01/04 18:21:46 | 000,105,632 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\mozilla firefox\plugins\atgpcext.dll
[2008/01/04 18:21:43 | 000,057,504 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\mozilla firefox\plugins\npatgpc.dll
[2003/10/02 14:44:00 | 000,142,848 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npcpbrk7.dll
[2010/11/13 18:22:25 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2008/04/28 16:13:00 | 000,114,688 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npmozax.dll
[2009/03/30 17:13:54 | 000,098,304 | ---- | M] (RealNetworks) -- C:\Program Files\mozilla firefox\plugins\npraclient.dll
[2005/04/27 16:10:49 | 000,102,400 | ---- | M] (RealNetworks) -- C:\Program Files\mozilla firefox\plugins\npracplug.dll
[2008/01/08 22:37:18 | 000,159,744 | ---- | M] (CNN) -- C:\Program Files\mozilla firefox\plugins\NPTURNMED.dll
[2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll
[2007/03/09 19:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\mozilla firefox\plugins\npyaxmpb.dll
[2009/03/03 10:51:42 | 000,098,304 | ---- | M] (Zylom) -- C:\Program Files\mozilla firefox\plugins\npzylomgamesplayer.dll

O1 HOSTS File: ([2011/09/06 15:23:43 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngin0.dll (Conduit Ltd.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Billeo) - {465E08E7-F005-4389-980F-1D8764B3486C} - c:\Program Files\Billeo\billeo.dll (Billeo, Inc.)
O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files\Nuance\PDF Professional 6\bin\PlusIEContextMenu.dll (Zeon Corporation)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Swag Bucks Toolbar) - {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files\Swag_Bucks\prxtbSwa2.dll (Conduit Ltd.)
O2 - BHO: (PageRage Toolbar) - {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Program Files\PageRage\prxtbPag0.dll (Conduit Ltd.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
O2 - BHO: (IncrediMail MediaBar 2 Toolbar) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files\IncrediMail_MediaBar_2\prxtbIncr.dll (Conduit Ltd.)
O2 - BHO: (ZeonIEEventHelper Class) - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files\Nuance\PDF Professional 6\bin\ZeonIEFavClient.dll (Zeon Corporation)
O2 - BHO: (OToolbarHelper Class) - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll ()
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Client\YontooIEClient.dll (Yontoo Technology, Inc.)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngin0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
O3 - HKLM\..\Toolbar: (Billeo) - {6ADB0F93-1AA5-4BCF-9DF4-CEA689A3C111} - c:\Program Files\Billeo\billeo.dll (Billeo, Inc.)
O3 - HKLM\..\Toolbar: (Swag Bucks Toolbar) - {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files\Swag_Bucks\prxtbSwa2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (PageRage Toolbar) - {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Program Files\PageRage\prxtbPag0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (IncrediMail MediaBar 2 Toolbar) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files\IncrediMail_MediaBar_2\prxtbIncr.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (PayPal Plug-In) - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll ()
O3 - HKLM\..\Toolbar: (Nuance PDF) - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files\Nuance\PDF Professional 6\bin\ZeonIEFavClient.dll (Zeon Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-2444962988-477438111-2672112748-1006\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
O3 - HKU\S-1-5-21-2444962988-477438111-2672112748-1006\..\Toolbar\WebBrowser: (Billeo) - {6ADB0F93-1AA5-4BCF-9DF4-CEA689A3C111} - c:\Program Files\Billeo\billeo.dll (Billeo, Inc.)
O3 - HKU\S-1-5-21-2444962988-477438111-2672112748-1006\..\Toolbar\WebBrowser: (Swag Bucks Toolbar) - {8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94} - C:\Program Files\Swag_Bucks\prxtbSwa2.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2444962988-477438111-2672112748-1006\..\Toolbar\WebBrowser: (PageRage Toolbar) - {9565115D-C7D6-46D3-BD63-B67B481A4368} - C:\Program Files\PageRage\prxtbPag0.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2444962988-477438111-2672112748-1006\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKU\S-1-5-21-2444962988-477438111-2672112748-1006\..\Toolbar\WebBrowser: (IncrediMail MediaBar 2 Toolbar) - {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - C:\Program Files\IncrediMail_MediaBar_2\prxtbIncr.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2444962988-477438111-2672112748-1006\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe ()
O4 - HKLM..\Run: [Corel Photo Downloader] C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe (Corel, Inc.)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [nmapp] C:\Program Files\Pure Networks\Network Magic\nmapp.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [Nuance PDF Professional 6-reminder] C:\Program Files\Nuance\PDF Professional 6\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [P17Helper] C:\WINDOWS\System32\P17.dll ()
O4 - HKLM..\Run: [PDF6 Registry Controller] C:\Program Files\Nuance\PDF Professional 6\RegistryController.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDFHook] C:\Program Files\Nuance\PDF Professional 6\PdfPro6Hook.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PS121v2] C:\Program Files\NETGEAR\PS121v2\PS121v2.exe ()
O4 - HKLM..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TMRUBottedTray] C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKU\.DEFAULT..\Run: [Picasa Media Detector] File not found
O4 - HKU\S-1-5-18..\Run: [Picasa Media Detector] File not found
O4 - HKU\S-1-5-21-2444962988-477438111-2672112748-1006..\Run: [alarm.exe] C:\Program Files\Chaos Software\Intellect\alarm.exe (Chaos Software Group, Inc.)
O4 - HKU\S-1-5-21-2444962988-477438111-2672112748-1006..\Run: [EasyDeskTicker] C:\Program Files\EasyDeskTicker\easydeskticker.exe ()
O4 - HKU\S-1-5-21-2444962988-477438111-2672112748-1006..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.)
O4 - HKU\S-1-5-21-2444962988-477438111-2672112748-1006..\Run: [Livestation] File not found
O4 - HKU\S-1-5-21-2444962988-477438111-2672112748-1006..\Run: [Philips Intelligent Agent] File not found
O4 - HKU\S-1-5-21-2444962988-477438111-2672112748-1006..\Run: [PrinterProDesktop] C:\Program Files\Printer Pro Desktop\PrinterProDesktop.exe (Readdle)
O4 - HKU\S-1-5-21-2444962988-477438111-2672112748-1006..\Run: [updateMgr] File not found
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ScreenThemes.lnk = C:\Program Files\ScreenThemes\scthemes.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Amazon Unbox.lnk = C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe (Amazon.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Audible Download Manager.lnk = C:\Program Files\Audible\Bin\ADHelper.exe (Audible, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Billeo.lnk = C:\Program Files\Billeo\billeo.exe (Billeo, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe (PalmSource, Inc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\officejet 6100.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
O4 - Startup: C:\Documents and Settings\Betsy True\Start Menu\Programs\Startup\!ntellect.lnk = C:\Program Files\Chaos Software\Intellect\Intellect.exe (Chaos Software Group, Inc.)
O4 - Startup: C:\Documents and Settings\Betsy True\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\Betsy True\Start Menu\Programs\Startup\DigiDay Clock.lnk = C:\DigiDay\dd_clock.exe (Vision X Software, Inc.)
O4 - Startup: C:\Documents and Settings\Betsy True\Start Menu\Programs\Startup\DigiDay Reminder.lnk = C:\DigiDay\dd_rem.exe ()
O4 - Startup: C:\Documents and Settings\Betsy True\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Betsy True\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Documents and Settings\Betsy True\Start Menu\Programs\Startup\ListProAlarms.lnk = C:\Program Files\Ilium Software\ListPro\ListProAlarms.exe ()
O4 - Startup: C:\Documents and Settings\Betsy True\Start Menu\Programs\Startup\ScreenThemes.lnk = C:\Program Files\ScreenThemes\scthemes.exe ()
O4 - Startup: C:\Documents and Settings\Betsy True\Start Menu\Programs\Startup\Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgets.exe (Yahoo! Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2444962988-477438111-2672112748-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append the content of the link to existing PDF file - C:\Program Files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Append the content of the selected links to existing PDF file - C:\Program Files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Append to existing PDF file - C:\Program Files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Create PDF file - C:\Program Files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Create PDF file from the content of the link - C:\Program Files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Create PDF files from the selected links - C:\Program Files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Open with Nuance PDF Converter 6.0 - C:\Program Files\Nuance\PDF Professional 6\cnvres_eng.dll ()
O8 - Extra context menu item: Open with PDF Professional 6 - C:\Program Files\Nuance\PDF Professional 6\Bin\PlusIEContextMenu.dll (Zeon Corporation)
O8 - Extra context menu item: Subscribe with RSSRadio - c:\program files\dorada software\rssradio\subscribe.htm ()
O9 - Extra Button: Movies Extractor Scout - {02659636-B21B-4665-97E2-38733FDDEE53} - C:\Program Files\Bytescout Movies Extractor Scout\flashextract.exe ()
O9 - Extra Button: Bytescout SWF To Video Scout - {282D81E2-F254-4F7B-A533-0B7435EF7BBF} - C:\Program Files\Bytescout SWF To Video Scout\flashextract.exe (Bytescout)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-2444962988-477438111-2672112748-1006\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {00000161-9980-0010-8000-00AA00389B71} http://codecs.micros.../i386/msaud.cab (Reg Error: Key error.)
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} http://symantec.atgn...oad/tgctlsi.cab (SupportSoft SmartIssue)
O16 - DPF: {01118F00-3E00-11D2-8470-0060089874ED} http://symantec.atgn...wnload/ssrc.cab (SupportSoft RemoteControl Class)
O16 - DPF: {01119400-3E00-11D2-8470-0060089874ED} http://symantec.atgn...d/sprtctlln.cab (SupportSoft Listener Control)
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} http://housecall60.t...all/xscan60.cab (HouseCall Control)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://active.macrom...tor/cabs/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} http://dlm.tools.aka...vex-2.2.1.0.cab (DownloadManager Control)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.syma...bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase5483.cab (Windows Live Safety Center Base Module)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.syma...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1219884559546 (MUWebControl Class)
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} http://housecall65.t...ivex/hcImpl.cab (Housecall ActiveX 6.5)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} http://acs.pandasoft...free/asinst.cab (ActiveScan Installer Class)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.micros...ntent/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F6F03AEF-DCBD-42B0-A41E-82D98324842B}: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\Program Files\ScreenThemes\data\Betsy True\ScreenThemes.bmp
O24 - Desktop BackupWallPaper: C:\Program Files\ScreenThemes\data\Betsy True\ScreenThemes.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/12/01 23:24:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/09/06 15:23:33 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/09/06 14:27:18 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Betsy True\Desktop\OTL.scr
[2008/03/31 15:54:57 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll
[2005/08/17 02:54:50 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll

========== Files - Modified Within 30 Days ==========

[2011/09/07 16:47:02 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/07 16:42:03 | 000,000,998 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2444962988-477438111-2672112748-1006UA.job
[2011/09/07 16:31:41 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/09/07 15:46:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/09/07 15:42:01 | 000,000,946 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2444962988-477438111-2672112748-1006Core.job
[2011/09/07 14:29:36 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Betsy True\Local Settings\Application Data\prvlcl.dat
[2011/09/07 13:00:00 | 000,000,574 | ---- | M] () -- C:\WINDOWS\tasks\Norton Internet Security - Run Full System Scan - Betsy True.job
[2011/09/07 12:54:43 | 000,660,945 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavifw.avm
[2011/09/07 10:57:00 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 2200 series#1125673024.job
[2011/09/07 09:07:16 | 085,521,206 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2011/09/07 08:59:22 | 000,000,650 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Billeo.lnk
[2011/09/07 08:58:47 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/09/07 08:56:59 | 008,405,015 | ---- | M] () -- C:\WINDOWS\TempFile
[2011/09/07 08:56:17 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2444962988-477438111-2672112748-1006.job
[2011/09/07 08:55:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/09/07 08:55:38 | 1071,812,608 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/07 00:44:56 | 000,001,126 | ---- | M] () -- C:\WINDOWS\DD_CLOCK.INI
[2011/09/06 16:46:37 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/06 15:23:43 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/09/06 15:14:51 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/09/06 14:27:22 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Betsy True\Desktop\OTL.scr
[2011/09/06 13:07:05 | 000,570,368 | ---- | M] () -- C:\Documents and Settings\Betsy True\Desktop\RogueKiller.exe

========== Files Created - No Company Name ==========

[2011/09/06 15:28:09 | 1071,812,608 | -HS- | C] () -- C:\hiberfil.sys
[2011/09/06 13:07:05 | 000,570,368 | ---- | C] () -- C:\Documents and Settings\Betsy True\Desktop\RogueKiller.exe
[2011/07/26 11:50:03 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/01/16 11:51:27 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Betsy True\Local Settings\Application Data\prvlcl.dat
[2010/01/07 16:20:27 | 008,892,928 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\atscie.msi
[2010/01/06 13:32:15 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Betsy True\Local Settings\Application Data\housecall.guid.cache
[2010/01/06 08:18:53 | 000,000,011 | ---- | C] () -- C:\WINDOWS\SA2005.ini
[2009/10/05 10:55:35 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2009/06/08 09:44:34 | 000,000,036 | -H-- | C] () -- C:\WINDOWS\System32\f9t.dat
[2009/04/14 16:58:44 | 000,002,281 | ---- | C] () -- C:\WINDOWS\ips.INI
[2008/09/29 16:43:24 | 000,082,868 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2008/06/25 10:30:27 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\8735126C49.sys
[2008/06/25 10:30:26 | 000,003,350 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2008/05/17 21:19:35 | 000,000,075 | ---- | C] () -- C:\WINDOWS\FileNamesinQueue.ini
[2008/02/04 18:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2008/01/04 18:22:03 | 000,051,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys
[2008/01/01 14:43:44 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008/01/01 14:43:33 | 001,559,040 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/01/01 14:43:33 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/01/01 14:43:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/12/24 11:11:42 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2007/11/07 21:22:18 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\zshp1018.exe
[2007/11/07 21:22:18 | 000,106,496 | R--- | C] () -- C:\WINDOWS\System32\vshp1018.dll
[2007/10/09 21:41:54 | 000,000,040 | ---- | C] () -- C:\Documents and Settings\Betsy True\Application Data\favSellers.awt
[2007/07/30 08:34:19 | 000,023,254 | ---- | C] () -- C:\Documents and Settings\Betsy True\Application Data\closedList.awt
[2007/07/30 08:34:19 | 000,000,005 | ---- | C] () -- C:\Documents and Settings\Betsy True\Application Data\openList.awt
[2007/06/26 20:02:37 | 000,002,304 | ---- | C] () -- C:\WINDOWS\System32\Machnm32.sys
[2007/06/12 20:29:06 | 000,000,162 | ---- | C] () -- C:\WINDOWS\System32\ftdiun2k.ini
[2007/05/03 13:54:38 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS4O.DLL
[2007/04/16 23:38:25 | 001,936,528 | ---- | C] () -- C:\WINDOWS\System32\ltmm15.dll
[2007/03/21 15:29:24 | 000,400,782 | ---- | C] () -- C:\Documents and Settings\Betsy True\Application Data\fontlst2.opf
[2007/03/09 03:12:32 | 000,027,648 | -HS- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2007/03/06 05:14:48 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2007/01/07 01:03:48 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\PRTSERV.dll
[2006/11/01 08:57:54 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\ZPORT4AS.dll
[2006/10/28 10:21:16 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\Betsy True\Application Data\WavCodec.wff
[2006/10/24 08:33:01 | 000,000,779 | ---- | C] () -- C:\WINDOWS\GUEmap.INI
[2006/10/23 08:39:08 | 000,057,344 | ---- | C] () -- C:\WINDOWS\TADSUINS.EXE
[2006/09/25 09:39:11 | 000,000,074 | -H-- | C] () -- C:\WINDOWS\sysdws.dat
[2006/07/26 08:43:07 | 000,000,072 | ---- | C] () -- C:\WINDOWS\mOceanSync.ini
[2006/06/09 21:22:23 | 000,000,023 | ---- | C] () -- C:\WINDOWS\ZDPLUSSEARCH.INI
[2006/06/02 18:15:44 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\LDecVorbis.dll
[2006/05/24 13:37:27 | 000,045,568 | RHS- | C] () -- C:\WINDOWS\System32\cygz.dll
[2006/05/24 10:40:42 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\ftdiunin.exe
[2006/05/14 10:32:12 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\FileOps.exe
[2006/05/05 08:51:18 | 001,895,026 | ---- | C] () -- C:\WINDOWS\System32\nowutils.dll
[2006/05/04 12:28:24 | 000,039,424 | ---- | C] () -- C:\WINDOWS\System32\hpi_scsi.dll
[2006/05/04 12:28:21 | 000,004,176 | ---- | C] () -- C:\WINDOWS\System32\Hpi_icon.dll
[2006/04/21 12:37:41 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2006/04/21 12:37:41 | 000,015,840 | ---- | C] () -- C:\WINDOWS\System32\Machnm1.exe
[2006/04/10 13:56:16 | 000,000,099 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2006/02/24 04:41:59 | 000,438,272 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2006/02/24 04:41:59 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\libfaac.dll
[2006/02/23 12:36:20 | 001,798,144 | ---- | C] () -- C:\WINDOWS\System32\ltmm_n.dll
[2006/02/23 12:36:20 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\LMOggSpl.dll
[2006/02/23 12:36:20 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\LMOggMux.dll
[2006/01/29 12:47:04 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/01/26 08:51:56 | 000,110,080 | ---- | C] () -- C:\WINDOWS\System32\nlame.dll
[2006/01/22 23:55:18 | 000,000,139 | ---- | C] () -- C:\WINDOWS\LODERUNN.INI
[2005/12/28 09:53:53 | 000,000,293 | ---- | C] () -- C:\WINDOWS\SerMagic.ini
[2005/11/21 11:34:25 | 000,022,635 | ---- | C] () -- C:\Documents and Settings\Betsy True\Application Data\Comma Separated Values (Windows).ADR
[2005/11/15 00:08:44 | 000,037,027 | ---- | C] () -- C:\WINDOWS\atmoUn.exe
[2005/11/11 22:28:45 | 000,001,782 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/11/03 20:33:31 | 000,000,004 | ---- | C] () -- C:\WINDOWS\uccspecb.sys
[2005/10/24 12:13:58 | 000,066,560 | RHS- | C] () -- C:\WINDOWS\MOTA113.exe
[2005/10/22 21:19:41 | 000,000,054 | ---- | C] () -- C:\WINDOWS\CmdFile.INI
[2005/10/20 19:32:02 | 000,647,168 | ---- | C] () -- C:\WINDOWS\System32\pqdvdb.dll
[2005/10/20 17:47:29 | 000,000,383 | ---- | C] () -- C:\WINDOWS\System32\haspdos.sys
[2005/10/20 17:47:28 | 000,164,864 | ---- | C] () -- C:\WINDOWS\System32\UNWISE.EXE
[2005/10/20 17:47:28 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\hdduinst.exe
[2005/10/13 22:27:00 | 000,422,400 | RHS- | C] () -- C:\WINDOWS\x2.64.exe
[2005/10/12 21:20:39 | 000,000,848 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2005/10/07 10:47:46 | 000,035,808 | ---- | C] () -- C:\WINDOWS\overlay.bin
[2005/10/01 21:08:00 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2005/10/01 20:47:16 | 000,000,040 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2005/09/30 10:07:45 | 000,132,608 | ---- | C] () -- C:\Documents and Settings\Betsy True\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/09/25 08:05:31 | 000,000,534 | ---- | C] () -- C:\WINDOWS\scthemes.ini
[2005/09/09 09:32:30 | 000,001,126 | ---- | C] () -- C:\WINDOWS\DD_CLOCK.INI
[2005/09/08 16:08:42 | 000,000,011 | ---- | C] () -- C:\WINDOWS\SA2005HH.ini
[2005/09/08 13:46:17 | 000,000,041 | ---- | C] () -- C:\WINDOWS\loc2.INI
[2005/09/08 13:46:12 | 000,000,041 | ---- | C] () -- C:\WINDOWS\FindServ.INI
[2005/09/02 11:05:00 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\Isb.dll
[2005/09/02 10:56:59 | 000,000,014 | ---- | C] () -- C:\WINDOWS\pagesuit.ini
[2005/09/02 10:47:00 | 000,027,801 | ---- | C] () -- C:\WINDOWS\hpoins01.dat
[2005/09/02 10:47:00 | 000,007,765 | ---- | C] () -- C:\WINDOWS\hpomdl01.dat
[2005/08/29 23:48:36 | 000,000,004 | ---- | C] () -- C:\WINDOWS\RM_RESULT.DAT
[2005/08/29 23:48:28 | 000,000,170 | ---- | C] () -- C:\WINDOWS\GetServer.ini
[2005/08/29 20:29:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2005/08/29 17:19:24 | 000,552,960 | R--- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2005/08/24 21:30:36 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2005/08/24 21:28:48 | 000,002,879 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2005/08/24 18:36:01 | 000,107,132 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2005/08/24 18:35:56 | 000,005,173 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2005/08/24 09:11:45 | 003,785,550 | -H-- | C] () -- C:\Documents and Settings\Betsy True\Local Settings\Application Data\BackupIconCache.db
[2005/08/24 09:11:45 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\Betsy True\Local Settings\Application Data\fusioncache.dat
[2005/08/17 03:34:46 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/08/17 03:23:27 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/08/17 03:20:02 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/08/17 03:17:41 | 001,048,576 | ---- | C] () -- C:\WINDOWS\System32\SFMAN.DAT
[2005/08/17 03:17:41 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2005/08/17 03:17:32 | 000,003,278 | ---- | C] () -- C:\WINDOWS\System32\LudaP17.ini
[2005/08/17 03:17:32 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2005/08/17 03:17:26 | 000,000,072 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2005/08/17 02:55:18 | 000,000,430 | ---- | C] () -- C:\WINDOWS\System32\dlbuplc.ini
[2005/08/17 02:54:52 | 000,060,928 | ---- | C] () -- C:\WINDOWS\System32\P17.dll
[2005/08/17 02:54:52 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\P17CPI.dll
[2005/08/17 02:54:40 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2005/08/17 02:54:36 | 000,087,540 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2005/08/17 02:54:08 | 000,000,375 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/08/02 17:24:01 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2005/05/13 18:12:00 | 000,217,073 | RHS- | C] () -- C:\WINDOWS\meta4.exe
[2005/05/04 20:58:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/05/03 11:44:44 | 000,025,157 | ---- | C] () -- C:\WINDOWS\RMAgentOutput.dll
[2005/05/03 11:43:44 | 000,126,976 | ---- | C] () -- C:\WINDOWS\dllTSCLIBMT.dll
[2005/03/22 18:38:24 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/22 18:38:24 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005/03/03 16:16:42 | 000,000,256 | ---- | C] () -- C:\WINDOWS\aucfg.ini
[2005/02/28 14:16:22 | 000,240,128 | RHS- | C] () -- C:\WINDOWS\System32\x.264.exe
[2004/11/18 16:43:03 | 004,902,912 | ---- | C] () -- C:\WINDOWS\System32\qt-mt332.dll
[2004/10/01 17:33:46 | 000,000,679 | ---- | C] () -- C:\WINDOWS\TSC.ini
[2004/08/19 17:20:39 | 000,000,890 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/19 17:12:27 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/19 17:03:04 | 000,034,380 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/19 16:57:50 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/19 16:57:07 | 000,391,184 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/19 16:49:47 | 000,562,050 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/19 16:49:47 | 000,122,090 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/19 16:49:43 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/19 16:49:36 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\pglyx2x.dll
[2004/08/19 16:49:36 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth2.dll
[2004/08/19 16:49:36 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth1.dll
[2004/08/19 16:49:36 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2004/08/19 16:49:36 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2004/08/19 16:49:36 | 000,000,339 | ---- | C] () -- C:\WINDOWS\System32\wgv7azl.dll
[2004/08/19 16:49:36 | 000,000,100 | ---- | C] () -- C:\WINDOWS\System32\prsgrc.dll
[2004/08/19 16:49:36 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2004/08/19 16:49:36 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\uh8zwc0.dll
[2004/08/19 16:49:36 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\itb7ycx.dll
[2004/08/10 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 07:00:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004/08/10 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 07:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/08/10 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 07:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/06/30 15:04:46 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\SDelete.dll
[2004/03/07 13:51:00 | 000,024,924 | ---- | C] () -- C:\WINDOWS\System32\openports.dll
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/07/04 15:05:34 | 000,000,269 | ---- | C] () -- C:\WINDOWS\tmupdate.ini
[2001/12/14 13:34:46 | 000,164,864 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[1999/07/23 14:46:48 | 000,000,116 | ---- | C] () -- C:\WINDOWS\AuHCcup1.ini
[1999/07/23 11:53:20 | 000,129,536 | ---- | C] () -- C:\WINDOWS\AuHCcup1.dll
[1996/10/14 02:38:00 | 000,001,266 | ---- | C] () -- C:\WINDOWS\System32\syswltag.bin
[1899/12/31 20:30:49 | 000,000,111 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[1617/11/08 20:57:57 | 000,003,120 | ---- | C] () -- C:\WINDOWS\JEQDOI.ini

========== LOP Check ==========

[2009/04/22 21:08:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2006/12/23 01:53:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2010/05/07 07:39:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
[2010/05/07 07:39:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM Toolbar
[2009/05/03 21:15:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alawar Stargaze
[2009/08/23 06:11:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Amazon
[2009/01/28 21:29:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ashtons Family Resort
[2010/09/12 13:23:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2009/10/26 10:28:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/04/23 13:25:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\billeo
[2007/05/03 13:54:35 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2007/04/18 16:57:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Chaos Software
[2011/03/14 12:58:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2008/08/06 08:21:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DataViz
[2009/08/28 23:34:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2006/09/25 09:18:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\element5
[2006/09/25 15:00:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
[2009/08/22 16:15:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flood Light Games
[2009/06/12 22:53:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN
[2007/08/23 07:40:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2005/10/13 17:09:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
[2008/05/21 10:52:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IM
[2008/05/21 10:46:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IncrediMail
[2011/09/07 00:45:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2006/10/28 08:13:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2009/07/22 01:18:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2010/12/26 13:06:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Photo Notifier and Animation Creator
[2008/12/18 19:04:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2009/07/22 07:06:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2006/01/28 08:35:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft(2)
[2006/10/30 14:04:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2010/05/18 15:14:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2011/09/07 08:58:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/08/27 17:28:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\The Journal
[2006/10/22 21:28:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2009/01/11 15:48:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VertusTech
[2009/06/13 08:14:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/06/09 15:12:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WholeSecurity
[2009/03/19 15:35:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2006/05/16 13:35:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\zeon
[2009/05/03 22:35:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2010/04/02 13:39:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/18 10:53:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/24 11:07:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/06/08 09:48:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{A8FB99CB-780B-4CA6-A91A-964EDA9D25C0}
[2009/06/08 09:50:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{B0AFCE64-DF3F-4824-8985-B21DB0EEE07B}
[2009/04/22 21:15:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\acccore
[2006/11/30 00:03:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\ACD Systems
[2010/07/14 10:54:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\Amazon
[2009/01/28 21:59:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\Ashtons Family Resort
[2010/07/29 18:00:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\AVG9
[2006/11/26 00:51:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\Beep Industries
[2008/01/01 13:57:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\Bytescout SWF To Video Scout
[2011/09/07 09:01:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\Chaos Software
[2006/11/10 08:04:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\CNN
[2010/07/15 13:59:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/05/15 17:15:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1
[2011/09/07 09:01:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\Dropbox
[2011/09/07 16:46:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\EasyDeskTicker
[2006/07/19 16:09:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\eFax Messenger
[2010/10/18 11:58:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\EurekaLog
[2008/03/31 16:05:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\Eyeblaster
[2009/08/22 16:15:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\Flood Light Games
[2009/01/29 23:55:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\Friday's games
[2008/04/08 08:17:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\funkitron
[2009/08/22 20:55:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\GameHousev1001
[2010/05/27 11:14:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\GARMIN
[2009/06/06 23:47:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\GetRightToGo
[2007/12/14 21:14:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\Helios
[2005/10/13 17:09:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\HotSync
[2009/04/08 17:31:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\HouseCall 6.6
[2008/03/31 22:05:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\Jane s Hotel Family Hero
[2005/08/25 18:38:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\Leadertech
[2008/12/11 22:48:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\Livestation
[2008/04/25 01:12:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\Mobipocket
[2008/01/01 12:46:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\Movies Extractor Scout
[2008/08/15 16:56:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\Musicmatch
[2010/01/22 15:59:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\MyPublisher
[2006/12/25 08:47:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\NCH Swift Sound
[2006/05/12 08:06:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\Now Software
[2009/11/27 16:43:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\Nuance
[2008/03/20 07:16:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\OfficeUpdate12
[2010/12/31 19:33:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\Opera
[2008/05/17 13:32:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\OverDrive
[2007/12/18 14:07:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\PDM
[2008/12/18 19:04:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\PlayFirst
[2008/12/17 17:38:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\Pogo Games
[2010/09/02 17:57:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\PriceGong
[2006/03/31 16:22:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\Qumana
[2006/10/28 08:13:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\RecordPad
[2005/11/10 08:53:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\RSSRadio
[2006/05/16 13:41:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\ScanSoft
[2009/07/14 18:08:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\Stamps.com Internet Postage
[2008/01/05 18:28:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\Super-Cow
[2009/04/29 06:57:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\TweetDeckFast.F9107117265DB7542C1A806C8DB837742CE14C21.1
[2006/10/22 21:28:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\Ulead Systems
[2009/05/03 22:37:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\URSE Games
[2009/10/23 09:42:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\Viewpoint
[2005/10/01 21:32:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\Wildfire
[2009/06/01 22:20:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\YoudaGames
[2006/05/16 13:35:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\Zeon
[2006/01/28 08:35:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\Zeon(2)
[2010/03/26 10:16:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Dropbox
[2011/09/07 10:57:00 | 000,000,400 | ---- | M] () -- C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2200 series#1125673024.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

< C:\Windows\assembly\tmp\U /s >

========== Files - Unicode (All) ==========
[2010/01/31 11:52:08 | 000,000,036 | ---- | M] ()(C:\WINDOWS\System32\?) -- C:\WINDOWS\System32\縀
[2010/01/31 11:52:08 | 000,000,036 | ---- | C] ()(C:\WINDOWS\System32\?) -- C:\WINDOWS\System32\縀
[2010/01/30 13:15:38 | 000,000,036 | ---- | M] ()(C:\WINDOWS\System32\??) -- C:\WINDOWS\System32\麠Ȇ
[2010/01/30 13:15:38 | 000,000,036 | ---- | C] ()(C:\WINDOWS\System32\??) -- C:\WINDOWS\System32\麠Ȇ
[2010/01/29 12:49:22 | 000,000,036 | ---- | M] ()(C:\WINDOWS\System32\??) -- C:\WINDOWS\System32\ȵ
[2010/01/29 12:49:22 | 000,000,036 | ---- | C] ()(C:\WINDOWS\System32\??) -- C:\WINDOWS\System32\ȵ
[2010/01/18 13:05:19 | 000,000,036 | ---- | M] ()(C:\WINDOWS\System32\?) -- C:\WINDOWS\System32\┈
[2010/01/18 13:05:19 | 000,000,036 | ---- | C] ()(C:\WINDOWS\System32\?) -- C:\WINDOWS\System32\┈
[2010/01/07 13:36:45 | 000,000,036 | ---- | M] ()(C:\WINDOWS\System32\??) -- C:\WINDOWS\System32\㓐•
[2010/01/07 13:36:45 | 000,000,036 | ---- | C] ()(C:\WINDOWS\System32\??) -- C:\WINDOWS\System32\㓐•
[2009/12/29 15:31:57 | 000,000,036 | ---- | M] ()(C:\WINDOWS\System32\?) -- C:\WINDOWS\System32\᜘
[2009/12/29 15:31:57 | 000,000,036 | ---- | C] ()(C:\WINDOWS\System32\?) -- C:\WINDOWS\System32\᜘
[2009/12/23 12:38:01 | 000,000,036 | ---- | M] ()(C:\WINDOWS\System32\??) -- C:\WINDOWS\System32\䋨˜
[2009/12/23 12:38:01 | 000,000,036 | ---- | C] ()(C:\WINDOWS\System32\??) -- C:\WINDOWS\System32\䋨˜
[2009/12/16 17:15:14 | 000,000,036 | ---- | M] ()(C:\WINDOWS\System32\?) -- C:\WINDOWS\System32\您
[2009/12/16 17:15:14 | 000,000,036 | ---- | C] ()(C:\WINDOWS\System32\?) -- C:\WINDOWS\System32\您
[2009/12/11 21:04:41 | 000,000,036 | ---- | M] ()(C:\WINDOWS\System32\?) -- C:\WINDOWS\System32\硨
[2009/12/11 21:04:41 | 000,000,036 | ---- | C] ()(C:\WINDOWS\System32\?) -- C:\WINDOWS\System32\硨
[2009/12/09 13:07:58 | 000,000,036 | ---- | M] ()(C:\WINDOWS\System32\?) -- C:\WINDOWS\System32\钘
[2009/12/09 13:07:58 | 000,000,036 | ---- | C] ()(C:\WINDOWS\System32\?) -- C:\WINDOWS\System32\钘
[2009/12/08 13:11:33 | 000,000,036 | ---- | M] ()(C:\WINDOWS\System32\??) -- C:\WINDOWS\System32\葀ɞ
[2009/12/08 13:11:33 | 000,000,036 | ---- | C] ()(C:\WINDOWS\System32\??) -- C:\WINDOWS\System32\葀ɞ
[2009/11/19 11:38:57 | 000,000,036 | ---- | M] ()(C:\WINDOWS\System32\??) -- C:\WINDOWS\System32\짰›
[2009/11/19 11:38:57 | 000,000,036 | ---- | C] ()(C:\WINDOWS\System32\??) -- C:\WINDOWS\System32\짰›
[2009/10/29 16:08:22 | 000,000,036 | ---- | M] ()(C:\WINDOWS\System32\?) -- C:\WINDOWS\System32\⋘
[2009/10/29 16:08:22 | 000,000,036 | ---- | C] ()(C:\WINDOWS\System32\?) -- C:\WINDOWS\System32\⋘

========== Alternate Data Streams ==========

@Alternate Data Stream - 241 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8E55808C
@Alternate Data Stream - 229 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:527B6DAD
@Alternate Data Stream - 181 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2C321309
@Alternate Data Stream - 175 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0C1D7085
@Alternate Data Stream - 156 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:52562F72
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:182D85B1

< End of report >
  • 0

#23
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

The errors are generally errors on boot up, I get a dialog box telling me that a file doesn't exist or that there is a wrong version of a Windows file.. Also, lately I've been having trouble installing new or updated software; the install will often tell me something that is needed isn't there

Do you have any examples of this ?

I will remove some empty run entries and the weird files to see if that alleviates it

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O4 - HKU\.DEFAULT..\Run: [Picasa Media Detector] File not found
    O4 - HKU\S-1-5-18..\Run: [Picasa Media Detector] File not found
    O4 - HKU\S-1-5-21-2444962988-477438111-2672112748-1006..\Run: [Livestation] File not found
    O4 - HKU\S-1-5-21-2444962988-477438111-2672112748-1006..\Run: [Philips Intelligent Agent] File not found
    O4 - HKU\S-1-5-21-2444962988-477438111-2672112748-1006..\Run: [updateMgr] File not found
    O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - File not found
    [2011/09/07 13:00:00 | 000,000,574 | ---- | M] () -- C:\WINDOWS\tasks\Norton Internet Security - Run Full System Scan - Betsy True.job
    [2010/05/18 15:14:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
    [2010/06/09 15:12:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WholeSecurity
    [2010/01/31 11:52:08 | 000,000,036 | ---- | M] ()(C:\WINDOWS\System32\?) -- C:\WINDOWS\System32\縀
    [2010/01/31 11:52:08 | 000,000,036 | ---- | C] ()(C:\WINDOWS\System32\?) -- C:\WINDOWS\System32\縀
    [2010/01/30 13:15:38 | 000,000,036 | ---- | M] ()(C:\WINDOWS\System32\??) -- C:\WINDOWS\System32\麠Ȇ
    [2010/01/30 13:15:38 | 000,000,036 | ---- | C] ()(C:\WINDOWS\System32\??) -- C:\WINDOWS\System32\麠Ȇ
    [2010/01/29 12:49:22 | 000,000,036 | ---- | M] ()(C:\WINDOWS\System32\??) -- C:\WINDOWS\System32\ȵ
    [2010/01/29 12:49:22 | 000,000,036 | ---- | C] ()(C:\WINDOWS\System32\??) -- C:\WINDOWS\System32\ȵ
    [2010/01/18 13:05:19 | 000,000,036 | ---- | M] ()(C:\WINDOWS\System32\?) -- C:\WINDOWS\System32\┈
    [2010/01/18 13:05:19 | 000,000,036 | ---- | C] ()(C:\WINDOWS\System32\?) -- C:\WINDOWS\System32\┈
    [2010/01/07 13:36:45 | 000,000,036 | ---- | M] ()(C:\WINDOWS\System32\??) -- C:\WINDOWS\System32\㓐
    [2010/01/07 13:36:45 | 000,000,036 | ---- | C] ()(C:\WINDOWS\System32\??) -- C:\WINDOWS\System32\㓐
    [2009/12/29 15:31:57 | 000,000,036 | ---- | M] ()(C:\WINDOWS\System32\?) -- C:\WINDOWS\System32\᜘
    [2009/12/29 15:31:57 | 000,000,036 | ---- | C] ()(C:\WINDOWS\System32\?) -- C:\WINDOWS\System32\᜘
    [2009/12/23 12:38:01 | 000,000,036 | ---- | M] ()(C:\WINDOWS\System32\??) -- C:\WINDOWS\System32\䋨
    [2009/12/23 12:38:01 | 000,000,036 | ---- | C] ()(C:\WINDOWS\System32\??) -- C:\WINDOWS\System32\䋨
    [2009/12/16 17:15:14 | 000,000,036 | ---- | M] ()(C:\WINDOWS\System32\?) -- C:\WINDOWS\System32\您
    [2009/12/16 17:15:14 | 000,000,036 | ---- | C] ()(C:\WINDOWS\System32\?) -- C:\WINDOWS\System32\您
    [2009/12/11 21:04:41 | 000,000,036 | ---- | M] ()(C:\WINDOWS\System32\?) -- C:\WINDOWS\System32\硨
    [2009/12/11 21:04:41 | 000,000,036 | ---- | C] ()(C:\WINDOWS\System32\?) -- C:\WINDOWS\System32\硨
    [2009/12/09 13:07:58 | 000,000,036 | ---- | M] ()(C:\WINDOWS\System32\?) -- C:\WINDOWS\System32\钘
    [2009/12/09 13:07:58 | 000,000,036 | ---- | C] ()(C:\WINDOWS\System32\?) -- C:\WINDOWS\System32\钘
    [2009/12/08 13:11:33 | 000,000,036 | ---- | M] ()(C:\WINDOWS\System32\??) -- C:\WINDOWS\System32\葀ɞ
    [2009/12/08 13:11:33 | 000,000,036 | ---- | C] ()(C:\WINDOWS\System32\??) -- C:\WINDOWS\System32\葀ɞ
    [2009/11/19 11:38:57 | 000,000,036 | ---- | M] ()(C:\WINDOWS\System32\??) -- C:\WINDOWS\System32\짰
    [2009/11/19 11:38:57 | 000,000,036 | ---- | C] ()(C:\WINDOWS\System32\??) -- C:\WINDOWS\System32\짰
    [2009/10/29 16:08:22 | 000,000,036 | ---- | M] ()(C:\WINDOWS\System32\?) -- C:\WINDOWS\System32\⋘
    [2009/10/29 16:08:22 | 000,000,036 | ---- | C] ()(C:\WINDOWS\System32\?) -- C:\WINDOWS\System32\⋘

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#24
betctru

betctru

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts
After Windows starts up, I get the following dialog boxes:
 
ADVWindowsClientSystemTray.exe - Entry Point Not Found

"The procedure entry point GetRequestRuntineInfo could not be located in the dynamic link library mscoree.dll"

OK
 
and
 
.NET Framework Initialization Error

c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll could not be loaded

OK
 
and
 
Files that are required for Windows to run properly have been replaced by unrecognized versions. To maintain system stability, Windows must restore the original versions of these files.

Insert your Windows XP Professional Service Pack 2 CD now.

Retry/More Information/Cancel
 

Unfortunately, I cannot find my Service Pack 2 CD. I think I have since gotten a new set of CDs, but when I tried, I think I was told they weren't the orginal disk. Or perhaps the CD drives stopped working at that point...so many things were going wrong I got tired of fighting with it. Perhaps it's not worth rehabilitating, but I can't really afford to replace it right now. Anything that you can do to make some of this go away will help.

Doing the "Run/Fix" now.
  • 0

#25
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets try to resolve those errors :)

ADVWindowsClientSystemTray.exe - Entry Point Not Found, that is the Amazon unbox utility and a reinstall may fix that. You can download a copy here

.NET Framework Initialization Error an update to dotnet 3.5 should fix that available here

Files that are required for Windows to run properly have been replaced by unrecognized versions. To maintain system stability, Windows must restore the original versions of these files. You appear to have SP3, so a possible option is to do one of the following
Download a fresh copy of SP3 to your desktop from here
Try to install SP3
If it fails to install then we will need to uninstall SP3 and then reinstall. I can walk you through that stage if you wish
  • 0

Advertisements


#26
betctru

betctru

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts
OK, tried to do the OTL RunFix, but my stupid email, which I haven't been able to fix due to some of the Windows problems, put up a popup. And now the OTL screen is still there and when I click it says (Not Responding). :)

I left the computer on, afraid to interrupt it. :unsure:

Betsy
  • 0

#27
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Shut OTL down using task manager and we will retry the fix again in a bit :)

But I feel we should look at doing a few repairs first to try and stabilise your computer

What is the E-Mail programme and what errors does it give ?

Then either re-instal or remove the Amazon unbox programme, dependant on your preference

Followed by updating dotnet

Finally bring down SP3 to your desktop and let me know what the current state of play is
  • 0

#28
betctru

betctru

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts
Ok, working on that...thanks!

Betsy
  • 0

#29
betctru

betctru

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts
OTL won't shut down, I've tried both the application tab and the process tab. should I force. System restart using Task Manager?

Betsy
  • 0

#30
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Aye force a restart, the popup may have disrupted OTL whilst it was beavering away
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP