What the Tech logo
Welcome to What the Tech! Register for a free account, or login > How does it work? We specialize in the removal of malicious software (malware),
but here you'll find free help and support for all your tech questions. We invite you to ask questions, share experiences, and learn.
Spyware, Virus, Trojan, Rootkit? Remove malware -> Read this before posting a hijackthis logNeed help starting a new topic?
To avoid confusion, please do not post your question in someone else's topic. Start your own. Stay with your original topic when posting a follow up.
 
 Closed TopicStart new topic
> [Closed] Computer running abnormally, Computer is Windows 64bit Vista - Cant use DDS/Rootrepeal
Aton
post Oct 31 2009, 02:53 PM
Post #1


Authentic Member
**

Group: Authentic Member
Posts: 40
Joined: 26-April 09
Member No.: 85,455
Operating System: Windows XP
I can use Erunt but not those. It says they don't support my OS. Anyway - here's the HiJackThis log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:52:38 PM, on 10/31/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18319)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\AIM6\aim6.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files (x86)\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe
C:\Program Files\Camera Assistant Software for Gateway\traybar.exe
C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\Camera Assistant Software for Gateway\CEC_MAIN.exe
C:\Program Files (x86)\AIM6\aolsoftware.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files (x86)\Skype\Toolbars\Shared\SkypeNames.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACG...d2601u&c=BB
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACG...d2601u&c=BB
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACG...d2601u&c=BB
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ooVoo Toolbar - {A1FB2F9A-D35E-11DD-8935-E46A56D89593} - C:\Program Files (x86)\oovootb\oovoodx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
O3 - Toolbar: ooVoo Toolbar - {A1FB2F9A-D35E-11DD-8935-E46A56D89593} - C:\Program Files (x86)\oovootb\oovoodx.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Gateway\traybar.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [Aim6] "C:\Program Files (x86)\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [oovoo.exe] C:\Program Files (x86)\ooVoo\ooVoo.exe /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Camfrog] "C:\Program Files (x86)\Camfrog\Camfrog Video Chat\CamfrogNet.exe" 0 C:\Program Files (x86)\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: &AIM Toolbar Search - C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate1c9dfcff2e2338c) (gupdate1c9dfcff2e2338c) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Unknown owner - C:\Windows\system32\DRIVERS\xaudio64.exe (file missing)

--
End of file - 10719 bytes
Go to the top of the page
 
+Quote Post
Tomk
post Nov 5 2009, 12:10 PM
Post #2


Forum God / Classroom Admin Assistant
Group Icon

Group: Classroom Teacher
Posts: 12,862
Joined: 27-December 07
From: Sisters, OR
Member No.: 75,503
Operating System: xp
MVP


Hi Aton,

welcome.gif

My name is Tomk. I would be glad to take a look at your log and help you with solving any malware problems. Logs can take a while to research, so please be patient and I'd be grateful if you would note the following:

  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.


Download TFC to your desktop
  • Close any open windows.
  • Double click the TFC icon to run the program
  • TFC will close all open programs itself in order to run,
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted.
  • The program should not take long to finish it's job
  • Once its finished it should automatically reboot your machine,
  • if it doesn't, manually reboot to ensure a complete clean


Then

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
  • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot (shut down your computer then restart it).


Also please describe how your computer behaves at the moment.
Go to the top of the page
 
+Quote Post
Aton
post Nov 6 2009, 08:46 AM
Post #3


Authentic Member
**

Group: Authentic Member
Posts: 40
Joined: 26-April 09
Member No.: 85,455
Operating System: Windows XP
Malwarebytes' Anti-Malware 1.41
Database version: 3110
Windows 6.0.6001 Service Pack 1

11/6/2009 9:45:29 AM
mbam-log-2009-11-06 (09-45-29).txt

Scan type: Quick Scan
Objects scanned: 83418
Time elapsed: 7 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)






Computer still runs slowly, TFC cleaned 526,501,941 bytes from the Temp Files. Still runs slowly :[

This post has been edited by Aton: Nov 6 2009, 09:00 AM
Go to the top of the page
 
+Quote Post
Tomk
post Nov 6 2009, 09:18 AM
Post #4


Forum God / Classroom Admin Assistant
Group Icon

Group: Classroom Teacher
Posts: 12,862
Joined: 27-December 07
From: Sisters, OR
Member No.: 75,503
Operating System: xp
MVP


Aton,

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
      Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
Go to the top of the page
 
+Quote Post
Aton
post Nov 6 2009, 11:57 AM
Post #5


Authentic Member
**

Group: Authentic Member
Posts: 40
Joined: 26-April 09
Member No.: 85,455
Operating System: Windows XP
OTL Extras logfile created on: 11/6/2009 12:50:10 PM - Run 1
OTL by OldTimer - Version 3.1.4.0 Folder = C:\Users\Brittany\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.15 Gb Available Physical Memory | 41.96% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 218.88 Gb Total Space | 146.15 Gb Free Space | 66.77% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BRITTANY-PC
Current User Name: Brittany
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe ()
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE ()
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE ()
.js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe ()
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe ()
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE ()
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe ()
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe ()
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe ()
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe ()

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 ()
batfile [open] -- "%1" %* File not found
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 ()
chm.file [open] -- "%SystemRoot%\hh.exe" %1 File not found
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 ()
cmdfile [open] -- "%1" %* File not found
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 ()
comfile [open] -- "%1" %* File not found
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* ()
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" ()
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 ()
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 ()
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 ()
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 ()
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 ()
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* ()
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 ()
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 ()
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* ()
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 ()
piffile [open] -- "%1" %* File not found
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" ()
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" ()
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l ()
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 ()
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 ()
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" ()
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 ()
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* ()
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 ()
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 ()
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* ()
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 ()
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 ()
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* ()
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 ()
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* ()
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SystemRoot%\hh.exe" %1 File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{086043CF-301E-4E1E-B025-D917D924E39E}" = rport=137 | protocol=17 | dir=out | app=system |
"{2301D85B-7A1A-4BAD-800A-5B9C008F7E70}" = lport=137 | protocol=17 | dir=in | app=system |
"{337D89B4-1278-4013-A930-2EF4BCC336D3}" = lport=445 | protocol=6 | dir=in | app=system |
"{4D561CAA-56F5-491A-A728-13DEDBA35705}" = rport=445 | protocol=6 | dir=out | app=system |
"{50D06836-822D-422D-B33F-7783E43139EB}" = lport=138 | protocol=17 | dir=in | app=system |
"{5DDE7637-AC32-4C90-A7BD-AB28BDD7A486}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5E243F86-F951-4428-96C8-05A727513526}" = lport=139 | protocol=6 | dir=in | app=system |
"{716261EF-83DF-4F3C-9631-C45B48EAAD82}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7BF9CEE1-15B2-4A2C-B188-6E69D0CDB6C1}" = rport=139 | protocol=6 | dir=out | app=system |
"{7ED5ABEA-E934-4609-9016-D1DDC8624CAD}" = rport=138 | protocol=17 | dir=out | app=system |
"{B21CB146-73A7-4F5A-945E-B7974B99F7C0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{FF37A15D-E594-4D06-B873-34ECF39E0D1A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{155D96DE-CFF0-43C8-8EDC-523DC85B0285}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{25B16842-D831-4ADE-BF54-2F55BA96212F}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{2DC3A312-6CF9-4E0B-8FEE-8F4F3A7B96EC}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{2E16ADC7-325D-4369-BD27-065744F30331}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{3AA65229-5F71-472D-9F85-AAED8B7F55F9}" = protocol=17 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |
"{4F113EFB-4DAB-4E73-A337-DD5B4D02FDCD}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{51E0CBEE-42B0-4A26-8164-568617B8B568}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{6D3AAC05-E5F9-44D5-BB89-C4A29D6BD4A3}" = protocol=6 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |
"{802CA861-0BB6-4004-9971-6D31EED5857B}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{84A10DDA-E6F7-40A3-9749-98AF0644DAFF}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd\powerdvd.exe |
"{958D5C27-A2F6-444E-809E-7CD77010A4FD}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{97E8BE5C-F647-4BF3-92B1-E4833EC7196C}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{9AC3BC8C-02B0-476C-87FE-A08045F33D6C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{AE7AE328-CEDF-4C93-9774-8C12C8399123}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{C45BAB4F-919C-4D17-AAAC-DF45252AFEBE}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{D0C0DDBF-9DB5-489E-A018-AB871F47F26F}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{F8DEDE1B-FF9A-4EE0-8153-EB62CE9E4223}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{FB612169-A901-4BF3-87AF-0A74E402EF2E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"TCP Query User{0A6C4291-AC79-4BCD-8515-2A21305C52CD}C:\program files (x86)\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"TCP Query User{12649BE6-C908-4DA4-AC3F-93DF6B6A9CDE}C:\program files (x86)\aim6\aim6.exe" = protocol=6 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |
"TCP Query User{1B21617D-9FEF-4B88-A7D0-29DFA4E8E17D}C:\program files (x86)\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"TCP Query User{3DD367B7-DDF5-4A57-AC7C-5EA74AB50606}C:\program files (x86)\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"TCP Query User{B6ADF1AB-31CD-4187-980A-6A4ED1DB1239}C:\program files (x86)\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"TCP Query User{CFFC9E11-EE85-4B4C-8A16-02969A10C532}C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe" = protocol=6 | dir=in | app=c:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe |
"UDP Query User{02973253-E878-491A-814F-60A26ED57731}C:\program files (x86)\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"UDP Query User{3E5655D0-9DFC-44EC-B535-34DDF586BC37}C:\program files (x86)\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"UDP Query User{5FB3EBA0-CAE3-4B1D-9F06-1DC369AA1003}C:\program files (x86)\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"UDP Query User{785D4162-C73E-442F-9850-85AFCFE828CD}C:\program files (x86)\aim6\aim6.exe" = protocol=17 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |
"UDP Query User{BC9876C9-4C0A-47C3-BA23-BE3EBAD085D5}C:\program files (x86)\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"UDP Query User{FC6844C1-42E8-4221-BA35-35A8F207359E}C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe" = protocol=17 | dir=in | app=c:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{79A9A1B5-9445-8AB4-483B-1309DE21E1A4}" = ATI Catalyst Install Manager
"{8B8515E0-26E1-4140-948F-505D0D859180}" = ccc-utility64
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A6F1A083-4B12-47E8-9954-E4820C9A65C2}" = O2Micro Flash Memory Card Reader Driver (x64)
"{AE303591-1BFC-48B3-881B-655298C4EDE0}" = iTunes
"{BA1035C7-14DE-4857-8285-4ACFC74172EC}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD}" = Bonjour
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_PCI_VEN_14F1&DEV_2C06&SUBSYS_14F10000" = HDAUDIO Soft Data Fax Modem with SmartCP
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call
"{08787EDB-6B6D-6421-9433-FEEDA62E0824}" = CCC Help Chinese Standard
"{097E024D-BE30-4D95-B5F3-B6AE9C1568D4}" = PowerXpressHybrid
"{09E22784-F786-3B6E-EC9B-A4AEC99A1999}" = Catalyst Control Center Localization Japanese
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0D1C8BE3-4290-141E-9A4D-B68A88132440}" = Catalyst Control Center Localization Portuguese
"{13D8E863-E52A-1E90-372F-80FA439AC246}" = Catalyst Control Center Localization German
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{16640F67-0F0A-4627-C291-FFA6C6E7A8AA}" = Catalyst Control Center Localization Turkish
"{1730F6AB-FDD8-7478-C799-D198E216DEB1}" = Catalyst Control Center Localization Chinese Traditional
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{28943890-AE6E-881B-73E0-C936EBF377DA}" = CCC Help Danish
"{2AA9C0CD-12AF-0DAA-DCCC-73A52E1235B2}" = CCC Help Korean
"{2E4BE496-40D5-BCD2-34E7-1837F73B39BF}" = CCC Help French
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{38D0ECB6-89FF-1DFD-2B07-C20D821E3387}" = CCC Help Greek
"{39098402-3F7A-4257-A4AE-FC1181D1B40B}" = Camera Assistant Software for Gateway
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{4941B24B-461E-4EE0-B757-4077A973C000}" = Catalyst Control Center - Branding
"{4A30AF87-8452-C12B-ABC0-1E28C8997705}" = CCC Help Russian
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{4C32C8CE-0363-2267-0BD6-51A68B558B40}" = Catalyst Control Center Localization French
"{4FD5EDAA-D7BD-C079-9A3C-7FE27E921045}" = CCC Help Chinese Traditional
"{505DF7A3-88D5-4DD6-9AD5-C98C2ED0CEC4}" = Windows Live Sign-in Assistant
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{58728D42-C8D7-00D4-D269-BFC6B185893B}" = Catalyst Control Center Localization Swedish
"{5887C385-6217-B494-5CF7-BBC61C9DDD20}" = Catalyst Control Center Localization Hungarian
"{59C11F89-E284-9A01-1F3C-862B2D2C24EE}" = Catalyst Control Center Localization Czech
"{5F00DF7E-418B-4CD9-8EC5-781156BCC49E}" = Microsoft Money Shared Libraries
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{6C3A4C09-6DDC-AE90-2385-89F018882A2C}" = CCC Help Dutch
"{6ECA793F-680B-03AD-37EA-FB66112FCE47}" = Catalyst Control Center Localization Thai
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{732261F5-DB99-79F9-0DE4-FF6056BACE3B}" = Catalyst Control Center Graphics Previews Vista
"{74D4D679-B37F-839E-B5BA-BA0D3781929A}" = ccc-core-static
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7BDA3F25-059A-927A-FD9D-AA664A042B10}" = Catalyst Control Center Localization Finnish
"{7DA95350-1619-6B54-7E60-3640C7F962BD}" = CCC Help Hungarian
"{7F74B16F-5E85-27F6-EBC9-A46D30243B53}" = Catalyst Control Center Localization Dutch
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Gateway Recovery Management
"{80B18932-7112-F5F0-87F9-F24DAB131A84}" = CCC Help Finnish
"{82A0A92A-B528-E644-72D2-3E6B7CC14C2E}" = Catalyst Control Center Graphics Full Existing
"{83139B24-6B77-3B8C-CD19-407BF0F04A29}" = CCC Help Czech
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{00C5525B-3CB3-467D-8100-2E6FB306CD86}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{919C7FBB-ACD0-2862-6F47-FF7B8D50B9A1}" = CCC Help Japanese
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{96D34C42-DE41-B474-F695-0158558973AF}" = CCC Help Norwegian
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3AB35FA-943E-4799-99DC-46EFD59E998F}" = AMD USB Audio Driver Filter
"{A9016221-F830-CD39-1F95-9BB54D470AFD}" = Catalyst Control Center Localization Russian
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC03ABCC-7626-5695-B98F-F327ECB4C7A4}" = Catalyst Control Center InstallProxy
"{AC3433B1-B013-127B-E062-72EE4CC40730}" = Skins
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B66F4D09-5374-23CD-3119-F2A5DCA083CD}" = Catalyst Control Center Localization Chinese Standard
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B77D2189-EFB5-1948-3785-1390CDC46C53}" = CCC Help German
"{BA271AAB-C19A-2A19-F703-73CEE2AE4826}" = CCC Help English
"{BBABC4C4-52D8-2125-6E7D-0E1383FBDC32}" = Catalyst Control Center Localization Polish
"{BCE850E5-AFE1-C9BD-FEFB-BFC92089EA93}" = CCC Help Thai
"{BD3A1E0B-97E4-ED68-2A44-5DD537218C59}" = CCC Help Portuguese
"{BD4B29A3-1218-DD0C-74EA-4585865C5490}" = Catalyst Control Center Localization Norwegian
"{BE4A7A4B-D813-61CC-C447-BB79C5A6CBC4}" = CCC Help Polish
"{BF499ABF-C634-296C-3E7C-1F5CF807D85C}" = Catalyst Control Center Localization Spanish
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{D10C7632-2BEE-0F2C-27B6-C8CBC5285DBC}" = Catalyst Control Center Localization Italian
"{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
"{DF428B55-D77B-06F0-4310-45F2D677C92D}" = Catalyst Control Center Localization Greek
"{E00723C2-D1B5-9EC5-9457-1B77453C8EA9}" = CCC Help Italian
"{E04B0937-27D8-DD05-AC42-4BA43B52F944}" = CCC Help Turkish
"{E2CBED58-B9BB-4644-24C5-312D7B9FBFB1}" = CCC Help Spanish
"{E3E0DB0D-12F0-CE4C-8CD9-5C4913E3C902}" = Catalyst Control Center Graphics Light
"{E4035624-7B25-6648-079D-39B832F498EF}" = CCC Help Swedish
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E8EBE848-D0E2-502B-9CE5-1ED898F82126}" = Catalyst Control Center Localization Korean
"{ED168DCD-EE1E-4ECD-A4EA-DDE2EF9DBF29}" = Wireless LAN Adapter
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F703025D-72C0-3468-3F46-08D0A2F893FF}" = Catalyst Control Center Core Implementation
"{F73A5B18-EB75-4B2C-B32D-9457576E2417}" = Windows Live Photo Gallery
"{F83B2A4D-4D0D-2804-3A40-31E3D148F4C2}" = Catalyst Control Center Localization Danish
"{F880A830-E5DD-BF3E-3755-8BB30DF96966}" = Catalyst Control Center Graphics Full New
"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
"{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AIM Toolbar" = AIM Toolbar
"AIM_6" = AIM 6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Camfrog 5.3" = Camfrog Video Chat 5.3
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DJ Music Mixer" = DJ Music Mixer
"ERUNT_is1" = ERUNT 1.1j
"Google Chrome" = Google Chrome
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"LimeWire" = LimeWire 5.1.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Marvell Miniport Driver" = Marvell Miniport Driver
"Money2007b" = Microsoft Money Essentials
"Mozilla Firefox (3.5.4)" = Mozilla Firefox (3.5.4)
"oovootb" = ooVoo Toolbar (Remove Toolbar Only)
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"ViewpointMediaPlayer" = Viewpoint Media Player
"WildTangent gateway Master Uninstall" = Gateway Games
"WinLiveSuite_Wave3" = Windows Live Essentials

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/27/2009 10:35:43 AM | Computer Name = Brittany-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksdb.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 9/27/2009 10:35:43 AM | Computer Name = Brittany-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 9/27/2009 11:19:26 AM | Computer Name = Brittany-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Users\Brittany\AppData\Roaming\Mozilla\Firefox\Profiles\nuta2vvu.default\extensions\{99E00A4C-D35E-11DD-BA95-9B6A56D89593}\components\ooVooCtl.dll".
Dependent
Assembly Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 9/27/2009 11:26:04 AM | Computer Name = Brittany-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Users\Brittany\AppData\Roaming\Mozilla\Firefox\Profiles\nuta2vvu.default\extensions\{99E00A4C-D35E-11DD-BA95-9B6A56D89593}\components\ooVooCtl.dll".
Dependent
Assembly Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 9/27/2009 11:28:24 AM | Computer Name = Brittany-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Users\Brittany\AppData\Roaming\Mozilla\Firefox\Profiles\nuta2vvu.default\extensions\{99E00A4C-D35E-11DD-BA95-9B6A56D89593}\components\ooVooCtl.dll".
Dependent
Assembly Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 9/28/2009 3:15:11 PM | Computer Name = Brittany-PC | Source = WinMgmt | ID = 10
Description =

Error - 9/28/2009 3:15:12 PM | Computer Name = Brittany-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksCal.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 9/28/2009 3:15:12 PM | Computer Name = Brittany-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksdb.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 9/28/2009 3:15:13 PM | Computer Name = Brittany-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 9/28/2009 3:15:13 PM | Computer Name = Brittany-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

[ Media Center Events ]
Error - 4/30/2009 2:08:22 PM | Computer Name = Brittany-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 6/5/2009 3:31:35 PM | Computer Name = Brittany-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 6/24/2009 3:12:17 PM | Computer Name = Brittany-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 12:24:09 PM on 6/24/2009 was unexpected.

Error - 6/24/2009 3:12:20 PM | Computer Name = Brittany-PC | Source = HTTP | ID = 15016
Description =

Error - 6/24/2009 7:13:28 PM | Computer Name = Brittany-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 5:59:14 PM on 6/24/2009 was unexpected.

Error - 6/24/2009 7:13:30 PM | Computer Name = Brittany-PC | Source = HTTP | ID = 15016
Description =

Error - 6/24/2009 11:48:09 PM | Computer Name = Brittany-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 9:35:15 PM on 6/24/2009 was unexpected.

Error - 6/24/2009 11:48:12 PM | Computer Name = Brittany-PC | Source = HTTP | ID = 15016
Description =

Error - 6/25/2009 11:37:09 AM | Computer Name = Brittany-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 1:28:55 AM on 6/25/2009 was unexpected.

Error - 6/25/2009 11:37:12 AM | Computer Name = Brittany-PC | Source = HTTP | ID = 15016
Description =

Error - 6/25/2009 2:20:29 PM | Computer Name = Brittany-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 2:19:04 PM on 6/25/2009 was unexpected.

Error - 6/25/2009 2:20:31 PM | Computer Name = Brittany-PC | Source = HTTP | ID = 15016
Description =


< End of report >

OTL logfile created on: 11/6/2009 12:50:10 PM - Run 1
OTL by OldTimer - Version 3.1.4.0 Folder = C:\Users\Brittany\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.15 Gb Available Physical Memory | 41.96% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 218.88 Gb Total Space | 146.15 Gb Free Space | 66.77% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BRITTANY-PC
Current User Name: Brittany
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/11/06 12:49:22 | 00,528,896 | ---- | M] (OldTimer Tools) -- C:\Users\Brittany\Downloads\OTL.exe
PRC - [2009/10/29 21:37:30 | 00,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2009/10/29 21:37:30 | 00,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2009/10/29 21:37:30 | 00,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2009/09/15 22:08:40 | 01,478,656 | ---- | M] (Camshare LC) -- C:\Program Files (x86)\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe
PRC - [2009/09/15 22:08:40 | 01,478,656 | ---- | M] (Camshare LC) -- C:\Program Files (x86)\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe
PRC - [2009/09/15 22:08:40 | 01,478,656 | ---- | M] (Camshare LC) -- C:\Program Files (x86)\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe
PRC - [2009/09/15 22:08:40 | 01,478,656 | ---- | M] (Camshare LC) -- C:\Program Files (x86)\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe
PRC - [2009/09/15 22:08:40 | 01,478,656 | ---- | M] (Camshare LC) -- C:\Program Files (x86)\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe
PRC - [2009/09/02 18:00:20 | 17,385,144 | ---- | M] (ooVoo LLC) -- C:\Program Files (x86)\ooVoo\ooVoo.exe
PRC - [2009/08/05 22:49:54 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/05/13 15:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2009/05/13 15:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2009/04/30 12:19:45 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/04/27 09:51:06 | 00,049,968 | ---- | M] (AOL LLC) -- C:\Program Files (x86)\AIM6\aim6.exe
PRC - [2009/04/27 09:51:06 | 00,049,968 | ---- | M] (AOL LLC) -- C:\Program Files (x86)\AIM6\aim6.exe
PRC - [2009/04/02 18:11:02 | 00,342,312 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe
PRC - [2009/04/02 18:10:56 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\iPod\bin\iPodService.exe
PRC - [2009/04/02 18:10:56 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\iPod\bin\iPodService.exe
PRC - [2009/04/02 18:10:56 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\iPod\bin\iPodService.exe
PRC - [2009/03/26 17:31:20 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/03/02 12:08:47 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008/12/12 13:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe
PRC - [2008/12/12 13:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe
PRC - [2008/12/12 13:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe
PRC - [2008/12/03 01:41:54 | 03,882,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
PRC - [2008/12/03 01:41:54 | 03,882,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
PRC - [2008/11/17 21:54:44 | 04,933,120 | ---- | M] () -- C:\Program Files\Camera Assistant Software for Gateway\CEC_MAIN.exe
PRC - [2008/11/06 12:33:00 | 00,041,264 | ---- | M] (AOL LLC) -- C:\Program Files (x86)\AIM6\aolsoftware.exe
PRC - [2008/11/06 12:33:00 | 00,041,264 | ---- | M] (AOL LLC) -- C:\Program Files (x86)\AIM6\aolsoftware.exe
PRC - [2008/09/09 21:58:36 | 00,638,976 | ---- | M] (Chicony) -- C:\Program Files\Camera Assistant Software for Gateway\traybar.exe
PRC - [2008/09/09 21:58:36 | 00,638,976 | ---- | M] (Chicony) -- C:\Program Files\Camera Assistant Software for Gateway\traybar.exe
PRC - [2008/07/21 20:32:08 | 00,087,336 | ---- | M] (Cyberlink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe
PRC - [2008/02/22 07:25:21 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre1.6.0_05\bin\jusched.exe
PRC - [2007/02/11 11:00:00 | 00,065,536 | ---- | M] (O2Micro International) -- C:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe
PRC - [2007/02/11 11:00:00 | 00,065,536 | ---- | M] (O2Micro International) -- C:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe
PRC - [2007/02/11 11:00:00 | 00,065,536 | ---- | M] (O2Micro International) -- C:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe
PRC - [2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
PRC - [2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
PRC - [2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
PRC - [2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
PRC - [2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
PRC - [2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
PRC - [2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
PRC - [2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
PRC - [2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe


========== Modules (SafeList) ==========

MOD - [2009/11/06 12:49:22 | 00,528,896 | ---- | M] (OldTimer Tools) -- C:\Users\Brittany\Downloads\OTL.exe
MOD - [2009/07/17 09:35:11 | 00,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\atl.dll
MOD - [2008/02/29 01:53:38 | 00,040,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\srclient.dll
MOD - [2008/01/20 21:52:09 | 00,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\spp.dll
MOD - [2008/01/20 21:50:01 | 00,183,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\xmllite.dll
MOD - [2008/01/20 21:49:43 | 01,076,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\vssapi.dll
MOD - [2008/01/20 21:49:43 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\vsstrace.dll
MOD - [2008/01/20 21:49:32 | 00,079,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\authz.dll
MOD - [2008/01/20 21:48:06 | 01,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2008/09/16 15:14:32 | 00,905,216 | ---- | M] () -- C:\Windows\SysNative\Ati2evxx.exe -- (Ati External Event Utility)
SRV:64bit: - [2008/08/06 03:30:45 | 00,412,672 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\xaudio64.exe -- (XAudioService)
SRV:64bit: - [2008/06/11 14:18:30 | 00,024,576 | ---- | M] () -- C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe -- (ETService)
SRV:64bit: - [2008/01/20 21:52:15 | 01,216,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV:64bit: - [2008/01/20 21:47:32 | 00,383,544 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2006/11/02 06:16:35 | 00,051,200 | ---- | M] () -- C:\Windows\SysNative\bthserv.dll -- (BthServ)
SRV - [2009/08/05 22:49:54 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/05/28 15:07:08 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe -- (gupdate1c9dfcff2e2338c)
SRV - [2009/05/13 15:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/04/30 01:56:30 | 00,182,768 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/04/02 18:10:56 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/03/26 17:31:20 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008/12/12 13:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/07/27 13:03:13 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/07/27 13:01:49 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2008/06/19 20:17:12 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2008/06/19 20:16:53 | 00,859,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2008/05/05 17:25:46 | 00,165,416 | ---- | M] (WildTangent, Inc.) -- C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2008/01/20 21:51:36 | 00,344,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehrecvr.exe -- (ehRecvr)
SRV - [2008/01/20 21:51:36 | 00,153,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched)
SRV - [2007/08/24 06:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2007/02/11 11:00:00 | 00,065,536 | ---- | M] (O2Micro International) -- C:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe -- (o2flash)
SRV - [2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/11/02 10:03:48 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2006/11/02 08:34:14 | 00,000,000 | ---D | M] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2006/11/02 01:35:15 | 00,060,994 | ---- | M] () -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2006/11/02 01:35:15 | 00,055,846 | ---- | M] () -- C:\Windows\SysWOW64\wbem\vss.mof -- (VSS)
SRV - [2006/10/26 17:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2009/04/06 09:51:06 | 00,073,048 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2009/03/26 17:23:46 | 00,044,544 | ---- | M] () -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2008/09/30 03:31:00 | 01,148,416 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\athrx.sys -- (athr)
DRV:64bit: - [2008/09/16 16:01:26 | 04,709,888 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2008/09/16 14:24:48 | 00,086,528 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2008/08/20 21:50:12 | 00,325,680 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2008/08/06 03:31:14 | 00,740,864 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2008/08/06 03:31:10 | 01,481,216 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2008/08/06 03:31:04 | 00,293,376 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\CAXHWAZL.sys -- (CAXHWAZL)
DRV:64bit: - [2008/08/06 03:31:00 | 00,017,024 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\mdmxsdk.sys -- (mdmxsdk)
DRV:64bit: - [2008/08/06 03:30:44 | 00,010,240 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\xaudio64.sys -- (XAudio)
DRV:64bit: - [2008/07/28 22:44:20 | 00,314,880 | ---- | M] () -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2008/07/15 03:39:00 | 00,062,296 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\o2mdx64.sys -- (O2MDRDR)
DRV:64bit: - [2008/06/26 19:24:20 | 00,020,520 | ---- | M] () -- C:\Windows\SysNative\Drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV:64bit: - [2008/06/11 20:29:00 | 00,051,800 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\o2sdx64.sys -- (O2SDRDR)
DRV:64bit: - [2008/05/28 19:54:18 | 00,026,168 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2008/04/29 03:00:00 | 00,392,192 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV:64bit: - [2008/04/28 21:10:55 | 00,276,480 | ---- | M] () -- C:\Windows\SysNative\Drivers\BTHport.sys -- (BTHPORT)
DRV:64bit: - [2008/04/28 21:10:51 | 00,034,304 | ---- | M] () -- C:\Windows\SysNative\Drivers\BTHUSB.sys -- (BTHUSB)
DRV:64bit: - [2008/04/27 20:25:06 | 00,016,400 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2008/01/20 21:47:27 | 00,168,704 | ---- | M] () -- C:\Windows\SysNative\Drivers\usbvideo.sys -- (usbvideo)
DRV:64bit: - [2008/01/20 21:47:03 | 00,023,040 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\BthEnum.sys -- (BthEnum)
DRV:64bit: - [2008/01/20 21:47:02 | 00,115,712 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\bthpan.sys -- (BthPan)
DRV:64bit: - [2008/01/20 21:46:57 | 00,286,720 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\VSTAZL6.SYS -- (HSFHWAZL)
DRV:64bit: - [2008/01/20 21:46:55 | 00,111,104 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2008/01/20 21:46:52 | 00,062,976 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\rfcomm.sys -- (RFCOMM)
DRV:64bit: - [2008/01/20 21:46:51 | 00,017,792 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\CmBatt.sys -- (CmBatt)
DRV:64bit: - [2006/11/02 00:28:10 | 00,273,920 | ---- | M] () -- C:\Windows\SysNative\drivers\HdAudio.sys -- (HdAudAddService)
DRV - [2008/08/06 03:31:00 | 00,094,208 | ---- | M] (Conexant) -- C:\Windows\SysWOW64\mdmxsdk.dll -- (mdmxsdk)
DRV - [2008/06/11 14:13:24 | 00,017,952 | ---- | M] (Acer, Inc.) -- C:\Windows\SysWOW64\drivers\int15_64.sys -- (int15)
DRV - [2006/09/18 16:36:40 | 00,003,066 | ---- | M] () -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip)
DRV - [2006/09/18 16:35:23 | 00,001,088 | ---- | M] () -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACG...d2601u&c=BB
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACG...d2601u&c=BB
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACG...d2601u&c=BB
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACG...d2601u&c=BB
IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL LLC.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACG...d2601u&c=BB
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL LLC.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www.searchslate.com/wp.ashx?ref=home&id=125"
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {99E00A4C-D35E-11DD-BA95-9B6A56D89593}:2.0
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.4
FF - prefs.js..keyword.URL: "http://urlseek40.vmn.net/search.php?lg=en&type=dns&tbn=oovoo2_0dn&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 10:37:35 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.4\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2009/10/29 21:37:56 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.4\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2009/10/29 21:37:56 | 00,000,000 | ---D | M]

[2009/07/24 09:04:47 | 00,000,000 | ---D | M] -- C:\Users\Brittany\AppData\Roaming\Mozilla\Extensions
[2009/07/24 09:04:47 | 00,000,000 | ---D | M] -- C:\Users\Brittany\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/05/14 14:53:32 | 00,000,000 | ---D | M] -- C:\Users\Brittany\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2009/11/06 09:43:22 | 00,000,000 | ---D | M] -- C:\Users\Brittany\AppData\Roaming\Mozilla\Firefox\Profiles\nuta2vvu.default\extensions
[2009/09/02 19:27:10 | 00,000,000 | ---D | M] -- C:\Users\Brittany\AppData\Roaming\Mozilla\Firefox\Profiles\nuta2vvu.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/09/16 20:57:12 | 00,000,000 | ---D | M] -- C:\Users\Brittany\AppData\Roaming\Mozilla\Firefox\Profiles\nuta2vvu.default\extensions\{99E00A4C-D35E-11DD-BA95-9B6A56D89593}
[2009/09/15 21:52:14 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2009/10/29 21:37:56 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/09/15 21:52:15 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
[2009/10/29 21:37:28 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browserdirprovider.dll
[2009/10/29 21:37:28 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\brwsrcmp.dll
[2009/10/29 21:37:34 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npnul32.dll
[2009/07/15 13:10:00 | 00,001,394 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazondotcom.xml
[2009/07/15 13:10:00 | 00,002,193 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\answers.xml
[2009/07/15 13:10:00 | 00,001,534 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/07/15 13:10:00 | 00,002,344 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay.xml
[2009/07/15 13:10:00 | 00,002,371 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\google.xml
[2009/07/15 13:10:00 | 00,001,178 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia.xml
[2009/04/29 13:35:18 | 00,000,787 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: (761 bytes) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg64.dll (Google Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (ooVoo Toolbar) - {A1FB2F9A-D35E-11DD-8935-E46A56D89593} - C:\Program Files (x86)\oovootb\oovoodx.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (Google Inc.)
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL LLC.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (ooVoo Toolbar) - {A1FB2F9A-D35E-11DD-8935-E46A56D89593} - C:\Program Files (x86)\oovootb\oovoodx.dll ()
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL LLC.)
O4:64bit: - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Gateway\traybar.exe (Chicony)
O4 - HKLM..\Run: [eRecoveryService] File not found
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RemoteControl] C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Java\jre1.6.0_05\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [Aim6] C:\Program Files (x86)\AIM6\aim6.exe (AOL LLC)
O4 - HKCU..\Run: [Camfrog] C:\Program Files (x86)\Camfrog\Camfrog Video Chat\CamfrogNet.exe (Camshare LLC)
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [oovoo.exe] C:\Program Files (x86)\ooVoo\ooVoo.exe (ooVoo LLC)
O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8:64bit: - Extra context menu item: &AIM Toolbar Search - C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: &AIM Toolbar Search - C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL LLC.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysNative\wshbth.dll ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files (x86)\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\SysWow64\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
64bit: O35 - comfile [open] -- "%1" %* File not found
64bit: O35 - exefile [open] -- "%1" %* File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/11/06 09:35:14 | 00,000,000 | ---D | C] -- C:\Users\Brittany\AppData\Roaming\Malwarebytes
[2009/11/06 09:35:04 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2009/11/06 09:34:56 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/11/06 09:34:56 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/11/06 09:34:56 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2009/11/03 20:08:02 | 03,584,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtml.dll
[2009/11/02 22:36:01 | 00,000,000 | ---D | C] -- C:\ProgramData\CyberLink
[2009/11/02 22:36:01 | 00,000,000 | ---D | C] -- C:\ProgramData\CyberLink
[2009/11/02 22:35:56 | 00,000,000 | ---D | C] -- C:\Users\Brittany\Documents\CyberLink
[2009/11/02 22:35:56 | 00,000,000 | ---D | C] -- C:\Users\Brittany\AppData\Roaming\CyberLink
[2009/10/31 15:52:26 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2009/10/31 15:49:35 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/10/31 15:48:58 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2009/10/27 14:28:45 | 00,310,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\unregmp2.exe
[2009/10/27 14:28:38 | 10,624,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2009/10/27 14:28:30 | 08,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2009/10/21 15:20:32 | 00,344,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr70.dll
[2009/10/21 15:20:31 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Magic Audio Editor Pro
[2009/10/21 14:32:21 | 00,000,000 | ---D | C] -- C:\Users\Brittany\.thumbnails
[2009/10/21 14:32:21 | 00,000,000 | ---D | C] -- C:\Users\Brittany\AppData\Roaming\gtk-2.0
[2009/10/21 14:29:15 | 00,000,000 | ---D | C] -- C:\Users\Brittany\Documents\gegl-0.0
[2009/10/21 14:29:15 | 00,000,000 | ---D | C] -- C:\Users\Brittany\.gimp-2.6
[2009/10/21 14:20:34 | 00,833,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wininet.dll
[2009/10/21 14:20:34 | 00,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2009/10/21 14:20:33 | 01,174,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\urlmon.dll
[2009/10/21 14:20:32 | 06,069,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieframe.dll
[2009/10/21 14:20:31 | 00,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2009/10/21 14:20:30 | 00,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iedkcs32.dll
[2009/10/21 14:20:30 | 00,270,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iertutil.dll
[2009/10/21 14:20:29 | 00,458,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2009/10/21 14:20:29 | 00,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2009/10/21 14:20:29 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2009/10/21 14:20:28 | 00,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2009/10/21 14:20:27 | 00,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstime.dll
[2009/10/21 14:20:27 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieencode.dll
[2009/10/21 14:20:27 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jsproxy.dll
[2009/10/16 16:47:32 | 00,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2009/10/16 16:47:32 | 00,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax
[2009/10/16 16:47:31 | 00,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2009/10/16 16:47:31 | 00,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2009/10/16 16:47:31 | 00,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax
[2009/10/16 16:47:18 | 00,604,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMSPDMOD.DLL
[2009/10/16 16:46:26 | 00,213,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msv1_0.dll
[2009/10/16 16:46:23 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msasn1.dll
[2009/10/13 16:20:46 | 00,000,000 | ---D | C] -- C:\Users\Brittany\AppData\Local\AIM
[2009/10/12 09:24:14 | 00,000,000 | ---D | C] -- C:\Users\Brittany\AppData\Roaming\WebcamMax
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/11/06 12:52:30 | 02,097,152 | -HS- | M] () -- C:\Users\Brittany\NTUSER.DAT
[2009/11/06 12:49:59 | 00,000,440 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{A22811AC-8FAD-4E77-8E8B-968FC6D392FE}.job
[2009/11/06 12:45:00 | 00,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2009/11/06 12:01:35 | 00,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/11/06 12:01:35 | 00,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/11/06 10:07:39 | 00,690,960 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2009/11/06 10:07:39 | 00,595,684 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2009/11/06 10:07:39 | 00,101,350 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2009/11/06 10:02:29 | 00,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2009/11/06 10:01:36 | 00,000,000 | ---- | M] () -- C:\Windows\SysNative\LogConfigTemp.xml
[2009/11/06 10:01:25 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/11/06 10:01:17 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/11/06 10:01:13 | 29,511,35232 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/06 10:00:27 | 00,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2009/11/06 10:00:25 | 00,524,288 | -HS- | M] () -- C:\Users\Brittany\NTUSER.DAT{f4396142-3f3f-11de-8148-00238b853f0f}.TMContainer00000000000000000001.regtrans-ms
[2009/11/06 10:00:25 | 00,065,536 | -HS- | M] () -- C:\Users\Brittany\NTUSER.DAT{f4396142-3f3f-11de-8148-00238b853f0f}.TM.blf
[2009/11/06 10:00:24 | 06,291,456 | -H-- | M] () -- C:\Users\Brittany\AppData\Local\IconCache.db
[2009/11/06 09:35:07 | 00,000,850 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/31 15:52:26 | 00,001,930 | ---- | M] () -- C:\Users\Brittany\Desktop\HijackThis.lnk
[2009/10/31 15:49:01 | 00,000,765 | ---- | M] () -- C:\Users\Brittany\Desktop\NTREGOPT.lnk
[2009/10/31 15:49:01 | 00,000,746 | ---- | M] () -- C:\Users\Brittany\Desktop\ERUNT.lnk
[2009/10/30 20:23:28 | 00,036,864 | ---- | M] () -- C:\Users\Brittany\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/21 15:53:00 | 00,000,066 | ---- | M] () -- C:\Windows\SysWow64\MASHTWTY.SYS
[2009/10/21 15:05:49 | 00,001,480 | ---- | M] () -- C:\Users\Brittany\.recently-used.xbel
[2009/10/19 10:20:48 | 05,685,760 | ---- | M] () -- C:\Windows\SysNative\mshtml.dll
[2009/10/19 09:25:09 | 03,584,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtml.dll
[2009/10/13 21:41:38 | 00,002,027 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/11/06 09:35:07 | 00,000,850 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/06 09:34:56 | 00,022,104 | ---- | C] () -- C:\Windows\SysNative\drivers\mbam.sys
[2009/11/03 20:08:05 | 05,685,760 | ---- | C] () -- C:\Windows\SysNative\mshtml.dll
[2009/10/31 15:52:26 | 00,001,930 | ---- | C] () -- C:\Users\Brittany\Desktop\HijackThis.lnk
[2009/10/31 15:49:01 | 00,000,765 | ---- | C] () -- C:\Users\Brittany\Desktop\NTREGOPT.lnk
[2009/10/31 15:49:01 | 00,000,746 | ---- | C] () -- C:\Users\Brittany\Desktop\ERUNT.lnk
[2009/10/27 14:28:45 | 00,372,736 | ---- | C] () -- C:\Windows\SysNative\unregmp2.exe
[2009/10/27 14:28:44 | 13,426,176 | ---- | C] () -- C:\Windows\SysNative\wmp.dll
[2009/10/27 14:28:29 | 08,147,968 | ---- | C] () -- C:\Windows\SysNative\wmploc.DLL
[2009/10/21 15:53:00 | 00,000,066 | ---- | C] () -- C:\Windows\SysWow64\MASHTWTY.SYS
[2009/10/21 15:05:49 | 00,001,480 | ---- | C] () -- C:\Users\Brittany\.recently-used.xbel
[2009/10/21 14:20:38 | 07,005,184 | ---- | C] () -- C:\Windows\SysNative\ieframe.dll
[2009/10/21 14:20:37 | 01,032,704 | ---- | C] () -- C:\Windows\SysNative\wininet.dll
[2009/10/21 14:20:34 | 01,426,432 | ---- | C] () -- C:\Windows\SysNative\urlmon.dll
[2009/10/21 14:20:34 | 00,208,896 | ---- | C] () -- C:\Windows\SysNative\occache.dll
[2009/10/21 14:20:31 | 00,422,400 | ---- | C] () -- C:\Windows\SysNative\ieapfltr.dll
[2009/10/21 14:20:30 | 00,580,608 | ---- | C] () -- C:\Windows\SysNative\msfeeds.dll
[2009/10/21 14:20:30 | 00,480,256 | ---- | C] () -- C:\Windows\SysNative\iedkcs32.dll
[2009/10/21 14:20:30 | 00,375,296 | ---- | C] () -- C:\Windows\SysNative\iertutil.dll
[2009/10/21 14:20:29 | 00,485,376 | ---- | C] () -- C:\Windows\SysNative\html.iec
[2009/10/21 14:20:29 | 00,267,776 | ---- | C] () -- C:\Windows\SysNative\ieaksie.dll
[2009/10/21 14:20:29 | 00,032,768 | ---- | C] () -- C:\Windows\SysNative\ieUnatt.exe
[2009/10/21 14:20:27 | 01,129,984 | ---- | C] () -- C:\Windows\SysNative\mstime.dll
[2009/10/21 14:20:27 | 00,086,528 | ---- | C] () -- C:\Windows\SysNative\ieencode.dll
[2009/10/21 14:20:27 | 00,032,256 | ---- | C] () -- C:\Windows\SysNative\jsproxy.dll
[2009/10/16 16:47:41 | 04,691,016 | ---- | C] () -- C:\Windows\SysNative\ntoskrnl.exe
[2009/10/16 16:47:33 | 00,558,592 | ---- | C] () -- C:\Windows\SysNative\EncDec.dll
[2009/10/16 16:47:33 | 00,289,792 | ---- | C] () -- C:\Windows\SysNative\psisrndr.ax
[2009/10/16 16:47:31 | 00,375,808 | ---- | C] () -- C:\Windows\SysNative\psisdecd.dll
[2009/10/16 16:47:31 | 00,227,328 | ---- | C] () -- C:\Windows\SysNative\mpg2splt.ax
[2009/10/16 16:47:31 | 00,101,376 | ---- | C] () -- C:\Windows\SysNative\MSNP.ax
[2009/10/16 16:47:18 | 00,818,688 | ---- | C] () -- C:\Windows\SysNative\WMSPDMOD.DLL
[2009/10/16 16:46:26 | 00,268,800 | ---- | C] () -- C:\Windows\SysNative\msv1_0.dll
[2009/10/16 16:46:24 | 00,174,592 | ---- | C] () -- C:\Windows\SysNative\drivers\srv2.sys
[2009/10/16 16:46:23 | 00,082,944 | ---- | C] () -- C:\Windows\SysNative\msasn1.dll
[2009/10/12 09:24:13 | 01,053,056 | ---- | C] () -- C:\Windows\SysWow64\drivers\CAMTHWDM.sys
[2009/09/15 21:53:52 | 00,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/08/15 22:02:39 | 00,000,274 | ---- | C] () -- C:\Users\Brittany\AppData\Roaming\wklnhst.dat
[2009/07/07 14:44:08 | 00,000,732 | ---- | C] () -- C:\Users\Brittany\AppData\Local\d3d9caps64.dat
[2009/07/04 17:18:34 | 00,413,710 | ---- | C] () -- C:\Users\Brittany\AppData\Local\dd_vcredistMSI5581.txt
[2009/07/04 17:18:32 | 00,347,610 | ---- | C] () -- C:\Users\Brittany\AppData\Local\dd_vcredistUI5581.txt
[2009/07/04 17:05:56 | 00,005,115 | ---- | C] () -- C:\ProgramData\N360BUOptions.ini
[2009/05/08 17:19:37 | 00,000,680 | ---- | C] () -- C:\Users\Brittany\AppData\Local\d3d9caps.dat
[2009/04/30 17:26:45 | 06,291,456 | -H-- | C] () -- C:\Users\Brittany\AppData\Local\IconCache.db
[2009/04/30 13:08:13 | 00,036,864 | ---- | C] () -- C:\Users\Brittany\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/30 12:22:11 | 00,070,192 | ---- | C] () -- C:\Users\Brittany\AppData\Local\GDIPFONTCACHEV1.DAT
[2008/01/20 21:50:05 | 00,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/20 21:49:49 | 00,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2006/11/02 10:25:49 | 00,000,174 | -HS- | C] () -- C:\Program Files (x86)\desktop.ini
[2006/11/02 10:07:25 | 00,030,808 | ---- | C] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
[2006/11/02 10:07:25 | 00,029,779 | ---- | C] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2006/11/02 10:07:25 | 00,026,489 | ---- | C] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 10:07:25 | 00,026,040 | ---- | C] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 07:34:27 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 07:34:27 | 00,000,144 | ---- | C] () -- C:\Windows\win.ini

========== LOP Check ==========

[2009/04/30 12:52:48 | 00,000,000 | ---D | M] -- C:\Users\Brittany\AppData\Roaming\acccore
[2009/04/30 12:22:01 | 00,000,000 | ---D | M] -- C:\Users\Brittany\AppData\Roaming\ATI
[2009/10/12 20:28:04 | 00,000,000 | ---D | M] -- C:\Users\Brittany\AppData\Roaming\Camfrog
[2009/10/21 14:48:02 | 00,000,000 | ---D | M] -- C:\Users\Brittany\AppData\Roaming\gtk-2.0
[2009/10/21 21:19:42 | 00,000,000 | ---D | M] -- C:\Users\Brittany\AppData\Roaming\LimeWire
[2009/04/30 17:54:09 | 00,000,000 | ---D | M] -- C:\Users\Brittany\AppData\Roaming\ooVoo Details
[2009/08/15 22:02:44 | 00,000,000 | ---D | M] -- C:\Users\Brittany\AppData\Roaming\Template
[2009/10/12 09:24:17 | 00,000,000 | ---D | M] -- C:\Users\Brittany\AppData\Roaming\WebcamMax
[2009/11/06 10:01:25 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT
[2009/11/06 10:00:28 | 00,032,626 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009/11/06 12:49:59 | 00,000,440 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{A22811AC-8FAD-4E77-8E8B-968FC6D392FE}.job

========== Purity Check ==========


< End of report >
Go to the top of the page
 
+Quote Post
Tomk
post Nov 6 2009, 02:22 PM
Post #6


Forum God / Classroom Admin Assistant
Group Icon

Group: Classroom Teacher
Posts: 12,862
Joined: 27-December 07
From: Sisters, OR
Member No.: 75,503
Operating System: xp
MVP


Aton,

Your Java is out of date and you have other old versions still on your computer, those old versions are now a security vulnerability:

Please download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer - Version 6 update 17



Please go to Kaspersky website and perform an online antivirus scan.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.
Go to the top of the page
 
+Quote Post
Aton
post Nov 6 2009, 02:45 PM
Post #7


Authentic Member
**

Group: Authentic Member
Posts: 40
Joined: 26-April 09
Member No.: 85,455
Operating System: Windows XP
403 Forbidden for JavaRa.exe
Go to the top of the page
 
+Quote Post
Tomk
post Nov 6 2009, 03:02 PM
Post #8


Forum God / Classroom Admin Assistant
Group Icon

Group: Classroom Teacher
Posts: 12,862
Joined: 27-December 07
From: Sisters, OR
Member No.: 75,503
Operating System: xp
MVP


Aton,

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Scroll down to where it says "JRE 6 Update 17".
  • Click the "Download" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u17-windows-i586-p.exe to install the newest version.

Now to Clean out the Java cache:

Go into the Control Panel and double-click the Java Icon.
  • Under Temporary Internet Files, click the Settings... button
  • click the Delete Files button.
  • There are two options in the window to clear the cache - Leave both Checked
      Applications and Applets
      Trace and Log Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Settings
  • Click OK to leave the Java Control Panel.
Go to the top of the page
 
+Quote Post
Tomk
post Nov 12 2009, 11:50 AM
Post #9


Forum God / Classroom Admin Assistant
Group Icon

Group: Classroom Teacher
Posts: 12,862
Joined: 27-December 07
From: Sisters, OR
Member No.: 75,503
Operating System: xp
MVP


Due to inactivity this topic will be closed.
If you need help please start a new thread.
Go to the top of the page
 
+Quote Post
« Next Oldest · Virus, Spyware & Malware Removal · Next Newest »
 

Closed TopicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

 
RSS Time is now: 2nd September 2010 - 10:21 PM
Advertisements do not imply our endorsement of that product or service. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk.
Member site: Alliance of Security Analysis Professionals | UNITE Against Malware
Memory Forums | Auto Repair Forum
© Geeks to Go, Inc. | All Rights Reserved | Privacy Policy
Powered By IP.Board © 2010  IPS, Inc.