Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Something keeps trying to download trojans and viruses


  • This topic is locked This topic is locked

#1
umdad06

umdad06

    New Member

  • Member
  • Pip
  • 8 posts
There is something in my computer that keeps trying to download trojans and viruses. AVG scan finds nothing and says I am clean. Spyware Doctor found and eliminated a bunch of things and now says I'm clean. But every day when I start my computer I get a bunch of warnings from AVG that it has blocked multiple threats, mostly Generic Trojans, and Spyware Doctor blocks things too. I don't know what could be trying to download all this stuff. Any help in finding and eliminating this problem would be greatly appreciated.

Here is my log:

OTL logfile created on: 10/4/2011 7:41:29 PM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Cindy\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 1.81 Gb Available Physical Memory | 45.14% Memory free
8.00 Gb Paging File | 5.76 Gb Available in Paging File | 72.06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.79 Gb Total Space | 152.31 Gb Free Space | 65.43% Space Free | Partition Type: NTFS
Drive E: | 491.01 Mb Total Space | 193.71 Mb Free Space | 39.45% Space Free | Partition Type: FAT32
Drive J: | 3.73 Gb Total Space | 0.01 Gb Free Space | 0.14% Space Free | Partition Type: FAT32
Drive K: | 189.91 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: NTFS

Computer Name: CINDY-PC | User Name: Cindy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/04 19:40:12 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Cindy\Downloads\OTL.exe
PRC - [2011/10/01 12:30:56 | 000,246,600 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe
PRC - [2011/09/29 02:53:40 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/09/08 06:46:00 | 002,401,120 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2011/09/01 06:16:22 | 005,265,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/08/25 01:25:28 | 000,313,160 | ---- | M] (Smilebox, Inc.) -- C:\Users\Cindy\AppData\Roaming\Smilebox\SmileboxTray.exe
PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/07/11 05:13:26 | 000,786,040 | ---- | M] (Fitbit, Inc.) -- C:\Program Files (x86)\Fitbit\fitbit.exe
PRC - [2011/07/11 05:13:20 | 002,162,296 | ---- | M] (Fitbit, Inc.) -- C:\Program Files (x86)\Fitbit\fitbit-tray.exe
PRC - [2011/07/07 11:39:10 | 001,600,984 | ---- | M] (PC Tools) -- C:\Program Files (x86)\PC Tools Security\pctsGui.exe
PRC - [2011/04/06 16:53:36 | 001,117,144 | ---- | M] (PC Tools) -- C:\Program Files (x86)\PC Tools Security\pctsSvc.exe
PRC - [2011/02/18 11:14:04 | 000,371,472 | ---- | M] (PC Tools) -- C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe
PRC - [2011/01/20 13:27:12 | 000,070,928 | ---- | M] (PC Tools) -- C:\Program Files (x86)\PC Tools Security\TFEngine\TFService.exe
PRC - [2010/09/02 11:38:28 | 000,176,408 | ---- | M] (iWin Inc.) -- C:\Program Files (x86)\iWin Games\iWinTrusted.exe
PRC - [2010/01/03 00:51:28 | 002,326,920 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2009/09/12 17:31:36 | 000,357,384 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2009/09/12 17:30:48 | 005,048,488 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2009/07/20 04:00:00 | 000,077,824 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
PRC - [2009/07/13 21:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 21:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2008/11/11 17:12:14 | 000,639,488 | ---- | M] (Beiley Software Inc.) -- C:\Program Files (x86)\Remind-Me\RemindMe.exe
PRC - [2008/06/24 17:06:06 | 001,840,424 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2005/05/09 19:16:15 | 000,192,512 | ---- | M] (Simple Star, Inc.) -- C:\Program Files (x86)\Comcast\Comcast PhotoShow 4\data\Xtras\mssysmgr.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/29 02:53:40 | 001,833,944 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/09/28 10:49:31 | 006,277,280 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/07/20 04:00:00 | 000,077,824 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/07/20 12:36:14 | 000,160,784 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/10/01 12:30:56 | 000,246,600 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe -- (vToolbarUpdater)
SRV - [2011/09/01 06:16:22 | 005,265,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/07/26 10:16:02 | 001,025,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011/07/11 05:13:26 | 000,786,040 | ---- | M] (Fitbit, Inc.) [Auto | Running] -- C:\Program Files (x86)\Fitbit\fitbit.exe -- (Fitbit)
SRV - [2011/04/06 16:53:36 | 001,117,144 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - [2011/02/18 11:14:04 | 000,371,472 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2011/01/20 13:27:12 | 000,070,928 | ---- | M] (PC Tools) [On_Demand | Running] -- C:\Program Files (x86)\PC Tools Security\TFEngine\TFService.exe -- (ThreatFire)
SRV - [2010/09/02 11:38:28 | 000,176,408 | ---- | M] (iWin Inc.) [Auto | Running] -- C:\Program Files (x86)\iWin Games\iWinTrusted.exe -- (iWinTrusted)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/03 00:51:28 | 002,326,920 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2009/09/12 17:32:46 | 000,891,432 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/07/18 13:13:20 | 000,053,760 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Windows\SysWOW64\HPZipm12.dll -- (Pml Driver HPZ12)
SRV - [2008/07/18 13:13:20 | 000,044,032 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Windows\SysWOW64\HPZinw12.dll -- (Net Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/08/08 06:08:58 | 000,046,672 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/07/11 12:02:34 | 000,282,440 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PCTCore64.sys -- (PCTCore)
DRV:64bit: - [2011/07/11 09:07:46 | 000,092,896 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pctplsg64.sys -- (pctplsg)
DRV:64bit: - [2011/07/11 09:05:44 | 000,337,048 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\pctgntdi64.sys -- (pctgntdi)
DRV:64bit: - [2011/07/11 01:14:36 | 000,375,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2011/07/11 01:14:08 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/07/11 01:14:06 | 000,120,400 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/07/11 01:14:06 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:64bit: - [2011/07/11 01:13:44 | 000,282,704 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2011/07/11 01:13:42 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/04/30 04:34:56 | 000,016,384 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SiUSBXp.sys -- (SIUSBXP)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/10 09:08:22 | 000,279,344 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\PCTSD64.sys -- (PCTSD)
DRV:64bit: - [2011/01/20 13:27:12 | 000,074,824 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TfSysMon.sys -- (TFSysMon)
DRV:64bit: - [2011/01/20 13:27:12 | 000,065,072 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TfFsMon.sys -- (TfFsMon)
DRV:64bit: - [2011/01/20 13:27:12 | 000,041,888 | --S- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\TfNetMon.sys -- (TfNetMon)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/07/16 14:53:32 | 000,816,016 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\pctEFA64.sys -- (pctEFA)
DRV:64bit: - [2010/06/29 10:35:34 | 000,452,872 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pctDS64.sys -- (pctDS)
DRV:64bit: - [2010/01/03 00:51:29 | 000,250,400 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp)
DRV:64bit: - [2010/01/03 00:51:27 | 001,455,648 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpm251.sys -- (tdrpman251) Acronis Try&Decide and Restore Points filter (build 251)
DRV:64bit: - [2010/01/03 00:51:25 | 000,929,312 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter)
DRV:64bit: - [2010/01/03 00:51:22 | 000,254,496 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2009/07/27 03:04:38 | 000,058,880 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/17 12:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009/06/10 16:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/09 02:14:20 | 000,015,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2007/07/31 20:04:48 | 000,090,112 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ser2pl64.sys -- (Ser2pl)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C2 F4 AA E4 8A 7C CA 01 [binary data]
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect...fftrie7&query="
FF - prefs.js..browser.search.selectedEngine: "Yahoo!"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.allmyfaves.com/#"
FF - prefs.js..extensions.enabledItems: {98e34367-8df7-42b4-837b-20b892ff0848}:1.5
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.071301000019
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.5.1344
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.716
FF - prefs.js..keyword.URL: "http://search.aol.co...0TRFFab&query="


FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@artistscope.com/ArtistScope plugin 42,version=4.2.0.0: C:\Program Files (x86)\Mozilla Firefox\plugins
pArtistScope42.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/npmozax: C:\PROGRA~2\MOZILL~1\plugins\ [2011/09/23 17:53:40 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/npracplug;version=1.0.0.0: C:\Program Files (x86)\Real\RealArcade\Plugins\Mozilla\npracplug.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.46: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@research.microsoft.com/HDView: C:\Program Files (x86)\Microsoft Research\HDView for Firefox [2009/12/25 17:11:23 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll File not found
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@artistscope.com/ArtistScope plugin 42,version=4.2.0.0: C:\Program Files (x86)\Mozilla Firefox\plugins
pArtistScope42.dll File not found
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Users\Cindy\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll ( )
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Cindy\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files (x86)\Real\RealPlayer\browserrecord
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/01/02 03:13:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\[email protected] [2011/09/16 23:44:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2011/10/01 12:31:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/10/03 19:28:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/09/23 17:53:40 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/01/02 03:13:26 | 000,000,000 | ---D | M]

[2009/12/17 14:14:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cindy\AppData\Roaming\Mozilla\Extensions
[2009/12/25 17:57:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\1j83mpwp.default\extensions
[2009/12/25 17:57:33 | 000,000,000 | ---D | M] (Coupon Manager) -- C:\Users\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\1j83mpwp.default\extensions\{0C7E3F01-99E9-4095-9BDC-F84724960B57}
[2009/12/25 17:57:37 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\1j83mpwp.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/12/25 17:57:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\1j83mpwp.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
[2009/12/25 17:57:32 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\1j83mpwp.default\extensions\[email protected]
[2009/12/25 17:57:32 | 000,000,000 | ---D | M] (Oberon Game Host) -- C:\Users\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\1j83mpwp.default\extensions\[email protected]
[2010/10/31 12:26:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\oi6da432.default\extensions
[2008/11/13 00:45:51 | 000,001,739 | ---- | M] () -- C:\Users\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\1j83mpwp.default\searchplugins\aim-search.xml
[2008/03/13 09:43:14 | 000,001,877 | ---- | M] () -- C:\Users\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\1j83mpwp.default\searchplugins\aolsearch.xml
[2011/10/01 12:30:54 | 000,003,674 | ---- | M] () -- C:\Users\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\1j83mpwp.default\searchplugins\avg-secure-search.xml
[2008/07/12 19:43:11 | 000,000,653 | ---- | M] () -- C:\Users\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\1j83mpwp.default\searchplugins\yahoo-search.xml
[2011/10/03 19:28:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2009/12/25 17:14:55 | 000,000,000 | ---D | M] (OneStep Search) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{C7E0B063-1DC2-4DD0-A502-1D67957B9ADE}
[2010/10/21 11:42:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/09/23 11:24:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2009/12/25 17:14:54 | 000,000,000 | ---D | M] (RealArcade V3 Plugin) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
File not found (No name found) -- C:\PROGRAM FILES (X86)\AVG\AVG9\FIREFOX
[2010/10/03 15:17:10 | 000,000,000 | ---D | M] (iWinGames Plugin) -- C:\PROGRAM FILES (X86)\IWIN GAMES\FIREFOX
[2011/09/23 11:24:01 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES (X86)\JAVA\JRE6\LIB\DEPLOY\JQS\FF
File not found (No name found) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2011/09/29 02:53:40 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2009/08/21 13:52:46 | 000,180,224 | ---- | M] (The Nielsen Company) -- C:\Program Files (x86)\mozilla firefox\components\nsgkff31_meter6.dll
[2009/01/07 13:16:58 | 000,609,280 | ---- | M] (ArtistScope) -- C:\Program Files (x86)\mozilla firefox\plugins\npArtistScope42.dll
[2010/11/25 21:41:58 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll
[2010/11/25 21:41:58 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol500.dll
[2009/11/19 17:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2011/09/23 11:24:01 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2005/12/05 22:31:00 | 000,114,688 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npmozax.dll
[2009/11/19 17:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
[2008/02/08 17:36:16 | 000,024,673 | ---- | M] (MyWebSearch.com) -- C:\Program Files (x86)\mozilla firefox\plugins\NPMyWebS.dll
[2005/04/27 16:10:49 | 000,102,400 | ---- | M] (RealNetworks) -- C:\Program Files (x86)\mozilla firefox\plugins\npracplug.dll
[2007/04/03 17:44:07 | 000,319,488 | ---- | M] ( ) -- C:\Program Files (x86)\mozilla firefox\plugins\npsnapfish.dll
[2009/06/30 11:19:12 | 000,221,184 | ---- | M] (CNN) -- C:\Program Files (x86)\mozilla firefox\plugins\NPTURNMED.dll
[2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npViewpoint.dll
[2009/07/02 12:19:28 | 000,102,400 | ---- | M] (Zylom) -- C:\Program Files (x86)\mozilla firefox\plugins\npzylomgamesplayer.dll
[2011/09/28 20:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2009/04/07 13:59:38 | 000,000,872 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Yahooober25244253.gif
[2010/05/12 17:36:33 | 000,000,196 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Yahooober25244253.src

========== Chrome ==========

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\13.0.782.220\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\13.0.782.220\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\13.0.782.220\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java™ Platform SE 6 U20 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np32dsw.dll
CHR - plugin: ArtistScope plugin 42 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npArtistScope42.dll
CHR - plugin: CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll
CHR - plugin: CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol500.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
CHR - plugin: My Web Search Plugin Stub (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPMyWebS.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealArcade Mozilla Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npracplug.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: Snapfish Plugin for Firefox (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npsnapfish.dll
CHR - plugin: Turner Media Plugin 1.0.0.10 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPTURNMED.dll
CHR - plugin: AOL Media Playback Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npunagi2.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npViewpoint.dll
CHR - plugin: Zylom Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npzylomgamesplayer.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files (x86)\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files (x86)\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files (x86)\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\Cindy\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\Cindy\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50917.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: AVG Safe Search = C:\Users\Cindy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1390_0\

O1 HOSTS File: ([2011/09/23 17:47:13 | 000,000,826 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll ()
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ISTray] C:\Program Files (x86)\PC Tools Security\pctsGui.exe (PC Tools)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.5.0_10\bin\jusched.exe" File not found
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKCU..\Run: [Fitbit Service Monitor] C:\Program Files (x86)\Fitbit\fitbit-tray.exe (Fitbit, Inc.)
O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKCU..\Run: [PhotoShow Deluxe Media Manager] C:\Program Files (x86)\Comcast\Comcast PhotoShow 4\data\Xtras\mssysmgr.exe (Simple Star, Inc.)
O4 - HKCU..\Run: [SmileboxTray] C:\Users\Cindy\AppData\Roaming\Smilebox\SmileboxTray.exe (Smilebox, Inc.)
O4 - Startup: C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Jacquie Lawson Advent Calendar.lnk = C:\Program Files (x86)\Jacquie Lawson Advent Calendar\Jacquie Lawson Advent Calendar\Jacquie Lawson Advent Calendar.exe ()
O4 - Startup: C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RemindMe.lnk = C:\Program Files (x86)\Remind-Me\RemindMe.exe (Beiley Software Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files (x86)\AIM\aim.exe (America Online, Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O1364bit: - gopher Prefix: missing
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} http://www.ipix.com/viewers/ipixx.cab (Reg Error: Key error.)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files%20(x86)/Cake%20Mania/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Reg Error: Key error.)
O16 - DPF: {4125262D-2E47-11D3-9387-00C04F5B12B1} https://www.backup.c.../webrestore.cab (Reg Error: Key error.)
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} file:///C:/Documents%20and%20Settings/Cindy%20Anno/Local%20Settings/Application%20Data/Oberon%20Media/Oberon%20Games%20Host/DinerDash2.1.0.0.68.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Little%20Shop%20of%20Treasures/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} http://chill.comcast...ronGameHost.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.67.222.222 208.67.220.220 68.87.64.150
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4977E80E-1F36-4EE6-872C-57E3C2F7B987}: DhcpNameServer = 208.67.222.222 208.67.220.220 68.87.64.150
O18:64bit: - Protocol\Handler\avgsecuritytoolbar - No CLSID value found
O18:64bit: - Protocol\Handler\gopher - No CLSID value found
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\sysimage - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wia - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll ()
O18 - Protocol\Handler\wia - No CLSID value found
O18:64bit: - Protocol\Filter\text/webviewhtml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\SysWOW64\ExplorerFrame.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Cindy\My Documents\My Pictures\Picasa Edits\picasabackground.bmp
O24 - Desktop BackupWallPaper: C:\Users\Cindy\My Documents\My Pictures\Picasa Edits\picasabackground.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O34 - HKLM BootExecute: (auto_reactivate \\?\Volume{453f4783-e961-11de-b096-806e6f6e6963}\bootwiz\asrm.bin)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/04 18:37:07 | 000,000,000 | R-SD | C] -- C:\Users\Cindy\Documents\My Stationery
[2011/10/04 18:34:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[2011/10/04 18:34:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2011/10/04 18:33:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live SkyDrive
[2011/10/04 18:33:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2011/10/04 18:20:16 | 000,000,000 | ---D | C] -- C:\Users\Cindy\Desktop\Address Book
[2011/10/04 18:11:00 | 000,000,000 | ---D | C] -- C:\Users\Cindy\Desktop\Mail Backup
[2011/10/04 16:58:01 | 000,000,000 | RHSD | C] -- C:\bootwiz
[2011/10/04 16:13:48 | 000,000,000 | RHSD | C] -- C:\acroldr
[2011/10/04 15:35:55 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{3BE6FEA9-3F67-4B8C-860C-AEFE5C967AFD}
[2011/10/04 11:26:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Screentime
[2011/10/04 11:24:07 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\Screentime
[2011/10/04 11:02:02 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{DFACDC33-5E6B-4B11-A3F8-E20BE262FC9A}
[2011/10/04 11:01:51 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{0D1EF60D-3640-4F40-8147-AE09DE57FAF7}
[2011/10/03 23:01:26 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{D1A3D799-7612-4A11-A973-C4573A0843B7}
[2011/10/03 23:01:05 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{2C739DE0-26FB-4AA1-942E-2859ED03DDEB}
[2011/10/03 11:00:52 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{FF8DC439-79AE-4CD2-84C8-1331D0175436}
[2011/10/03 11:00:31 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{48A9D04E-AE5F-4CAB-8265-48DA4B5197AE}
[2011/10/02 23:00:05 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{532EE5B9-6525-4A12-9E2E-69282CC31993}
[2011/10/02 22:59:44 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{007729D2-B8EF-45C4-8562-953B9A726624}
[2011/10/02 10:59:32 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{F6947E19-B5D6-4897-8926-6DAC72CE0D4E}
[2011/10/02 10:59:11 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{357157C5-A617-4D8B-BE6C-0B922EBE3ED5}
[2011/10/01 22:58:27 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{A6908132-B978-4404-8883-6A523E47A7F3}
[2011/10/01 22:58:05 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{E0A16BD3-7604-4DC8-8217-2D1B02162868}
[2011/10/01 12:31:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2012
[2011/10/01 12:30:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search
[2011/10/01 12:30:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search
[2011/10/01 12:29:58 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Roaming\AVG2012
[2011/10/01 12:29:15 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2011/10/01 10:57:52 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{9E8700AB-827E-43B7-A6DE-F3DB7C6B18B8}
[2011/10/01 10:57:29 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{C02C4732-369A-4A6F-B6AD-59DCE4A30B7E}
[2011/09/30 22:57:03 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{DA4D1F0C-69A5-4ABB-8C11-2AE8A2482A6C}
[2011/09/30 22:56:37 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{4BA9F60D-0C47-4BAE-92F2-7F28AA6DD645}
[2011/09/30 10:56:25 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{164FDF7E-2802-41F1-AF3C-D3617F33BDC0}
[2011/09/30 10:56:04 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{08CB9AF2-89E4-45BD-9D05-60FBD58A28F8}
[2011/09/29 22:55:39 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{5DE3B8D6-A9E5-4A5F-8C2A-38EBACE9EEAF}
[2011/09/29 22:55:17 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{7D570766-9A1B-4505-A57B-C8E9B09044C2}
[2011/09/29 10:54:38 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{F1F69256-2201-48EB-8656-7A597D0DB0AC}
[2011/09/29 10:53:38 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{4A2CC0BE-59D1-4E64-BFDC-41E8B4F61EFF}
[2011/09/28 23:36:26 | 000,000,000 | ---D | C] -- C:\abf1aed52ee70de0790e0332
[2011/09/28 22:48:40 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{E6C52049-2C8A-4406-9A1B-2B47C9DAC108}
[2011/09/28 22:48:18 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{E45470F9-1856-4D01-99CE-FB4C1ACE3699}
[2011/09/28 10:47:51 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{36581CD7-8A3E-4F55-9B47-1DCBF65B205C}
[2011/09/28 10:47:26 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{5A9F4C5F-21AB-4552-B498-E4BDF2157CEF}
[2011/09/27 21:21:43 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{993D7EBC-5E08-4C91-A4CC-7143F899D77E}
[2011/09/27 21:21:20 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{4C7F6A51-F092-4C88-AED7-48635E17F06D}
[2011/09/27 09:20:46 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{255427B9-19EB-45D3-9B0E-D1300CACDA8B}
[2011/09/27 09:20:35 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{32EAA353-A3D3-4903-B4C1-A71B64CB1F79}
[2011/09/26 20:08:19 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{CDE979CC-6036-4413-8B0C-EF75E002C9C5}
[2011/09/26 20:07:57 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{DD5484EF-B9CA-4756-AC07-6A2C61122F56}
[2011/09/26 08:07:17 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{02FC328F-EB78-4886-95A8-038CF6752100}
[2011/09/26 08:06:53 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{E2DC74F6-D5BE-4031-91B3-B0872158E78F}
[2011/09/25 12:26:54 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{95D559F8-C1F1-4039-ACFB-1AD229977A77}
[2011/09/25 12:26:27 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{B6C3B40A-122E-4A07-8AB9-0AF910EEDCB3}
[2011/09/24 12:14:14 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\Microsoft Games
[2011/09/24 11:14:03 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{65F794E7-06E8-4FCA-B592-C7847C7CF697}
[2011/09/24 11:13:39 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{443C87A4-F12F-4DD7-BAD9-5B1D6E61EE7C}
[2011/09/24 11:04:08 | 000,074,824 | --S- | C] (PC Tools) -- C:\Windows\SysNative\drivers\TfSysMon.sys
[2011/09/24 11:04:07 | 000,065,072 | --S- | C] (PC Tools) -- C:\Windows\SysNative\drivers\TfFsMon.sys
[2011/09/24 11:04:07 | 000,041,888 | --S- | C] (PC Tools) -- C:\Windows\SysNative\drivers\TfNetMon.sys
[2011/09/24 11:02:31 | 000,000,000 | ---D | C] -- C:\PROGRAM FILES (X86) (X86)
[2011/09/23 23:05:04 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{4CC3CC18-335A-4AD7-A693-6941A00D11D0}
[2011/09/23 23:04:54 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{1BD98FF5-D61D-4138-9AC4-0604497C1B7A}
[2011/09/23 19:32:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011/09/23 19:32:16 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/09/23 15:40:12 | 000,816,016 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctEFA64.sys
[2011/09/23 15:40:12 | 000,452,872 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctDS64.sys
[2011/09/23 15:40:11 | 000,337,048 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctgntdi64.sys
[2011/09/23 15:40:11 | 000,143,896 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctwfpfilter64.sys
[2011/09/23 15:40:07 | 000,282,440 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTCore64.sys
[2011/09/23 15:40:05 | 000,279,344 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTSD64.sys
[2011/09/23 15:40:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Security
[2011/09/23 15:40:03 | 000,092,896 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctplsg64.sys
[2011/09/23 15:39:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools Security
[2011/09/23 15:39:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2011/09/23 15:38:48 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011/09/23 11:04:29 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{7A5D9427-55B0-4C40-A150-7883D05F20F3}
[2011/09/23 11:04:06 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{3A175B4B-5D40-471D-9E40-8366EBA19AB6}
[2011/09/22 23:03:42 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{C9F758D4-3E4F-4A41-9B1C-3BF17F2AA8E2}
[2011/09/22 23:03:20 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{D60AFC18-C0A1-4263-A5F2-F7619F34F3D0}
[2011/09/22 11:03:09 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{2543675A-AE81-4A50-80FD-CCCA59F8D7C7}
[2011/09/22 11:02:47 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{247F2665-72E0-418C-9F5C-40648275AD16}
[2011/09/21 23:02:23 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{EC278B37-3429-4CA3-A735-A28BFFC689FE}
[2011/09/21 23:02:01 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{92377AF6-B46C-4CD9-9F5E-C52691DEF950}
[2011/09/21 11:01:50 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{86BFFD15-D8DE-44E1-A6C1-2A39AE6CF956}
[2011/09/21 11:01:27 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{9CBE2850-DD16-44E0-A510-08C2F91229BE}
[2011/09/20 23:01:03 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{CBD104D8-1859-42A6-B8C0-BB7C0125A2A6}
[2011/09/20 23:00:40 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{59BB001B-DE2F-43C3-88B5-C9448B3ADBAB}
[2011/09/20 11:00:16 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{74F5B3AA-EAFC-4DDD-BF7F-8EDB0B930E91}
[2011/09/20 11:00:06 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{9872298C-6CA3-4861-B81F-904976FA7F58}
[2011/09/19 22:36:57 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{9E79B26A-0CF6-4AD0-8DFD-AF61A719791C}
[2011/09/19 22:36:36 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{E246FE21-751F-41AD-A9D0-9A9066A0E346}
[2011/09/19 10:36:24 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{CA83594B-D9CC-406E-A742-96843E4D336D}
[2011/09/19 10:36:02 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{9D52673A-3892-48E3-ADAE-8785501EA1C7}
[2011/09/18 11:39:48 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{93274D58-168A-4CBF-BC18-E31E1D290DE3}
[2011/09/18 11:39:07 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{C9E73E4D-C589-4AFF-B1F2-03236BF01E19}
[2011/09/17 11:48:56 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{7E2A02F5-4C00-4F2F-A169-476D61183429}
[2011/09/17 11:48:35 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{69750319-294D-4D78-865F-D212D16B415F}
[2011/09/16 23:05:10 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{F9405F29-A0C6-4171-8092-A6E5413310F0}
[2011/09/16 23:04:49 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{5850E9AA-C866-41A9-BA68-DCCB40181438}
[2011/09/16 20:49:43 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cooking Dash 3 - Thrills and Spills Collector's Edition
[2011/09/16 20:49:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cooking Dash 3 - Thrills and Spills Collector's Edition
[2011/09/16 20:49:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cooking Dash 3 - Thrills and Spills Collector's Edition
[2011/09/16 11:04:37 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{18A2CF0F-53F6-4A26-B6B2-25CF1607E331}
[2011/09/16 11:04:16 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{06BB4E7B-CFE3-4A53-A293-6DA7FC09678B}
[2011/09/15 23:03:50 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{AC5E8C7D-8351-44C8-8027-8A083183E182}
[2011/09/15 23:03:29 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{0DA2C109-F8A6-488F-9A74-62769E127F51}
[2011/09/15 11:03:05 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{9BC06EEE-9F60-4834-9327-0D7DFC2CC5EB}
[2011/09/15 11:02:43 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{D29C7D4D-A736-4735-A501-8C6655EFD604}
[2011/09/14 23:02:19 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{FB6EF3C9-A507-48C4-9FC5-E732146F1B1F}
[2011/09/14 23:01:58 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{F3297B75-1675-439C-A847-07786D957C47}
[2011/09/14 11:01:19 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{DF96F99F-522E-47E6-A26C-25809C11D478}
[2011/09/14 11:00:57 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{D6B7124F-98AA-4C7F-A67D-318D3941E1E4}
[2011/09/13 23:00:33 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{6D62D70E-3B17-4759-B8DC-ABB2F533A985}
[2011/09/13 23:00:11 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{9C790567-C19A-46DD-BBF1-A831A26160AF}
[2011/09/13 10:59:47 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{05B8B97E-C444-472F-BD46-912A81976BA4}
[2011/09/13 10:59:26 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{642D6B36-424B-40D8-80EA-85112E92B117}
[2011/09/12 22:59:03 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{B73D2A82-DE50-440C-A80B-2E09DDAB0A24}
[2011/09/12 22:58:42 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{EF89B6F9-A7C3-4893-A430-83891A720EE6}
[2011/09/12 10:58:30 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{B6CEBBEC-24D0-4B04-BAEC-2E1DD0B8AC03}
[2011/09/12 10:58:09 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{538F632A-DC24-4444-9297-1A70A7075639}
[2011/09/11 22:57:45 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{8F4A0724-B7A3-4948-9FCE-27AB56F7294F}
[2011/09/11 22:57:24 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{F02723D9-53F6-4539-9EE9-AE3E380B247E}
[2011/09/11 10:57:08 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{F8764C84-8A37-4DAB-9BBC-20DB15FF9074}
[2011/09/11 10:56:47 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{BBC36761-71AA-485E-8DC8-1B6925BB1B9E}
[2011/09/10 22:56:23 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{C75709B8-0873-4C41-BB05-A6CEE1B8EE04}
[2011/09/10 22:56:02 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{D6B2D42D-BC50-4A78-B46D-1215E2928BDD}
[2011/09/10 10:55:37 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{81993B9B-4351-4B70-94E2-00E5B72C6959}
[2011/09/10 10:55:15 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{62408F22-FDBD-49E1-A8D3-D2BD3E108612}
[2011/09/09 22:45:06 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{2DAA0E33-9443-47FB-9778-D46F730A47A7}
[2011/09/09 22:44:44 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{89A8C12F-DDBC-43F5-AFFA-38FA5E48CCF9}
[2011/09/09 19:36:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2011/09/09 10:44:20 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{666F0DE1-6BAD-4215-9744-B4F0FC36D9B6}
[2011/09/09 10:43:59 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{9074AFCC-7D95-4A81-9EDD-7F4209BB0DDC}
[2011/09/08 22:43:35 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{3F66AB24-281F-41A7-AC54-078C66E87913}
[2011/09/08 22:43:13 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{01B7913C-E2C5-4E63-B0B6-B61004E3D217}
[2011/09/08 10:42:49 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{3D9EC5C3-5A2A-4101-93C1-A455A2BBBE20}
[2011/09/08 10:42:27 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{3F542E82-492C-4DA8-A2A9-31953F12767B}
[2011/09/07 22:42:02 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{DA821A22-F358-49FD-B2FD-3903C213CA56}
[2011/09/07 22:41:52 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{0857729E-C54A-40D1-B01C-342DE79A7F03}
[2011/09/07 10:41:40 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{B19F34EE-39CD-4043-8431-E6031A331BC2}
[2011/09/07 10:41:18 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{0C9E89EE-CDDB-438B-B40F-D80F6D7BBAA6}
[2011/09/06 16:45:11 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{704D04FC-1F51-4BEF-9B88-5A9B8A8BC093}
[2011/09/06 16:44:50 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{74EB3CF0-2CEE-4CE2-BC64-BE5B4D236FF8}
[2009/11/06 17:12:47 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Cindy\AppData\Roaming\pcouffin.sys
[2009/09/10 16:34:53 | 093,107,496 | ---- | C] (Apple Inc.) -- C:\Program Files (x86)\iTunesSetup.exe
[2009/06/30 11:18:38 | 005,697,032 | ---- | C] (CNN ) -- C:\Program Files (x86)\wmvfirefoxpluginsetup-0.1.675.1923.exe
[2009/05/07 17:17:21 | 043,083,040 | ---- | C] ( ) -- C:\Program Files (x86)\AdbeRdr910_en_US_Std.exe
[2009/01/28 22:24:03 | 001,403,504 | ---- | C] (ArtistScope Pty Ltd) -- C:\Program Files (x86)\ArtistScope_FX_42.exe
[2008/12/02 12:52:57 | 028,868,320 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\FileFormatConverters.exe
[2008/11/15 14:26:10 | 001,878,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Program Files (x86)\install_flash_player.exe
[2008/11/14 18:34:51 | 004,865,408 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\Silverlight.2.0.exe
[2008/10/15 12:08:36 | 067,167,528 | ---- | C] (Apple Inc.) -- C:\Program Files (x86)\iTunes801Setup.exe
[2008/09/23 12:48:30 | 035,124,856 | ---- | C] ( ) -- C:\Program Files (x86)\AdbeRdr90_en_US.exe
[2008/09/06 23:20:12 | 007,499,056 | ---- | C] (Mozilla) -- C:\Program Files (x86)\Firefox Setup 3.0.1.exe
[2008/09/05 22:56:07 | 000,298,096 | ---- | C] (The Weather Channel Interactive) -- C:\Program Files (x86)\desktopsp2_StubInstaller.exe
[2008/07/16 10:57:23 | 000,459,288 | ---- | C] (NetRatings, Inc.) -- C:\Program Files (x86)\netsight_setup_5.1.2.15_MP_Production_mid60234523138_p.exe
[2008/07/15 16:20:40 | 023,766,320 | ---- | C] (Apple Inc.) -- C:\Program Files (x86)\QuickTimeInstaller.exe
[2008/07/04 16:02:20 | 002,814,351 | ---- | C] (FileSubmit) -- C:\Program Files (x86)\celbratfreedomss.exe
[2008/07/02 21:40:06 | 025,755,448 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\wmp11-windowsxp-x86-enu.exe
[2006/11/30 12:21:01 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files (x86)\RngInterstitial.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/04 19:51:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/04 19:42:27 | 000,000,000 | ---- | M] () -- C:\Users\Cindy\AppData\Local\prvlcl.dat
[2011/10/04 19:42:20 | 000,015,008 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/04 19:42:20 | 000,015,008 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/04 18:31:26 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/10/04 18:31:26 | 000,623,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/10/04 18:31:26 | 000,106,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/10/04 18:30:07 | 105,822,719 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2011/10/04 18:29:44 | 000,372,394 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2011/10/04 18:26:25 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/04 18:26:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/04 18:26:13 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/04 17:18:26 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2011/10/04 15:55:42 | 000,001,908 | ---- | M] () -- C:\Windows\diagwrn.xml
[2011/10/04 15:55:42 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml
[2011/10/03 19:28:46 | 000,001,138 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/10/01 14:51:42 | 000,002,380 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/10/01 12:31:04 | 000,000,961 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2011/09/27 11:43:13 | 000,542,660 | ---- | M] () -- C:\Users\Cindy\Documents\1105-Yakima-Street-Cedar-Cove-(1).azw
[2011/09/27 11:41:42 | 000,542,660 | ---- | M] () -- C:\Users\Cindy\Documents\1105-Yakima-Street-Cedar-Cove-.azw
[2011/09/24 23:14:46 | 000,001,000 | ---- | M] () -- C:\Users\Cindy\Desktop\Carrie the Caregiver 2 - Preschool.lnk
[2011/09/24 23:14:31 | 000,000,158 | ---- | M] () -- C:\Users\Cindy\Desktop\Comcast.net Games.url
[2011/09/24 11:43:35 | 000,001,053 | ---- | M] () -- C:\Users\Cindy\Desktop\Mahjongg Dimensions Deluxe - Tiles in Time.lnk
[2011/09/23 19:49:55 | 000,000,095 | ---- | M] () -- C:\Users\Cindy\Desktop\Spyware Warrior Log in.URL
[2011/09/23 19:32:16 | 000,002,975 | ---- | M] () -- C:\Users\Cindy\Desktop\HiJackThis.lnk
[2011/09/23 15:40:34 | 001,796,534 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2011/09/23 15:40:05 | 000,002,074 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2011/09/23 15:38:41 | 000,512,992 | ---- | M] () -- C:\Users\Cindy\Desktop\sdsetup_aff.exe
[2011/09/23 01:48:39 | 000,002,010 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/09/17 18:54:39 | 000,001,250 | ---- | M] () -- C:\Users\Public\Desktop\More Great Games.lnk
[2011/09/09 19:32:56 | 000,294,736 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/09/09 12:05:37 | 000,000,868 | ---- | M] () -- C:\Users\Cindy\Desktop\Zombie Bowl-O-Rama.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/04 15:55:14 | 000,001,908 | ---- | C] () -- C:\Windows\diagwrn.xml
[2011/10/04 15:55:14 | 000,001,908 | ---- | C] () -- C:\Windows\diagerr.xml
[2011/10/03 19:28:46 | 000,001,150 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/10/03 19:28:46 | 000,001,138 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/10/01 12:31:04 | 000,000,961 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2011/09/27 11:43:13 | 000,542,660 | ---- | C] () -- C:\Users\Cindy\Documents\1105-Yakima-Street-Cedar-Cove-(1).azw
[2011/09/27 11:41:41 | 000,542,660 | ---- | C] () -- C:\Users\Cindy\Documents\1105-Yakima-Street-Cedar-Cove-.azw
[2011/09/24 23:14:46 | 000,001,000 | ---- | C] () -- C:\Users\Cindy\Desktop\Carrie the Caregiver 2 - Preschool.lnk
[2011/09/24 11:43:35 | 000,001,053 | ---- | C] () -- C:\Users\Cindy\Desktop\Mahjongg Dimensions Deluxe - Tiles in Time.lnk
[2011/09/23 19:49:55 | 000,000,095 | ---- | C] () -- C:\Users\Cindy\Desktop\Spyware Warrior Log in.URL
[2011/09/23 19:32:16 | 000,002,975 | ---- | C] () -- C:\Users\Cindy\Desktop\HiJackThis.lnk
[2011/09/23 15:40:13 | 001,796,534 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB
[2011/09/23 15:40:05 | 000,002,074 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2011/09/23 15:38:49 | 000,512,992 | ---- | C] () -- C:\Users\Cindy\Desktop\sdsetup_aff.exe
[2011/09/16 20:50:02 | 000,001,250 | ---- | C] () -- C:\Users\Public\Desktop\More Great Games.lnk
[2011/09/14 10:46:51 | 000,000,898 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/14 10:46:50 | 000,000,894 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/09/09 12:05:37 | 000,000,868 | ---- | C] () -- C:\Users\Cindy\Desktop\Zombie Bowl-O-Rama.lnk
[2010/04/20 23:28:22 | 000,121,408 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2010/03/25 14:26:35 | 000,000,057 | ---- | C] () -- C:\Windows\SysWow64\_profiles.dat
[2010/03/17 18:12:36 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010/03/14 16:09:46 | 000,000,000 | ---- | C] () -- C:\Users\Cindy\AppData\Local\prvlcl.dat
[2010/03/06 14:22:42 | 000,161,628 | ---- | C] () -- C:\Windows\hphins31.dat.temp
[2010/03/06 14:22:42 | 000,000,724 | ---- | C] () -- C:\Windows\hphmdl31.dat.temp
[2010/01/18 13:49:47 | 000,000,081 | ---- | C] () -- C:\Windows\PARSONS.INI
[2010/01/04 19:14:50 | 000,001,571 | ---- | C] () -- C:\Windows\Faxcpp1.ini
[2010/01/04 19:14:50 | 000,000,422 | ---- | C] () -- C:\Windows\Faxcpp.ini
[2010/01/04 19:14:33 | 000,241,664 | ---- | C] () -- C:\Windows\SysWow64\Image32.dll
[2010/01/04 19:14:33 | 000,122,880 | ---- | C] () -- C:\Windows\SysWow64\Png32.dll
[2010/01/04 19:14:33 | 000,110,592 | ---- | C] () -- C:\Windows\SysWow64\Jpeg32.dll
[2010/01/04 19:14:33 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\Tga32.dll
[2010/01/04 19:14:33 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\Pcx32.dll
[2010/01/04 19:14:33 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\Twscan32.dll
[2010/01/02 20:57:40 | 000,000,026 | ---- | C] () -- C:\Windows\Irremote.ini
[2010/01/02 03:09:33 | 000,161,598 | ---- | C] () -- C:\Windows\hphins31.dat
[2010/01/02 03:09:33 | 000,000,724 | ---- | C] () -- C:\Windows\hphmdl31.dat
[2009/12/25 02:56:14 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/12/17 14:14:44 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/12/17 13:50:59 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2009/11/06 17:12:47 | 000,087,608 | ---- | C] () -- C:\Users\Cindy\AppData\Roaming\inst.exe
[2009/11/06 17:12:47 | 000,007,887 | ---- | C] () -- C:\Users\Cindy\AppData\Roaming\pcouffin.cat
[2009/11/06 17:12:47 | 000,001,144 | ---- | C] () -- C:\Users\Cindy\AppData\Roaming\pcouffin.inf
[2009/08/27 03:04:14 | 000,207,400 | R--- | C] () -- C:\Windows\GSetup.exe
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/01/13 09:46:59 | 004,566,456 | ---- | C] () -- C:\Program Files (x86)\Shockwave_Installer_Slim.exe
[2008/11/15 14:26:44 | 000,122,524 | ---- | C] () -- C:\Program Files (x86)\viewer.45.swf
[2008/07/24 21:05:03 | 000,000,000 | ---- | C] () -- C:\Program Files (x86)\LittleShopRoadTripInstall.exe
[2008/07/20 18:32:53 | 001,277,680 | ---- | C] () -- C:\Program Files (x86)\couponprinter.exe
[2008/07/04 16:03:56 | 010,421,744 | ---- | C] () -- C:\Program Files (x86)\AnAmericanTribute.exe
[2008/07/03 23:19:41 | 000,729,240 | ---- | C] () -- C:\Program Files (x86)\Install_HometownHarvest.EXE
[2008/03/05 11:33:04 | 000,000,000 | ---- | C] () -- C:\Program Files (x86)\temp01
[2008/02/28 14:38:23 | 000,002,848 | ---- | C] () -- C:\Users\Cindy\AppData\Roaming\mindhabits.dat
[2007/12/23 12:39:46 | 000,001,362 | ---- | C] () -- C:\ProgramData\QTSBandwidthCache
[2007/01/25 20:31:57 | 000,000,006 | ---- | C] () -- C:\Users\Cindy\AppData\Roaming\dm.ini
[2007/01/01 14:52:22 | 000,061,440 | ---- | C] () -- C:\Windows\uninstall.exe
[2006/11/30 12:33:03 | 000,026,112 | ---- | C] () -- C:\Users\Cindy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/11/22 16:08:19 | 000,001,622 | ---- | C] () -- C:\Users\Cindy\AppData\Local\FASTWiz.html

========== LOP Check ==========

[2009/12/25 17:45:09 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\Abra Academy2
[2009/12/25 17:45:10 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\acccore
[2010/01/02 03:33:17 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\Acronis
[2009/12/25 17:45:17 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\Aim
[2009/12/25 17:45:18 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\Alawar
[2009/12/25 17:45:18 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\AlterLab
[2009/12/25 17:45:18 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\AlwaysNeat
[2010/11/04 17:53:22 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\Anarchy
[2009/12/25 17:45:18 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\Ancient Quest of Saqqarah__bfg
[2009/12/25 17:45:43 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\ArcadeTown
[2011/09/24 11:45:54 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\Arkadium
[2010/04/11 17:17:56 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\Artogon
[2011/10/01 12:29:58 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\AVG2012
[2010/03/27 20:23:39 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\Big Fish Games
[2009/12/25 17:45:45 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\BloodTies
[2009/12/25 17:45:45 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\Boomzap
[2009/12/25 17:45:45 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\CaribbeanHideaway
[2010/11/25 21:41:58 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\Catalina Marketing Corp
[2009/12/25 17:45:45 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\cerasus.media
[2009/12/25 17:45:47 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\Chicken Chase
[2010/10/20 14:03:22 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\com.Shutterfly.ExpressUploader
[2011/01/15 11:52:04 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\Comcast
[2009/12/25 17:53:00 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\CupcakeCafe
[2009/12/25 17:53:00 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\DivoGames
[2009/12/25 17:53:01 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\EleFun Games
[2009/12/25 17:53:01 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\Enlightenus
[2009/12/25 17:53:01 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\ERS G-Studio
[2010/05/22 13:43:20 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\Facebook
[2010/03/10 15:58:03 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\Farm Mania 2
[2011/09/14 12:49:11 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\Flood Light Games
[2009/12/25 17:53:01 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\FloodLightGames
[2009/12/25 17:53:01 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\FlowPlay
[2009/12/25 17:53:01 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\ForgottenRiddles
[2009/12/25 17:53:02 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\Friday's games
[2011/07/11 16:17:47 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\Fuel Industries
[2009/12/25 17:53:02 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\funkitron
[2009/12/25 17:53:02 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\Gaijin Ent
[2009/12/25 17:53:02 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\Game Mill Entertainment
[2009/12/25 17:53:02 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\GameHouse
[2009/12/25 17:53:02 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\GameInvest
[2009/12/25 17:53:02 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\Gamelab
[2009/12/25 17:53:02 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\Games
[2009/12/25 17:53:03 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\GamesCafe
[2009/12/25 17:53:03 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\GAMESHASTRA
[2009/12/25 17:53:09 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\gemsweeperextractedgfx
[2009/12/25 17:53:29 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\GetRightToGo
[2009/12/25 17:53:29 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\Go-Go Gourmet Chef of the Year
[2009/12/25 17:53:29 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\Gogii Games
[2009/12/25 17:53:29 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\Gold Casual Games
[2009/12/25 17:53:29 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\HiT-MM
[2009/12/25 17:53:29 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\iWin
[2009/12/25 17:53:30 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\IWin_Janes_Realty
[2010/11/10 23:10:17 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\JacquieLawsonAdventCalendar
[2009/12/25 17:53:30 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\Jane s Hotel
[2009/12/25 17:53:30 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\Jane s Hotel Family Hero
[2011/06/14 23:30:30 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\Jane s Hotel 3
[2010/04/21 14:32:39 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\Janes Realty2
[2009/12/25 17:53:30 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\JoyBits
[2009/12/25 17:53:30 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\Leadertech
[2009/12/25 17:53:30 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\Legends of pirates
[2011/09/14 12:47:20 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\Ludia
[2009/12/25 17:54:20 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\Magic Academy
[2009/12/25 17:54:20 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\Mean Hamster
[2009/12/25 17:54:21 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\MegaplexMadnessSummerBlockbuster
[2009/12/25 17:54:22 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\Meridian93
[2009/12/25 17:54:27 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\My Games
[2010/03/20 18:40:33 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\MysteryStudio
[2009/12/25 17:54:28 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\Mysteryville2
[2009/12/25 17:54:28 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\Oberon Games
[2009/12/25 17:54:28 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\Oberonv1001
[2009/12/25 17:54:28 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\Ohana Games
[2011/06/17 12:09:03 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\OpenCandy
[2009/12/25 17:54:28 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\Peace Craft
[2009/12/25 17:54:28 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\pixelStorm
[2011/09/16 20:50:12 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\PlayFirst
[2009/12/25 17:54:33 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\Playrix Entertainment
[2009/12/25 17:54:33 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\Pogo Games
[2009/12/25 17:54:40 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\Remind-Me
[2009/12/25 17:54:41 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\Restorer
[2009/12/25 17:54:41 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\Righteous Kill
[2009/12/25 17:54:41 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\Sandlot Games
[2009/12/25 17:54:41 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\Shape games
[2009/12/25 17:54:41 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\Skip-Bo
[2011/09/17 15:42:05 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\Smilebox
[2009/12/25 17:54:42 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\Snapfish
[2009/12/25 03:22:11 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\Spearit
[2009/12/25 17:54:42 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\SpinTop
[2010/12/05 18:29:46 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\SpinTop Games
[2009/12/25 17:54:42 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\SprillBermudeEng
[2009/12/25 17:54:43 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\SultansLabyrinth
[2009/12/25 17:54:43 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\SulusGames
[2010/03/12 15:33:01 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\SystemRequirementsLab
[2009/12/25 17:57:17 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\TMInc
[2011/09/28 13:09:15 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\TuneUpMedia
[2009/12/25 17:57:18 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\Ubisoft
[2009/12/25 17:57:18 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\UNOUndercover
[2009/12/25 17:57:18 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\Valusoft
[2009/12/25 17:57:18 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\Viewpoint
[2009/12/25 17:57:20 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\ViquaSoft
[2009/12/25 17:57:20 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\Vso
[2009/12/25 17:57:21 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\Wildfire
[2010/11/02 15:13:53 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\Windows Live Writer
[2009/12/25 17:57:21 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\Winv1001
[2009/12/25 17:57:21 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\World-LooM
[2009/12/25 17:57:21 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\Zylom
[2011/09/01 09:51:32 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:2B17293E
@Alternate Data Stream - 97 bytes -> C:\ProgramData\TEMP:2CDA7452
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:04B74CC5
@Alternate Data Stream - 237 bytes -> C:\ProgramData\TEMP:76463A36
@Alternate Data Stream - 227 bytes -> C:\ProgramData\TEMP:F1F85068
@Alternate Data Stream - 218 bytes -> C:\ProgramData\TEMP:F2CEC0E8
@Alternate Data Stream - 218 bytes -> C:\ProgramData\TEMP:0AC32449
@Alternate Data Stream - 216 bytes -> C:\ProgramData\TEMP:91AE1431
@Alternate Data Stream - 201 bytes -> C:\ProgramData\TEMP:090FB735
@Alternate Data Stream - 195 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 193 bytes -> C:\ProgramData\TEMP:260575F1
@Alternate Data Stream - 168608 bytes -> C:\Users\Cindy\Fwd_ CareFirst Presentation for Employees on July 16th.eml:OECustomProperty
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:FA8B212D
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:CBB29B31
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:3612C9BE
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:99A08063
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:81413F67
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:CE8389BF
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:56EE2CAF
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:D8A7F3FF
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:AA341DB1
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:96646EC1
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:93C059AC
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:8B4B9596
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:4436787A
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:AAC11624
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:87FA5E8A
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:AE3F58B2
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:C564D997
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:5E3FBF9D
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:73828A71
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:695CE4C3
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:D8ECCA3E
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:C0D722EB
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:E21D3CA0
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:D6BEA85D
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:B0D0266B
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:A02025CE
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:03D08225
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:4A966CC2
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:C4A5EA85
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:D1D657D4
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:0AA21473
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:83D58AD2
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:439E3411
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:B30D9A49
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:81653DC8
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:78CC8F21
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:5FFC2819
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:41099CE9
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:A1A1140A
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:4DA79A6D
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:D67A3B22
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:80FB368D
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:3F7C1917
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:1C5E1FAF
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:BC9021B2
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:641C3888
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:DF30C7A6
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:CFF6B3FF
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:B1873334
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5E940C31
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:029F2105
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:BB8B6B1E
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:B8761AAB
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:25FBE882
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:B24930D4
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:3790BACD
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:0003CD2A
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:FC4F167A
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:766442E5
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:E40EED9B
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:C6798065
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:6D192E3A
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:0C4D34AD
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:294F888B
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:224A6852
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:5049D4A9
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:E027C556
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:32AAC70D
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:2363F68A
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:989D0733

< End of report >
  • 0

Advertisements


#2
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me Agent ST for short), it's a pleasure to meet you. :yes:

I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:


  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together :)
    Because of this, you must reply within three days
    failure to reply will result in the topic being closed!
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________

Running TDSSKiller

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.



NEXT:



Re-Running OTL

We need to create a New FULL OTL Report
  • Please download OTL from here if you have not done so already:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "SafeList"
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized

  • 0

#3
umdad06

umdad06

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Here are 2 log files from TDSKiller followed by 2 log files from OTL:

15:28:21.0140 6024 TDSS rootkit removing tool 2.6.5.0 Oct 5 2011 20:52:46
15:28:21.0505 6024 ============================================================
15:28:21.0505 6024 Current date / time: 2011/10/06 15:28:21.0505
15:28:21.0505 6024 SystemInfo:
15:28:21.0505 6024
15:28:21.0506 6024 OS Version: 6.1.7601 ServicePack: 1.0
15:28:21.0506 6024 Product type: Workstation
15:28:21.0506 6024 ComputerName: CINDY-PC
15:28:21.0506 6024 UserName: Cindy
15:28:21.0506 6024 Windows directory: C:\Windows
15:28:21.0506 6024 System windows directory: C:\Windows
15:28:21.0506 6024 Running under WOW64
15:28:21.0506 6024 Processor architecture: Intel x64
15:28:21.0506 6024 Number of processors: 2
15:28:21.0507 6024 Page size: 0x1000
15:28:21.0507 6024 Boot type: Normal boot
15:28:21.0507 6024 ============================================================
15:28:33.0219 6024 Initialize success
15:28:39.0262 6992 Deinitialize success

15:29:33.0906 4616 TDSS rootkit removing tool 2.6.5.0 Oct 5 2011 20:52:46
15:29:34.0352 4616 ============================================================
15:29:34.0352 4616 Current date / time: 2011/10/06 15:29:34.0352
15:29:34.0352 4616 SystemInfo:
15:29:34.0352 4616
15:29:34.0352 4616 OS Version: 6.1.7601 ServicePack: 1.0
15:29:34.0352 4616 Product type: Workstation
15:29:34.0352 4616 ComputerName: CINDY-PC
15:29:34.0352 4616 UserName: Cindy
15:29:34.0352 4616 Windows directory: C:\Windows
15:29:34.0352 4616 System windows directory: C:\Windows
15:29:34.0353 4616 Running under WOW64
15:29:34.0353 4616 Processor architecture: Intel x64
15:29:34.0353 4616 Number of processors: 2
15:29:34.0353 4616 Page size: 0x1000
15:29:34.0353 4616 Boot type: Normal boot
15:29:34.0353 4616 ============================================================
15:29:39.0500 4616 Initialize success
15:30:22.0868 2496 ============================================================
15:30:22.0868 2496 Scan started
15:30:22.0869 2496 Mode: Manual; SigCheck; TDLFS;
15:30:22.0869 2496 ============================================================
15:30:23.0718 2496 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
15:30:23.0898 2496 1394ohci - ok
15:30:23.0957 2496 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
15:30:23.0980 2496 ACPI - ok
15:30:24.0015 2496 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
15:30:24.0109 2496 AcpiPmi - ok
15:30:24.0220 2496 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
15:30:24.0255 2496 adp94xx - ok
15:30:24.0278 2496 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
15:30:24.0298 2496 adpahci - ok
15:30:24.0315 2496 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
15:30:24.0333 2496 adpu320 - ok
15:30:24.0383 2496 afcdp (3426a6eaa09077f3ab946fb9ceb85d8e) C:\Windows\system32\DRIVERS\afcdp.sys
15:30:24.0468 2496 afcdp - ok
15:30:24.0528 2496 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
15:30:24.0594 2496 AFD - ok
15:30:24.0640 2496 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
15:30:24.0655 2496 agp440 - ok
15:30:24.0671 2496 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
15:30:24.0687 2496 aliide - ok
15:30:24.0714 2496 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
15:30:24.0729 2496 amdide - ok
15:30:24.0757 2496 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
15:30:24.0814 2496 AmdK8 - ok
15:30:24.0823 2496 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
15:30:24.0884 2496 AmdPPM - ok
15:30:24.0974 2496 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
15:30:25.0020 2496 amdsata - ok
15:30:25.0049 2496 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
15:30:25.0081 2496 amdsbs - ok
15:30:25.0099 2496 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
15:30:25.0118 2496 amdxata - ok
15:30:25.0149 2496 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
15:30:25.0385 2496 AppID - ok
15:30:25.0429 2496 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
15:30:25.0445 2496 arc - ok
15:30:25.0463 2496 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
15:30:25.0479 2496 arcsas - ok
15:30:25.0502 2496 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
15:30:25.0655 2496 AsyncMac - ok
15:30:25.0680 2496 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
15:30:25.0694 2496 atapi - ok
15:30:25.0757 2496 AVGIDSDriver (e29ea1a0ec7ab9fa2dc7e75a03f12a4f) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
15:30:25.0773 2496 AVGIDSDriver - ok
15:30:25.0799 2496 AVGIDSEH (f823d184b8e8ffb8da3ead45dbf5bd6a) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
15:30:25.0812 2496 AVGIDSEH - ok
15:30:25.0827 2496 AVGIDSFilter (ed2b25bd7fe35d1944211968842d30da) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
15:30:25.0841 2496 AVGIDSFilter - ok
15:30:25.0883 2496 Avgldx64 (dadfccfb036da99fa83e7e1d29290a6c) C:\Windows\system32\DRIVERS\avgldx64.sys
15:30:25.0900 2496 Avgldx64 - ok
15:30:25.0926 2496 Avgmfx64 (36b1a5843695766eac714daffc5b84d1) C:\Windows\system32\DRIVERS\avgmfx64.sys
15:30:25.0939 2496 Avgmfx64 - ok
15:30:25.0978 2496 Avgrkx64 (1102239fb724527f1febbbbccf6bf313) C:\Windows\system32\DRIVERS\avgrkx64.sys
15:30:25.0991 2496 Avgrkx64 - ok
15:30:26.0013 2496 Avgtdia (11f36d3ea82d9db9aa05a476a210551b) C:\Windows\system32\DRIVERS\avgtdia.sys
15:30:26.0034 2496 Avgtdia - ok
15:30:26.0072 2496 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
15:30:26.0130 2496 b06bdrv - ok
15:30:26.0167 2496 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
15:30:26.0210 2496 b57nd60a - ok
15:30:26.0241 2496 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
15:30:26.0309 2496 Beep - ok
15:30:26.0363 2496 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
15:30:26.0394 2496 blbdrive - ok
15:30:26.0445 2496 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
15:30:26.0495 2496 bowser - ok
15:30:26.0521 2496 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:30:26.0805 2496 BrFiltLo - ok
15:30:26.0813 2496 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:30:26.0842 2496 BrFiltUp - ok
15:30:26.0866 2496 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
15:30:26.0935 2496 Brserid - ok
15:30:26.0944 2496 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
15:30:26.0979 2496 BrSerWdm - ok
15:30:26.0987 2496 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:30:27.0021 2496 BrUsbMdm - ok
15:30:27.0040 2496 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
15:30:27.0069 2496 BrUsbSer - ok
15:30:27.0079 2496 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
15:30:27.0114 2496 BTHMODEM - ok
15:30:27.0153 2496 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
15:30:27.0210 2496 cdfs - ok
15:30:27.0261 2496 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
15:30:27.0305 2496 cdrom - ok
15:30:27.0346 2496 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
15:30:27.0381 2496 circlass - ok
15:30:27.0413 2496 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
15:30:27.0434 2496 CLFS - ok
15:30:27.0474 2496 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
15:30:27.0510 2496 CmBatt - ok
15:30:27.0537 2496 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
15:30:27.0553 2496 cmdide - ok
15:30:27.0583 2496 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
15:30:27.0616 2496 CNG - ok
15:30:27.0634 2496 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
15:30:27.0649 2496 Compbatt - ok
15:30:27.0680 2496 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
15:30:27.0718 2496 CompositeBus - ok
15:30:27.0741 2496 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
15:30:27.0757 2496 crcdisk - ok
15:30:27.0813 2496 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
15:30:27.0868 2496 DfsC - ok
15:30:27.0895 2496 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
15:30:27.0950 2496 discache - ok
15:30:27.0985 2496 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
15:30:28.0001 2496 Disk - ok
15:30:28.0053 2496 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
15:30:28.0089 2496 Dot4 - ok
15:30:28.0135 2496 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\drivers\Dot4Prt.sys
15:30:28.0175 2496 Dot4Print - ok
15:30:28.0195 2496 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
15:30:28.0230 2496 dot4usb - ok
15:30:28.0262 2496 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
15:30:28.0300 2496 drmkaud - ok
15:30:28.0343 2496 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
15:30:28.0382 2496 DXGKrnl - ok
15:30:28.0443 2496 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
15:30:28.0546 2496 ebdrv - ok
15:30:28.0592 2496 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
15:30:28.0626 2496 elxstor - ok
15:30:28.0660 2496 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
15:30:28.0698 2496 ErrDev - ok
15:30:28.0725 2496 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
15:30:28.0780 2496 exfat - ok
15:30:28.0807 2496 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
15:30:28.0850 2496 fastfat - ok
15:30:28.0871 2496 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
15:30:28.0903 2496 fdc - ok
15:30:28.0924 2496 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
15:30:28.0941 2496 FileInfo - ok
15:30:28.0954 2496 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
15:30:29.0011 2496 Filetrace - ok
15:30:29.0045 2496 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
15:30:29.0066 2496 flpydisk - ok
15:30:29.0115 2496 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
15:30:29.0135 2496 FltMgr - ok
15:30:29.0157 2496 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
15:30:29.0172 2496 FsDepends - ok
15:30:29.0182 2496 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
15:30:29.0198 2496 Fs_Rec - ok
15:30:29.0237 2496 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
15:30:29.0257 2496 fvevol - ok
15:30:29.0284 2496 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
15:30:29.0300 2496 gagp30kx - ok
15:30:29.0324 2496 gdrv - ok
15:30:29.0370 2496 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:30:29.0382 2496 GEARAspiWDM - ok
15:30:29.0423 2496 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
15:30:29.0459 2496 hcw85cir - ok
15:30:29.0505 2496 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
15:30:29.0547 2496 HdAudAddService - ok
15:30:29.0578 2496 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
15:30:29.0613 2496 HDAudBus - ok
15:30:29.0621 2496 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
15:30:29.0643 2496 HidBatt - ok
15:30:29.0653 2496 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
15:30:29.0694 2496 HidBth - ok
15:30:29.0713 2496 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
15:30:29.0736 2496 HidIr - ok
15:30:29.0759 2496 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
15:30:29.0779 2496 HidUsb - ok
15:30:29.0805 2496 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
15:30:29.0822 2496 HpSAMD - ok
15:30:29.0871 2496 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
15:30:29.0945 2496 HTTP - ok
15:30:29.0976 2496 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
15:30:29.0991 2496 hwpolicy - ok
15:30:30.0046 2496 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
15:30:30.0067 2496 i8042prt - ok
15:30:30.0104 2496 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
15:30:30.0137 2496 iaStorV - ok
15:30:30.0281 2496 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
15:30:30.0451 2496 igfx - ok
15:30:30.0482 2496 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
15:30:30.0497 2496 iirsp - ok
15:30:30.0537 2496 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
15:30:30.0553 2496 intelide - ok
15:30:30.0572 2496 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
15:30:30.0605 2496 intelppm - ok
15:30:30.0635 2496 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:30:30.0688 2496 IpFilterDriver - ok
15:30:30.0713 2496 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
15:30:30.0748 2496 IPMIDRV - ok
15:30:30.0764 2496 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
15:30:30.0820 2496 IPNAT - ok
15:30:30.0861 2496 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
15:30:30.0927 2496 IRENUM - ok
15:30:30.0964 2496 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
15:30:30.0989 2496 isapnp - ok
15:30:31.0031 2496 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
15:30:31.0052 2496 iScsiPrt - ok
15:30:31.0136 2496 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
15:30:31.0161 2496 kbdclass - ok
15:30:31.0193 2496 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
15:30:31.0229 2496 kbdhid - ok
15:30:31.0262 2496 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
15:30:31.0278 2496 KSecDD - ok
15:30:31.0315 2496 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
15:30:31.0333 2496 KSecPkg - ok
15:30:31.0348 2496 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
15:30:31.0413 2496 ksthunk - ok
15:30:31.0460 2496 L1C (2377ec4cc3e356655b996f39b43486b6) C:\Windows\system32\DRIVERS\L1C62x64.sys
15:30:31.0496 2496 L1C - ok
15:30:31.0549 2496 LHidFilt (b6552d382ff070b4ed34cbd6737277c0) C:\Windows\system32\DRIVERS\LHidFilt.Sys
15:30:31.0563 2496 LHidFilt - ok
15:30:31.0587 2496 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
15:30:31.0640 2496 lltdio - ok
15:30:31.0678 2496 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
15:30:31.0694 2496 LSI_FC - ok
15:30:31.0708 2496 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
15:30:31.0726 2496 LSI_SAS - ok
15:30:31.0746 2496 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:30:31.0762 2496 LSI_SAS2 - ok
15:30:31.0790 2496 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:30:31.0807 2496 LSI_SCSI - ok
15:30:31.0839 2496 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
15:30:31.0891 2496 luafv - ok
15:30:31.0902 2496 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
15:30:31.0920 2496 megasas - ok
15:30:31.0952 2496 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
15:30:31.0972 2496 MegaSR - ok
15:30:32.0001 2496 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
15:30:32.0052 2496 Modem - ok
15:30:32.0076 2496 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
15:30:32.0113 2496 monitor - ok
15:30:32.0143 2496 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
15:30:32.0159 2496 mouclass - ok
15:30:32.0172 2496 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
15:30:32.0193 2496 mouhid - ok
15:30:32.0224 2496 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
15:30:32.0241 2496 mountmgr - ok
15:30:32.0266 2496 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
15:30:32.0284 2496 mpio - ok
15:30:32.0307 2496 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
15:30:32.0362 2496 mpsdrv - ok
15:30:32.0390 2496 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
15:30:32.0469 2496 MRxDAV - ok
15:30:32.0502 2496 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:30:32.0536 2496 mrxsmb - ok
15:30:32.0565 2496 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:30:32.0597 2496 mrxsmb10 - ok
15:30:32.0617 2496 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:30:32.0638 2496 mrxsmb20 - ok
15:30:32.0668 2496 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
15:30:32.0683 2496 msahci - ok
15:30:32.0715 2496 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
15:30:32.0733 2496 msdsm - ok
15:30:32.0758 2496 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
15:30:32.0802 2496 Msfs - ok
15:30:32.0826 2496 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
15:30:32.0879 2496 mshidkmdf - ok
15:30:32.0907 2496 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
15:30:32.0922 2496 msisadrv - ok
15:30:32.0959 2496 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
15:30:33.0013 2496 MSKSSRV - ok
15:30:33.0036 2496 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
15:30:33.0084 2496 MSPCLOCK - ok
15:30:33.0102 2496 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
15:30:33.0161 2496 MSPQM - ok
15:30:33.0192 2496 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
15:30:33.0213 2496 MsRPC - ok
15:30:33.0228 2496 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
15:30:33.0245 2496 mssmbios - ok
15:30:33.0263 2496 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
15:30:33.0315 2496 MSTEE - ok
15:30:33.0334 2496 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
15:30:33.0369 2496 MTConfig - ok
15:30:33.0394 2496 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
15:30:33.0411 2496 Mup - ok
15:30:33.0439 2496 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
15:30:33.0481 2496 NativeWifiP - ok
15:30:33.0534 2496 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
15:30:33.0574 2496 NDIS - ok
15:30:33.0599 2496 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
15:30:33.0641 2496 NdisCap - ok
15:30:33.0669 2496 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
15:30:33.0725 2496 NdisTapi - ok
15:30:33.0767 2496 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
15:30:33.0816 2496 Ndisuio - ok
15:30:33.0849 2496 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
15:30:33.0901 2496 NdisWan - ok
15:30:33.0929 2496 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
15:30:33.0986 2496 NDProxy - ok
15:30:34.0022 2496 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
15:30:34.0080 2496 NetBIOS - ok
15:30:34.0111 2496 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
15:30:34.0156 2496 NetBT - ok
15:30:34.0193 2496 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
15:30:34.0209 2496 nfrd960 - ok
15:30:34.0247 2496 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
15:30:34.0297 2496 Npfs - ok
15:30:34.0317 2496 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
15:30:34.0372 2496 nsiproxy - ok
15:30:34.0421 2496 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
15:30:34.0474 2496 Ntfs - ok
15:30:34.0505 2496 NuidFltr (d4012918d3a3847b44b888d56bc095d6) C:\Windows\system32\DRIVERS\NuidFltr.sys
15:30:34.0519 2496 NuidFltr - ok
15:30:34.0531 2496 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
15:30:34.0595 2496 Null - ok
15:30:34.0844 2496 nvlddmkm (6f9cbe52517660b68694accee35ec4d5) C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:30:35.0178 2496 nvlddmkm - ok
15:30:35.0246 2496 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
15:30:35.0271 2496 nvraid - ok
15:30:35.0315 2496 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
15:30:35.0349 2496 nvstor - ok
15:30:35.0375 2496 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
15:30:35.0392 2496 nv_agp - ok
15:30:35.0422 2496 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
15:30:35.0458 2496 ohci1394 - ok
15:30:35.0500 2496 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
15:30:35.0521 2496 Parport - ok
15:30:35.0551 2496 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
15:30:35.0567 2496 partmgr - ok
15:30:35.0592 2496 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
15:30:35.0609 2496 pci - ok
15:30:35.0626 2496 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
15:30:35.0640 2496 pciide - ok
15:30:35.0661 2496 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
15:30:35.0679 2496 pcmcia - ok
15:30:35.0749 2496 PCTCore (b00029a297e54c2e2f169d83448b8508) C:\Windows\system32\drivers\PCTCore64.sys
15:30:35.0773 2496 PCTCore - ok
15:30:35.0805 2496 pctDS (ff43e3b1687e4e2140de6349ea5c7372) C:\Windows\system32\drivers\pctDS64.sys
15:30:35.0842 2496 pctDS - ok
15:30:35.0865 2496 pctEFA (60e9a05852af7e9cb11237c00aee4ccf) C:\Windows\system32\drivers\pctEFA64.sys
15:30:35.0891 2496 pctEFA - ok
15:30:35.0912 2496 pctgntdi (35ec9e1f64f4b59064ee80b16f71bd89) C:\Windows\System32\drivers\pctgntdi64.sys
15:30:35.0929 2496 pctgntdi - ok
15:30:35.0961 2496 pctplsg (8bbc867ef6ceacbaaa5e2f8075c61aac) C:\Windows\System32\drivers\pctplsg64.sys
15:30:35.0975 2496 pctplsg - ok
15:30:36.0018 2496 PCTSD (dea3e7a33e268d4f1fbb4516c784646b) C:\Windows\system32\Drivers\PCTSD64.sys
15:30:36.0034 2496 PCTSD - ok
15:30:36.0051 2496 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
15:30:36.0066 2496 pcw - ok
15:30:36.0090 2496 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
15:30:36.0153 2496 PEAUTH - ok
15:30:36.0237 2496 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
15:30:36.0286 2496 PptpMiniport - ok
15:30:36.0310 2496 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
15:30:36.0341 2496 Processor - ok
15:30:36.0404 2496 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
15:30:36.0464 2496 Psched - ok
15:30:36.0519 2496 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
15:30:36.0593 2496 ql2300 - ok
15:30:36.0611 2496 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
15:30:36.0630 2496 ql40xx - ok
15:30:36.0648 2496 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
15:30:36.0692 2496 QWAVEdrv - ok
15:30:36.0716 2496 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
15:30:36.0763 2496 RasAcd - ok
15:30:36.0787 2496 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:30:36.0833 2496 RasAgileVpn - ok
15:30:36.0876 2496 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:30:36.0939 2496 Rasl2tp - ok
15:30:36.0966 2496 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
15:30:37.0029 2496 RasPppoe - ok
15:30:37.0053 2496 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
15:30:37.0103 2496 RasSstp - ok
15:30:37.0147 2496 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
15:30:37.0211 2496 rdbss - ok
15:30:37.0233 2496 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
15:30:37.0271 2496 rdpbus - ok
15:30:37.0291 2496 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:30:37.0342 2496 RDPCDD - ok
15:30:37.0363 2496 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
15:30:37.0424 2496 RDPENCDD - ok
15:30:37.0449 2496 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
15:30:37.0499 2496 RDPREFMP - ok
15:30:37.0532 2496 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
15:30:37.0575 2496 RDPWD - ok
15:30:37.0613 2496 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
15:30:37.0631 2496 rdyboost - ok
15:30:37.0674 2496 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
15:30:37.0729 2496 rspndr - ok
15:30:37.0762 2496 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
15:30:37.0779 2496 sbp2port - ok
15:30:37.0811 2496 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
15:30:37.0865 2496 scfilter - ok
15:30:37.0903 2496 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
15:30:37.0957 2496 secdrv - ok
15:30:38.0020 2496 Ser2pl (749502a6c51116a6229cf7536181907f) C:\Windows\system32\DRIVERS\ser2pl64.sys
15:30:38.0054 2496 Ser2pl - ok
15:30:38.0087 2496 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
15:30:38.0124 2496 Serenum - ok
15:30:38.0155 2496 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
15:30:38.0175 2496 Serial - ok
15:30:38.0206 2496 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
15:30:38.0243 2496 sermouse - ok
15:30:38.0275 2496 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
15:30:38.0306 2496 sffdisk - ok
15:30:38.0324 2496 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
15:30:38.0361 2496 sffp_mmc - ok
15:30:38.0377 2496 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
15:30:38.0410 2496 sffp_sd - ok
15:30:38.0434 2496 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
15:30:38.0462 2496 sfloppy - ok
15:30:38.0499 2496 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:30:38.0515 2496 SiSRaid2 - ok
15:30:38.0535 2496 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
15:30:38.0550 2496 SiSRaid4 - ok
15:30:38.0598 2496 SIUSBXP (50aad2a07bd8b90a8cfb4f6d7a4d165a) C:\Windows\system32\drivers\SiUSBXp.sys
15:30:38.0632 2496 SIUSBXP - ok
15:30:38.0651 2496 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
15:30:38.0691 2496 Smb - ok
15:30:38.0751 2496 snapman (446eb38ce4a6d040f548b2f547ca96ff) C:\Windows\system32\DRIVERS\snapman.sys
15:30:38.0767 2496 snapman - ok
15:30:38.0795 2496 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
15:30:38.0811 2496 spldr - ok
15:30:38.0859 2496 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
15:30:38.0896 2496 srv - ok
15:30:38.0934 2496 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
15:30:38.0980 2496 srv2 - ok
15:30:39.0009 2496 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
15:30:39.0042 2496 srvnet - ok
15:30:39.0082 2496 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
15:30:39.0097 2496 stexstor - ok
15:30:39.0144 2496 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
15:30:39.0160 2496 swenum - ok
15:30:39.0233 2496 Tcpip (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\drivers\tcpip.sys
15:30:39.0302 2496 Tcpip - ok
15:30:39.0344 2496 TCPIP6 (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\DRIVERS\tcpip.sys
15:30:39.0384 2496 TCPIP6 - ok
15:30:39.0419 2496 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
15:30:39.0466 2496 tcpipreg - ok
15:30:39.0486 2496 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
15:30:39.0536 2496 TDPIPE - ok
15:30:39.0589 2496 tdrpman251 (df9179b7bdf0c5b71f9c3d93c016bae5) C:\Windows\system32\DRIVERS\tdrpm251.sys
15:30:39.0638 2496 tdrpman251 - ok
15:30:39.0655 2496 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
15:30:39.0706 2496 TDTCP - ok
15:30:39.0759 2496 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
15:30:39.0808 2496 tdx - ok
15:30:39.0840 2496 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
15:30:39.0856 2496 TermDD - ok
15:30:39.0912 2496 TfFsMon (d2df419972ceb50af29309a1beb24eff) C:\Windows\system32\drivers\TfFsMon.sys
15:30:39.0926 2496 TfFsMon - ok
15:30:39.0960 2496 TfNetMon (3c98592982c41a6c6cccccdf1d0c1881) C:\Windows\system32\drivers\TfNetMon.sys
15:30:39.0973 2496 TfNetMon - ok
15:30:39.0986 2496 TFSysMon (6b9e882313f9ee9a41843077fc764196) C:\Windows\system32\drivers\TfSysMon.sys
15:30:39.0999 2496 TFSysMon - ok
15:30:40.0060 2496 timounter (f7546ead58cc3000ac02cf9529b9934e) C:\Windows\system32\DRIVERS\timntr.sys
15:30:40.0095 2496 timounter - ok
15:30:40.0138 2496 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:30:40.0191 2496 tssecsrv - ok
15:30:40.0275 2496 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
15:30:40.0318 2496 TsUsbFlt - ok
15:30:40.0369 2496 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
15:30:40.0441 2496 tunnel - ok
15:30:40.0471 2496 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
15:30:40.0488 2496 uagp35 - ok
15:30:40.0524 2496 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
15:30:40.0582 2496 udfs - ok
15:30:40.0616 2496 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
15:30:40.0631 2496 uliagpkx - ok
15:30:40.0670 2496 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
15:30:40.0699 2496 umbus - ok
15:30:40.0720 2496 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
15:30:40.0754 2496 UmPass - ok
15:30:40.0808 2496 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
15:30:40.0845 2496 USBAAPL64 - ok
15:30:40.0881 2496 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
15:30:40.0918 2496 usbaudio - ok
15:30:40.0938 2496 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
15:30:40.0962 2496 usbccgp - ok
15:30:41.0003 2496 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
15:30:41.0035 2496 usbcir - ok
15:30:41.0045 2496 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
15:30:41.0073 2496 usbehci - ok
15:30:41.0104 2496 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
15:30:41.0137 2496 usbhub - ok
15:30:41.0162 2496 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
15:30:41.0185 2496 usbohci - ok
15:30:41.0214 2496 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
15:30:41.0247 2496 usbprint - ok
15:30:41.0273 2496 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:30:41.0309 2496 USBSTOR - ok
15:30:41.0332 2496 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
15:30:41.0363 2496 usbuhci - ok
15:30:41.0417 2496 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
15:30:41.0432 2496 vdrvroot - ok
15:30:41.0451 2496 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
15:30:41.0473 2496 vga - ok
15:30:41.0494 2496 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
15:30:41.0547 2496 VgaSave - ok
15:30:41.0568 2496 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
15:30:41.0586 2496 vhdmp - ok
15:30:41.0615 2496 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
15:30:41.0630 2496 viaide - ok
15:30:41.0649 2496 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
15:30:41.0666 2496 volmgr - ok
15:30:41.0705 2496 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
15:30:41.0738 2496 volmgrx - ok
15:30:41.0770 2496 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
15:30:41.0791 2496 volsnap - ok
15:30:41.0816 2496 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
15:30:41.0834 2496 vsmraid - ok
15:30:41.0878 2496 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
15:30:41.0914 2496 vwifibus - ok
15:30:41.0946 2496 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
15:30:41.0990 2496 WacomPen - ok
15:30:42.0019 2496 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:30:42.0073 2496 WANARP - ok
15:30:42.0086 2496 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:30:42.0125 2496 Wanarpv6 - ok
15:30:42.0182 2496 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
15:30:42.0196 2496 Wd - ok
15:30:42.0225 2496 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
15:30:42.0261 2496 Wdf01000 - ok
15:30:42.0307 2496 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
15:30:42.0349 2496 WfpLwf - ok
15:30:42.0387 2496 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
15:30:42.0403 2496 WIMMount - ok
15:30:42.0473 2496 WinUSB (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.sys
15:30:42.0508 2496 WinUSB - ok
15:30:42.0557 2496 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
15:30:42.0577 2496 WmiAcpi - ok
15:30:42.0608 2496 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
15:30:42.0649 2496 ws2ifsl - ok
15:30:42.0690 2496 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
15:30:42.0743 2496 WudfPf - ok
15:30:42.0767 2496 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:30:42.0823 2496 WUDFRd - ok
15:30:42.0847 2496 MBR (0x1B8) (d8f98fa929a3ce2707b66f8b212f5858) \Device\Harddisk0\DR0
15:30:42.0848 2496 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.a ) - infected
15:30:42.0848 2496 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.a (0)
15:30:42.0897 2496 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
15:30:42.0898 2496 \Device\Harddisk0\DR0 - detected TDSS File System (1)
15:30:42.0903 2496 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR2
15:30:43.0121 2496 \Device\Harddisk2\DR2 - ok
15:30:43.0126 2496 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk3\DR3
15:30:43.0840 2496 \Device\Harddisk3\DR3 - ok
15:30:43.0859 2496 Boot (0x1200) (c4d08183f06b6e9b66b488fd12938701) \Device\Harddisk0\DR0\Partition0
15:30:43.0860 2496 \Device\Harddisk0\DR0\Partition0 - ok
15:30:43.0871 2496 Boot (0x1200) (29a0b1cd263e4339678cf0de21058fc5) \Device\Harddisk0\DR0\Partition1
15:30:43.0872 2496 \Device\Harddisk0\DR0\Partition1 - ok
15:30:43.0875 2496 Boot (0x1200) (f60632978e742fd1de46bd724c865475) \Device\Harddisk2\DR2\Partition0
15:30:43.0876 2496 \Device\Harddisk2\DR2\Partition0 - ok
15:30:43.0881 2496 Boot (0x1200) (f0ce17cbc5f1e9ccca5b0ad063136da3) \Device\Harddisk3\DR3\Partition0
15:30:43.0882 2496 \Device\Harddisk3\DR3\Partition0 - ok
15:30:43.0882 2496 ============================================================
15:30:43.0882 2496 Scan finished
15:30:43.0882 2496 ============================================================
15:30:43.0894 1012 Detected object count: 2
15:30:43.0894 1012 Actual detected object count: 2
15:31:54.0927 1012 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.a ) - will be cured on reboot
15:31:54.0928 1012 \Device\Harddisk0\DR0 - ok
15:31:54.0929 1012 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.a ) - User select action: Cure
15:31:54.0930 1012 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
15:31:54.0930 1012 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
15:32:25.0949 0820 Deinitialize success


OTL logfile created on: 10/6/2011 3:41:52 PM - Run 2
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Cindy\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.27 Gb Available Physical Memory | 56.68% Memory free
8.00 Gb Paging File | 6.11 Gb Available in Paging File | 76.47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.79 Gb Total Space | 151.96 Gb Free Space | 65.28% Space Free | Partition Type: NTFS
Drive J: | 3.73 Gb Total Space | 0.01 Gb Free Space | 0.14% Space Free | Partition Type: FAT32
Drive K: | 189.91 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: NTFS

Computer Name: CINDY-PC | User Name: Cindy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/04 19:40:12 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Cindy\Downloads\OTL.exe
PRC - [2011/10/01 12:30:56 | 000,246,600 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe
PRC - [2011/09/29 02:53:40 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/09/23 06:31:50 | 002,404,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2011/09/12 06:23:46 | 005,265,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/08/25 01:25:28 | 000,313,160 | ---- | M] (Smilebox, Inc.) -- C:\Users\Cindy\AppData\Roaming\Smilebox\SmileboxTray.exe
PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/07/11 05:13:26 | 000,786,040 | ---- | M] (Fitbit, Inc.) -- C:\Program Files (x86)\Fitbit\fitbit.exe
PRC - [2011/07/11 05:13:20 | 002,162,296 | ---- | M] (Fitbit, Inc.) -- C:\Program Files (x86)\Fitbit\fitbit-tray.exe
PRC - [2011/07/07 11:39:10 | 001,600,984 | ---- | M] (PC Tools) -- C:\Program Files (x86)\PC Tools Security\pctsGui.exe
PRC - [2011/04/06 16:53:36 | 001,117,144 | ---- | M] (PC Tools) -- C:\Program Files (x86)\PC Tools Security\pctsSvc.exe
PRC - [2011/02/18 11:14:04 | 000,371,472 | ---- | M] (PC Tools) -- C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe
PRC - [2011/01/20 13:27:12 | 000,070,928 | ---- | M] (PC Tools) -- C:\Program Files (x86)\PC Tools Security\TFEngine\TFService.exe
PRC - [2010/09/02 11:38:28 | 000,176,408 | ---- | M] (iWin Inc.) -- C:\Program Files (x86)\iWin Games\iWinTrusted.exe
PRC - [2010/01/03 00:51:28 | 002,326,920 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2009/09/12 17:31:36 | 000,357,384 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2009/09/12 17:30:48 | 005,048,488 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2009/07/20 04:00:00 | 000,077,824 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
PRC - [2008/11/11 17:12:14 | 000,639,488 | ---- | M] (Beiley Software Inc.) -- C:\Program Files (x86)\Remind-Me\RemindMe.exe
PRC - [2008/06/24 17:06:06 | 001,840,424 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2005/05/09 19:16:15 | 000,192,512 | ---- | M] (Simple Star, Inc.) -- C:\Program Files (x86)\Comcast\Comcast PhotoShow 4\data\Xtras\mssysmgr.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/29 02:53:40 | 001,833,944 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/09/28 10:49:31 | 006,277,280 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/07/20 04:00:00 | 000,077,824 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/07/20 12:36:14 | 000,160,784 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/10/01 12:30:56 | 000,246,600 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe -- (vToolbarUpdater)
SRV - [2011/09/12 06:23:46 | 005,265,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/07/26 10:16:02 | 001,025,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011/07/11 05:13:26 | 000,786,040 | ---- | M] (Fitbit, Inc.) [Auto | Running] -- C:\Program Files (x86)\Fitbit\fitbit.exe -- (Fitbit)
SRV - [2011/04/06 16:53:36 | 001,117,144 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - [2011/02/18 11:14:04 | 000,371,472 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2011/01/20 13:27:12 | 000,070,928 | ---- | M] (PC Tools) [On_Demand | Running] -- C:\Program Files (x86)\PC Tools Security\TFEngine\TFService.exe -- (ThreatFire)
SRV - [2010/09/02 11:38:28 | 000,176,408 | ---- | M] (iWin Inc.) [Auto | Running] -- C:\Program Files (x86)\iWin Games\iWinTrusted.exe -- (iWinTrusted)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/03 00:51:28 | 002,326,920 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2009/09/12 17:32:46 | 000,891,432 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/07/18 13:13:20 | 000,053,760 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Windows\SysWOW64\HPZipm12.dll -- (Pml Driver HPZ12)
SRV - [2008/07/18 13:13:20 | 000,044,032 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Windows\SysWOW64\HPZinw12.dll -- (Net Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/09/13 06:30:08 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/08/08 06:08:58 | 000,046,672 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/07/11 12:02:34 | 000,282,440 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PCTCore64.sys -- (PCTCore)
DRV:64bit: - [2011/07/11 09:07:46 | 000,092,896 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pctplsg64.sys -- (pctplsg)
DRV:64bit: - [2011/07/11 09:05:44 | 000,337,048 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\pctgntdi64.sys -- (pctgntdi)
DRV:64bit: - [2011/07/11 01:14:36 | 000,375,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2011/07/11 01:14:08 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/07/11 01:14:06 | 000,120,400 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/07/11 01:14:06 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:64bit: - [2011/07/11 01:13:44 | 000,282,704 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/04/30 04:34:56 | 000,016,384 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SiUSBXp.sys -- (SIUSBXP)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/10 09:08:22 | 000,279,344 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\PCTSD64.sys -- (PCTSD)
DRV:64bit: - [2011/01/20 13:27:12 | 000,074,824 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TfSysMon.sys -- (TFSysMon)
DRV:64bit: - [2011/01/20 13:27:12 | 000,065,072 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TfFsMon.sys -- (TfFsMon)
DRV:64bit: - [2011/01/20 13:27:12 | 000,041,888 | --S- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\TfNetMon.sys -- (TfNetMon)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/07/16 14:53:32 | 000,816,016 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\pctEFA64.sys -- (pctEFA)
DRV:64bit: - [2010/06/29 10:35:34 | 000,452,872 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pctDS64.sys -- (pctDS)
DRV:64bit: - [2010/01/03 00:51:29 | 000,250,400 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp)
DRV:64bit: - [2010/01/03 00:51:27 | 001,455,648 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpm251.sys -- (tdrpman251) Acronis Try&Decide and Restore Points filter (build 251)
DRV:64bit: - [2010/01/03 00:51:25 | 000,929,312 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter)
DRV:64bit: - [2010/01/03 00:51:22 | 000,254,496 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2009/07/27 03:04:38 | 000,058,880 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/17 12:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009/06/10 16:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/09 02:14:20 | 000,015,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2007/07/31 20:04:48 | 000,090,112 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ser2pl64.sys -- (Ser2pl)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50525

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50525



IE - HKU\S-1-5-21-4145606269-2082706827-3579644514-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKU\S-1-5-21-4145606269-2082706827-3579644514-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-4145606269-2082706827-3579644514-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-4145606269-2082706827-3579644514-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKU\S-1-5-21-4145606269-2082706827-3579644514-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-4145606269-2082706827-3579644514-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-4145606269-2082706827-3579644514-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-4145606269-2082706827-3579644514-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C2 F4 AA E4 8A 7C CA 01 [binary data]
IE - HKU\S-1-5-21-4145606269-2082706827-3579644514-1000\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKU\S-1-5-21-4145606269-2082706827-3579644514-1000\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-21-4145606269-2082706827-3579644514-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4145606269-2082706827-3579644514-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect...fftrie7&query="
FF - prefs.js..browser.search.selectedEngine: "Yahoo!"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.allmyfaves.com/#"
FF - prefs.js..extensions.enabledItems: {98e34367-8df7-42b4-837b-20b892ff0848}:1.5
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.071301000019
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.5.1344
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.716
FF - prefs.js..keyword.URL: "http://search.aol.co...0TRFFab&query="


FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@artistscope.com/ArtistScope plugin 42,version=4.2.0.0: C:\Program Files (x86)\Mozilla Firefox\plugins
pArtistScope42.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/npmozax: C:\PROGRA~2\MOZILL~1\plugins\ [2011/09/23 17:53:40 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/npracplug;version=1.0.0.0: C:\Program Files (x86)\Real\RealArcade\Plugins\Mozilla\npracplug.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.46: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@research.microsoft.com/HDView: C:\Program Files (x86)\Microsoft Research\HDView for Firefox [2009/12/25 17:11:23 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll File not found
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@artistscope.com/ArtistScope plugin 42,version=4.2.0.0: C:\Program Files (x86)\Mozilla Firefox\plugins
pArtistScope42.dll File not found
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Users\Cindy\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll ( )
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Cindy\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files (x86)\Real\RealPlayer\browserrecord
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/01/02 03:13:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\[email protected] [2011/09/16 23:44:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2011/10/05 10:41:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/10/03 19:28:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/09/23 17:53:40 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/01/02 03:13:26 | 000,000,000 | ---D | M]

[2009/12/17 14:14:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cindy\AppData\Roaming\Mozilla\Extensions
[2009/12/25 17:57:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\1j83mpwp.default\extensions
[2009/12/25 17:57:33 | 000,000,000 | ---D | M] (Coupon Manager) -- C:\Users\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\1j83mpwp.default\extensions\{0C7E3F01-99E9-4095-9BDC-F84724960B57}
[2009/12/25 17:57:37 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\1j83mpwp.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/12/25 17:57:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\1j83mpwp.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
[2009/12/25 17:57:32 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\1j83mpwp.default\extensions\[email protected]
[2009/12/25 17:57:32 | 000,000,000 | ---D | M] (Oberon Game Host) -- C:\Users\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\1j83mpwp.default\extensions\[email protected]
[2010/10/31 12:26:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\oi6da432.default\extensions
[2008/11/13 00:45:51 | 000,001,739 | ---- | M] () -- C:\Users\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\1j83mpwp.default\searchplugins\aim-search.xml
[2008/03/13 09:43:14 | 000,001,877 | ---- | M] () -- C:\Users\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\1j83mpwp.default\searchplugins\aolsearch.xml
[2011/10/01 12:30:54 | 000,003,674 | ---- | M] () -- C:\Users\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\1j83mpwp.default\searchplugins\avg-secure-search.xml
[2008/07/12 19:43:11 | 000,000,653 | ---- | M] () -- C:\Users\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\1j83mpwp.default\searchplugins\yahoo-search.xml
[2011/10/03 19:28:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2009/12/25 17:14:55 | 000,000,000 | ---D | M] (OneStep Search) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{C7E0B063-1DC2-4DD0-A502-1D67957B9ADE}
[2010/10/21 11:42:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/09/23 11:24:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2009/12/25 17:14:54 | 000,000,000 | ---D | M] (RealArcade V3 Plugin) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
File not found (No name found) -- C:\PROGRAM FILES (X86)\AVG\AVG9\FIREFOX
[2010/10/03 15:17:10 | 000,000,000 | ---D | M] (iWinGames Plugin) -- C:\PROGRAM FILES (X86)\IWIN GAMES\FIREFOX
[2011/09/23 11:24:01 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES (X86)\JAVA\JRE6\LIB\DEPLOY\JQS\FF
File not found (No name found) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2011/09/29 02:53:40 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2009/08/21 13:52:46 | 000,180,224 | ---- | M] (The Nielsen Company) -- C:\Program Files (x86)\mozilla firefox\components\nsgkff31_meter6.dll
[2009/01/07 13:16:58 | 000,609,280 | ---- | M] (ArtistScope) -- C:\Program Files (x86)\mozilla firefox\plugins\npArtistScope42.dll
[2010/11/25 21:41:58 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll
[2010/11/25 21:41:58 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol500.dll
[2009/11/19 17:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2011/09/23 11:24:01 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2005/12/05 22:31:00 | 000,114,688 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npmozax.dll
[2009/11/19 17:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
[2008/02/08 17:36:16 | 000,024,673 | ---- | M] (MyWebSearch.com) -- C:\Program Files (x86)\mozilla firefox\plugins\NPMyWebS.dll
[2005/04/27 16:10:49 | 000,102,400 | ---- | M] (RealNetworks) -- C:\Program Files (x86)\mozilla firefox\plugins\npracplug.dll
[2007/04/03 17:44:07 | 000,319,488 | ---- | M] ( ) -- C:\Program Files (x86)\mozilla firefox\plugins\npsnapfish.dll
[2009/06/30 11:19:12 | 000,221,184 | ---- | M] (CNN) -- C:\Program Files (x86)\mozilla firefox\plugins\NPTURNMED.dll
[2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npViewpoint.dll
[2009/07/02 12:19:28 | 000,102,400 | ---- | M] (Zylom) -- C:\Program Files (x86)\mozilla firefox\plugins\npzylomgamesplayer.dll
[2011/09/28 20:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2009/04/07 13:59:38 | 000,000,872 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Yahooober25244253.gif
[2010/05/12 17:36:33 | 000,000,196 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Yahooober25244253.src

========== Chrome ==========

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\13.0.782.220\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\13.0.782.220\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\13.0.782.220\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java™ Platform SE 6 U20 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np32dsw.dll
CHR - plugin: ArtistScope plugin 42 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npArtistScope42.dll
CHR - plugin: CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll
CHR - plugin: CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol500.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
CHR - plugin: My Web Search Plugin Stub (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPMyWebS.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealArcade Mozilla Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npracplug.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: Snapfish Plugin for Firefox (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npsnapfish.dll
CHR - plugin: Turner Media Plugin 1.0.0.10 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPTURNMED.dll
CHR - plugin: AOL Media Playback Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npunagi2.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npViewpoint.dll
CHR - plugin: Zylom Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npzylomgamesplayer.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files (x86)\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files (x86)\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files (x86)\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\Cindy\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\Cindy\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50917.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: AVG Safe Search = C:\Users\Cindy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1390_0\

O1 HOSTS File: ([2011/09/23 17:47:13 | 000,000,826 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKU\S-1-5-21-4145606269-2082706827-3579644514-1000\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll ()
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ISTray] C:\Program Files (x86)\PC Tools Security\pctsGui.exe (PC Tools)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.5.0_10\bin\jusched.exe" File not found
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4145606269-2082706827-3579644514-1000..\Run: [Fitbit Service Monitor] C:\Program Files (x86)\Fitbit\fitbit-tray.exe (Fitbit, Inc.)
O4 - HKU\S-1-5-21-4145606269-2082706827-3579644514-1000..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKU\S-1-5-21-4145606269-2082706827-3579644514-1000..\Run: [PhotoShow Deluxe Media Manager] C:\Program Files (x86)\Comcast\Comcast PhotoShow 4\data\Xtras\mssysmgr.exe (Simple Star, Inc.)
O4 - HKU\S-1-5-21-4145606269-2082706827-3579644514-1000..\Run: [SmileboxTray] C:\Users\Cindy\AppData\Roaming\Smilebox\SmileboxTray.exe (Smilebox, Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Jacquie Lawson Advent Calendar.lnk = C:\Program Files (x86)\Jacquie Lawson Advent Calendar\Jacquie Lawson Advent Calendar\Jacquie Lawson Advent Calendar.exe ()
O4 - Startup: C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RemindMe.lnk = C:\Program Files (x86)\Remind-Me\RemindMe.exe (Beiley Software Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-4145606269-2082706827-3579644514-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files (x86)\AIM\aim.exe (America Online, Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O1364bit: - gopher Prefix: missing
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} http://www.ipix.com/viewers/ipixx.cab (Reg Error: Key error.)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files%20(x86)/Cake%20Mania/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Reg Error: Key error.)
O16 - DPF: {4125262D-2E47-11D3-9387-00C04F5B12B1} https://www.backup.c.../webrestore.cab (Reg Error: Key error.)
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} file:///C:/Documents%20and%20Settings/Cindy%20Anno/Local%20Settings/Application%20Data/Oberon%20Media/Oberon%20Games%20Host/DinerDash2.1.0.0.68.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Little%20Shop%20of%20Treasures/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} http://chill.comcast...ronGameHost.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.67.222.222 208.67.220.220 68.87.64.150
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4977E80E-1F36-4EE6-872C-57E3C2F7B987}: DhcpNameServer = 208.67.222.222 208.67.220.220 68.87.64.150
O18:64bit: - Protocol\Handler\avgsecuritytoolbar - No CLSID value found
O18:64bit: - Protocol\Handler\gopher - No CLSID value found
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\sysimage - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wia - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll ()
O18 - Protocol\Handler\wia - No CLSID value found
O18:64bit: - Protocol\Filter\text/webviewhtml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\SysWOW64\ExplorerFrame.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Cindy\My Documents\My Pictures\Picasa Edits\picasabackground.bmp
O24 - Desktop BackupWallPaper: C:\Users\Cindy\My Documents\My Pictures\Picasa Edits\picasabackground.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (auto_reactivate \\?\Volume{453f4783-e961-11de-b096-806e6f6e6963}\bootwiz\asrm.bin)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/06 10:46:04 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{C56995E9-702B-4D3A-9405-ACF39532D4B9}
[2011/10/06 10:45:44 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{EB253294-0BF2-4CF1-9748-1C0EFFAD43DE}
[2011/10/05 14:46:32 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{DF68273A-294A-4608-BA32-C935742EAF69}
[2011/10/05 14:46:22 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{23AC8292-DB1C-4D22-B03F-48DFF12B7DDB}
[2011/10/05 14:43:17 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2011/10/05 10:39:52 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\AVG
[2011/10/04 18:37:07 | 000,000,000 | R-SD | C] -- C:\Users\Cindy\Documents\My Stationery
[2011/10/04 18:33:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2011/10/04 18:20:16 | 000,000,000 | ---D | C] -- C:\Users\Cindy\Desktop\Address Book
[2011/10/04 18:11:00 | 000,000,000 | ---D | C] -- C:\Users\Cindy\Desktop\Mail Backup
[2011/10/04 16:58:25 | 002,717,096 | ---- | C] (Acronis) -- C:\Windows\SysNative\auto_reactivate.exe
[2011/10/04 16:58:01 | 000,000,000 | RHSD | C] -- C:\bootwiz
[2011/10/04 16:13:48 | 000,000,000 | RHSD | C] -- C:\acroldr
[2011/10/04 15:35:55 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{3BE6FEA9-3F67-4B8C-860C-AEFE5C967AFD}
[2011/10/04 11:26:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Screentime
[2011/10/04 11:24:07 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\Screentime
[2011/10/04 11:02:02 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{DFACDC33-5E6B-4B11-A3F8-E20BE262FC9A}
[2011/10/04 11:01:51 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{0D1EF60D-3640-4F40-8147-AE09DE57FAF7}
[2011/10/03 23:01:26 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{D1A3D799-7612-4A11-A973-C4573A0843B7}
[2011/10/03 23:01:05 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{2C739DE0-26FB-4AA1-942E-2859ED03DDEB}
[2011/10/03 11:00:52 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{FF8DC439-79AE-4CD2-84C8-1331D0175436}
[2011/10/03 11:00:31 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{48A9D04E-AE5F-4CAB-8265-48DA4B5197AE}
[2011/10/02 23:00:05 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{532EE5B9-6525-4A12-9E2E-69282CC31993}
[2011/10/02 22:59:44 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{007729D2-B8EF-45C4-8562-953B9A726624}
[2011/10/02 10:59:32 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{F6947E19-B5D6-4897-8926-6DAC72CE0D4E}
[2011/10/02 10:59:11 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{357157C5-A617-4D8B-BE6C-0B922EBE3ED5}
[2011/10/01 22:58:27 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{A6908132-B978-4404-8883-6A523E47A7F3}
[2011/10/01 22:58:05 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{E0A16BD3-7604-4DC8-8217-2D1B02162868}
[2011/10/01 12:31:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2012
[2011/10/01 12:30:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search
[2011/10/01 12:30:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search
[2011/10/01 12:29:58 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Roaming\AVG2012
[2011/10/01 12:29:15 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2011/10/01 10:57:52 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{9E8700AB-827E-43B7-A6DE-F3DB7C6B18B8}
[2011/10/01 10:57:29 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{C02C4732-369A-4A6F-B6AD-59DCE4A30B7E}
[2011/09/30 22:57:03 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{DA4D1F0C-69A5-4ABB-8C11-2AE8A2482A6C}
[2011/09/30 22:56:37 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{4BA9F60D-0C47-4BAE-92F2-7F28AA6DD645}
[2011/09/30 10:56:25 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{164FDF7E-2802-41F1-AF3C-D3617F33BDC0}
[2011/09/30 10:56:04 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{08CB9AF2-89E4-45BD-9D05-60FBD58A28F8}
[2011/09/29 22:55:39 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{5DE3B8D6-A9E5-4A5F-8C2A-38EBACE9EEAF}
[2011/09/29 22:55:17 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{7D570766-9A1B-4505-A57B-C8E9B09044C2}
[2011/09/29 10:54:38 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{F1F69256-2201-48EB-8656-7A597D0DB0AC}
[2011/09/29 10:53:38 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{4A2CC0BE-59D1-4E64-BFDC-41E8B4F61EFF}
[2011/09/28 23:36:26 | 000,000,000 | ---D | C] -- C:\abf1aed52ee70de0790e0332
[2011/09/28 22:48:40 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{E6C52049-2C8A-4406-9A1B-2B47C9DAC108}
[2011/09/28 22:48:18 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{E45470F9-1856-4D01-99CE-FB4C1ACE3699}
[2011/09/28 10:47:51 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{36581CD7-8A3E-4F55-9B47-1DCBF65B205C}
[2011/09/28 10:47:26 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{5A9F4C5F-21AB-4552-B498-E4BDF2157CEF}
[2011/09/27 21:21:43 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{993D7EBC-5E08-4C91-A4CC-7143F899D77E}
[2011/09/27 21:21:20 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{4C7F6A51-F092-4C88-AED7-48635E17F06D}
[2011/09/27 09:20:46 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{255427B9-19EB-45D3-9B0E-D1300CACDA8B}
[2011/09/27 09:20:35 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{32EAA353-A3D3-4903-B4C1-A71B64CB1F79}
[2011/09/26 20:08:19 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{CDE979CC-6036-4413-8B0C-EF75E002C9C5}
[2011/09/26 20:07:57 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{DD5484EF-B9CA-4756-AC07-6A2C61122F56}
[2011/09/26 08:07:17 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{02FC328F-EB78-4886-95A8-038CF6752100}
[2011/09/26 08:06:53 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{E2DC74F6-D5BE-4031-91B3-B0872158E78F}
[2011/09/25 12:26:54 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{95D559F8-C1F1-4039-ACFB-1AD229977A77}
[2011/09/25 12:26:27 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{B6C3B40A-122E-4A07-8AB9-0AF910EEDCB3}
[2011/09/24 12:14:14 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\Microsoft Games
[2011/09/24 11:14:03 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{65F794E7-06E8-4FCA-B592-C7847C7CF697}
[2011/09/24 11:13:39 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{443C87A4-F12F-4DD7-BAD9-5B1D6E61EE7C}
[2011/09/24 11:04:08 | 000,074,824 | --S- | C] (PC Tools) -- C:\Windows\SysNative\drivers\TfSysMon.sys
[2011/09/24 11:04:07 | 000,065,072 | --S- | C] (PC Tools) -- C:\Windows\SysNative\drivers\TfFsMon.sys
[2011/09/24 11:04:07 | 000,041,888 | --S- | C] (PC Tools) -- C:\Windows\SysNative\drivers\TfNetMon.sys
[2011/09/24 11:02:31 | 000,000,000 | ---D | C] -- C:\PROGRAM FILES (X86) (X86)
[2011/09/23 23:05:04 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{4CC3CC18-335A-4AD7-A693-6941A00D11D0}
[2011/09/23 23:04:54 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{1BD98FF5-D61D-4138-9AC4-0604497C1B7A}
[2011/09/23 19:32:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011/09/23 19:32:16 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/09/23 15:40:12 | 000,816,016 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctEFA64.sys
[2011/09/23 15:40:12 | 000,452,872 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctDS64.sys
[2011/09/23 15:40:11 | 000,337,048 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctgntdi64.sys
[2011/09/23 15:40:11 | 000,143,896 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctwfpfilter64.sys
[2011/09/23 15:40:07 | 000,282,440 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTCore64.sys
[2011/09/23 15:40:05 | 000,279,344 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTSD64.sys
[2011/09/23 15:40:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Security
[2011/09/23 15:40:03 | 000,092,896 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctplsg64.sys
[2011/09/23 15:39:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools Security
[2011/09/23 15:39:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2011/09/23 15:38:48 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011/09/23 11:24:07 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011/09/23 11:24:07 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011/09/23 11:24:07 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011/09/23 11:04:29 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{7A5D9427-55B0-4C40-A150-7883D05F20F3}
[2011/09/23 11:04:06 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{3A175B4B-5D40-471D-9E40-8366EBA19AB6}
[2011/09/22 23:03:42 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{C9F758D4-3E4F-4A41-9B1C-3BF17F2AA8E2}
[2011/09/22 23:03:20 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{D60AFC18-C0A1-4263-A5F2-F7619F34F3D0}
[2011/09/22 11:03:09 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{2543675A-AE81-4A50-80FD-CCCA59F8D7C7}
[2011/09/22 11:02:47 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{247F2665-72E0-418C-9F5C-40648275AD16}
[2011/09/21 23:02:23 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{EC278B37-3429-4CA3-A735-A28BFFC689FE}
[2011/09/21 23:02:01 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{92377AF6-B46C-4CD9-9F5E-C52691DEF950}
[2011/09/21 11:01:50 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{86BFFD15-D8DE-44E1-A6C1-2A39AE6CF956}
[2011/09/21 11:01:27 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{9CBE2850-DD16-44E0-A510-08C2F91229BE}
[2011/09/20 23:01:03 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{CBD104D8-1859-42A6-B8C0-BB7C0125A2A6}
[2011/09/20 23:00:40 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{59BB001B-DE2F-43C3-88B5-C9448B3ADBAB}
[2011/09/20 11:00:16 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{74F5B3AA-EAFC-4DDD-BF7F-8EDB0B930E91}
[2011/09/20 11:00:06 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{9872298C-6CA3-4861-B81F-904976FA7F58}
[2011/09/19 22:36:57 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{9E79B26A-0CF6-4AD0-8DFD-AF61A719791C}
[2011/09/19 22:36:36 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{E246FE21-751F-41AD-A9D0-9A9066A0E346}
[2011/09/19 10:36:24 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{CA83594B-D9CC-406E-A742-96843E4D336D}
[2011/09/19 10:36:02 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{9D52673A-3892-48E3-ADAE-8785501EA1C7}
[2011/09/18 11:39:48 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{93274D58-168A-4CBF-BC18-E31E1D290DE3}
[2011/09/18 11:39:07 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{C9E73E4D-C589-4AFF-B1F2-03236BF01E19}
[2011/09/17 11:48:56 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{7E2A02F5-4C00-4F2F-A169-476D61183429}
[2011/09/17 11:48:35 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{69750319-294D-4D78-865F-D212D16B415F}
[2011/09/16 23:05:10 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{F9405F29-A0C6-4171-8092-A6E5413310F0}
[2011/09/16 23:04:49 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{5850E9AA-C866-41A9-BA68-DCCB40181438}
[2011/09/16 20:49:43 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cooking Dash 3 - Thrills and Spills Collector's Edition
[2011/09/16 20:49:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cooking Dash 3 - Thrills and Spills Collector's Edition
[2011/09/16 20:49:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cooking Dash 3 - Thrills and Spills Collector's Edition
[2011/09/16 11:04:37 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{18A2CF0F-53F6-4A26-B6B2-25CF1607E331}
[2011/09/16 11:04:16 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{06BB4E7B-CFE3-4A53-A293-6DA7FC09678B}
[2011/09/15 23:03:50 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{AC5E8C7D-8351-44C8-8027-8A083183E182}
[2011/09/15 23:03:29 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{0DA2C109-F8A6-488F-9A74-62769E127F51}
[2011/09/15 11:03:05 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{9BC06EEE-9F60-4834-9327-0D7DFC2CC5EB}
[2011/09/15 11:02:43 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{D29C7D4D-A736-4735-A501-8C6655EFD604}
[2011/09/14 23:02:19 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{FB6EF3C9-A507-48C4-9FC5-E732146F1B1F}
[2011/09/14 23:01:58 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{F3297B75-1675-439C-A847-07786D957C47}
[2011/09/14 11:01:19 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{DF96F99F-522E-47E6-A26C-25809C11D478}
[2011/09/14 11:00:57 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{D6B7124F-98AA-4C7F-A67D-318D3941E1E4}
[2011/09/13 23:00:33 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{6D62D70E-3B17-4759-B8DC-ABB2F533A985}
[2011/09/13 23:00:11 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{9C790567-C19A-46DD-BBF1-A831A26160AF}
[2011/09/13 10:59:47 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{05B8B97E-C444-472F-BD46-912A81976BA4}
[2011/09/13 10:59:26 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{642D6B36-424B-40D8-80EA-85112E92B117}
[2011/09/13 06:30:08 | 000,037,456 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgrkx64.sys
[2011/09/12 22:59:03 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{B73D2A82-DE50-440C-A80B-2E09DDAB0A24}
[2011/09/12 22:58:42 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{EF89B6F9-A7C3-4893-A430-83891A720EE6}
[2011/09/12 10:58:30 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{B6CEBBEC-24D0-4B04-BAEC-2E1DD0B8AC03}
[2011/09/12 10:58:09 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{538F632A-DC24-4444-9297-1A70A7075639}
[2011/09/11 22:57:45 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{8F4A0724-B7A3-4948-9FCE-27AB56F7294F}
[2011/09/11 22:57:24 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{F02723D9-53F6-4539-9EE9-AE3E380B247E}
[2011/09/11 10:57:08 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{F8764C84-8A37-4DAB-9BBC-20DB15FF9074}
[2011/09/11 10:56:47 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{BBC36761-71AA-485E-8DC8-1B6925BB1B9E}
[2011/09/10 22:56:23 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{C75709B8-0873-4C41-BB05-A6CEE1B8EE04}
[2011/09/10 22:56:02 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{D6B2D42D-BC50-4A78-B46D-1215E2928BDD}
[2011/09/10 10:55:37 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{81993B9B-4351-4B70-94E2-00E5B72C6959}
[2011/09/10 10:55:15 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{62408F22-FDBD-49E1-A8D3-D2BD3E108612}
[2011/09/09 22:45:06 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{2DAA0E33-9443-47FB-9778-D46F730A47A7}
[2011/09/09 22:44:44 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{89A8C12F-DDBC-43F5-AFFA-38FA5E48CCF9}
[2011/09/09 19:36:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2011/09/09 10:44:20 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{666F0DE1-6BAD-4215-9744-B4F0FC36D9B6}
[2011/09/09 10:43:59 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{9074AFCC-7D95-4A81-9EDD-7F4209BB0DDC}
[2011/09/08 22:43:35 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{3F66AB24-281F-41A7-AC54-078C66E87913}
[2011/09/08 22:43:13 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{01B7913C-E2C5-4E63-B0B6-B61004E3D217}
[2011/09/08 10:42:49 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{3D9EC5C3-5A2A-4101-93C1-A455A2BBBE20}
[2011/09/08 10:42:27 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{3F542E82-492C-4DA8-A2A9-31953F12767B}
[2011/09/07 22:42:02 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{DA821A22-F358-49FD-B2FD-3903C213CA56}
[2011/09/07 22:41:52 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{0857729E-C54A-40D1-B01C-342DE79A7F03}
[2011/09/07 10:41:40 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{B19F34EE-39CD-4043-8431-E6031A331BC2}
[2011/09/07 10:41:18 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{0C9E89EE-CDDB-438B-B40F-D80F6D7BBAA6}
[2011/09/06 16:45:11 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{704D04FC-1F51-4BEF-9B88-5A9B8A8BC093}
[2011/09/06 16:44:50 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\{74EB3CF0-2CEE-4CE2-BC64-BE5B4D236FF8}
[2009/11/06 17:12:47 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Cindy\AppData\Roaming\pcouffin.sys
[2009/09/10 16:34:53 | 093,107,496 | ---- | C] (Apple Inc.) -- C:\Program Files (x86)\iTunesSetup.exe
[2009/06/30 11:18:38 | 005,697,032 | ---- | C] (CNN ) -- C:\Program Files (x86)\wmvfirefoxpluginsetup-0.1.675.1923.exe
[2009/05/07 17:17:21 | 043,083,040 | ---- | C] ( ) -- C:\Program Files (x86)\AdbeRdr910_en_US_Std.exe
[2009/01/28 22:24:03 | 001,403,504 | ---- | C] (ArtistScope Pty Ltd) -- C:\Program Files (x86)\ArtistScope_FX_42.exe
[2008/12/02 12:52:57 | 028,868,320 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\FileFormatConverters.exe
[2008/11/15 14:26:10 | 001,878,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Program Files (x86)\install_flash_player.exe
[2008/11/14 18:34:51 | 004,865,408 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\Silverlight.2.0.exe
[2008/10/15 12:08:36 | 067,167,528 | ---- | C] (Apple Inc.) -- C:\Program Files (x86)\iTunes801Setup.exe
[2008/09/23 12:48:30 | 035,124,856 | ---- | C] ( ) -- C:\Program Files (x86)\AdbeRdr90_en_US.exe
[2008/09/06 23:20:12 | 007,499,056 | ---- | C] (Mozilla) -- C:\Program Files (x86)\Firefox Setup 3.0.1.exe
[2008/09/05 22:56:07 | 000,298,096 | ---- | C] (The Weather Channel Interactive) -- C:\Program Files (x86)\desktopsp2_StubInstaller.exe
[2008/07/16 10:57:23 | 000,459,288 | ---- | C] (NetRatings, Inc.) -- C:\Program Files (x86)\netsight_setup_5.1.2.15_MP_Production_mid60234523138_p.exe
[2008/07/15 16:20:40 | 023,766,320 | ---- | C] (Apple Inc.) -- C:\Program Files (x86)\QuickTimeInstaller.exe
[2008/07/04 16:02:20 | 002,814,351 | ---- | C] (FileSubmit) -- C:\Program Files (x86)\celbratfreedomss.exe
[2008/07/02 21:40:06 | 025,755,448 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\wmp11-windowsxp-x86-enu.exe
[2006/11/30 12:21:01 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files (x86)\RngInterstitial.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/06 15:51:01 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/06 15:42:16 | 000,015,008 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/06 15:42:16 | 000,015,008 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/06 15:39:12 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/10/06 15:39:12 | 000,623,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/10/06 15:39:12 | 000,106,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/10/06 15:34:41 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/06 15:34:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/06 15:34:31 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/06 14:20:29 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2011/10/06 10:44:34 | 105,934,562 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2011/10/05 20:52:11 | 000,002,380 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/10/05 18:44:01 | 000,391,222 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2011/10/05 10:41:39 | 000,000,961 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2011/10/05 10:39:52 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2011/10/05 10:39:52 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2011/10/04 19:42:27 | 000,000,000 | ---- | M] () -- C:\Users\Cindy\AppData\Local\prvlcl.dat
[2011/10/04 16:58:25 | 002,717,096 | ---- | M] (Acronis) -- C:\Windows\SysNative\auto_reactivate.exe
[2011/10/04 15:55:42 | 000,001,908 | ---- | M] () -- C:\Windows\diagwrn.xml
[2011/10/04 15:55:42 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml
[2011/10/03 19:28:46 | 000,001,138 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/09/28 10:49:31 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/09/27 11:43:13 | 000,542,660 | ---- | M] () -- C:\Users\Cindy\Documents\1105-Yakima-Street-Cedar-Cove-(1).azw
[2011/09/27 11:41:42 | 000,542,660 | ---- | M] () -- C:\Users\Cindy\Documents\1105-Yakima-Street-Cedar-Cove-.azw
[2011/09/24 23:14:46 | 000,001,000 | ---- | M] () -- C:\Users\Cindy\Desktop\Carrie the Caregiver 2 - Preschool.lnk
[2011/09/24 23:14:31 | 000,000,158 | ---- | M] () -- C:\Users\Cindy\Desktop\Comcast.net Games.url
[2011/09/24 11:43:35 | 000,001,053 | ---- | M] () -- C:\Users\Cindy\Desktop\Mahjongg Dimensions Deluxe - Tiles in Time.lnk
[2011/09/23 19:49:55 | 000,000,095 | ---- | M] () -- C:\Users\Cindy\Desktop\Spyware Warrior Log in.URL
[2011/09/23 19:32:16 | 000,002,975 | ---- | M] () -- C:\Users\Cindy\Desktop\HiJackThis.lnk
[2011/09/23 15:40:34 | 001,796,534 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2011/09/23 15:40:05 | 000,002,074 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2011/09/23 15:38:41 | 000,512,992 | ---- | M] () -- C:\Users\Cindy\Desktop\sdsetup_aff.exe
[2011/09/23 11:24:01 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2011/09/23 11:24:01 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011/09/23 11:24:01 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011/09/23 11:24:01 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011/09/23 01:48:39 | 000,002,010 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/09/17 18:54:39 | 000,001,250 | ---- | M] () -- C:\Users\Public\Desktop\More Great Games.lnk
[2011/09/13 06:30:08 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgrkx64.sys
[2011/09/09 19:32:56 | 000,294,736 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/09/09 12:05:37 | 000,000,868 | ---- | M] () -- C:\Users\Cindy\Desktop\Zombie Bowl-O-Rama.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/05 14:44:33 | 000,001,454 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2011/10/05 10:39:52 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2011/10/05 10:39:52 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2011/10/04 15:55:14 | 000,001,908 | ---- | C] () -- C:\Windows\diagwrn.xml
[2011/10/04 15:55:14 | 000,001,908 | ---- | C] () -- C:\Windows\diagerr.xml
[2011/10/03 19:28:46 | 000,001,150 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/10/03 19:28:46 | 000,001,138 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/10/01 12:31:04 | 000,000,961 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2011/09/27 11:43:13 | 000,542,660 | ---- | C] () -- C:\Users\Cindy\Documents\1105-Yakima-Street-Cedar-Cove-(1).azw
[2011/09/27 11:41:41 | 000,542,660 | ---- | C] () -- C:\Users\Cindy\Documents\1105-Yakima-Street-Cedar-Cove-.azw
[2011/09/24 23:14:46 | 000,001,000 | ---- | C] () -- C:\Users\Cindy\Desktop\Carrie the Caregiver 2 - Preschool.lnk
[2011/09/24 11:43:35 | 000,001,053 | ---- | C] () -- C:\Users\Cindy\Desktop\Mahjongg Dimensions Deluxe - Tiles in Time.lnk
[2011/09/23 19:49:55 | 000,000,095 | ---- | C] () -- C:\Users\Cindy\Desktop\Spyware Warrior Log in.URL
[2011/09/23 19:32:16 | 000,002,975 | ---- | C] () -- C:\Users\Cindy\Desktop\HiJackThis.lnk
[2011/09/23 15:40:13 | 001,796,534 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB
[2011/09/23 15:40:05 | 000,002,074 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2011/09/23 15:38:49 | 000,512,992 | ---- | C] () -- C:\Users\Cindy\Desktop\sdsetup_aff.exe
[2011/09/16 20:50:02 | 000,001,250 | ---- | C] () -- C:\Users\Public\Desktop\More Great Games.lnk
[2011/09/14 10:46:51 | 000,000,898 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/14 10:46:50 | 000,000,894 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/09/09 12:05:37 | 000,000,868 | ---- | C] () -- C:\Users\Cindy\Desktop\Zombie Bowl-O-Rama.lnk
[2010/04/20 23:28:22 | 000,121,408 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2010/03/25 14:26:35 | 000,000,057 | ---- | C] () -- C:\Windows\SysWow64\_profiles.dat
[2010/03/17 18:12:36 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010/03/14 16:09:46 | 000,000,000 | ---- | C] () -- C:\Users\Cindy\AppData\Local\prvlcl.dat
[2010/03/06 14:22:42 | 000,161,628 | ---- | C] () -- C:\Windows\hphins31.dat.temp
[2010/03/06 14:22:42 | 000,000,724 | ---- | C] () -- C:\Windows\hphmdl31.dat.temp
[2010/01/18 13:49:47 | 000,000,081 | ---- | C] () -- C:\Windows\PARSONS.INI
[2010/01/04 19:14:50 | 000,001,571 | ---- | C] () -- C:\Windows\Faxcpp1.ini
[2010/01/04 19:14:50 | 000,000,422 | ---- | C] () -- C:\Windows\Faxcpp.ini
[2010/01/04 19:14:33 | 000,241,664 | ---- | C] () -- C:\Windows\SysWow64\Image32.dll
[2010/01/04 19:14:33 | 000,122,880 | ---- | C] () -- C:\Windows\SysWow64\Png32.dll
[2010/01/04 19:14:33 | 000,110,592 | ---- | C] () -- C:\Windows\SysWow64\Jpeg32.dll
[2010/01/04 19:14:33 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\Tga32.dll
[2010/01/04 19:14:33 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\Pcx32.dll
[2010/01/04 19:14:33 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\Twscan32.dll
[2010/01/02 20:57:40 | 000,000,026 | ---- | C] () -- C:\Windows\Irremote.ini
[2010/01/02 03:09:33 | 000,161,598 | ---- | C] () -- C:\Windows\hphins31.dat
[2010/01/02 03:09:33 | 000,000,724 | ---- | C] () -- C:\Windows\hphmdl31.dat
[2009/12/25 02:56:14 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/12/17 14:14:44 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/12/17 13:50:59 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2009/11/06 17:12:47 | 000,087,608 | ---- | C] () -- C:\Users\Cindy\AppData\Roaming\inst.exe
[2009/11/06 17:12:47 | 000,007,887 | ---- | C] () -- C:\Users\Cindy\AppData\Roaming\pcouffin.cat
[2009/11/06 17:12:47 | 000,001,144 | ---- | C] () -- C:\Users\Cindy\AppData\Roaming\pcouffin.inf
[2009/08/27 03:04:14 | 000,207,400 | R--- | C] () -- C:\Windows\GSetup.exe
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/01/13 09:46:59 | 004,566,456 | ---- | C] () -- C:\Program Files (x86)\Shockwave_Installer_Slim.exe
[2008/11/15 14:26:44 | 000,122,524 | ---- | C] () -- C:\Program Files (x86)\viewer.45.swf
[2008/07/24 21:05:03 | 000,000,000 | ---- | C] () -- C:\Program Files (x86)\LittleShopRoadTripInstall.exe
[2008/07/20 18:32:53 | 001,277,680 | ---- | C] () -- C:\Program Files (x86)\couponprinter.exe
[2008/07/04 16:03:56 | 010,421,744 | ---- | C] () -- C:\Program Files (x86)\AnAmericanTribute.exe
[2008/07/03 23:19:41 | 000,729,240 | ---- | C] () -- C:\Program Files (x86)\Install_HometownHarvest.EXE
[2008/03/05 11:33:04 | 000,000,000 | ---- | C] () -- C:\Program Files (x86)\temp01
[2008/02/28 14:38:23 | 000,002,848 | ---- | C] () -- C:\Users\Cindy\AppData\Roaming\mindhabits.dat
[2007/12/23 12:39:46 | 000,001,362 | ---- | C] () -- C:\ProgramData\QTSBandwidthCache
[2007/01/25 20:31:57 | 000,000,006 | ---- | C] () -- C:\Users\Cindy\AppData\Roaming\dm.ini
[2007/01/01 14:52:22 | 000,061,440 | ---- | C] () -- C:\Windows\uninstall.exe
[2006/11/30 12:33:03 | 000,026,112 | ---- | C] () -- C:\Users\Cindy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/11/22 16:08:19 | 000,001,622 | ---- | C] () -- C:\Users\Cindy\AppData\Local\FASTWiz.html

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:2B17293E
@Alternate Data Stream - 97 bytes -> C:\ProgramData\TEMP:2CDA7452
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:04B74CC5
@Alternate Data Stream - 237 bytes -> C:\ProgramData\TEMP:76463A36
@Alternate Data Stream - 227 bytes -> C:\ProgramData\TEMP:F1F85068
@Alternate Data Stream - 218 bytes -> C:\ProgramData\TEMP:F2CEC0E8
@Alternate Data Stream - 218 bytes -> C:\ProgramData\TEMP:0AC32449
@Alternate Data Stream - 216 bytes -> C:\ProgramData\TEMP:91AE1431
@Alternate Data Stream - 201 bytes -> C:\ProgramData\TEMP:090FB735
@Alternate Data Stream - 195 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 193 bytes -> C:\ProgramData\TEMP:260575F1
@Alternate Data Stream - 168608 bytes -> C:\Users\Cindy\Fwd_ CareFirst Presentation for Employees on July 16th.eml:OECustomProperty
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:FA8B212D
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:CBB29B31
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:3612C9BE
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:99A08063
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:81413F67
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:CE8389BF
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:56EE2CAF
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:D8A7F3FF
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:AA341DB1
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:96646EC1
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:93C059AC
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:8B4B9596
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:4436787A
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:AAC11624
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:87FA5E8A
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:AE3F58B2
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:C564D997
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:5E3FBF9D
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:73828A71
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:695CE4C3
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:D8ECCA3E
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:C0D722EB
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:E21D3CA0
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:D6BEA85D
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:B0D0266B
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:A02025CE
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:03D08225
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:4A966CC2
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:C4A5EA85
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:D1D657D4
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:0AA21473
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:83D58AD2
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:439E3411
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:B30D9A49
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:81653DC8
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:78CC8F21
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:5FFC2819
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:41099CE9
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:A1A1140A
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:4DA79A6D
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:D67A3B22
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:80FB368D
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:3F7C1917
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:1C5E1FAF
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:BC9021B2
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:641C3888
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:DF30C7A6
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:CFF6B3FF
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:B1873334
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5E940C31
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:029F2105
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:BB8B6B1E
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:B8761AAB
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:25FBE882
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:B24930D4
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:3790BACD
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:0003CD2A
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:FC4F167A
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:766442E5
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:E40EED9B
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:C6798065
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:6D192E3A
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:0C4D34AD
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:294F888B
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:224A6852
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:5049D4A9
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:E027C556
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:32AAC70D
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:2363F68A
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:989D0733

< End of report >

OTL Extras logfile created on: 10/6/2011 3:41:53 PM - Run 2
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Cindy\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.27 Gb Available Physical Memory | 56.68% Memory free
8.00 Gb Paging File | 6.11 Gb Available in Paging File | 76.47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.79 Gb Total Space | 151.96 Gb Free Space | 65.28% Space Free | Partition Type: NTFS
Drive J: | 3.73 Gb Total Space | 0.01 Gb Free Space | 0.14% Space Free | Partition Type: FAT32
Drive K: | 189.91 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: NTFS

Computer Name: CINDY-PC | User Name: Cindy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-4145606269-2082706827-3579644514-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallDisableNotify" = 0
"FirewallOverride" = 0
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0D0AD116-BE74-4ADD-9E80-83199F53370F}" = AVG 2012
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{2F478590-A2A6-43E3-A567-A89A5F38AAC4}" = HP Photosmart D7500 Printer Driver Software 13.0 Rel. 4
"{439760BC-7737-4386-9B1D-A90A3E8A22EA}" = Apple Mobile Device Support
"{5349A735-7482-406F-9FE4-3BB24608479D}" = AVG 2012
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{997C9EC4-B53D-479D-81B7-0AEC8D174BA1}" = iTunes
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CA0D2F09-F811-48D4-843E-C87696C6A9D9}" = Bonjour
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"AVG" = AVG 2012
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Shop for HP Supplies" = Shop for HP Supplies

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{09633A5E-3089-41A8-9FF1-382171423C5D}" = PSSWCORE
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"{15B8AFD9-92E9-4E86-96D9-83FAC510B82E}" = HPPhotoSmartPhotobookWebPack1
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20EFC9AA-BBC1-4DFD-81FF-99654F71CBF8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{22F761D1-8063-4170-ADF7-2D2F47834CA9}" = VideoToolkit01
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java™ 6 Update 23
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3DD1FE66-5536-41E3-B786-70068887B3F4}" = The Print Shop 12
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{58FE0869-B753-4573-BB09-1E44FDC53FBF}" = PS_SF_04_D7500_Software
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BB9C1F3-661C-4A19-7F48-2F9039CC3981}" = Jacquie Lawson Advent Calendar
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{70E1E357-E57C-4284-B04E-58196DC27BC1}" = PanoStandAlone
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7D895187-2B31-4CFD-84F0-8AACA91DBEE3}" = Laplink USB Cable Drivers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111212843}" = Diner Dash 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115455627}" = Cake Mania 3
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{85466D35-4A30-4D87-A4D3-EF8DCA30492B}" = D7500
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B55AE9A-D357-4AA4-A3BB-E8E62DAAC93C}" = PCmover Professional
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F2F98F2-3219-4FAB-A3E1-359CD6DDF9CD}" = PS_SF_04_D7500_Software_Min
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A5CCD0C8-6D5E-4515-BDD7-2A22D5D91033}" = Nero 8 Essentials
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{A9F6CFB0-806D-11E0-8EA1-B8AC6F97B88E}" = Google Earth Plug-in
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.6
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B28635AB-1DF3-4F07-BFEA-975D911B549B}" = hpphotosmartdisclabelplugin
"{B6977866-8AD6-46A1-9A85-F232BB6A25F6}" = CoPilot Health Management System
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C2F1F96A-057E-5819-B52E-FEA1D1D2933B}" = Acronis True Image Home
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8192B14-5B56-2E27-6652-8AA650091D6E}" = Shutterfly Express Uploader
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D16B4BE6-8B10-422f-8034-96D1CA9483B5}" = GPBaseService
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D9D8F2CF-FE2D-4644-9762-01F916FE90A9}" = HPPhotoSmartDiscLabel_PaperLabel
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E08EC542-BC5F-4F26-BBB9-E426BA007A31}" = OneTouch USB Driver
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E535C94A-B87F-4182-BEA8-1E9322078D3E}" = Cards_Calendar_OrderGift_DoMorePlugout
"{E6445FCC-EAF6-4E35-9E72-6EF105A4C177}" = HDView for Firefox
"{EEC010D0-1252-4E1D-BAD9-F1B8F414535C}" = PL-2303 Vista Driver Installer
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F2A056D9-54B2-4F2B-8DD8-A42A73D1E5E7}" = OneTouch Software
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"1cd7a3999f7befad1894c1a78d9416df" = LUXOR HD
"83e94cb8c9b9f7813e1341f472ea3004" = Carrie the Caregiver 2 - Preschool
"a5e69a1eb8018d65d9a37940c9f1ec73" = Press Your Luck™
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"AdobeESD" = Adobe Download Manager 2.2 (Remove Only)
"am-deliciousemilyschildhoodmemories" = Delicious - Emily's Childhood Memories
"am-deliciousemilysdoublepack" = Delicious - Emily's Double Pack
"am-deliciousemilystasteoffame" = Delicious - Emily's Taste of Fame
"am-mahjonggdimensionsdeluxetilesintime" = Mahjongg Dimensions Deluxe - Tiles in Time
"AOL Instant Messenger" = AOL Instant Messenger
"Avenue Flo" = Avenue Flo (remove only)
"AZZ Cardfile" = AZZ Cardfile
"bb3e225e1aaf56cf8f40418cd6333ebc" = Risk
"bd36cf523d7e02b681f8dad3abca70bb" = Cake Mania - Lights, Camera, Action!™
"BFGC" = Big Fish Games: Game Manager
"BFG-Cooking Dash 3 - Thrills and Spills Collector's Edition" = Cooking Dash 3: Thrills and Spills Collector's Edition
"BFG-Hidden Expedition - Amazon" = Hidden Expedition: Amazon ™
"BFG-Hidden Expedition - Titanic" = Hidden Expedition: Titanic ™
"Cake Mania" = Cake Mania (remove only)
"Cake Mania 3" = Cake Mania 3 (remove only)
"Cake Mania Back to the Bakery" = Cake Mania Back to the Bakery (remove only)
"Cake Mania Lights, Camera, Action!" = Cake Mania Lights, Camera, Action! (remove only)
"Cake Mania Main Street" = Cake Mania Main Street
"cc3897ae53dc27dbcf345dfa5d3b8946" = Cake Mania ® Bundle
"CCleaner" = CCleaner
"com.Shutterfly.ExpressUploader" = Shutterfly Express Uploader
"Cooking Dash" = Cooking Dash (remove only)
"Cooking Dash - DinerTown Studios" = Cooking Dash - DinerTown Studios (remove only)
"Cooking Dash 3 - Thrills and Spills" = Cooking Dash 3 - Thrills and Spills (remove only)
"Cooking Dash® 3: Thrills and Spills" = Cooking Dash® 3: Thrills and Spills
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"Diner Dash 2: Restaurant Rescue™" = Diner Dash 2: Restaurant Rescue™
"Diner Dash Hometown Hero" = Diner Dash Hometown Hero (remove only)
"Diner Dash Hometown Hero Gourmet" = Diner Dash Hometown Hero Gourmet (remove only)
"e5ed822a2c65ea1824e3c5862d965936" = Zombie Bowl-O-Rama
"edf9f265c97d6673a4d5b82919824dc4" = Cake Mania® To The Max
"Exact Audio Copy" = Exact Audio Copy 0.99pb4
"Fitbit Data Uploader_is1" = Fitbit v2.0.0
"FITBIT&10C4&84C4" = Fitbit Base Station (Driver Removal)
"Google Chrome" = Google Chrome
"HP Imaging Device Functions" = HP Imaging Device Functions 11.0
"HP Photosmart Essential" = HP Photosmart Essential 3.0
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 11.0
"HPExtendedCapabilities" = HP Customer Participation Program 11.0
"ie7" = Windows Internet Explorer 7
"InstallShield_{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"IPIX ActiveX Viewer" = iPIX ActiveX Viewer
"iWinArcade" = iWin Games (remove only)
"JacquieLawsonAdventCalendar" = Jacquie Lawson Advent Calendar
"Mahjongg Ancient Mayas Free Trial_is1" = Mahjongg Ancient Mayas Free Trial
"Mahjongg Dimensions Deluxe GDG" = Mahjongg Dimensions Deluxe GDG (remove only)
"Mozilla Firefox 7.0.1 (x86 en-US)" = Mozilla Firefox 7.0.1 (x86 en-US)
"NBC4 LIVE ONLINE" = NBC4 LIVE ONLINE
"NetSight" = Nielsen//NetRatings
"Photo Organizer 1.8" = Photo Organizer
"Picasa 3" = Picasa 3
"Remind-Me" = Remind-Me
"Sandlot Connect_is1" = Sandlot Connect Version 1.2.6
"Shockwave" = Shockwave
"Snowy Lunch Rush" = Snowy Lunch Rush (remove only)
"Spyware Doctor" = Spyware Doctor 8.0
"SystemRequirementsLab" = System Requirements Lab
"TuneUpMedia" = TuneUp Companion 2.2.3
"Turbo Pizza" = Turbo Pizza (remove only)
"Weather Services" = Weather Services
"Web Games Player Plugin" = Web Games Player Plugin
"WebPost" = Microsoft Web Publishing Wizard 1.52
"Wedding Dash®: Ready, Aim, Love!™" = Wedding Dash®: Ready, Aim, Love!™
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite" = Windows Live Essentials
"YTdetect" = Yahoo! Detect

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4145606269-2082706827-3579644514-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"Smilebox" = Smilebox

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/1/2011 11:59:38 AM | Computer Name = Cindy-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 10/1/2011 12:38:48 PM | Computer Name = Cindy-PC | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 7.0.1.4288 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1824 Start
Time: 01cc80586ca05284 Termination Time: 71 Application Path: C:\Program Files (x86)\Mozilla
Firefox\firefox.exe Report Id: cd7253ec-ec4b-11e0-b85d-00241dc7cdb5

Error - 10/2/2011 11:10:24 AM | Computer Name = Cindy-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 10/3/2011 10:25:26 AM | Computer Name = Cindy-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 10/3/2011 7:48:47 PM | Computer Name = Cindy-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 10/3/2011 8:15:31 PM | Computer Name = Cindy-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 10/4/2011 2:51:41 PM | Computer Name = Cindy-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 10/5/2011 10:46:44 AM | Computer Name = Cindy-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 10/5/2011 12:32:09 PM | Computer Name = Cindy-PC | Source = Application Hang | ID = 1002
Description = The program wlmail.exe version 14.0.8117.416 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 18a0 Start
Time: 01cc836bebef44d9 Termination Time: 26 Application Path: C:\Program Files (x86)\Windows
Live\Mail\wlmail.exe Report Id: 824d162a-ef6f-11e0-abe8-00241dc7cdb5

Error - 10/5/2011 2:42:49 PM | Computer Name = Cindy-PC | Source = Microsoft-Windows-RestartManager | ID = 10006
Description = Application or service 'Windows Live Mail' could not be shut down.

[ System Events ]
Error - 10/4/2011 4:56:02 PM | Computer Name = Cindy-PC | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 10/4/2011 5:19:19 PM | Computer Name = Cindy-PC | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 10/4/2011 6:00:28 PM | Computer Name = Cindy-PC | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 10/4/2011 6:05:32 PM | Computer Name = Cindy-PC | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 10/4/2011 6:27:24 PM | Computer Name = Cindy-PC | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 10/4/2011 6:30:39 PM | Computer Name = Cindy-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR2.

Error - 10/4/2011 6:30:40 PM | Computer Name = Cindy-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR2.

Error - 10/4/2011 6:30:40 PM | Computer Name = Cindy-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR2.

Error - 10/4/2011 6:30:41 PM | Computer Name = Cindy-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR2.

Error - 10/4/2011 6:30:41 PM | Computer Name = Cindy-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR2.


< End of report >
  • 0

#4
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Good Evening!

Looks like TDSSKiller has found and cured one of the two big culprits.

Please yield the following warning:

Posted Image One or more of the identified infections is a backdoor trojan and password stealer.

This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.
It would also be wise to contact those same financial institutions to appraise them of your situation.


I highly suggest you take a look at the two links provided below:
1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?
2. When should I re-format? How should I reinstall?


We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.



NEXT:



OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :Processes
    KILLALLPROCESSES
    :OTL
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50525
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50525
    [2010/10/21 11:42:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2011/09/23 11:24:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.5.0_10\bin\jusched.exe" File not found
    O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
    O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} http://www.ipix.com/viewers/ipixx.cab (Reg Error: Key error.)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Reg Error: Key error.)
    O16 - DPF: {4125262D-2E47-11D3-9387-00C04F5B12B1} https://www.backup.c.../webrestore.cab (Reg Error: Key error.)
    O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} file:///C:/Documents%20and%20Settings/Cindy%20Anno/Local%20Settings/Application%20Data/Oberon%20Media/Oberon%20Games%20Host/DinerDash2.1.0.0.68.cab (Reg Error: Key error.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
    O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
    O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} http://chill.comcast...ronGameHost.cab (Reg Error: Key error.)
    [2009/09/10 16:34:53 | 093,107,496 | ---- | C] (Apple Inc.) -- C:\Program Files (x86)\iTunesSetup.exe
    [2009/06/30 11:18:38 | 005,697,032 | ---- | C] (CNN ) -- C:\Program Files (x86)\wmvfirefoxpluginsetup-0.1.675.1923.exe
    [2009/05/07 17:17:21 | 043,083,040 | ---- | C] ( ) -- C:\Program Files (x86)\AdbeRdr910_en_US_Std.exe
    [2009/01/28 22:24:03 | 001,403,504 | ---- | C] (ArtistScope Pty Ltd) -- C:\Program Files (x86)\ArtistScope_FX_42.exe
    [2008/12/02 12:52:57 | 028,868,320 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\FileFormatConverters.exe
    [2008/11/15 14:26:10 | 001,878,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Program Files (x86)\install_flash_player.exe
    [2008/11/14 18:34:51 | 004,865,408 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\Silverlight.2.0.exe
    [2008/10/15 12:08:36 | 067,167,528 | ---- | C] (Apple Inc.) -- C:\Program Files (x86)\iTunes801Setup.exe
    [2008/09/23 12:48:30 | 035,124,856 | ---- | C] ( ) -- C:\Program Files (x86)\AdbeRdr90_en_US.exe
    [2008/09/06 23:20:12 | 007,499,056 | ---- | C] (Mozilla) -- C:\Program Files (x86)\Firefox Setup 3.0.1.exe
    [2008/09/05 22:56:07 | 000,298,096 | ---- | C] (The Weather Channel Interactive) -- C:\Program Files (x86)\desktopsp2_StubInstaller.exe
    [2008/07/16 10:57:23 | 000,459,288 | ---- | C] (NetRatings, Inc.) -- C:\Program Files (x86)\netsight_setup_5.1.2.15_MP_Production_mid60234523138_p.exe
    [2008/07/15 16:20:40 | 023,766,320 | ---- | C] (Apple Inc.) -- C:\Program Files (x86)\QuickTimeInstaller.exe
    [2008/07/04 16:02:20 | 002,814,351 | ---- | C] (FileSubmit) -- C:\Program Files (x86)\celbratfreedomss.exe
    [2008/07/02 21:40:06 | 025,755,448 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\wmp11-windowsxp-x86-enu.exe
    @Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:2B17293E
    @Alternate Data Stream - 97 bytes -> C:\ProgramData\TEMP:2CDA7452
    @Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:04B74CC5
    @Alternate Data Stream - 237 bytes -> C:\ProgramData\TEMP:76463A36
    @Alternate Data Stream - 227 bytes -> C:\ProgramData\TEMP:F1F85068
    @Alternate Data Stream - 218 bytes -> C:\ProgramData\TEMP:F2CEC0E8
    @Alternate Data Stream - 218 bytes -> C:\ProgramData\TEMP:0AC32449
    @Alternate Data Stream - 216 bytes -> C:\ProgramData\TEMP:91AE1431
    @Alternate Data Stream - 201 bytes -> C:\ProgramData\TEMP:090FB735
    @Alternate Data Stream - 195 bytes -> C:\ProgramData\TEMP:DFC5A2B2
    @Alternate Data Stream - 193 bytes -> C:\ProgramData\TEMP:260575F1
    @Alternate Data Stream - 168608 bytes -> C:\Users\Cindy\Fwd_ CareFirst Presentation for Employees on July 16th.eml:OECustomProperty
    @Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:FA8B212D
    @Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:CBB29B31
    @Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:3612C9BE
    @Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:99A08063
    @Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:81413F67
    @Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:CE8389BF
    @Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:56EE2CAF
    @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:D8A7F3FF
    @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:AA341DB1
    @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:96646EC1
    @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:93C059AC
    @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:8B4B9596
    @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:4436787A
    @Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:AAC11624
    @Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:87FA5E8A
    @Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:AE3F58B2
    @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:C564D997
    @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:5E3FBF9D
    @Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:73828A71
    @Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:695CE4C3
    @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:D8ECCA3E
    @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:C0D722EB
    @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:E21D3CA0
    @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:D6BEA85D
    @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:B0D0266B
    @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:A02025CE
    @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:03D08225
    @Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:4A966CC2
    @Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:C4A5EA85
    @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:D1D657D4
    @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:0AA21473
    @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:83D58AD2
    @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:439E3411
    @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:B30D9A49
    @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:81653DC8
    @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:78CC8F21
    @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:5FFC2819
    @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:41099CE9
    @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:A1A1140A
    @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:4DA79A6D
    @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:D67A3B22
    @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:80FB368D
    @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:3F7C1917
    @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:1C5E1FAF
    @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:BC9021B2
    @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:641C3888
    @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:DF30C7A6
    @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:CFF6B3FF
    @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:B1873334
    @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5E940C31
    @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:029F2105
    @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:BB8B6B1E
    @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:B8761AAB
    @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:25FBE882
    @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:B24930D4
    @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:3790BACD
    @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:0003CD2A
    @Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:FC4F167A
    @Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:766442E5
    @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:E40EED9B
    @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:C6798065
    @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:6D192E3A
    @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:0C4D34AD
    @Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:294F888B
    @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:224A6852
    @Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:5049D4A9
    @Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:E027C556
    @Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:32AAC70D
    @Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:2363F68A
    @Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:989D0733
    
    :Reg
    
    :Files
    echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [emptytemp]
    [EMPTYFLASH]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



Running ComboFix
Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Note: If AVG or CA Internet Security Suite is installed, you must remove these programs before using Combofix. If for some reason these applications will not uninstall, try uninstalling with AppRemover by Opswat.
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.

  • 0

#5
umdad06

umdad06

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
All processes killed
========== SERVICES/DRIVERS ==========
========== PROCESSES ==========
========== OTL ==========
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} folder moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Add to Google Photos Screensa&ver\ deleted successfully.
Starting removal of ActiveX control {11260943-421B-11D0-8EAC-0000C07D88CF}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{11260943-421B-11D0-8EAC-0000C07D88CF}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{11260943-421B-11D0-8EAC-0000C07D88CF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11260943-421B-11D0-8EAC-0000C07D88CF}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{11260943-421B-11D0-8EAC-0000C07D88CF}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11260943-421B-11D0-8EAC-0000C07D88CF}\ not found.
Starting removal of ActiveX control {17492023-C23A-453E-A040-C7C580BBF700}
C:\WINDOWS\Downloaded Program Files\LegitCheckControl.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{17492023-C23A-453E-A040-C7C580BBF700}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{17492023-C23A-453E-A040-C7C580BBF700}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{17492023-C23A-453E-A040-C7C580BBF700}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{17492023-C23A-453E-A040-C7C580BBF700}\ not found.
Starting removal of ActiveX control {4125262D-2E47-11D3-9387-00C04F5B12B1}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{4125262D-2E47-11D3-9387-00C04F5B12B1}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{4125262D-2E47-11D3-9387-00C04F5B12B1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4125262D-2E47-11D3-9387-00C04F5B12B1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{4125262D-2E47-11D3-9387-00C04F5B12B1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4125262D-2E47-11D3-9387-00C04F5B12B1}\ not found.
File 8F3-B141-4D6B-B936-226F75A5EAC3} file:///C:/Documents%20and%20Settings/Cindy%20Anno/Local%20Settings/Application%20Data/Oberon%20Media/Oberon%20Games%20Host/DinerDash2.1.0.0.68.cab not found.
Starting removal of ActiveX control {639658F3-B141-4D6B-B936-226F75A5EAC3}
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.68.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{639658F3-B141-4D6B-B936-226F75A5EAC3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{639658F3-B141-4D6B-B936-226F75A5EAC3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{639658F3-B141-4D6B-B936-226F75A5EAC3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{639658F3-B141-4D6B-B936-226F75A5EAC3}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {D0C0F75C-683A-4390-A791-1ACFD5599AB8}
C:\WINDOWS\Downloaded Program Files\OberonGameHost_dbg.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D0C0F75C-683A-4390-A791-1ACFD5599AB8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D0C0F75C-683A-4390-A791-1ACFD5599AB8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{D0C0F75C-683A-4390-A791-1ACFD5599AB8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D0C0F75C-683A-4390-A791-1ACFD5599AB8}\ not found.
C:\Program Files (x86)\iTunesSetup.exe moved successfully.
C:\Program Files (x86)\wmvfirefoxpluginsetup-0.1.675.1923.exe moved successfully.
C:\Program Files (x86)\AdbeRdr910_en_US_Std.exe moved successfully.
C:\Program Files (x86)\ArtistScope_FX_42.exe moved successfully.
C:\Program Files (x86)\FileFormatConverters.exe moved successfully.
C:\Program Files (x86)\install_flash_player.exe moved successfully.
C:\Program Files (x86)\Silverlight.2.0.exe moved successfully.
C:\Program Files (x86)\iTunes801Setup.exe moved successfully.
C:\Program Files (x86)\AdbeRdr90_en_US.exe moved successfully.
C:\Program Files (x86)\Firefox Setup 3.0.1.exe moved successfully.
C:\Program Files (x86)\desktopsp2_StubInstaller.exe moved successfully.
C:\Program Files (x86)\netsight_setup_5.1.2.15_MP_Production_mid60234523138_p.exe moved successfully.
C:\Program Files (x86)\QuickTimeInstaller.exe moved successfully.
C:\Program Files (x86)\celbratfreedomss.exe moved successfully.
C:\Program Files (x86)\wmp11-windowsxp-x86-enu.exe moved successfully.
ADS C:\ProgramData\TEMP:2B17293E deleted successfully.
ADS C:\ProgramData\TEMP:2CDA7452 deleted successfully.
ADS C:\ProgramData\TEMP:04B74CC5 deleted successfully.
ADS C:\ProgramData\TEMP:76463A36 deleted successfully.
ADS C:\ProgramData\TEMP:F1F85068 deleted successfully.
ADS C:\ProgramData\TEMP:F2CEC0E8 deleted successfully.
ADS C:\ProgramData\TEMP:0AC32449 deleted successfully.
ADS C:\ProgramData\TEMP:91AE1431 deleted successfully.
ADS C:\ProgramData\TEMP:090FB735 deleted successfully.
ADS C:\ProgramData\TEMP:DFC5A2B2 deleted successfully.
ADS C:\ProgramData\TEMP:260575F1 deleted successfully.
ADS C:\Users\Cindy\Fwd_ CareFirst Presentation for Employees on July 16th.eml:OECustomProperty deleted successfully.
ADS C:\ProgramData\TEMP:FA8B212D deleted successfully.
ADS C:\ProgramData\TEMP:CBB29B31 deleted successfully.
ADS C:\ProgramData\TEMP:3612C9BE deleted successfully.
ADS C:\ProgramData\TEMP:99A08063 deleted successfully.
ADS C:\ProgramData\TEMP:81413F67 deleted successfully.
ADS C:\ProgramData\TEMP:CE8389BF deleted successfully.
ADS C:\ProgramData\TEMP:56EE2CAF deleted successfully.
ADS C:\ProgramData\TEMP:D8A7F3FF deleted successfully.
ADS C:\ProgramData\TEMP:AA341DB1 deleted successfully.
ADS C:\ProgramData\TEMP:96646EC1 deleted successfully.
ADS C:\ProgramData\TEMP:93C059AC deleted successfully.
ADS C:\ProgramData\TEMP:8B4B9596 deleted successfully.
ADS C:\ProgramData\TEMP:4436787A deleted successfully.
ADS C:\ProgramData\TEMP:AAC11624 deleted successfully.
ADS C:\ProgramData\TEMP:87FA5E8A deleted successfully.
ADS C:\ProgramData\TEMP:AE3F58B2 deleted successfully.
ADS C:\ProgramData\TEMP:C564D997 deleted successfully.
ADS C:\ProgramData\TEMP:5E3FBF9D deleted successfully.
ADS C:\ProgramData\TEMP:73828A71 deleted successfully.
ADS C:\ProgramData\TEMP:695CE4C3 deleted successfully.
ADS C:\ProgramData\TEMP:D8ECCA3E deleted successfully.
ADS C:\ProgramData\TEMP:C0D722EB deleted successfully.
ADS C:\ProgramData\TEMP:E21D3CA0 deleted successfully.
ADS C:\ProgramData\TEMP:D6BEA85D deleted successfully.
ADS C:\ProgramData\TEMP:B0D0266B deleted successfully.
ADS C:\ProgramData\TEMP:A02025CE deleted successfully.
ADS C:\ProgramData\TEMP:03D08225 deleted successfully.
ADS C:\ProgramData\TEMP:4A966CC2 deleted successfully.
ADS C:\ProgramData\TEMP:C4A5EA85 deleted successfully.
ADS C:\ProgramData\TEMP:D1D657D4 deleted successfully.
ADS C:\ProgramData\TEMP:0AA21473 deleted successfully.
ADS C:\ProgramData\TEMP:83D58AD2 deleted successfully.
ADS C:\ProgramData\TEMP:439E3411 deleted successfully.
ADS C:\ProgramData\TEMP:B30D9A49 deleted successfully.
ADS C:\ProgramData\TEMP:81653DC8 deleted successfully.
ADS C:\ProgramData\TEMP:78CC8F21 deleted successfully.
ADS C:\ProgramData\TEMP:5FFC2819 deleted successfully.
ADS C:\ProgramData\TEMP:41099CE9 deleted successfully.
ADS C:\ProgramData\TEMP:A1A1140A deleted successfully.
ADS C:\ProgramData\TEMP:4DA79A6D deleted successfully.
ADS C:\ProgramData\TEMP:D67A3B22 deleted successfully.
ADS C:\ProgramData\TEMP:80FB368D deleted successfully.
ADS C:\ProgramData\TEMP:3F7C1917 deleted successfully.
ADS C:\ProgramData\TEMP:1C5E1FAF deleted successfully.
ADS C:\ProgramData\TEMP:BC9021B2 deleted successfully.
ADS C:\ProgramData\TEMP:641C3888 deleted successfully.
ADS C:\ProgramData\TEMP:DF30C7A6 deleted successfully.
ADS C:\ProgramData\TEMP:CFF6B3FF deleted successfully.
ADS C:\ProgramData\TEMP:B1873334 deleted successfully.
ADS C:\ProgramData\TEMP:5E940C31 deleted successfully.
ADS C:\ProgramData\TEMP:029F2105 deleted successfully.
ADS C:\ProgramData\TEMP:BB8B6B1E deleted successfully.
ADS C:\ProgramData\TEMP:B8761AAB deleted successfully.
ADS C:\ProgramData\TEMP:25FBE882 deleted successfully.
ADS C:\ProgramData\TEMP:B24930D4 deleted successfully.
ADS C:\ProgramData\TEMP:3790BACD deleted successfully.
ADS C:\ProgramData\TEMP:0003CD2A deleted successfully.
ADS C:\ProgramData\TEMP:FC4F167A deleted successfully.
ADS C:\ProgramData\TEMP:766442E5 deleted successfully.
ADS C:\ProgramData\TEMP:E40EED9B deleted successfully.
ADS C:\ProgramData\TEMP:C6798065 deleted successfully.
ADS C:\ProgramData\TEMP:6D192E3A deleted successfully.
ADS C:\ProgramData\TEMP:0C4D34AD deleted successfully.
ADS C:\ProgramData\TEMP:294F888B deleted successfully.
ADS C:\ProgramData\TEMP:224A6852 deleted successfully.
ADS C:\ProgramData\TEMP:5049D4A9 deleted successfully.
ADS C:\ProgramData\TEMP:E027C556 deleted successfully.
ADS C:\ProgramData\TEMP:32AAC70D deleted successfully.
ADS C:\ProgramData\TEMP:2363F68A deleted successfully.
ADS C:\ProgramData\TEMP:989D0733 deleted successfully.
========== REGISTRY ==========
========== FILES ==========
< echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c >
Are you sure (Y/N)?processed file: C:\Windows\system32\drivers\etc\hosts
C:\Users\Cindy\Downloads\cmd.bat deleted successfully.
C:\Users\Cindy\Downloads\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Cindy\Downloads\cmd.bat deleted successfully.
C:\Users\Cindy\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Error creating restore point.

[EMPTYTEMP]

User: All Users

User: Cindy
->Temp folder emptied: 16909708 bytes
->Temporary Internet Files folder emptied: 202095436 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 236016031 bytes
->Google Chrome cache emptied: 6696760 bytes
->Flash cache emptied: 922938 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56468 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 76625386 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67630 bytes
RecycleBin emptied: 1455809558 bytes

Total Files Cleaned = 1,903.00 mb


[EMPTYFLASH]

User: All Users

User: Cindy
->Flash cache emptied: 0 bytes

User: Default
->Flash cache emptied: 0 bytes
All processes killed
========== SERVICES/DRIVERS ==========
========== PROCESSES ==========
========== OTL ==========
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} folder moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Add to Google Photos Screensa&ver\ deleted successfully.
Starting removal of ActiveX control {11260943-421B-11D0-8EAC-0000C07D88CF}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{11260943-421B-11D0-8EAC-0000C07D88CF}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{11260943-421B-11D0-8EAC-0000C07D88CF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11260943-421B-11D0-8EAC-0000C07D88CF}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{11260943-421B-11D0-8EAC-0000C07D88CF}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11260943-421B-11D0-8EAC-0000C07D88CF}\ not found.
Starting removal of ActiveX control {17492023-C23A-453E-A040-C7C580BBF700}
C:\WINDOWS\Downloaded Program Files\LegitCheckControl.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{17492023-C23A-453E-A040-C7C580BBF700}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{17492023-C23A-453E-A040-C7C580BBF700}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{17492023-C23A-453E-A040-C7C580BBF700}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{17492023-C23A-453E-A040-C7C580BBF700}\ not found.
Starting removal of ActiveX control {4125262D-2E47-11D3-9387-00C04F5B12B1}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{4125262D-2E47-11D3-9387-00C04F5B12B1}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{4125262D-2E47-11D3-9387-00C04F5B12B1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4125262D-2E47-11D3-9387-00C04F5B12B1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{4125262D-2E47-11D3-9387-00C04F5B12B1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4125262D-2E47-11D3-9387-00C04F5B12B1}\ not found.
File 8F3-B141-4D6B-B936-226F75A5EAC3} file:///C:/Documents%20and%20Settings/Cindy%20Anno/Local%20Settings/Application%20Data/Oberon%20Media/Oberon%20Games%20Host/DinerDash2.1.0.0.68.cab not found.
Starting removal of ActiveX control {639658F3-B141-4D6B-B936-226F75A5EAC3}
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.68.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{639658F3-B141-4D6B-B936-226F75A5EAC3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{639658F3-B141-4D6B-B936-226F75A5EAC3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{639658F3-B141-4D6B-B936-226F75A5EAC3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{639658F3-B141-4D6B-B936-226F75A5EAC3}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {D0C0F75C-683A-4390-A791-1ACFD5599AB8}
C:\WINDOWS\Downloaded Program Files\OberonGameHost_dbg.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D0C0F75C-683A-4390-A791-1ACFD5599AB8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D0C0F75C-683A-4390-A791-1ACFD5599AB8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{D0C0F75C-683A-4390-A791-1ACFD5599AB8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D0C0F75C-683A-4390-A791-1ACFD5599AB8}\ not found.
C:\Program Files (x86)\iTunesSetup.exe moved successfully.
C:\Program Files (x86)\wmvfirefoxpluginsetup-0.1.675.1923.exe moved successfully.
C:\Program Files (x86)\AdbeRdr910_en_US_Std.exe moved successfully.
C:\Program Files (x86)\ArtistScope_FX_42.exe moved successfully.
C:\Program Files (x86)\FileFormatConverters.exe moved successfully.
C:\Program Files (x86)\install_flash_player.exe moved successfully.
C:\Program Files (x86)\Silverlight.2.0.exe moved successfully.
C:\Program Files (x86)\iTunes801Setup.exe moved successfully.
C:\Program Files (x86)\AdbeRdr90_en_US.exe moved successfully.
C:\Program Files (x86)\Firefox Setup 3.0.1.exe moved successfully.
C:\Program Files (x86)\desktopsp2_StubInstaller.exe moved successfully.
C:\Program Files (x86)\netsight_setup_5.1.2.15_MP_Production_mid60234523138_p.exe moved successfully.
C:\Program Files (x86)\QuickTimeInstaller.exe moved successfully.
C:\Program Files (x86)\celbratfreedomss.exe moved successfully.
C:\Program Files (x86)\wmp11-windowsxp-x86-enu.exe moved successfully.
ADS C:\ProgramData\TEMP:2B17293E deleted successfully.
ADS C:\ProgramData\TEMP:2CDA7452 deleted successfully.
ADS C:\ProgramData\TEMP:04B74CC5 deleted successfully.
ADS C:\ProgramData\TEMP:76463A36 deleted successfully.
ADS C:\ProgramData\TEMP:F1F85068 deleted successfully.
ADS C:\ProgramData\TEMP:F2CEC0E8 deleted successfully.
ADS C:\ProgramData\TEMP:0AC32449 deleted successfully.
ADS C:\ProgramData\TEMP:91AE1431 deleted successfully.
ADS C:\ProgramData\TEMP:090FB735 deleted successfully.
ADS C:\ProgramData\TEMP:DFC5A2B2 deleted successfully.
ADS C:\ProgramData\TEMP:260575F1 deleted successfully.
ADS C:\Users\Cindy\Fwd_ CareFirst Presentation for Employees on July 16th.eml:OECustomProperty deleted successfully.
ADS C:\ProgramData\TEMP:FA8B212D deleted successfully.
ADS C:\ProgramData\TEMP:CBB29B31 deleted successfully.
ADS C:\ProgramData\TEMP:3612C9BE deleted successfully.
ADS C:\ProgramData\TEMP:99A08063 deleted successfully.
ADS C:\ProgramData\TEMP:81413F67 deleted successfully.
ADS C:\ProgramData\TEMP:CE8389BF deleted successfully.
ADS C:\ProgramData\TEMP:56EE2CAF deleted successfully.
ADS C:\ProgramData\TEMP:D8A7F3FF deleted successfully.
ADS C:\ProgramData\TEMP:AA341DB1 deleted successfully.
ADS C:\ProgramData\TEMP:96646EC1 deleted successfully.
ADS C:\ProgramData\TEMP:93C059AC deleted successfully.
ADS C:\ProgramData\TEMP:8B4B9596 deleted successfully.
ADS C:\ProgramData\TEMP:4436787A deleted successfully.
ADS C:\ProgramData\TEMP:AAC11624 deleted successfully.
ADS C:\ProgramData\TEMP:87FA5E8A deleted successfully.
ADS C:\ProgramData\TEMP:AE3F58B2 deleted successfully.
ADS C:\ProgramData\TEMP:C564D997 deleted successfully.
ADS C:\ProgramData\TEMP:5E3FBF9D deleted successfully.
ADS C:\ProgramData\TEMP:73828A71 deleted successfully.
ADS C:\ProgramData\TEMP:695CE4C3 deleted successfully.
ADS C:\ProgramData\TEMP:D8ECCA3E deleted successfully.
ADS C:\ProgramData\TEMP:C0D722EB deleted successfully.
ADS C:\ProgramData\TEMP:E21D3CA0 deleted successfully.
ADS C:\ProgramData\TEMP:D6BEA85D deleted successfully.
ADS C:\ProgramData\TEMP:B0D0266B deleted successfully.
ADS C:\ProgramData\TEMP:A02025CE deleted successfully.
ADS C:\ProgramData\TEMP:03D08225 deleted successfully.
ADS C:\ProgramData\TEMP:4A966CC2 deleted successfully.
ADS C:\ProgramData\TEMP:C4A5EA85 deleted successfully.
ADS C:\ProgramData\TEMP:D1D657D4 deleted successfully.
ADS C:\ProgramData\TEMP:0AA21473 deleted successfully.
ADS C:\ProgramData\TEMP:83D58AD2 deleted successfully.
ADS C:\ProgramData\TEMP:439E3411 deleted successfully.
ADS C:\ProgramData\TEMP:B30D9A49 deleted successfully.
ADS C:\ProgramData\TEMP:81653DC8 deleted successfully.
ADS C:\ProgramData\TEMP:78CC8F21 deleted successfully.
ADS C:\ProgramData\TEMP:5FFC2819 deleted successfully.
ADS C:\ProgramData\TEMP:41099CE9 deleted successfully.
ADS C:\ProgramData\TEMP:A1A1140A deleted successfully.
ADS C:\ProgramData\TEMP:4DA79A6D deleted successfully.
ADS C:\ProgramData\TEMP:D67A3B22 deleted successfully.
ADS C:\ProgramData\TEMP:80FB368D deleted successfully.
ADS C:\ProgramData\TEMP:3F7C1917 deleted successfully.
ADS C:\ProgramData\TEMP:1C5E1FAF deleted successfully.
ADS C:\ProgramData\TEMP:BC9021B2 deleted successfully.
ADS C:\ProgramData\TEMP:641C3888 deleted successfully.
ADS C:\ProgramData\TEMP:DF30C7A6 deleted successfully.
ADS C:\ProgramData\TEMP:CFF6B3FF deleted successfully.
ADS C:\ProgramData\TEMP:B1873334 deleted successfully.
ADS C:\ProgramData\TEMP:5E940C31 deleted successfully.
ADS C:\ProgramData\TEMP:029F2105 deleted successfully.
ADS C:\ProgramData\TEMP:BB8B6B1E deleted successfully.
ADS C:\ProgramData\TEMP:B8761AAB deleted successfully.
ADS C:\ProgramData\TEMP:25FBE882 deleted successfully.
ADS C:\ProgramData\TEMP:B24930D4 deleted successfully.
ADS C:\ProgramData\TEMP:3790BACD deleted successfully.
ADS C:\ProgramData\TEMP:0003CD2A deleted successfully.
ADS C:\ProgramData\TEMP:FC4F167A deleted successfully.
ADS C:\ProgramData\TEMP:766442E5 deleted successfully.
ADS C:\ProgramData\TEMP:E40EED9B deleted successfully.
ADS C:\ProgramData\TEMP:C6798065 deleted successfully.
ADS C:\ProgramData\TEMP:6D192E3A deleted successfully.
ADS C:\ProgramData\TEMP:0C4D34AD deleted successfully.
ADS C:\ProgramData\TEMP:294F888B deleted successfully.
ADS C:\ProgramData\TEMP:224A6852 deleted successfully.
ADS C:\ProgramData\TEMP:5049D4A9 deleted successfully.
ADS C:\ProgramData\TEMP:E027C556 deleted successfully.
ADS C:\ProgramData\TEMP:32AAC70D deleted successfully.
ADS C:\ProgramData\TEMP:2363F68A deleted successfully.
ADS C:\ProgramData\TEMP:989D0733 deleted successfully.
========== REGISTRY ==========
========== FILES ==========
< echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c >
Are you sure (Y/N)?processed file: C:\Windows\system32\drivers\etc\hosts
C:\Users\Cindy\Downloads\cmd.bat deleted successfully.
C:\Users\Cindy\Downloads\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Cindy\Downloads\cmd.bat deleted successfully.
C:\Users\Cindy\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Error creating restore point.

[EMPTYTEMP]

User: All Users

User: Cindy
->Temp folder emptied: 16909708 bytes
->Temporary Internet Files folder emptied: 202095436 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 236016031 bytes
->Google Chrome cache emptied: 6696760 bytes
->Flash cache emptied: 922938 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56468 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 76625386 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67630 bytes
RecycleBin emptied: 1455809558 bytes

Total Files Cleaned = 1,903.00 mb


[EMPTYFLASH]

User: All Users

User: Cindy
->Flash cache emptied: 0 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.29.1 log created on 10072011_154820

Files\Folders moved on Reboot...
C:\Users\Cindy\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...


ComboFix 11-10-07.04 - Cindy 10/07/2011 16:20:46.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4094.2804 [GMT -4:00]
Running from: c:\users\Cindy\Desktop\ComboFix.exe
SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\MyWebSearch
c:\program files (x86)\MyWebSearch\bar\2.bin\F3HTMLMU.DLL
c:\program files (x86)\MyWebSearch\bar\2.bin\M3OUTLCN.DLL
c:\program files (x86)\MyWebSearch\bar\2.bin\MWSOEMON.EXE
c:\program files (x86)\MyWebSearch\bar\2.bin\MWSOESTB.DLL
c:\program files (x86)\MyWebSearch\bar\Avatar\COMMON.F3S
c:\program files (x86)\MyWebSearch\bar\Cache\004D64BE.UdPAg
c:\program files (x86)\MyWebSearch\bar\Cache\004D674E
c:\program files (x86)\MyWebSearch\bar\Cache\004D67EB.bin
c:\program files (x86)\MyWebSearch\bar\Cache\004D69CF.bin
c:\program files (x86)\MyWebSearch\bar\Cache\004D6A9A.bin
c:\program files (x86)\MyWebSearch\bar\Cache\004D6D1B.bin
c:\program files (x86)\MyWebSearch\bar\Cache\004D6E63.bin
c:\program files (x86)\MyWebSearch\bar\Cache\00749EFB
c:\program files (x86)\MyWebSearch\bar\Cache\00AA6093.bin
c:\program files (x86)\MyWebSearch\bar\Cache\00AA619D.bin
c:\program files (x86)\MyWebSearch\bar\Cache\00AA622A.bin
c:\program files (x86)\MyWebSearch\bar\Cache\00AA6324.bin
c:\program files (x86)\MyWebSearch\bar\Cache\01C119D9
c:\program files (x86)\MyWebSearch\bar\Cache\files.ini
c:\program files (x86)\MyWebSearch\bar\Game\CHECKERS.F3S
c:\program files (x86)\MyWebSearch\bar\Game\CHESS.F3S
c:\program files (x86)\MyWebSearch\bar\Game\REVERSI.F3S
c:\program files (x86)\MyWebSearch\bar\History\search2
c:\program files (x86)\MyWebSearch\bar\icons\CM.ICO
c:\program files (x86)\MyWebSearch\bar\icons\MFC.ICO
c:\program files (x86)\MyWebSearch\bar\icons\PSS.ICO
c:\program files (x86)\MyWebSearch\bar\icons\SMILEY.ICO
c:\program files (x86)\MyWebSearch\bar\icons\WB.ICO
c:\program files (x86)\MyWebSearch\bar\icons\ZWINKY.ICO
c:\program files (x86)\MyWebSearch\bar\Message\COMMON.F3S
c:\program files (x86)\MyWebSearch\bar\Message\COMMON\ask_logo.gif
c:\program files (x86)\MyWebSearch\bar\Message\COMMON\autoup.gif
c:\program files (x86)\MyWebSearch\bar\Message\COMMON\autoup.htm
c:\program files (x86)\MyWebSearch\bar\Message\COMMON\center.htm
c:\program files (x86)\MyWebSearch\bar\Message\COMMON\index.htm
c:\program files (x86)\MyWebSearch\bar\Message\COMMON\mid_dots.gif
c:\program files (x86)\MyWebSearch\bar\Message\COMMON\mws_logo.gif
c:\program files (x86)\MyWebSearch\bar\Message\COMMON\protect.htm
c:\program files (x86)\MyWebSearch\bar\Message\COMMON\shocked.gif
c:\program files (x86)\MyWebSearch\bar\Message\COMMON\stop.gif
c:\program files (x86)\MyWebSearch\bar\Message\COMMON\systray.htm
c:\program files (x86)\MyWebSearch\bar\Message\COMMON\systrayp.htm
c:\program files (x86)\MyWebSearch\bar\Message\COMMON\tp_grad.gif
c:\program files (x86)\MyWebSearch\bar\Message\COMMON\warn.gif
c:\program files (x86)\MyWebSearch\bar\Notifier\COMMON.F3S
c:\program files (x86)\MyWebSearch\bar\Notifier\DOG.F3S
c:\program files (x86)\MyWebSearch\bar\Notifier\FISH.F3S
c:\program files (x86)\MyWebSearch\bar\Notifier\KUNGFU.F3S
c:\program files (x86)\MyWebSearch\bar\Notifier\LIFEGARD.F3S
c:\program files (x86)\MyWebSearch\bar\Notifier\MAID.F3S
c:\program files (x86)\MyWebSearch\bar\Notifier\MAILBOX.F3S
c:\program files (x86)\MyWebSearch\bar\Notifier\OPERA.F3S
c:\program files (x86)\MyWebSearch\bar\Notifier\ROBOT.F3S
c:\program files (x86)\MyWebSearch\bar\Notifier\SEDUCT.F3S
c:\program files (x86)\MyWebSearch\bar\Notifier\SURFER.F3S
c:\program files (x86)\MyWebSearch\bar\Search\COMMON.F3S
c:\program files (x86)\MyWebSearch\bar\Settings\prevcfg2.htm
c:\program files (x86)\MyWebSearch\bar\Settings\s_pid.dat
c:\program files (x86)\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL
c:\program files (x86)\MyWebSearch\SrchAstt\3.bin\MWSSRCAS.DLL
c:\users\Cindy\WINDOWS
.
.
((((((((((((((((((((((((( Files Created from 2011-09-07 to 2011-10-07 )))))))))))))))))))))))))))))))
.
.
2011-10-07 20:32 . 2011-10-07 20:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-07 19:48 . 2011-10-07 19:48 -------- d-----w- C:\_OTL
2011-10-05 18:43 . 2011-10-05 18:43 -------- d-----w- c:\program files\Windows Live
2011-10-04 22:33 . 2011-10-05 18:44 -------- d-----w- c:\program files (x86)\Windows Live
2011-10-04 20:58 . 2011-10-04 20:58 2717096 ----a-w- c:\windows\system32\auto_reactivate.exe
2011-10-04 20:58 . 2011-10-04 20:58 -------- d-----r- C:\bootwiz
2011-10-04 20:13 . 2011-10-04 21:56 -------- d-----r- C:\acroldr
2011-10-04 15:26 . 2011-10-04 15:26 -------- d-----w- c:\programdata\Screentime
2011-10-04 15:24 . 2011-10-04 15:27 -------- d-----w- c:\users\Cindy\AppData\Local\Screentime
2011-10-01 16:29 . 2011-10-01 16:29 -------- d-----w- c:\users\Cindy\AppData\Roaming\AVG2012
2011-10-01 16:29 . 2011-10-07 20:15 -------- d-----w- c:\programdata\AVG2012
2011-09-29 03:36 . 2011-09-29 03:38 -------- d-----w- C:\abf1aed52ee70de0790e0332
2011-09-24 16:14 . 2011-09-24 16:27 -------- d-----w- c:\users\Cindy\AppData\Local\Microsoft Games
2011-09-24 15:04 . 2011-01-20 17:27 74824 --s---w- c:\windows\system32\drivers\TfSysMon.sys
2011-09-24 15:04 . 2011-01-20 17:27 65072 --s---w- c:\windows\system32\drivers\TfFsMon.sys
2011-09-24 15:04 . 2011-01-20 17:27 41888 --s---w- c:\windows\system32\drivers\TfNetMon.sys
2011-09-24 15:02 . 2011-09-24 15:02 -------- d-----w- C:\PROGRAM FILES (X86) (X86)
2011-09-23 23:32 . 2011-09-23 23:32 388096 ----a-r- c:\users\Cindy\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-09-23 23:32 . 2011-09-23 23:32 -------- d-----w- c:\program files (x86)\Trend Micro
2011-09-23 19:40 . 2010-07-16 18:53 816016 ----a-w- c:\windows\system32\drivers\pctEFA64.sys
2011-09-23 19:40 . 2010-06-29 14:35 452872 ----a-w- c:\windows\system32\drivers\pctDS64.sys
2011-09-23 19:40 . 2011-07-11 13:05 337048 ----a-w- c:\windows\system32\drivers\pctgntdi64.sys
2011-09-23 19:40 . 2011-07-11 13:05 143896 ----a-w- c:\windows\system32\drivers\pctwfpfilter64.sys
2011-09-23 19:40 . 2011-07-11 16:02 282440 ----a-w- c:\windows\system32\drivers\PCTCore64.sys
2011-09-23 19:40 . 2011-03-10 13:08 279344 ----a-w- c:\windows\system32\drivers\PCTSD64.sys
2011-09-23 19:40 . 2011-07-11 13:07 92896 ----a-w- c:\windows\system32\drivers\pctplsg64.sys
2011-09-23 19:39 . 2011-10-07 20:04 -------- d-----w- c:\program files (x86)\PC Tools Security
2011-09-23 19:39 . 2011-09-23 19:41 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
2011-09-23 19:38 . 2011-09-24 15:04 -------- d-----w- c:\programdata\PC Tools
2011-09-23 15:24 . 2011-09-23 15:24 472808 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2011-09-17 00:49 . 2011-09-17 00:50 -------- d-----w- c:\program files (x86)\Cooking Dash 3 - Thrills and Spills Collector's Edition
2011-09-09 23:36 . 2011-09-09 23:36 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-05 18:43 . 2011-03-28 22:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-09-28 14:49 . 2011-05-15 15:02 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-09-23 15:24 . 2010-10-21 15:42 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-08-22 21:27 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-08-22 21:27 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-07-22 05:22 . 2011-08-11 14:28 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-22 04:54 . 2011-08-11 14:28 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-07-16 05:41 . 2011-08-11 14:28 362496 ----a-w- c:\windows\system32\wow64win.dll
2011-07-16 05:41 . 2011-08-11 14:28 243200 ----a-w- c:\windows\system32\wow64.dll
2011-07-16 05:41 . 2011-08-11 14:28 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2011-07-16 05:39 . 2011-08-11 14:28 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2011-07-16 05:37 . 2011-08-11 14:28 421888 ----a-w- c:\windows\system32\KernelBase.dll
2011-07-16 05:21 . 2011-08-11 14:28 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-16 05:21 . 2011-08-11 14:28 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 05:21 . 2011-08-11 14:28 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-16 05:21 . 2011-08-11 14:28 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-07-16 05:21 . 2011-08-11 14:28 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-16 05:21 . 2011-08-11 14:28 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 05:21 . 2011-08-11 14:28 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-07-16 05:21 . 2011-08-11 14:28 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-07-16 05:21 . 2011-08-11 14:28 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-16 05:21 . 2011-08-11 14:28 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-16 05:21 . 2011-08-11 14:28 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-16 05:21 . 2011-08-11 14:28 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-16 05:21 . 2011-08-11 14:28 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-07-16 05:21 . 2011-08-11 14:28 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-07-16 05:21 . 2011-08-11 14:28 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-16 05:21 . 2011-08-11 14:28 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-07-16 05:21 . 2011-08-11 14:28 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-07-16 05:21 . 2011-08-11 14:28 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-16 05:21 . 2011-08-11 14:28 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-07-16 05:21 . 2011-08-11 14:28 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-07-16 05:21 . 2011-08-11 14:28 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-07-16 05:21 . 2011-08-11 14:28 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-07-16 05:21 . 2011-08-11 14:28 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-07-16 05:21 . 2011-08-11 14:28 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-16 05:21 . 2011-08-11 14:28 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-07-16 05:21 . 2011-08-11 14:28 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-07-16 05:21 . 2011-08-11 14:28 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-07-16 05:21 . 2011-08-11 14:28 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-07-16 04:29 . 2011-08-11 14:28 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2011-07-16 04:26 . 2011-08-11 14:28 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-07-16 04:25 . 2011-08-11 14:28 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2011-07-16 04:24 . 2011-08-11 14:28 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2011-07-16 04:24 . 2011-08-11 14:28 272384 ----a-w- c:\windows\SysWow64\KernelBase.dll
2011-07-16 04:15 . 2011-08-11 14:28 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 14:28 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 14:28 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 14:28 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 14:28 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 14:28 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 14:28 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 14:28 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 14:28 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 14:28 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 14:28 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 14:28 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 14:28 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 14:28 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 14:28 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 14:28 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 14:28 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 14:28 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 14:28 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 14:28 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 14:28 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 14:28 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 14:28 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 14:28 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
2011-07-16 02:21 . 2011-08-11 14:28 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2011-07-16 02:21 . 2011-08-11 14:28 2048 ----a-w- c:\windows\SysWow64\user.exe
2011-07-16 02:17 . 2011-08-11 14:28 6144 ---ha-w- c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:17 . 2011-08-11 14:28 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:17 . 2011-08-11 14:28 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:17 . 2011-08-11 14:28 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-07-12 15:34 . 2011-07-12 15:34 96104 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 15:34 . 2011-07-12 15:34 85864 ----a-w- c:\windows\system32\dnssd.dll
2011-07-12 15:20 . 2011-07-12 15:20 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe
2011-07-12 15:20 . 2011-07-12 15:20 73064 ----a-w- c:\windows\SysWow64\dnssd.dll
2009-01-13 13:47 . 2009-01-13 13:46 4566456 ----a-w- c:\program files (x86)\Shockwave_Installer_Slim.exe
2008-07-25 01:05 . 2008-07-25 01:05 0 ----a-w- c:\program files (x86)\LittleShopRoadTripInstall.exe
2008-07-20 22:32 . 2008-07-20 22:32 1277680 ----a-w- c:\program files (x86)\couponprinter.exe
2008-07-04 20:04 . 2008-07-04 20:03 10421744 ----a-w- c:\program files (x86)\AnAmericanTribute.exe
2008-07-04 03:19 . 2008-07-04 03:19 729240 ----a-w- c:\program files (x86)\Install_HometownHarvest.EXE
2006-11-30 16:20 . 2006-11-30 16:21 774144 ----a-w- c:\program files (x86)\RngInterstitial.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]
"SmileboxTray"="c:\users\Cindy\AppData\Roaming\Smilebox\SmileboxTray.exe" [2011-08-25 313160]
"PhotoShow Deluxe Media Manager"="c:\progra~2\Comcast\COMCAS~1\data\Xtras\mssysmgr.exe" [2005-05-09 192512]
"Fitbit Service Monitor"="c:\program files (x86)\Fitbit\fitbit-tray.exe" [2011-07-11 2162296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2009-09-12 5048488]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-08-19 421736]
.
c:\users\Cindy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Jacquie Lawson Advent Calendar.lnk - c:\program files (x86)\Jacquie Lawson Advent Calendar\Jacquie Lawson Advent Calendar\Jacquie Lawson Advent Calendar.exe [2010-11-10 142336]
RemindMe.lnk - c:\program files (x86)\Remind-Me\RemindMe.exe [2008-11-11 639488]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-9-28 1207312]
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0auto_reactivate \\?\Volume{453f4783-e961-11de-b096-806e6f6e6963}\bootwiz\asrm.bin
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^myRCI.lnk]
backup=c:\windows\pss\myRCI.lnkCommon Startup
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\myRCI.lnk
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-01 136176]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-01 136176]
R3 pctplsg;pctplsg;c:\windows\System32\drivers\pctplsg64.sys [x]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\PC Tools Security\pctsAuxs.exe [2011-02-18 371472]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x]
R3 ThreatFire;ThreatFire;c:\program files (x86)\PC Tools Security\TFEngine\TFService.exe service [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [x]
S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS64.sys [x]
S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA64.sys [x]
S0 tdrpman251;Acronis Try&Decide and Restore Points filter (build 251);c:\windows\system32\DRIVERS\tdrpm251.sys [x]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x]
S0 TFSysMon;TFSysMon;c:\windows\system32\drivers\TfSysMon.sys [x]
S1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi64.sys [x]
S1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\Drivers\PCTSD64.sys [x]
S2 afcdpsrv;Acronis Nonstop Backup service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2010-01-03 2326920]
S2 Fitbit;Fitbit Data Uploader;c:\program files (x86)\Fitbit\fitbit.exe [2011-07-11 786040]
S2 iWinTrusted;iWinTrusted;c:\program files (x86)\iWin Games\iWinTrusted.exe [2010-09-02 176408]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 SIUSBXP;SIUSBXP;c:\windows\system32\drivers\SiUSBXp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-01 20:26]
.
2011-10-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-01 20:26]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2009-09-12 357384]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\SysWOW64\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office10\EXCEL.EXE/3000
LSP: c:\program files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
TCP: DhcpNameServer = 208.67.222.222 208.67.220.220 68.87.64.150
FF - ProfilePath - c:\users\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\oi6da432.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxp://xfinity.comcast.net/home/p/
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cbce0dd&v=7.008.031.001&i=23&tp=ab&iy=&ychte=us&lng=en-US&q=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
MSConfigStartUp-swg - c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
MSConfigStartUp-updateMgr - c:\program files (x86)\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
AddRemove-Cake Mania Lights, Camera, Action! - c:\program files (x86)\Sandlot Games\Cake Mania Lights
AddRemove-FITBIT&10C4&84C4 - c:\windows\system32\Silabs\DriverUninstaller.exe USBXpress\FITBIT&10C4&84C4
AddRemove-Photo Organizer 1.8 - c:\progra~2\CREATACARD\PHOTOO~1.8\DeIsL1.isu
AddRemove-Weather Services - c:\progra~2\THEWEA~1\FRAMEW~1\wxfw.cpl
AddRemove-Octoshape add-in for Adobe Flash Player - c:\users\Cindy\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{8D8763AB-E93B-4812-964E-F04E0008FD50}\Version]
@Denied: (A) (Everyone)
@="{8D8763AB-E93B-4812-964E-F04E0008FD50}"
"GlobalState"=hex:8d,d0,cf,e4,08,49,b7,12,f8,7c,99,bc,99,24,6a,8f,7c,46,7b,d2
"RevocationList"=hex:ce,8f,c3,0b,9a,1a,07,61,bc,e0,33,3f,c0,a1,e1,41,c6,73,4d,
66
"{069B8C5F-E5A6-41E0-A502-DB9C88E0BF93}"=hex:9f,cd,c4,fa,f4,0e,9b,c0,63,c9,cd,
8e,f0,03,0c,f6,b4,c2,e7,80
"{199754F7-A515-403C-89EE-6863B7C415FE}"=hex:eb,2a,6a,cb,6e,cd,19,d1,2d,53,e1,
94,98,53,97,0b,65,84,b6,e7
"{4BE3E980-A72B-4487-A66A-656925CE2DC2}"=hex:8c,87,f2,d7,e3,4d,74,a8,cd,b1,fd,
2c,a3,6d,a3,d3,90,fd,ad,22
"{DE819886-D5CF-4898-A6A5-D28011932BDE}"=hex:3c,56,46,fa,db,5a,6f,70,7b,f5,fd,
91,5b,64,a3,94,1b,5f,3d,cb
"{DF2F64C0-D7A8-49B7-8E8F-BA4D8D5D199F}"=hex:fd,9b,ed,71,ba,8e,0b,d4,e5,83,4f,
30,5d,4a,8d,20,cf,b3,7b,88
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-10-07 16:35:18
ComboFix-quarantined-files.txt 2011-10-07 20:35
.
Pre-Run: 165,874,266,112 bytes free
Post-Run: 165,752,475,648 bytes free
.
- - End Of File - - E893FA980EC853DDCA3546DC0E4F5220
  • 0

#6
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hi!

I'd like for you to re-run TDSSKiller and fix the entry for the infected \Device\Harddisk0\DR0 ( TDSS File System ) infection.


ComboFix Script
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

KillAll::
DirLook::
C:\abf1aed52ee70de0790e0332

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. If ComboFix prompts you to update to the newest version, please allow it to do so. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
  • 0

#7
umdad06

umdad06

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
ComboFix 11-10-08.02 - Cindy 10/08/2011 14:31:49.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4094.2978 [GMT -4:00]
Running from: c:\users\Cindy\Desktop\ComboFix.exe
Command switches used :: c:\users\Cindy\Desktop\CFScript.txt
SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-09-08 to 2011-10-08 )))))))))))))))))))))))))))))))
.
.
2011-10-08 18:44 . 2011-10-08 18:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-07 21:34 . 2011-10-07 21:36 -------- d-----w- c:\program files (x86)\Windows Live
2011-10-07 21:34 . 2011-10-07 21:34 -------- d-----w- c:\program files\Windows Live
2011-10-07 19:48 . 2011-10-07 19:48 -------- d-----w- C:\_OTL
2011-10-04 20:58 . 2011-10-04 20:58 2717096 ----a-w- c:\windows\system32\auto_reactivate.exe
2011-10-04 20:58 . 2011-10-04 20:58 -------- d-----r- C:\bootwiz
2011-10-04 20:13 . 2011-10-04 21:56 -------- d-----r- C:\acroldr
2011-10-04 15:26 . 2011-10-04 15:26 -------- d-----w- c:\programdata\Screentime
2011-10-04 15:24 . 2011-10-04 15:27 -------- d-----w- c:\users\Cindy\AppData\Local\Screentime
2011-10-01 16:29 . 2011-10-01 16:29 -------- d-----w- c:\users\Cindy\AppData\Roaming\AVG2012
2011-10-01 16:29 . 2011-10-08 18:27 -------- d-----w- c:\programdata\AVG2012
2011-09-29 03:36 . 2011-09-29 03:38 -------- d-----w- C:\abf1aed52ee70de0790e0332
2011-09-24 16:14 . 2011-09-24 16:27 -------- d-----w- c:\users\Cindy\AppData\Local\Microsoft Games
2011-09-24 15:04 . 2011-01-20 17:27 74824 --s---w- c:\windows\system32\drivers\TfSysMon.sys
2011-09-24 15:04 . 2011-01-20 17:27 65072 --s---w- c:\windows\system32\drivers\TfFsMon.sys
2011-09-24 15:04 . 2011-01-20 17:27 41888 --s---w- c:\windows\system32\drivers\TfNetMon.sys
2011-09-24 15:02 . 2011-09-24 15:02 -------- d-----w- C:\PROGRAM FILES (X86) (X86)
2011-09-23 23:32 . 2011-09-23 23:32 388096 ----a-r- c:\users\Cindy\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-09-23 23:32 . 2011-09-23 23:32 -------- d-----w- c:\program files (x86)\Trend Micro
2011-09-23 19:40 . 2010-07-16 18:53 816016 ----a-w- c:\windows\system32\drivers\pctEFA64.sys
2011-09-23 19:40 . 2010-06-29 14:35 452872 ----a-w- c:\windows\system32\drivers\pctDS64.sys
2011-09-23 19:40 . 2011-07-11 13:05 337048 ----a-w- c:\windows\system32\drivers\pctgntdi64.sys
2011-09-23 19:40 . 2011-07-11 13:05 143896 ----a-w- c:\windows\system32\drivers\pctwfpfilter64.sys
2011-09-23 19:40 . 2011-07-11 16:02 282440 ----a-w- c:\windows\system32\drivers\PCTCore64.sys
2011-09-23 19:40 . 2011-03-10 13:08 279344 ----a-w- c:\windows\system32\drivers\PCTSD64.sys
2011-09-23 19:40 . 2011-07-11 13:07 92896 ----a-w- c:\windows\system32\drivers\pctplsg64.sys
2011-09-23 19:39 . 2011-10-08 18:28 -------- d-----w- c:\program files (x86)\PC Tools Security
2011-09-23 19:39 . 2011-09-23 19:41 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
2011-09-23 19:38 . 2011-09-24 15:04 -------- d-----w- c:\programdata\PC Tools
2011-09-23 15:24 . 2011-09-23 15:24 472808 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2011-09-17 00:49 . 2011-09-17 00:50 -------- d-----w- c:\program files (x86)\Cooking Dash 3 - Thrills and Spills Collector's Edition
2011-09-09 23:36 . 2011-09-09 23:36 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-07 21:33 . 2011-03-28 22:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-09-28 14:49 . 2011-05-15 15:02 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-09-23 15:24 . 2010-10-21 15:42 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-08-22 21:27 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-08-22 21:27 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-07-22 05:22 . 2011-08-11 14:28 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-22 04:54 . 2011-08-11 14:28 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-07-16 05:41 . 2011-08-11 14:28 362496 ----a-w- c:\windows\system32\wow64win.dll
2011-07-16 05:41 . 2011-08-11 14:28 243200 ----a-w- c:\windows\system32\wow64.dll
2011-07-16 05:41 . 2011-08-11 14:28 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2011-07-16 05:39 . 2011-08-11 14:28 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2011-07-16 05:37 . 2011-08-11 14:28 421888 ----a-w- c:\windows\system32\KernelBase.dll
2011-07-16 05:21 . 2011-08-11 14:28 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-16 05:21 . 2011-08-11 14:28 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 05:21 . 2011-08-11 14:28 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-16 05:21 . 2011-08-11 14:28 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-07-16 05:21 . 2011-08-11 14:28 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-16 05:21 . 2011-08-11 14:28 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 05:21 . 2011-08-11 14:28 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-07-16 05:21 . 2011-08-11 14:28 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-07-16 05:21 . 2011-08-11 14:28 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-16 05:21 . 2011-08-11 14:28 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-16 05:21 . 2011-08-11 14:28 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-16 05:21 . 2011-08-11 14:28 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-16 05:21 . 2011-08-11 14:28 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-07-16 05:21 . 2011-08-11 14:28 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-07-16 05:21 . 2011-08-11 14:28 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-16 05:21 . 2011-08-11 14:28 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-07-16 05:21 . 2011-08-11 14:28 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-07-16 05:21 . 2011-08-11 14:28 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-16 05:21 . 2011-08-11 14:28 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-07-16 05:21 . 2011-08-11 14:28 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-07-16 05:21 . 2011-08-11 14:28 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-07-16 05:21 . 2011-08-11 14:28 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-07-16 05:21 . 2011-08-11 14:28 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-07-16 05:21 . 2011-08-11 14:28 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-16 05:21 . 2011-08-11 14:28 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-07-16 05:21 . 2011-08-11 14:28 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-07-16 05:21 . 2011-08-11 14:28 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-07-16 05:21 . 2011-08-11 14:28 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-07-16 04:29 . 2011-08-11 14:28 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2011-07-16 04:26 . 2011-08-11 14:28 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-07-16 04:25 . 2011-08-11 14:28 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2011-07-16 04:24 . 2011-08-11 14:28 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2011-07-16 04:24 . 2011-08-11 14:28 272384 ----a-w- c:\windows\SysWow64\KernelBase.dll
2011-07-16 04:15 . 2011-08-11 14:28 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 14:28 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 14:28 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 14:28 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 14:28 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 14:28 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 14:28 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 14:28 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 14:28 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 14:28 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 14:28 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 14:28 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 14:28 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 14:28 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 14:28 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 14:28 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 14:28 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 14:28 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 14:28 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 14:28 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 14:28 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 14:28 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 14:28 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 14:28 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
2011-07-16 02:21 . 2011-08-11 14:28 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2011-07-16 02:21 . 2011-08-11 14:28 2048 ----a-w- c:\windows\SysWow64\user.exe
2011-07-16 02:17 . 2011-08-11 14:28 6144 ---ha-w- c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:17 . 2011-08-11 14:28 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:17 . 2011-08-11 14:28 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:17 . 2011-08-11 14:28 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-07-12 15:34 . 2011-07-12 15:34 96104 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 15:34 . 2011-07-12 15:34 85864 ----a-w- c:\windows\system32\dnssd.dll
2011-07-12 15:20 . 2011-07-12 15:20 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe
2011-07-12 15:20 . 2011-07-12 15:20 73064 ----a-w- c:\windows\SysWow64\dnssd.dll
2009-01-13 13:47 . 2009-01-13 13:46 4566456 ----a-w- c:\program files (x86)\Shockwave_Installer_Slim.exe
2008-07-25 01:05 . 2008-07-25 01:05 0 ----a-w- c:\program files (x86)\LittleShopRoadTripInstall.exe
2008-07-20 22:32 . 2008-07-20 22:32 1277680 ----a-w- c:\program files (x86)\couponprinter.exe
2008-07-04 20:04 . 2008-07-04 20:03 10421744 ----a-w- c:\program files (x86)\AnAmericanTribute.exe
2008-07-04 03:19 . 2008-07-04 03:19 729240 ----a-w- c:\program files (x86)\Install_HometownHarvest.EXE
2006-11-30 16:20 . 2006-11-30 16:21 774144 ----a-w- c:\program files (x86)\RngInterstitial.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of C:\abf1aed52ee70de0790e0332 ----
.
.
.
((((((((((((((((((((((((((((( [email protected]_20.32.48 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-12-15 18:18 . 2011-10-08 18:29 52644 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-10-08 18:29 40772 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-12-15 18:18 . 2011-10-08 18:29 20230 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4145606269-2082706827-3579644514-1000_UserData.bin
- 2009-12-15 10:45 . 2011-10-07 19:55 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-15 10:45 . 2011-10-08 14:52 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-15 10:45 . 2011-10-08 14:52 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-12-15 10:45 . 2011-10-07 19:55 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-10-08 14:52 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-10-07 19:55 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-12-15 06:54 . 2011-10-08 18:46 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-15 06:54 . 2011-10-07 20:16 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:46 . 2011-10-08 14:56 92432 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2009-12-15 06:54 . 2011-10-08 18:46 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-12-15 06:54 . 2011-10-07 20:16 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-12-15 06:54 . 2011-10-08 18:46 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-12-15 06:54 . 2011-10-07 20:16 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-12-14 06:57 . 2011-10-07 20:16 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-14 06:57 . 2011-10-08 18:46 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-14 06:57 . 2011-10-08 18:46 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-12-14 06:57 . 2011-10-07 20:16 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-10-07 21:32 . 2011-10-07 21:32 29184 c:\windows\Installer\86097.msp
+ 2011-10-07 21:31 . 2011-10-07 21:31 67072 c:\windows\Installer\86091.msi
+ 2011-10-07 21:33 . 2011-10-07 21:33 39936 c:\windows\Installer\85fcf.msp
+ 2011-10-07 21:33 . 2011-10-07 21:33 74240 c:\windows\Installer\85fca.msi
+ 2011-10-07 21:33 . 2011-10-07 21:33 26112 c:\windows\Installer\85fc6.msi
- 2011-10-07 20:15 . 2011-10-07 20:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-10-08 18:45 . 2011-10-08 18:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-10-08 18:45 . 2011-10-08 18:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-10-07 20:15 . 2011-10-07 20:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 04:54 . 2011-10-07 19:55 229376 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-10-08 18:27 229376 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-10-07 19:55 704512 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-10-08 18:27 704512 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 02:36 . 2011-10-07 20:22 623940 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-10-08 18:34 623940 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-10-07 20:22 106316 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2011-10-08 18:34 106316 c:\windows\system32\perfc009.dat
- 2009-12-14 06:57 . 2011-10-07 20:05 262144 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-12-14 06:57 . 2011-10-08 18:21 262144 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:01 . 2011-10-07 20:14 259070 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-10-08 18:44 259070 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-10-07 21:36 . 2011-10-07 21:36 509952 c:\windows\Installer\860c6.msp
+ 2011-10-07 21:36 . 2011-10-07 21:36 468480 c:\windows\Installer\860bc.msp
+ 2011-10-07 21:35 . 2011-10-07 21:35 636416 c:\windows\Installer\860ae.msp
+ 2011-10-07 21:32 . 2011-10-07 21:32 626688 c:\windows\Installer\860a4.msp
+ 2011-10-07 21:34 . 2011-10-07 21:34 715264 c:\windows\Installer\8602b.msp
+ 2011-10-07 21:33 . 2011-10-07 21:33 136704 c:\windows\Installer\8600f.msp
+ 2011-10-07 21:32 . 2011-10-07 21:32 429056 c:\windows\Installer\8600a.msi
+ 2011-10-07 21:32 . 2011-10-07 21:32 147968 c:\windows\Installer\86006.msi
+ 2009-07-14 04:54 . 2011-10-08 18:27 3571712 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-10-07 19:55 3571712 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:45 . 2011-10-04 23:37 7207748 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:45 . 2011-10-08 00:02 7207748 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2010-11-03 03:40 . 2011-10-07 20:14 2321912 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4145606269-2082706827-3579644514-1000-12288.dat
+ 2010-11-03 03:40 . 2011-10-08 18:25 2321912 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4145606269-2082706827-3579644514-1000-12288.dat
+ 2011-10-07 21:36 . 2011-10-07 21:36 4175360 c:\windows\Installer\860c1.msi
+ 2011-10-07 21:35 . 2011-10-07 21:35 1070592 c:\windows\Installer\860b2.msi
+ 2011-10-07 21:35 . 2011-10-07 21:35 3410944 c:\windows\Installer\860a8.msi
+ 2011-10-07 21:32 . 2011-10-07 21:32 1492992 c:\windows\Installer\8609b.msi
+ 2011-10-07 21:35 . 2011-10-07 21:35 3313152 c:\windows\Installer\8608c.msp
+ 2011-10-07 21:35 . 2011-10-07 21:35 8332288 c:\windows\Installer\86070.msi
+ 2011-10-07 21:35 . 2011-10-07 21:35 2956288 c:\windows\Installer\8606c.msp
+ 2011-10-07 21:35 . 2011-10-07 21:35 8313856 c:\windows\Installer\86052.msi
+ 2011-10-07 21:35 . 2011-10-07 21:35 5872128 c:\windows\Installer\8604e.msp
+ 2011-10-07 21:34 . 2011-10-07 21:34 3734016 c:\windows\Installer\86033.msi
+ 2011-10-07 21:34 . 2011-10-07 21:34 3664384 c:\windows\Installer\8602f.msi
+ 2011-10-07 21:34 . 2011-10-07 21:34 2310656 c:\windows\Installer\86023.msi
+ 2011-10-07 21:34 . 2011-10-07 21:34 1139200 c:\windows\Installer\8601f.msp
+ 2011-10-07 21:33 . 2011-10-07 21:33 4004864 c:\windows\Installer\86013.msi
+ 2011-10-07 21:32 . 2011-10-07 21:32 2343936 c:\windows\Installer\86002.msi
+ 2011-10-07 21:32 . 2011-10-07 21:32 4680704 c:\windows\Installer\85ffe.msi
+ 2011-10-07 21:32 . 2011-10-07 21:32 2933248 c:\windows\Installer\85ffa.msp
+ 2011-10-07 21:32 . 2011-10-07 21:32 7710720 c:\windows\Installer\85fe6.msi
+ 2011-10-07 21:31 . 2011-10-07 21:31 4425728 c:\windows\Installer\85fe2.msp
+ 2011-10-07 21:31 . 2011-10-07 21:31 9433088 c:\windows\Installer\85fd3.msi
+ 2008-07-17 18:47 . 2008-07-17 18:47 2081792 c:\windows\Installer\85fc2.msi
+ 2011-10-07 21:33 . 2011-10-07 21:33 8822784 c:\windows\Installer\85fbe.msi
+ 2011-10-07 20:57 . 2011-10-07 20:57 7560704 c:\windows\Installer\28436d.msi
+ 2011-10-07 20:58 . 2011-10-07 20:58 2830336 c:\windows\Installer\284369.msi
+ 2011-10-07 21:34 . 2011-10-07 21:34 13850624 c:\windows\Installer\86037.msi
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]
"SmileboxTray"="c:\users\Cindy\AppData\Roaming\Smilebox\SmileboxTray.exe" [2011-08-25 313160]
"PhotoShow Deluxe Media Manager"="c:\progra~2\Comcast\COMCAS~1\data\Xtras\mssysmgr.exe" [2005-05-09 192512]
"Fitbit Service Monitor"="c:\program files (x86)\Fitbit\fitbit-tray.exe" [2011-07-11 2162296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2009-09-12 5048488]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-08-19 421736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/w...536b9cb3af4234" [?]
.
c:\users\Cindy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Jacquie Lawson Advent Calendar.lnk - c:\program files (x86)\Jacquie Lawson Advent Calendar\Jacquie Lawson Advent Calendar\Jacquie Lawson Advent Calendar.exe [2010-11-10 142336]
RemindMe.lnk - c:\program files (x86)\Remind-Me\RemindMe.exe [2008-11-11 639488]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-9-28 1207312]
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0auto_reactivate \\?\Volume{453f4783-e961-11de-b096-806e6f6e6963}\bootwiz\asrm.bin
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^myRCI.lnk]
backup=c:\windows\pss\myRCI.lnkCommon Startup
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\myRCI.lnk
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
c:\program files (x86)\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [BU]
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-01 136176]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-01 136176]
R3 pctplsg;pctplsg;c:\windows\System32\drivers\pctplsg64.sys [x]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\PC Tools Security\pctsAuxs.exe [2011-02-18 371472]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x]
R3 ThreatFire;ThreatFire;c:\program files (x86)\PC Tools Security\TFEngine\TFService.exe service [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [x]
S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS64.sys [x]
S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA64.sys [x]
S0 tdrpman251;Acronis Try&Decide and Restore Points filter (build 251);c:\windows\system32\DRIVERS\tdrpm251.sys [x]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x]
S0 TFSysMon;TFSysMon;c:\windows\system32\drivers\TfSysMon.sys [x]
S1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi64.sys [x]
S1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\Drivers\PCTSD64.sys [x]
S2 afcdpsrv;Acronis Nonstop Backup service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2010-01-03 2326920]
S2 Fitbit;Fitbit Data Uploader;c:\program files (x86)\Fitbit\fitbit.exe [2011-07-11 786040]
S2 iWinTrusted;iWinTrusted;c:\program files (x86)\iWin Games\iWinTrusted.exe [2010-09-02 176408]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 SIUSBXP;SIUSBXP;c:\windows\system32\drivers\SiUSBXp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-01 20:26]
.
2011-10-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-01 20:26]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2009-09-12 357384]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\SysWOW64\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office10\EXCEL.EXE/3000
LSP: c:\program files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
TCP: DhcpNameServer = 208.67.222.222 208.67.220.220 68.87.64.150
FF - ProfilePath - c:\users\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\oi6da432.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxp://xfinity.comcast.net/home/p/
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cbce0dd&v=7.008.031.001&i=23&tp=ab&iy=&ychte=us&lng=en-US&q=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{8D8763AB-E93B-4812-964E-F04E0008FD50}\Version]
@Denied: (A) (Everyone)
@="{8D8763AB-E93B-4812-964E-F04E0008FD50}"
"GlobalState"=hex:8d,d0,cf,e4,08,49,b7,12,f8,7c,99,bc,99,24,6a,8f,7c,46,7b,d2
"RevocationList"=hex:ce,8f,c3,0b,9a,1a,07,61,bc,e0,33,3f,c0,a1,e1,41,c6,73,4d,
66
"{069B8C5F-E5A6-41E0-A502-DB9C88E0BF93}"=hex:9f,cd,c4,fa,f4,0e,9b,c0,63,c9,cd,
8e,f0,03,0c,f6,b4,c2,e7,80
"{199754F7-A515-403C-89EE-6863B7C415FE}"=hex:eb,2a,6a,cb,6e,cd,19,d1,2d,53,e1,
94,98,53,97,0b,65,84,b6,e7
"{4BE3E980-A72B-4487-A66A-656925CE2DC2}"=hex:8c,87,f2,d7,e3,4d,74,a8,cd,b1,fd,
2c,a3,6d,a3,d3,90,fd,ad,22
"{DE819886-D5CF-4898-A6A5-D28011932BDE}"=hex:3c,56,46,fa,db,5a,6f,70,7b,f5,fd,
91,5b,64,a3,94,1b,5f,3d,cb
"{DF2F64C0-D7A8-49B7-8E8F-BA4D8D5D199F}"=hex:fd,9b,ed,71,ba,8e,0b,d4,e5,83,4f,
30,5d,4a,8d,20,cf,b3,7b,88
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Java\jre6\bin\jqs.exe
c:\program files (x86)\Comcast\Comcast PhotoShow 4\data\Xtras\mssysmgr.exe
c:\program files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
c:\program files\Logitech\SetPoint\x86\SetPoint32.exe
.
**************************************************************************
.
Completion time: 2011-10-08 14:51:23 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-08 18:51
ComboFix2.txt 2011-10-07 20:35
.
Pre-Run: 163,582,312,448 bytes free
Post-Run: 163,396,624,384 bytes free
.
- - End Of File - - 295526D36C0ABD1E544F06EABCDC1692
  • 0

#8
umdad06

umdad06

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
I forgot to mention that TDSSKiller Found No Infection when I ran it again as you asked.
  • 0

#9
umdad06

umdad06

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
A short while after finishing with your instructions and re-enabling Spyware Doctor, Spyware Doctor popped up a message that it had found 2 Threats and 30 infections, and was able to fix all of them. The threats were Trojan.Downloader.Murlo (6 infections) and Trojan.Generic (24 infections). Thought this information might be helpful to you.
  • 0

#10
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hi!

Thanks for that information. Spyware Doctor has always been a bit overzealous when it comes to detecting things.

Lets run a few more scans and see what they find:


ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.



  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option "Remove found threats" is Unchecked
  • When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):
    • Enable Anti-Stealth technology
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NEXT:


Security Check
Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

  • 0

#11
umdad06

umdad06

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
In the last couple of days while working on this, the computer has developed more and more problems. Windows Live Mail would not allow to type a message, Firefox would often stop working and have to be restarted, and yesterday when I tried to uninstall AVG Free to run your tests, it would not uninstall. Plus I am still getting warnings about trojans, etc. In view of all this, today I did a clean install of Windows 7 and am in the process of restoring back up files and programs. In the long run this is probably the best solution. I would like to thank you for your help in dealing with this problem. I wish it could have been an easier solution, but a reinstall is more certain to fix these problems. Thank you, SweetTech.

Jim
  • 0

#12
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
No worries Jim! I completely understand where you are coming from, and a clean install is sometimes the fastest option to take with an infected computer.

This is what I usually provide to my users once they are clean hopefully this information can be useful to you:


All Clean Speech

===> Make sure you've re-enabled any Security Programs that we may have disabled during the malware removal process. <===



Below I have included a number of recommendations for how to protect your computer against malware infections.


Updated Anti-Virus Program
It's essential that you have an updated anti-virus program running on your computer. You don't want to run more than one as it can cause program conflicts, as well as false positives

You can view an excellent list of Free Security Software programs that has been compiled by GeekstoGo.


Avoid P2P Programs

Remember that no matter how clean the program you're using for peer-to-peer filesharing may be, it offers no guarantees regarding the cleanliness of files you may choose to download. All files available via p2p filesharing carry a high risk, particularly those that offer you illegitimate methods of using legitimate software programs without paying for them. Some further readings on this subject, along the included links, are as follows: File-Sharing, otherwise known as Peer To Peer and Risks of File-Sharing Technology.

If you have any of these programs installed then I highly suggest you uninstall them.

NOTE: Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.


Internet Browsers

Many of the users that I assist here on the forums, ask me which programs they can use to prevent themselves from getting infected again in the future. The best answer I can give you is too practice safe browsing.

Please consider using an alternative browser such as Google Chrome or Opera. They are both much more secure than Internet Explorer, immune to almost all known browser hijackers, and also have great built-in pop-up blockers.

I also suggest you make your Internet Explore more secure.


Make Internet Explorer more secure

  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.



Extra Goodies

  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them
    then consider a password keeper, to keep all your passwords safe.
  • Keep Windows updated by regularly checking their website at: http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.
  • You should run an updated scan with MalwareBytes' Anti-Malware weekly. Instructions are included below:

    • Open Malwarebytes' Anti-Malware
    • Select the Update tab
    • Click Check for Updates

  • Be weary of e-mails from unknown senders. Keep the following in mind as well: If it's to good to be true, then it more than likely is.

  • FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for Chrome and Opera.
  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
  • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:
    Think Prevention.
    PC Safety and Security--What Do I Need?.
**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Cheers,
SweetTech.
  • 0

#13
umdad06

umdad06

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Thank you!
  • 0

#14
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP