Author Topic: Virus detected (Read 2222 times)

sharont6 · « **on:** July 23, 2010, 08:43:30 PM »

Microsoft Security Essentials was repeatedly finding a virus and cleaning it. I went to the Temp folder and deleted Lhh.exe and other files created the same day. Here's my HijackThis report:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:38:56 PM, on 7/23/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18928)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\msra.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10h_ActiveX.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wisdominparenting.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Power2GoExpress] NA
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Google Update] "C:\Users\sharont6\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [JDK5SWFMZY] C:\Users\sharont6\AppData\Local\Temp\Lhh.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} (UploadListView Class) - http://picasaweb.google.com/s/v/63.11/uploader2.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 10327 bytes

guestolo · « **Reply #1 on:** July 23, 2010, 08:47:35 PM »

Download [color="#FF0000"]OTL.exe[/color][/url] by OldTimer to your Desktop.

Close all windows and right click on OTL.exe and choose to "Run as Administrator"
Click Run Scan and let the program run uninterrupted.
It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
You may need to use two posts to get it all.

sharont6 · « **Reply #2 on:** July 23, 2010, 09:48:04 PM »

OTL logfile created on: 7/23/2010 9:42:20 PM - Run 1
OTL by OldTimer - Version 3.2.9.1    Folder = C:\Users\sharont6\Desktop
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 54.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 173.48 Gb Total Space | 52.88 Gb Free Space | 30.48% Space Free | Partition Type: NTFS
Drive D: | 12.83 Gb Total Space | 12.74 Gb Free Space | 99.32% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SHARONT6-PC
Current User Name: sharont6
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/07/23 21:41:15 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\sharont6\Desktop\OTL.exe
PRC - [2010/07/13 14:08:50 | 000,304,304 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/06/01 14:53:46 | 001,093,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2010/05/09 19:39:35 | 000,030,192 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
PRC - [2010/04/02 19:34:54 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2009/12/29 10:08:28 | 001,653,248 | R--- | M] (AWS Convergence Technologies, Inc.) -- C:\Program Files\AWS\WeatherBug\Weather.exe
PRC - [2009/12/01 18:11:15 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/10/26 14:46:54 | 001,458,176 | ---- | M] (Motorola Inc.) -- C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
PRC - [2009/06/09 10:25:54 | 007,539,232 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

========== Modules (SafeList) ==========

MOD - [2010/07/23 21:41:15 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\sharont6\Desktop\OTL.exe
MOD - [2009/04/11 01:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/01/20 21:22:45 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/05/09 19:39:35 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-110309-193829)
SRV - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/01/20 21:21:41 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2010/03/25 21:30:22 | 000,151,216 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\MpFilter.sys -- (MpFilter)
DRV - [2010/03/25 21:30:22 | 000,042,368 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2009/10/26 15:09:06 | 001,095,936 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2009/06/09 10:13:42 | 002,366,752 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/04/10 23:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2009/02/14 13:55:22 | 000,024,232 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2009/02/13 20:28:22 | 000,103,744 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2008/11/17 16:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2008/03/28 03:06:00 | 000,199,472 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2008/02/10 21:36:10 | 002,302,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008/01/20 21:21:35 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 21:21:35 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 21:21:35 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 21:21:34 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 21:21:34 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 21:21:34 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 21:21:34 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [2008/01/20 21:21:33 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 21:21:33 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 21:21:33 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008/01/20 21:21:33 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 21:21:32 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 21:21:32 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 21:21:32 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 21:21:31 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 21:21:31 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 21:21:31 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 21:21:31 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 21:21:30 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 21:21:29 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 21:21:29 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 21:21:29 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 21:21:28 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2008/01/20 21:21:28 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 21:21:09 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 21:21:09 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 21:21:09 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/10/31 19:36:32 | 002,252,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2007/07/11 03:30:22 | 000,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqRemHid.sys -- (HpqRemHid)
DRV - [2007/06/18 18:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2006/11/14 18:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006/11/02 04:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 04:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 04:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 04:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 04:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 04:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 04:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 04:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 04:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 04:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 03:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 03:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 03:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 03:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 03:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 03:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 02:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 02:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2005/12/22 18:02:22 | 000,051,840 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/12/12 12:56:00 | 000,015,232 | ---- | M] (Micronas GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\uac4pdt.sys -- (uac4pdt)
DRV - [2005/11/16 21:28:32 | 000,028,928 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.wisdominparenting.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/?fr=w3i&type=W3i_SP,151,0_0,StartPage,20100625,6692,0,16,0"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {5835466c-49af-4cbe-b102-a8c8b6313749}:1.0.6
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..extensions.enabledItems: {BFF829B6-B433-42CE-9A19-E459D3E4E483}:3.6.3
FF - prefs.js..extensions.netassistant.keyword.url: "http://click.w3i.com/?Programid=132&Elementname=Keyword&Applicationid=#netassistant_id#&Version=#netassistant_version#&Vintage=20100625&Defaultbrowserid=16&Productid=1982&Vendorid=3655&Offerid=6693&searchterm="
FF - prefs.js..network.proxy.socks: "127.0.0.1"
FF - prefs.js..network.proxy.socks_port: 8080

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/04/02 19:50:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/23 20:18:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/23 20:18:06 | 000,000,000 | ---D | M]

[2010/04/17 18:08:03 | 000,000,000 | ---D | M] -- C:\Users\sharont6\AppData\Roaming\Mozilla\Extensions
[2010/04/17 18:08:03 | 000,000,000 | ---D | M] -- C:\Users\sharont6\AppData\Roaming\Mozilla\Extensions\[email protected]
[2010/07/22 23:44:30 | 000,000,000 | ---D | M] -- C:\Users\sharont6\AppData\Roaming\Mozilla\Firefox\Profiles\0bgzwofg.default\extensions
[2010/06/17 00:42:43 | 000,000,000 | ---D | M] (Shop to Win) -- C:\Users\sharont6\AppData\Roaming\Mozilla\Firefox\Profiles\0bgzwofg.default\extensions\{5835466c-49af-4cbe-b102-a8c8b6313749}
[2010/06/17 00:41:39 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\sharont6\AppData\Roaming\Mozilla\Firefox\Profiles\0bgzwofg.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/07/16 21:00:36 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\sharont6\AppData\Roaming\Mozilla\Firefox\Profiles\0bgzwofg.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/04/09 18:41:37 | 000,002,424 | ---- | M] () -- C:\Users\sharont6\AppData\Roaming\Mozilla\Firefox\Profiles\0bgzwofg.default\searchplugins\askcom.xml
[2010/06/17 00:45:59 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/14 18:18:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1    localhost
O1 - Hosts: ::1    localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [eyeBeam SIP Client] C:\Program Files\CounterPath\X-Lite\x-lite.exe ()
O4 - HKCU..\Run: [JDK5SWFMZY] C:\Users\sharont6\AppData\Local\Temp\Lhh.exe File not found
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [Power2GoExpress] File not found
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} http://picasaweb.google.com/s/v/63.11/uploader2.cab (UploadListView Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab (GMNRev Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img17.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img17.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/07/23 21:41:07 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\sharont6\Desktop\OTL.exe
[2010/07/23 21:13:56 | 000,000,000 | ---D | C] -- C:\Users\sharont6\Documents\X-Lite
[2010/07/23 21:03:04 | 000,000,000 | ---D | C] -- C:\ProgramData\CounterPath
[2010/07/23 21:02:58 | 000,000,000 | ---D | C] -- C:\Users\sharont6\AppData\Local\CounterPath
[2010/07/23 21:02:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intel
[2010/07/23 21:02:46 | 000,000,000 | ---D | C] -- C:\Program Files\CounterPath
[2010/07/23 19:49:48 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/07/23 19:42:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/07/23 19:33:40 | 000,000,000 | ---D | C] -- C:\Users\sharont6\Documents\Remote Assistance Logs
[2010/07/20 00:13:10 | 000,000,000 | ---D | C] -- C:\Users\sharont6\Desktop\Manifest a miracle
[2010/07/09 18:50:47 | 000,000,000 | ---D | C] -- C:\Users\sharont6\Desktop\Lynne's Art
[2010/07/02 13:02:51 | 000,000,000 | ---D | C] -- C:\ProgramData\{728FC1F2-CDDF-47DE-9CD1-E5787B8B3764}
[2010/06/26 11:15:17 | 000,000,000 | ---D | C] -- C:\Users\sharont6\Desktop\Busting Loose
[2010/06/25 10:18:00 | 000,000,000 | ---D | C] -- C:\Users\sharont6\Desktop\subliminals
[2010/06/24 03:00:32 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2010/06/24 03:00:32 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2010/06/24 03:00:32 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[1 C:\Users\sharont6\Documents\*.tmp files -> C:\Users\sharont6\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/07/23 21:43:25 | 005,242,880 | -HS- | M] () -- C:\Users\sharont6\NTUSER.DAT
[2010/07/23 21:41:15 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\sharont6\Desktop\OTL.exe
[2010/07/23 21:30:13 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/07/23 21:30:13 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/07/23 21:14:01 | 000,000,298 | -H-- | M] () -- C:\Windows\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
[2010/07/23 21:04:00 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/23 21:02:51 | 000,000,924 | ---- | M] () -- C:\Users\sharont6\Desktop\X-Lite.lnk
[2010/07/23 20:53:00 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-990035405-2007910519-4216647221-1000UA.job
[2010/07/23 20:17:01 | 000,002,529 | ---- | M] () -- C:\Users\sharont6\Desktop\HiJackThis.lnk
[2010/07/23 19:45:42 | 001,402,880 | ---- | M] () -- C:\Users\sharont6\Desktop\HiJackThis.msi
[2010/07/23 19:43:33 | 000,001,887 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/07/23 19:33:40 | 000,001,804 | ---- | M] () -- C:\Users\sharont6\Desktop\Invitation.msrcincident
[2010/07/23 19:33:40 | 000,000,176 | ---- | M] () -- C:\Users\sharont6\AppData\Local\rahistory.xml
[2010/07/23 19:22:24 | 000,815,963 | ---- | M] () -- C:\Users\sharont6\Desktop\thesecretpathof.docx
[2010/07/23 19:14:39 | 000,261,840 | ---- | M] () -- C:\Users\sharont6\Desktop\dscf4002-1024x768.jpg
[2010/07/23 17:30:50 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{59EBA438-37C2-4E7D-89B7-E443A28A035A}.job
[2010/07/23 17:04:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/23 13:53:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-990035405-2007910519-4216647221-1000Core.job
[2010/07/23 11:37:12 | 000,000,279 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2010/07/23 11:35:34 | 000,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/07/23 11:35:34 | 000,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/07/23 11:35:34 | 000,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/07/23 11:30:14 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/07/23 11:30:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/07/23 11:30:08 | 3211,190,272 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/23 11:28:57 | 000,524,288 | -HS- | M] () -- C:\Users\sharont6\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000001.regtrans-ms
[2010/07/23 11:28:57 | 000,065,536 | -HS- | M] () -- C:\Users\sharont6\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TM.blf
[2010/07/23 11:28:56 | 001,894,989 | -H-- | M] () -- C:\Users\sharont6\AppData\Local\IconCache.db
[2010/07/22 20:43:23 | 000,010,261 | ---- | M] () -- C:\Users\sharont6\Desktop\isbn#.docx
[2010/07/22 20:42:51 | 000,497,958 | ---- | M] () -- C:\Users\sharont6\Desktop\Minitemplate.docx
[2010/07/22 20:41:28 | 000,665,961 | ---- | M] () -- C:\Users\sharont6\Desktop\thesecretpathof - Copy.docx
[2010/07/22 20:38:09 | 000,010,253 | ---- | M] () -- C:\Users\sharont6\Documents\isbn#.docx
[2010/07/22 20:37:19 | 000,002,627 | ---- | M] () -- C:\Users\sharont6\Desktop\Microsoft Office Word 2007 (2).lnk
[2010/07/21 18:32:34 | 000,051,200 | ---- | M] () -- C:\Users\sharont6\AppData\Roaming\b047c0e9.exe
[2010/07/20 22:16:00 | 000,009,704 | ---- | M] () -- C:\Users\sharont6\.recently-used.xbel
[2010/07/20 18:28:20 | 000,012,800 | ---- | M] () -- C:\Users\sharont6\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/20 09:10:37 | 000,072,441 | ---- | M] () -- C:\Users\sharont6\Desktop\VideoSqueezePages.com-1.zip
[2010/07/19 16:28:54 | 005,468,981 | ---- | M] () -- C:\Users\sharont6\Desktop\Hi, My Name Is Rocky.pptx
[2010/07/19 15:01:13 | 000,312,376 | ---- | M] () -- C:\Users\sharont6\Desktop\healing.docx
[2010/07/18 19:57:48 | 000,184,124 | ---- | M] () -- C:\Users\sharont6\Desktop\rvideoa.3g2
[2010/07/18 19:55:46 | 000,011,755 | ---- | M] () -- C:\Users\sharont6\Documents\Help Rocky.docx
[2010/07/18 10:51:39 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\Driver Fetch.job
[2010/07/16 21:22:33 | 000,019,357 | ---- | M] () -- C:\Users\sharont6\Documents\The List.docx
[2010/07/16 20:48:41 | 000,059,392 | ---- | M] () -- C:\Users\sharont6\Desktop\Rockypoems.doc
[2010/07/16 14:40:12 | 002,711,875 | ---- | M] () -- C:\Users\sharont6\Documents\Hi, My Name Is Rocky.pptx
[2010/07/12 09:30:02 | 196,407,883 | ---- | M] () -- C:\Users\sharont6\Desktop\FinancialAbundance-Download.zip
[2010/07/10 17:14:44 | 000,011,199 | ---- | M] () -- C:\Users\sharont6\Desktop\Teaching Tips to Start the Year.docx
[2010/07/06 16:35:11 | 000,075,997 | ---- | M] () -- C:\Users\sharont6\Desktop\The List.docx
[2010/07/02 07:09:50 | 000,053,922 | ---- | M] () -- C:\Users\sharont6\Documents\Michaelresume.docx
[2010/07/01 19:49:21 | 000,054,644 | ---- | M] () -- C:\Users\sharont6\Documents\res.docx
[2010/07/01 09:01:09 | 000,012,747 | ---- | M] () -- C:\Users\sharont6\Desktop\50 Ways to Increase Traffic.docx
[2010/06/30 03:01:08 | 000,000,942 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010/06/29 13:21:31 | 000,032,768 | ---- | M] () -- C:\Users\sharont6\Documents\Weight loss intro.doc
[2010/06/29 08:10:52 | 000,000,162 | -H-- | M] () -- C:\Users\sharont6\Desktop\~$e List.docx
[2010/06/28 22:43:03 | 000,000,162 | -H-- | M] () -- C:\Users\sharont6\Desktop\~$rent Heal Thyself finished - Copy.docx
[2010/06/28 22:38:31 | 000,000,162 | -H-- | M] () -- C:\Users\sharont6\Desktop\~$e Secret Path of Successful Parents.docx
[2010/06/28 11:34:52 | 000,079,998 | ---- | M] () -- C:\Users\sharont6\Desktop\stock-photo-man-fishing- - Copy.jpg
[2010/06/28 07:42:14 | 000,764,762 | ---- | M] () -- C:\Users\sharont6\Documents\The Secret Path of Successful Parents.docx
[2010/06/26 14:47:46 | 000,038,400 | ---- | M] () -- C:\Users\sharont6\Documents\Weight Loss Tips.doc
[1 C:\Users\sharont6\Documents\*.tmp files -> C:\Users\sharont6\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/23 21:02:51 | 000,000,924 | ---- | C] () -- C:\Users\sharont6\Desktop\X-Lite.lnk
[2010/07/23 19:49:48 | 000,002,529 | ---- | C] () -- C:\Users\sharont6\Desktop\HiJackThis.lnk
[2010/07/23 19:45:40 | 001,402,880 | ---- | C] () -- C:\Users\sharont6\Desktop\HiJackThis.msi
[2010/07/23 19:42:46 | 000,001,887 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/07/23 19:33:40 | 000,001,804 | ---- | C] () -- C:\Users\sharont6\Desktop\Invitation.msrcincident
[2010/07/23 19:33:40 | 000,000,176 | ---- | C] () -- C:\Users\sharont6\AppData\Local\rahistory.xml
[2010/07/23 19:14:37 | 000,261,840 | ---- | C] () -- C:\Users\sharont6\Desktop\dscf4002-1024x768.jpg
[2010/07/22 20:43:22 | 000,010,261 | ---- | C] () -- C:\Users\sharont6\Desktop\isbn#.docx
[2010/07/22 20:38:08 | 000,010,253 | ---- | C] () -- C:\Users\sharont6\Documents\isbn#.docx
[2010/07/22 17:11:25 | 000,497,958 | ---- | C] () -- C:\Users\sharont6\Desktop\Minitemplate.docx
[2010/07/21 18:32:49 | 000,000,298 | -H-- | C] () -- C:\Windows\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
[2010/07/21 18:32:34 | 000,051,200 | ---- | C] () -- C:\Users\sharont6\AppData\Roaming\b047c0e9.exe
[2010/07/20 22:16:00 | 000,009,704 | ---- | C] () -- C:\Users\sharont6\.recently-used.xbel
[2010/07/20 22:15:50 | 000,079,998 | ---- | C] () -- C:\Users\sharont6\Desktop\stock-photo-man-fishing- - Copy.jpg
[2010/07/20 09:10:35 | 000,072,441 | ---- | C] () -- C:\Users\sharont6\Desktop\VideoSqueezePages.com-1.zip
[2010/07/19 15:01:12 | 000,312,376 | ---- | C] () -- C:\Users\sharont6\Desktop\healing.docx
[2010/07/18 19:57:47 | 000,184,124 | ---- | C] () -- C:\Users\sharont6\Desktop\rvideoa.3g2
[2010/07/18 19:55:45 | 000,011,755 | ---- | C] () -- C:\Users\sharont6\Documents\Help Rocky.docx
[2010/07/16 21:22:33 | 000,019,357 | ---- | C] () -- C:\Users\sharont6\Documents\The List.docx
[2010/07/16 14:46:46 | 005,468,981 | ---- | C] () -- C:\Users\sharont6\Desktop\Hi, My Name Is Rocky.pptx
[2010/07/16 14:42:43 | 000,012,800 | ---- | C] () -- C:\Users\sharont6\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/16 14:04:35 | 002,711,875 | ---- | C] () -- C:\Users\sharont6\Documents\Hi, My Name Is Rocky.pptx
[2010/07/16 13:35:47 | 000,059,392 | ---- | C] () -- C:\Users\sharont6\Desktop\Rockypoems.doc
[2010/07/10 16:41:49 | 000,011,199 | ---- | C] () -- C:\Users\sharont6\Desktop\Teaching Tips to Start the Year.docx
[2010/07/04 18:35:49 | 000,665,961 | ---- | C] () -- C:\Users\sharont6\Desktop\thesecretpathof - Copy.docx
[2010/07/02 16:27:28 | 196,407,883 | ---- | C] () -- C:\Users\sharont6\Desktop\FinancialAbundance-Download.zip
[2010/07/01 19:49:21 | 000,054,644 | ---- | C] () -- C:\Users\sharont6\Documents\res.docx
[2010/06/30 18:05:05 | 000,053,922 | ---- | C] () -- C:\Users\sharont6\Documents\Michaelresume.docx
[2010/06/30 03:01:08 | 000,000,942 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010/06/29 08:10:52 | 000,000,162 | -H-- | C] () -- C:\Users\sharont6\Desktop\~$e List.docx
[2010/06/29 00:52:48 | 000,815,963 | ---- | C] () -- C:\Users\sharont6\Desktop\thesecretpathof.docx
[2010/06/28 22:43:03 | 000,000,162 | -H-- | C] () -- C:\Users\sharont6\Desktop\~$rent Heal Thyself finished - Copy.docx
[2010/06/28 22:38:31 | 000,000,162 | -H-- | C] () -- C:\Users\sharont6\Desktop\~$e Secret Path of Successful Parents.docx
[2010/06/28 07:42:13 | 000,764,762 | ---- | C] () -- C:\Users\sharont6\Documents\The Secret Path of Successful Parents.docx
[2010/06/24 07:16:33 | 000,000,000 | ---- | C] () -- C:\Users\sharont6\AppData\Local\QSwitch.txt
[2010/06/24 07:16:33 | 000,000,000 | ---- | C] () -- C:\Users\sharont6\AppData\Local\DSwitch.txt
[2010/06/24 07:16:33 | 000,000,000 | ---- | C] () -- C:\Users\sharont6\AppData\Local\AtStart.txt
[2010/06/01 13:31:20 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2008/12/14 16:55:42 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008/02/10 21:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2008/01/20 21:23:41 | 000,081,158 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en
[2006/11/02 07:34:20 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/03/09 17:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/05/06 20:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 24 bytes -> C:\Windows:321853CCE3400771
< End of report >

sharont6 · « **Reply #3 on:** July 23, 2010, 09:49:21 PM »

OTL Extras logfile created on: 7/23/2010 9:42:20 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\sharont6\Desktop
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 54.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 173.48 Gb Total Space | 52.88 Gb Free Space | 30.48% Space Free | Partition Type: NTFS
Drive D: | 12.83 Gb Total Space | 12.74 Gb Free Space | 99.32% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SHARONT6-PC
Current User Name: sharont6
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{4788B68F-C191-4ABB-8FC4-64CAC09EB819}" = rport=445 | protocol=6 | dir=out | app=system |
"{49977757-7F9D-4016-BCB7-E7AD25D1691A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=c:\windows\system32\spoolsv.exe |
"{4F313F30-CA30-4009-B1CD-BAF87FF36403}" = lport=138 | protocol=17 | dir=in | app=system |
"{605AAFF6-7984-4292-A004-C90A51508189}" = rport=138 | protocol=17 | dir=out | app=system |
"{74245940-CA6C-4DA6-9697-8CFF8FFA7236}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{811FFA1A-54AA-4DC4-BC5B-30CA2031C83E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=file and printer sharing (spooler service - rpc-epmap) |
"{84A57273-D89F-402F-9772-579E30C7EC6B}" = lport=445 | protocol=6 | dir=in | app=system |
"{93BC8ED2-A664-40C7-BF5D-ED773DB68E55}" = rport=139 | protocol=6 | dir=out | app=system |
"{B53B0D8A-9AEF-41A3-8828-A8AAD4F34024}" = lport=67 | protocol=17 | dir=in | name=dhcp discovery service |
"{C34290BC-7B3E-43B6-A312-97F3D161EA2B}" = lport=67 | protocol=17 | dir=in | name=dhcp discovery service |
"{CB3C7D61-53CA-4008-8ADC-A51BF1E0E96A}" = rport=137 | protocol=17 | dir=out | app=system |
"{DACF26BF-D208-4E89-AD1A-3E48B134581E}" = lport=139 | protocol=6 | dir=in | app=system |
"{EBBC3ED1-0250-4E98-B1E4-BC3FF4F4D7BC}" = lport=137 | protocol=17 | dir=in | app=system |
"{F6CFA15D-7805-42A7-ABF8-1F2D6586236F}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0CE4CCA5-1DED-4B02-8854-AE26F57C38C7}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{10B6CEC0-BBEA-4E48-981D-344DCF3C2B00}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1A37A410-901B-4B98-86F7-403FA19F0B40}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{29BD4D47-DB05-46C3-A016-4F8BB68B6CDA}" = protocol=58 | dir=in | name=file and printer sharing (echo request - icmpv6-in) |
"{2DD2E8ED-4CF5-4D10-ABC8-168F950A78EE}" = protocol=1 | dir=out | name=file and printer sharing (echo request - icmpv4-out) |
"{39CF86E0-7414-4B51-9034-FE97A7C879C2}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{3AD89BB3-0E0B-4FD5-9431-FA9CF66F9E17}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3E2B1BEC-F84F-400B-B8E6-E1D071409F7F}" = protocol=58 | dir=out | name=file and printer sharing (echo request - icmpv6-out) |
"{443E5841-76A7-46C0-8D0E-05B287D4B23D}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{47EB578A-DC83-4F99-A4C1-91DAC4E86D62}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{54F553E7-0C1A-4B74-9664-704CDE71DD67}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{66EE03F6-E5FC-45A5-9FC0-19CCBD1EFAC3}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{6AF59B94-C25B-417F-8704-81459DC91975}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{74322C78-E1B4-4E95-A27A-96BBD9C4CAE9}" = protocol=17 | dir=in | app=c:\program files\common files\pure networks shared\platform\nmsrvc.exe |
"{8F6A2C0E-CCCC-4FBB-9EDC-03DF7983DB78}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{A4015357-7009-419E-A6AE-45A467C6C960}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{AA8917F7-7290-429F-9D89-4E8B7D5A3438}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{BC08EE18-495A-4D4E-8450-1BCF87F9060D}" = protocol=1 | dir=in | name=file and printer sharing (echo request - icmpv4-in) |
"{D34CEF0F-5470-435D-8705-39D95BD40ACC}" = protocol=6 | dir=in | app=c:\program files\common files\pure networks shared\platform\nmsrvc.exe |
"{D574F928-32AB-493E-A7B0-225A6EC447CE}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{FC31FAFD-4884-4D81-B7B6-961904CB8790}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{FD78058D-A757-42DD-82BD-C98E9B1A4754}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"TCP Query User{2E236CB7-D22B-4E05-88B2-827043010A49}C:\program files\counterpath\x-lite\x-lite.exe" = protocol=6 | dir=in | app=c:\program files\counterpath\x-lite\x-lite.exe |
"TCP Query User{8F1D38FA-395D-4341-8180-85B199A276AC}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{8ED96A20-EFEB-431A-A5FA-F9E805FA12B5}C:\program files\counterpath\x-lite\x-lite.exe" = protocol=17 | dir=in | app=c:\program files\counterpath\x-lite\x-lite.exe |
"UDP Query User{F7A0A60D-8A01-4605-B0F3-F113AD06E9A3}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{22466889-7642-488d-AA0E-F619704CF7AB}" = DeviceDiscovery
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java(TM) 6 Update 20
"{26B878A8-5704-3B64-BDBC-4F0EACA38121}" = Google Talk Plugin
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{30DAA715-5032-40F9-A0AE-95C9AEBB3E3F}" = HP QuickTouch 1.00 D2
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 H2
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.6
"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}" = Photo Story 3 for Windows
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6DC0CBB2-F919-4bdd-A608-E8FE35E03237}" = MX Skype Recorder v3.4
"{6EE738C2-0ECE-4917-B62D-D3061A6B29E7}" = Skype Integration
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{835E1FFE-7B14-45F9-9A93-18B6EDAC255D}" = VoIPVoice Integration
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{8F018A9E-56DE-4A79-A5EF-25F413F1D538}" = WeatherBug
"{90120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{90120000-0014-0000-0000-0000000FF1CE}_PRO_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0014-0000-0000-0000000FF1CE}_PRO_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PRO_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PRO_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PRO_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PRO_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PRO_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PRO_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PRO_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PRO_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PRO_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PRO_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PRO_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PRO_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{A02AEE90-9B8F-4159-A992-805E70ECF0EF}" = VoIPVoice Integration
"{A6B90148-02C5-4fd3-8D7A-EF2386835CB9}" = F4100_Help
"{A6C265BE-E2C1-483e-843D-6B4C1E912AE0}" = F4100
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB40272D-92AB-4F30-B36B-22EDE16F8FE5}" = HP Update
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B4509BCE-7BAD-4a8c-B1AE-4D0CE7467C42}" = F4100_doccd
"{B4F35A00-24FD-4fb3-BF5E-413D5423434D}" = DJ_AIO_Software_min
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{BFF829B6-B433-42CE-9A19-E459D3E4E483}" = My.Freeze.com NetAssistant
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CA50045C-5119-48e7-9BA7-6B317379857A}" = DJ_AIO_Software
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CC4A73BF-938E-4C19-A553-853C035C9BA1}" = LightScribe System Software 1.10.13.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E548726E-F4E8-459f-BAB8-45551BC071E9}" = DJ_AIO_ProductContext
"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{FA8A44D7-3E8A-4034-9C4F-088FA6B72BC4}" = HP Deskjet All-In-One Software 9.0
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AnyDVD" = AnyDVD
"ffdshow_is1" = ffdshow [rev 2460] [2008-12-09]
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"HPExtendedCapabilities" = HP Customer Participation Program 9.0
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Essentials" = Microsoft Security Essentials
"Mozilla Firefox (3.6.7)" = Mozilla Firefox (3.6.7)
"PRO" = Microsoft Office Professional 2007
"RealPlayer 12.0" = RealPlayer
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"UltSounds" = Windows Sound Schemes
"UltSounds2" = Ultimate Extras sounds from Microsoft® Tinker™
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinRAR archiver" = WinRAR archiver
"X-Lite 1.5_is1" = X-Lite 3.0
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"My.Freeze.com NetAssistant" = My.Freeze.com NetAssistant for Firefox
"PowerTeacher Gradebook" = PowerTeacher Gradebook
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.2

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/23/2010 6:58:33 AM | Computer Name = sharont6-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1154

Error - 7/23/2010 6:58:34 AM | Computer Name = sharont6-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 7/23/2010 6:58:34 AM | Computer Name = sharont6-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2152

Error - 7/23/2010 6:58:34 AM | Computer Name = sharont6-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2152

Error - 7/23/2010 6:58:35 AM | Computer Name = sharont6-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 7/23/2010 6:58:35 AM | Computer Name = sharont6-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3166

Error - 7/23/2010 6:58:35 AM | Computer Name = sharont6-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3166

Error - 7/23/2010 12:31:48 PM | Computer Name = sharont6-PC | Source = WinMgmt | ID = 10
Description =

Error - 7/23/2010 12:36:53 PM | Computer Name = sharont6-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 7/23/2010 3:22:11 PM | Computer Name = sharont6-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18928, time stamp
0x4bdfa327, faulting module mshtml.dll, version 8.0.6001.18928, time stamp 0x4bdfb76d,
exception code 0xc0000005, fault offset 0x000a0e20, process id 0xb2c, application
start time 0x01cb2a9bf77b0c77.

[ Media Center Events ]
Error - 4/13/2009 5:35:06 PM | Computer Name = sharont6-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 2/20/2010 10:59:12 PM | Computer Name = sharont6-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ OSession Events ]
Error - 2/25/2010 10:15:10 PM | Computer Name = sharont6-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session
lasted 137 seconds with 120 seconds of active time. This session ended with a crash.

Error - 2/25/2010 10:16:31 PM | Computer Name = sharont6-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session
lasted 66 seconds with 60 seconds of active time. This session ended with a crash.

Error - 2/26/2010 9:16:48 PM | Computer Name = sharont6-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session
lasted 4253 seconds with 2940 seconds of active time. This session ended with a
crash.

Error - 3/3/2010 6:23:35 PM | Computer Name = sharont6-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session
lasted 40 seconds with 0 seconds of active time. This session ended with a crash.

Error - 3/3/2010 6:24:11 PM | Computer Name = sharont6-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session
lasted 28 seconds with 0 seconds of active time. This session ended with a crash.

Error - 3/6/2010 6:00:55 PM | Computer Name = sharont6-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session
lasted 2111 seconds with 1740 seconds of active time. This session ended with a
crash.

Error - 3/6/2010 6:12:22 PM | Computer Name = sharont6-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session
lasted 656 seconds with 480 seconds of active time. This session ended with a crash.

Error - 3/12/2010 5:47:54 PM | Computer Name = sharont6-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session
lasted 11014 seconds with 3120 seconds of active time. This session ended with
a crash.

Error - 3/20/2010 3:50:18 PM | Computer Name = sharont6-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session
lasted 32 seconds with 0 seconds of active time. This session ended with a crash.

Error - 3/23/2010 11:01:01 PM | Computer Name = sharont6-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session
lasted 233 seconds with 180 seconds of active time. This session ended with a crash.

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

guestolo · « **Reply #4 on:** July 23, 2010, 11:13:49 PM »

Can you do the following please

Right click on OTL.exe and choose to "Run as Administrator"

Under the [color="#0000FF"]Custom Scans/Fixes[/color] box at the bottom, copy/paste in the following in the quote box below. don't include the word Quote please
Quote
:OTL
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O4 - HKCU..\Run: [JDK5SWFMZY] C:\Users\sharont6\AppData\Local\Temp\Lhh.exe File not found
:Reg
:Files
:Commands
[EmptyTemp]
[Reboot]
Then click the [color="#FF0000"]Run Fix[/color] button at the top
Let the program run unhindered, reboot the PC when it is done

On startup, Allow OTL to run if prompted
A log should open, can you post it please
A copy of this log can also be found in
C:\_OTL\Moved Files folder

With that log, can you also post the contents of the next log
download Malwarebytes' Anti-Malware from Here or Here
Save the installer to desktop

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

sharont6 · « **Reply #5 on:** July 28, 2010, 08:06:31 AM »

[quote name='guestolo' date='23 July 2010 - 11:13 PM' timestamp='1279944829' post='470931']
Can you do the following please

Right click on OTL.exe and choose to "Run as Administrator"

Under the [color="#0000ff"]Custom Scans/Fixes[/color] box at the bottom, copy/paste in the following in the quote box below. don't include the word Quote please
Then click the [color="#ff0000"]Run Fix[/color] button at the top
Let the program run unhindered, reboot the PC when it is done

On startup, Allow OTL to run if prompted
A log should open, can you post it please
A copy of this log can also be found in
C:\_OTL\Moved Files folder

With that log, can you also post the contents of the next log
download Malwarebytes' Anti-Malware from Here or Here
Save the installer to desktop

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
[/quote]

sharont6 · « **Reply #6 on:** July 28, 2010, 08:09:14 AM »

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\JDK5SWFMZY deleted successfully.
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: sharont6
->Temp folder emptied: 71322435 bytes
->Temporary Internet Files folder emptied: 873493849 bytes
->Java cache emptied: 15367669 bytes
->FireFox cache emptied: 101869324 bytes
->Google Chrome cache emptied: 6330788 bytes
->Flash cache emptied: 75361 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 271704 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 153117624 bytes
RecycleBin emptied: 3648527 bytes

Total Files Cleaned = 1,169.00 mb

OTL by OldTimer - Version 3.2.9.1 log created on 07282010_075224

Files\Folders moved on Reboot...
C:\Users\sharont6\AppData\Local\Temp\ehmsas.txt moved successfully.
File\Folder C:\Users\sharont6\AppData\Local\Temp\~DF1D53.tmp not found!
File\Folder C:\Users\sharont6\AppData\Local\Temp\~DF1D5E.tmp not found!
File\Folder C:\Users\sharont6\AppData\Local\Temp\~DF1DAD.tmp not found!
File\Folder C:\Users\sharont6\AppData\Local\Temp\~DF1DB8.tmp not found!
File\Folder C:\Users\sharont6\AppData\Local\Temp\~DF1DE0.tmp not found!
File\Folder C:\Users\sharont6\AppData\Local\Temp\~DF1DEB.tmp not found!
C:\Users\sharont6\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\sharont6\AppData\Local\Google\Google Talk Plugin\gtbplugin.log moved successfully.
C:\Users\sharont6\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UTDDNY58\index[1].htm moved successfully.
C:\Users\sharont6\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

Registry entries deleted on Reboot...

I do not understand the rest of your directions.

guestolo · « **Reply #7 on:** July 28, 2010, 01:45:04 PM »

Quote

I do not understand the rest of your directions.

This is a great little Malware scanner, can I have you run it please
Here is a Direct link to the installer, please save it to your desktop

CLICK HERE
Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

sharont6 · « **Reply #8 on:** July 28, 2010, 04:54:33 PM »

The program says that it will not remove threats unless I buy the software. A pop up window came up and says to reboot. so I am doing that.

sharont6 · « **Reply #9 on:** July 28, 2010, 05:02:49 PM »

[quote name='sharont6' date='28 July 2010 - 04:54 PM' timestamp='1280354073' post='471028']
The program says that it will not remove threats unless I buy the software. A pop up window came up and says to reboot. so I am doing that.
[/quote]

sharont6 · « **Reply #10 on:** July 28, 2010, 05:03:52 PM »

No report popped up so I can't show you any results. I have no idea if anything was removed or not.
thanks for trying to help

guestolo · « **Reply #11 on:** July 28, 2010, 05:19:46 PM »

The link I directed you to should of been to the free version of Malwarebytes
I'm unsure why you would get a prompt to pay for it
Please Open Malwarebytes Antimalware, you should have a shortcut to it on your desktop
It should be a red and white icon with the letter M in it

Open the LOGS tab, and double click on the log and post the contents back here when it opens

NOTE: I'm stepping out for a bit, so I'll see the log when I return

sharont6 · « **Reply #12 on:** July 28, 2010, 06:28:12 PM »

[quote name='guestolo' date='28 July 2010 - 05:19 PM' timestamp='1280355586' post='471031']
The link I directed you to should of been to the free version of Malwarebytes
I'm unsure why you would get a prompt to pay for it
Please Open Malwarebytes Antimalware, you should have a shortcut to it on your desktop
It should be a red and white icon with the letter M in it

Open the LOGS tab, and double click on the log and post the contents back here when it opens

NOTE: I'm stepping out for a bit, so I'll see the log when I return
[/quote]

sharont6 · « **Reply #13 on:** July 28, 2010, 06:30:02 PM »

I'm starting all over again. I must have clicked on the wrong icon.

sharont6 · « **Reply #14 on:** July 28, 2010, 07:06:51 PM »

I clicked on the second link and finally found the correct program. Here is the report.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4364

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18928

7/28/2010 7:04:29 PM
mbam-log-2010-07-28 (19-04-29).txt

Scan type: Quick scan
Objects scanned: 130771
Time elapsed: 8 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\JDK5SWFMZY (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\TG0PTF86JH (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Installr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Installr\2.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\FunWebProducts\Installr\2.bin\F3EZSETP.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Installr\2.bin\F3PLUGIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Installr\2.bin\NPFUNWEB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

guestolo · « **Reply #15 on:** July 28, 2010, 11:18:23 PM »

That's good, we found a bad guy I was hoping on
Can you do the following, I want to see both OTL.txt and Extras.txt again, just to ensure that you didn't download something you didn't need

Right click on OTL.exe and choose to "Run as Administrator"
Under EXTRA REGISTRY put a tick on "USE Safelist"

Then click on RUN SCAN again
When it's done, please post the contents of both OTL.txt and Extras.txt

Also, keep me informed how things are now running

sharont6 · « **Reply #16 on:** July 29, 2010, 08:16:12 PM »

[quote name='guestolo' date='28 July 2010 - 11:18 PM' timestamp='1280377103' post='471040']
That's good, we found a bad guy I was hoping on
Can you do the following, I want to see both OTL.txt and Extras.txt again, just to ensure that you didn't download something you didn't need

Right click on OTL.exe and choose to "Run as Administrator"
Under EXTRA REGISTRY put a tick on "USE Safelist"

Then click on RUN SCAN again
When it's done, please post the contents of both OTL.txt and Extras.txt

Also, keep me informed how things are now running
[/quote]Is this what you wanted?

OTL logfile created on: 7/29/2010 8:07:44 PM - Run 2
OTL by OldTimer - Version 3.2.9.1    Folder = C:\Users\sharont6\Desktop\Media Files
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 45.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 66.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 173.48 Gb Total Space | 57.09 Gb Free Space | 32.91% Space Free | Partition Type: NTFS
Drive D: | 12.83 Gb Total Space | 12.74 Gb Free Space | 99.32% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SHARONT6-PC
Current User Name: sharont6
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/07/23 21:41:15 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\sharont6\Desktop\Media Files\OTL.exe
PRC - [2010/07/13 14:08:50 | 000,304,304 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2010/06/24 08:47:24 | 000,231,888 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10h_ActiveX.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/06/01 14:53:46 | 001,093,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2010/05/11 11:51:52 | 001,287,120 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsTray.exe
PRC - [2010/05/09 19:39:35 | 000,030,192 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
PRC - [2010/04/02 19:34:54 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2010/03/15 11:50:36 | 001,142,224 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe
PRC - [2010/03/11 11:09:22 | 000,366,840 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe
PRC - [2010/01/22 08:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
PRC - [2010/01/04 20:13:28 | 023,941,120 | ---- | M] () -- C:\Program Files\CounterPath\X-Lite\x-lite.exe
PRC - [2009/12/29 10:08:28 | 001,653,248 | R--- | M] (AWS Convergence Technologies, Inc.) -- C:\Program Files\AWS\WeatherBug\Weather.exe
PRC - [2009/12/01 18:11:15 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/10/26 14:46:54 | 001,458,176 | ---- | M] (Motorola Inc.) -- C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
PRC - [2009/07/24 14:52:02 | 003,121,760 | ---- | M] (SammSoft (www.sammsoft.com)) -- C:\Program Files\MemTurbo 4\MemTurbo.exe
PRC - [2009/06/09 10:25:54 | 007,539,232 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

========== Modules (SafeList) ==========

MOD - [2010/07/23 21:41:15 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\sharont6\Desktop\Media Files\OTL.exe
MOD - [2010/02/26 07:16:18 | 000,154,160 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\smum32.dll
MOD - [2009/10/30 10:18:16 | 000,147,024 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\PCTGMhk.dll
MOD - [2009/04/11 01:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/01/20 21:22:45 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/05/09 19:39:35 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-110309-193829)
SRV - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/03/15 11:50:36 | 001,142,224 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2010/03/11 11:09:22 | 000,366,840 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2010/01/22 08:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/01/20 21:21:41 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2010/03/29 10:06:14 | 000,218,592 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2010/03/25 21:30:22 | 000,151,216 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\MpFilter.sys -- (MpFilter)
DRV - [2010/03/25 21:30:22 | 000,042,368 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2009/10/26 15:09:06 | 001,095,936 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2009/06/09 10:13:42 | 002,366,752 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/04/10 23:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2009/02/14 13:55:22 | 000,024,232 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2009/02/13 20:28:22 | 000,103,744 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2008/11/17 16:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2008/03/28 03:06:00 | 000,199,472 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2008/02/10 21:36:10 | 002,302,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008/01/20 21:21:35 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 21:21:35 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 21:21:35 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 21:21:34 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 21:21:34 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 21:21:34 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 21:21:34 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [2008/01/20 21:21:33 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 21:21:33 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 21:21:33 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008/01/20 21:21:33 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 21:21:32 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 21:21:32 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 21:21:32 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 21:21:31 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 21:21:31 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 21:21:31 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 21:21:31 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 21:21:30 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 21:21:29 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 21:21:29 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 21:21:29 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 21:21:28 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2008/01/20 21:21:28 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 21:21:09 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 21:21:09 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 21:21:09 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/10/31 19:36:32 | 002,252,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2007/07/11 03:30:22 | 000,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqRemHid.sys -- (HpqRemHid)
DRV - [2007/06/18 18:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2006/11/14 18:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006/11/02 04:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 04:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 04:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 04:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 04:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 04:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 04:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 04:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 04:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 04:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 03:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 03:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 03:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 03:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 03:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 03:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 02:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 02:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2005/12/22 18:02:22 | 000,051,840 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/12/12 12:56:00 | 000,015,232 | ---- | M] (Micronas GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\uac4pdt.sys -- (uac4pdt)
DRV - [2005/11/16 21:28:32 | 000,028,928 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.wisdominparenting.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/?fr=w3i&type=W3i_SP,151,0_0,StartPage,20100625,6692,0,16,0"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {5835466c-49af-4cbe-b102-a8c8b6313749}:1.0.6
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..extensions.enabledItems: {BFF829B6-B433-42CE-9A19-E459D3E4E483}:3.6.3
FF - prefs.js..extensions.netassistant.keyword.url: "http://click.w3i.com/?Programid=132&Elementname=Keyword&Applicationid=#netassistant_id#&Version=#netassistant_version#&Vintage=20100625&Defaultbrowserid=16&Productid=1982&Vendorid=3655&Offerid=6693&searchterm="
FF - prefs.js..network.proxy.socks: "127.0.0.1"
FF - prefs.js..network.proxy.socks_port: 8080

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/04/02 19:50:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/24 20:57:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/24 20:57:48 | 000,000,000 | ---D | M]

[2010/04/17 18:08:03 | 000,000,000 | ---D | M] -- C:\Users\sharont6\AppData\Roaming\Mozilla\Extensions
[2010/04/17 18:08:03 | 000,000,000 | ---D | M] -- C:\Users\sharont6\AppData\Roaming\Mozilla\Extensions\[email protected]
[2010/07/24 15:16:37 | 000,000,000 | ---D | M] -- C:\Users\sharont6\AppData\Roaming\Mozilla\Firefox\Profiles\0bgzwofg.default\extensions
[2010/06/17 00:42:43 | 000,000,000 | ---D | M] (Shop to Win) -- C:\Users\sharont6\AppData\Roaming\Mozilla\Firefox\Profiles\0bgzwofg.default\extensions\{5835466c-49af-4cbe-b102-a8c8b6313749}
[2010/06/17 00:41:39 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\sharont6\AppData\Roaming\Mozilla\Firefox\Profiles\0bgzwofg.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/07/16 21:00:36 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\sharont6\AppData\Roaming\Mozilla\Firefox\Profiles\0bgzwofg.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/04/09 18:41:37 | 000,002,424 | ---- | M] () -- C:\Users\sharont6\AppData\Roaming\Mozilla\Firefox\Profiles\0bgzwofg.default\searchplugins\askcom.xml
[2010/06/17 00:45:59 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/14 18:18:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1    localhost
O1 - Hosts: ::1    localhost
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AROReminder] C:\Program Files\Advanced Registry Optimizer\ARO.exe (Sammsoft)
O4 - HKCU..\Run: [eyeBeam SIP Client] C:\Program Files\CounterPath\X-Lite\x-lite.exe ()
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [Power2GoExpress] File not found
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
O4 - Startup: C:\Users\sharont6\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MemTurbo.lnk = C:\Program Files\MemTurbo 4\MemTurbo.exe (SammSoft (www.sammsoft.com))
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} http://picasaweb.google.com/s/v/63.11/uploader2.cab (UploadListView Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab (GMNRev Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\sharont6\Pictures\sunsets\cruise 044.jpg
O24 - Desktop BackupWallPaper: C:\Users\sharont6\Pictures\sunsets\cruise 044.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/07/28 18:54:28 | 000,000,000 | ---D | C] -- C:\Users\sharont6\AppData\Roaming\Malwarebytes
[2010/07/28 18:54:18 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/07/28 18:54:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/07/28 18:54:16 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/07/28 18:54:16 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/28 18:26:26 | 000,000,000 | ---D | C] -- C:\Users\sharont6\AppData\Roaming\Sammsoft
[2010/07/28 18:26:12 | 000,000,000 | ---D | C] -- C:\Program Files\MemTurbo 4
[2010/07/28 18:25:23 | 000,000,000 | ---D | C] -- C:\Program Files\Advanced Registry Optimizer
[2010/07/28 18:19:34 | 000,000,000 | ---D | C] -- C:\Users\sharont6\Desktop\movies
[2010/07/28 16:32:13 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll
[2010/07/28 16:32:12 | 001,652,688 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
[2010/07/28 16:32:12 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll
[2010/07/28 16:22:58 | 000,233,136 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys
[2010/07/28 16:22:58 | 000,100,136 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys
[2010/07/28 16:22:47 | 000,218,592 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
[2010/07/28 16:22:47 | 000,088,040 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys
[2010/07/28 16:22:34 | 000,063,360 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
[2010/07/28 16:22:14 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/07/28 16:22:14 | 000,000,000 | ---D | C] -- C:\Users\sharont6\AppData\Roaming\PC Tools
[2010/07/28 16:22:14 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2010/07/28 16:22:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/07/28 16:06:48 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010/07/28 07:52:24 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/07/26 17:50:56 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010/07/25 09:54:31 | 000,117,760 | ---- | C] (Hewlett-Packard Company) -- C:\Windows\System32\hpzll64X.dll
[2010/07/25 09:50:44 | 000,000,000 | ---D | C] -- C:\Users\sharont6\AppData\Roaming\HpUpdate
[2010/07/25 09:50:39 | 000,000,000 | ---D | C] -- C:\Windows\Hewlett-Packard
[2010/07/23 21:13:56 | 000,000,000 | ---D | C] -- C:\Users\sharont6\Documents\X-Lite
[2010/07/23 21:03:04 | 000,000,000 | ---D | C] -- C:\ProgramData\CounterPath
[2010/07/23 21:02:58 | 000,000,000 | ---D | C] -- C:\Users\sharont6\AppData\Local\CounterPath
[2010/07/23 21:02:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intel
[2010/07/23 21:02:46 | 000,000,000 | ---D | C] -- C:\Program Files\CounterPath
[2010/07/23 19:49:48 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/07/23 19:42:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/07/23 19:33:40 | 000,000,000 | ---D | C] -- C:\Users\sharont6\Documents\Remote Assistance Logs
[2010/07/09 18:50:47 | 000,000,000 | ---D | C] -- C:\Users\sharont6\Desktop\Lynne's Art
[2010/07/02 13:02:51 | 000,000,000 | ---D | C] -- C:\ProgramData\{728FC1F2-CDDF-47DE-9CD1-E5787B8B3764}
[1 C:\Users\sharont6\Documents\*.tmp files -> C:\Users\sharont6\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/07/29 20:13:00 | 005,242,880 | -HS- | M] () -- C:\Users\sharont6\NTUSER.DAT
[2010/07/29 20:04:00 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/29 19:53:00 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-990035405-2007910519-4216647221-1000UA.job
[2010/07/29 18:54:11 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/07/29 18:54:11 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/07/29 17:33:44 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{59EBA438-37C2-4E7D-89B7-E443A28A035A}.job
[2010/07/29 17:04:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/29 13:53:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-990035405-2007910519-4216647221-1000Core.job
[2010/07/29 13:11:07 | 000,198,116 | ---- | M] () -- C:\Users\sharont6\Desktop\calendar.1.2.3.zip
[2010/07/29 06:54:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/07/28 19:15:10 | 000,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/07/28 19:15:10 | 000,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/07/28 19:15:09 | 000,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/07/28 19:13:26 | 000,000,824 | ---- | M] () -- C:\Users\sharont6\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MemTurbo.lnk
[2010/07/28 19:13:06 | 000,000,279 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2010/07/28 19:09:25 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/07/28 19:09:20 | 3211,190,272 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/28 19:08:09 | 000,524,288 | -HS- | M] () -- C:\Users\sharont6\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000001.regtrans-ms
[2010/07/28 19:08:09 | 000,065,536 | -HS- | M] () -- C:\Users\sharont6\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TM.blf
[2010/07/28 19:08:08 | 001,527,590 | -H-- | M] () -- C:\Users\sharont6\AppData\Local\IconCache.db
[2010/07/28 18:29:53 | 000,016,384 | ---- | M] () -- C:\Users\sharont6\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/28 18:26:15 | 000,001,824 | ---- | M] () -- C:\Users\sharont6\Application Data\Microsoft\Internet Explorer\Quick Launch\Check PC For Errors.lnk
[2010/07/28 18:26:14 | 000,000,786 | ---- | M] () -- C:\Users\sharont6\Application Data\Microsoft\Internet Explorer\Quick Launch\MemTurbo - PC Optimizer.lnk
[2010/07/28 07:46:51 | 000,551,610 | ---- | M] () -- C:\Users\sharont6\Desktop\The-Butterfly-Effect-Report-New.pdf
[2010/07/26 17:07:39 | 000,817,664 | ---- | M] () -- C:\Users\sharont6\Desktop\thesecretpathof.docx
[2010/07/26 17:07:39 | 000,817,664 | ---- | M] () -- C:\Users\sharont6\Desktop\thesecretpathof - Copy.docx
[2010/07/25 23:15:18 | 196,393,250 | ---- | M] () -- C:\Users\sharont6\Desktop\FinancialAbundance-Download.zip
[2010/07/25 15:34:55 | 000,002,627 | ---- | M] () -- C:\Users\sharont6\Desktop\Microsoft Office Word 2007 (2).lnk
[2010/07/25 15:34:31 | 000,782,542 | ---- | M] () -- C:\Users\sharont6\Documents\thesecretpathof.pdf
[2010/07/25 14:54:37 | 000,012,677 | ---- | M] () -- C:\Users\sharont6\Documents\How to Raise Vibrational Rates.docx
[2010/07/25 12:03:07 | 000,031,232 | ---- | M] () -- C:\Users\sharont6\Documents\Tic-Tac-ToeSoc…udiesBoard.doc
[2010/07/25 09:45:34 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\Driver Fetch.job
[2010/07/24 14:52:05 | 000,012,139 | ---- | M] () -- C:\Users\sharont6\Documents\My New Life.docx
[2010/07/23 21:02:51 | 000,000,924 | ---- | M] () -- C:\Users\sharont6\Desktop\X-Lite.lnk
[2010/07/23 19:33:40 | 000,000,176 | ---- | M] () -- C:\Users\sharont6\AppData\Local\rahistory.xml
[2010/07/22 20:43:23 | 000,010,261 | ---- | M] () -- C:\Users\sharont6\Desktop\isbn#.docx
[2010/07/22 20:42:51 | 000,497,958 | ---- | M] () -- C:\Users\sharont6\Desktop\Minitemplate.docx
[2010/07/22 20:38:09 | 000,010,253 | ---- | M] () -- C:\Users\sharont6\Documents\isbn#.docx
[2010/07/21 18:32:34 | 000,051,200 | ---- | M] () -- C:\Users\sharont6\AppData\Roaming\b047c0e9.exe
[2010/07/20 22:16:00 | 000,009,704 | ---- | M] () -- C:\Users\sharont6\.recently-used.xbel
[2010/07/19 16:28:54 | 005,468,981 | ---- | M] () -- C:\Users\sharont6\Desktop\Hi, My Name Is Rocky.pptx
[2010/07/19 15:01:13 | 000,312,376 | ---- | M] () -- C:\Users\sharont6\Desktop\healing.docx
[2010/07/18 19:55:46 | 000,011,755 | ---- | M] () -- C:\Users\sharont6\Documents\Help Rocky.docx
[2010/07/16 21:22:33 | 000,019,357 | ---- | M] () -- C:\Users\sharont6\Documents\The List.docx
[2010/07/16 20:48:41 | 000,059,392 | ---- | M] () -- C:\Users\sharont6\Desktop\Rockypoems.doc
[2010/07/16 14:40:12 | 002,711,875 | ---- | M] () -- C:\Users\sharont6\Documents\Hi, My Name Is Rocky.pptx
[2010/07/10 17:14:44 | 000,011,199 | ---- | M] () -- C:\Users\sharont6\Desktop\Teaching Tips to Start the Year.docx
[2010/07/06 16:35:11 | 000,075,997 | ---- | M] () -- C:\Users\sharont6\Desktop\The List.docx
[2010/07/02 07:09:50 | 000,053,922 | ---- | M] () -- C:\Users\sharont6\Documents\Michaelresume.docx
[2010/07/01 19:49:21 | 000,054,644 | ---- | M] () -- C:\Users\sharont6\Documents\res.docx
[2010/07/01 09:01:09 | 000,012,747 | ---- | M] () -- C:\Users\sharont6\Desktop\50 Ways to Increase Traffic.docx
[1 C:\Users\sharont6\Documents\*.tmp files -> C:\Users\sharont6\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/29 13:11:05 | 000,198,116 | ---- | C] () -- C:\Users\sharont6\Desktop\calendar.1.2.3.zip
[2010/07/28 18:26:15 | 000,001,824 | ---- | C] () -- C:\Users\sharont6\Application Data\Microsoft\Internet Explorer\Quick Launch\Check PC For Errors.lnk
[2010/07/28 18:26:14 | 000,000,824 | ---- | C] () -- C:\Users\sharont6\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MemTurbo.lnk
[2010/07/28 18:26:14 | 000,000,786 | ---- | C] () -- C:\Users\sharont6\Application Data\Microsoft\Internet Explorer\Quick Launch\MemTurbo - PC Optimizer.lnk
[2010/07/28 16:32:14 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2010/07/28 16:32:13 | 001,152,444 | ---- | C] () -- C:\Windows\UDB.zip
[2010/07/28 16:32:13 | 000,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml
[2010/07/28 16:32:13 | 000,000,879 | ---- | C] () -- C:\Windows\RegISSImport.xml
[2010/07/28 16:32:13 | 000,000,131 | ---- | C] () -- C:\Windows\IDB.zip
[2010/07/28 16:22:58 | 000,007,387 | ---- | C] () -- C:\Windows\System32\drivers\pctgntdi.cat
[2010/07/28 16:22:47 | 000,007,412 | ---- | C] () -- C:\Windows\System32\drivers\PCTAppEvent.cat
[2010/07/28 16:22:47 | 000,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctcore.cat
[2010/07/28 16:22:34 | 000,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctplsg.cat
[2010/07/28 07:46:51 | 000,551,610 | ---- | C] () -- C:\Users\sharont6\Desktop\The-Butterfly-Effect-Report-New.pdf
[2010/07/26 17:10:13 | 000,817,664 | ---- | C] () -- C:\Users\sharont6\Desktop\thesecretpathof - Copy.docx
[2010/07/25 15:34:27 | 000,782,542 | ---- | C] () -- C:\Users\sharont6\Documents\thesecretpathof.pdf
[2010/07/25 12:42:28 | 000,012,677 | ---- | C] () -- C:\Users\sharont6\Documents\How to Raise Vibrational Rates.docx
[2010/07/24 09:11:29 | 000,012,139 | ---- | C] () -- C:\Users\sharont6\Documents\My New Life.docx
[2010/07/23 21:02:51 | 000,000,924 | ---- | C] () -- C:\Users\sharont6\Desktop\X-Lite.lnk
[2010/07/23 19:33:40 | 000,000,176 | ---- | C] () -- C:\Users\sharont6\AppData\Local\rahistory.xml
[2010/07/22 20:43:22 | 000,010,261 | ---- | C] () -- C:\Users\sharont6\Desktop\isbn#.docx
[2010/07/22 20:38:08 | 000,010,253 | ---- | C] () -- C:\Users\sharont6\Documents\isbn#.docx
[2010/07/22 17:11:25 | 000,497,958 | ---- | C] () -- C:\Users\sharont6\Desktop\Minitemplate.docx
[2010/07/21 18:32:34 | 000,051,200 | ---- | C] () -- C:\Users\sharont6\AppData\Roaming\b047c0e9.exe
[2010/07/20 22:16:00 | 000,009,704 | ---- | C] () -- C:\Users\sharont6\.recently-used.xbel
[2010/07/19 15:01:12 | 000,312,376 | ---- | C] () -- C:\Users\sharont6\Desktop\healing.docx
[2010/07/18 19:55:45 | 000,011,755 | ---- | C] () -- C:\Users\sharont6\Documents\Help Rocky.docx
[2010/07/16 21:22:33 | 000,019,357 | ---- | C] () -- C:\Users\sharont6\Documents\The List.docx
[2010/07/16 14:46:46 | 005,468,981 | ---- | C] () -- C:\Users\sharont6\Desktop\Hi, My Name Is Rocky.pptx
[2010/07/16 14:42:43 | 000,016,384 | ---- | C] () -- C:\Users\sharont6\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/16 14:04:35 | 002,711,875 | ---- | C] () -- C:\Users\sharont6\Documents\Hi, My Name Is Rocky.pptx
[2010/07/16 13:35:47 | 000,059,392 | ---- | C] () -- C:\Users\sharont6\Desktop\Rockypoems.doc
[2010/07/10 16:41:49 | 000,011,199 | ---- | C] () -- C:\Users\sharont6\Desktop\Teaching Tips to Start the Year.docx
[2010/07/02 16:27:28 | 196,393,250 | ---- | C] () -- C:\Users\sharont6\Desktop\FinancialAbundance-Download.zip
[2010/07/01 19:49:21 | 000,054,644 | ---- | C] () -- C:\Users\sharont6\Documents\res.docx
[2010/06/30 18:05:05 | 000,053,922 | ---- | C] () -- C:\Users\sharont6\Documents\Michaelresume.docx
[2010/06/01 13:31:20 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2008/12/14 16:55:42 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008/02/10 21:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2008/01/20 21:23:41 | 000,081,158 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en
[2006/11/02 07:34:20 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/03/09 17:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/05/06 20:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 24 bytes -> C:\Windows:321853CCE3400771
@Alternate Data Stream - 170 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:A8ADE5D8
< End of report >

sharont6 · « **Reply #17 on:** July 29, 2010, 08:19:27 PM »

[quote name='sharont6' date='29 July 2010 - 08:16 PM' timestamp='1280452572' post='471050']
Is this what you wanted?

OTL logfile created on: 7/29/2010 8:07:44 PM - Run 2
OTL by OldTimer - Version 3.2.9.1    Folder = C:\Users\sharont6\Desktop\Media Files
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 45.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 66.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 173.48 Gb Total Space | 57.09 Gb Free Space | 32.91% Space Free | Partition Type: NTFS
Drive D: | 12.83 Gb Total Space | 12.74 Gb Free Space | 99.32% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SHARONT6-PC
Current User Name: sharont6
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color="#e56717"]========== Processes (SafeList) ==========[/color]

PRC - [2010/07/23 21:41:15 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\sharont6\Desktop\Media Files\OTL.exe
PRC - [2010/07/13 14:08:50 | 000,304,304 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2010/06/24 08:47:24 | 000,231,888 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10h_ActiveX.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/06/01 14:53:46 | 001,093,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2010/05/11 11:51:52 | 001,287,120 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsTray.exe
PRC - [2010/05/09 19:39:35 | 000,030,192 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
PRC - [2010/04/02 19:34:54 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2010/03/15 11:50:36 | 001,142,224 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe
PRC - [2010/03/11 11:09:22 | 000,366,840 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe
PRC - [2010/01/22 08:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
PRC - [2010/01/04 20:13:28 | 023,941,120 | ---- | M] () -- C:\Program Files\CounterPath\X-Lite\x-lite.exe
PRC - [2009/12/29 10:08:28 | 001,653,248 | R--- | M] (AWS Convergence Technologies, Inc.) -- C:\Program Files\AWS\WeatherBug\Weather.exe
PRC - [2009/12/01 18:11:15 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/10/26 14:46:54 | 001,458,176 | ---- | M] (Motorola Inc.) -- C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
PRC - [2009/07/24 14:52:02 | 003,121,760 | ---- | M] (SammSoft (www.sammsoft.com)) -- C:\Program Files\MemTurbo 4\MemTurbo.exe
PRC - [2009/06/09 10:25:54 | 007,539,232 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

[color="#e56717"]========== Modules (SafeList) ==========[/color]

MOD - [2010/07/23 21:41:15 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\sharont6\Desktop\Media Files\OTL.exe
MOD - [2010/02/26 07:16:18 | 000,154,160 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\smum32.dll
MOD - [2009/10/30 10:18:16 | 000,147,024 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\PCTGMhk.dll
MOD - [2009/04/11 01:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/01/20 21:22:45 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx

[color="#e56717"]========== Win32 Services (SafeList) ==========[/color]

SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/05/09 19:39:35 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-110309-193829)
SRV - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/03/15 11:50:36 | 001,142,224 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2010/03/11 11:09:22 | 000,366,840 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2010/01/22 08:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/01/20 21:21:41 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

[color="#e56717"]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2010/03/29 10:06:14 | 000,218,592 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2010/03/25 21:30:22 | 000,151,216 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\MpFilter.sys -- (MpFilter)
DRV - [2010/03/25 21:30:22 | 000,042,368 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2009/10/26 15:09:06 | 001,095,936 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2009/06/09 10:13:42 | 002,366,752 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/04/10 23:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2009/02/14 13:55:22 | 000,024,232 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2009/02/13 20:28:22 | 000,103,744 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2008/11/17 16:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel®
DRV - [2008/03/28 03:06:00 | 000,199,472 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2008/02/10 21:36:10 | 002,302,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008/01/20 21:21:35 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 21:21:35 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 21:21:35 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 21:21:34 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 21:21:34 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 21:21:34 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 21:21:34 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [2008/01/20 21:21:33 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 21:21:33 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 21:21:33 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2008/01/20 21:21:33 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 21:21:32 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 21:21:32 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 21:21:32 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 21:21:31 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 21:21:31 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 21:21:31 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 21:21:31 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 21:21:30 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 21:21:29 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 21:21:29 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 21:21:29 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 21:21:28 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel®
DRV - [2008/01/20 21:21:28 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 21:21:09 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 21:21:09 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 21:21:09 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/10/31 19:36:32 | 002,252,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel®
DRV - [2007/07/11 03:30:22 | 000,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqRemHid.sys -- (HpqRemHid)
DRV - [2007/06/18 18:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2006/11/14 18:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006/11/02 04:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 04:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 04:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 04:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 04:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 04:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 04:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 04:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 04:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 04:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 03:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 03:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 03:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 03:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 03:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 03:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 02:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 02:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2005/12/22 18:02:22 | 000,051,840 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/12/12 12:56:00 | 000,015,232 | ---- | M] (Micronas GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\uac4pdt.sys -- (uac4pdt)
DRV - [2005/11/16 21:28:32 | 000,028,928 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)

[color="#e56717"]========== Standard Registry (SafeList) ==========[/color]

[color="#e56717"]========== Internet Explorer ==========[/color]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.wisdominparenting.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

[color="#e56717"]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com...w3i&type=W3i_SP,151,0_0,StartPage,20100625,6692,0,16,0"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {5835466c-49af-4cbe-b102-a8c8b6313749}:1.0.6
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..extensions.enabledItems: {BFF829B6-B433-42CE-9A19-E459D3E4E483}:3.6.3
FF - prefs.js..extensions.netassistant.keyword.url: "http://click.w3i.com...6693&searchterm="
FF - prefs.js..network.proxy.socks: "127.0.0.1"
FF - prefs.js..network.proxy.socks_port: 8080

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/04/02 19:50:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/24 20:57:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/24 20:57:48 | 000,000,000 | ---D | M]

[2010/04/17 18:08:03 | 000,000,000 | ---D | M] -- C:\Users\sharont6\AppData\Roaming\Mozilla\Extensions
[2010/04/17 18:08:03 | 000,000,000 | ---D | M] -- C:\Users\sharont6\AppData\Roaming\Mozilla\Extensions\[email protected]
[2010/07/24 15:16:37 | 000,000,000 | ---D | M] -- C:\Users\sharont6\AppData\Roaming\Mozilla\Firefox\Profiles\0bgzwofg.default\extensions
[2010/06/17 00:42:43 | 000,000,000 | ---D | M] (Shop to Win) -- C:\Users\sharont6\AppData\Roaming\Mozilla\Firefox\Profiles\0bgzwofg.default\extensions\{5835466c-49af-4cbe-b102-a8c8b6313749}
[2010/06/17 00:41:39 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\sharont6\AppData\Roaming\Mozilla\Firefox\Profiles\0bgzwofg.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/07/16 21:00:36 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\sharont6\AppData\Roaming\Mozilla\Firefox\Profiles\0bgzwofg.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/04/09 18:41:37 | 000,002,424 | ---- | M] () -- C:\Users\sharont6\AppData\Roaming\Mozilla\Firefox\Profiles\0bgzwofg.default\searchplugins\askcom.xml
[2010/06/17 00:45:59 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/14 18:18:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1    localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AROReminder] C:\Program Files\Advanced Registry Optimizer\ARO.exe (Sammsoft)
O4 - HKCU..\Run: [eyeBeam SIP Client] C:\Program Files\CounterPath\X-Lite\x-lite.exe ()
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [Power2GoExpress] File not found
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
O4 - Startup: C:\Users\sharont6\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MemTurbo.lnk = C:\Program Files\MemTurbo 4\MemTurbo.exe (SammSoft (www.sammsoft.com))
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} http://picasaweb.goo...1/uploader2.cab (UploadListView Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2....re/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.h...ctDetection.cab (GMNRev Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\sharont6\Pictures\sunsets\cruise 044.jpg
O24 - Desktop BackupWallPaper: C:\Users\sharont6\Pictures\sunsets\cruise 044.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color="#e56717"]========== Files/Folders - Created Within 30 Days ==========[/color]

[2010/07/28 18:54:28 | 000,000,000 | ---D | C] -- C:\Users\sharont6\AppData\Roaming\Malwarebytes
[2010/07/28 18:54:18 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/07/28 18:54:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/07/28 18:54:16 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/07/28 18:54:16 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/28 18:26:26 | 000,000,000 | ---D | C] -- C:\Users\sharont6\AppData\Roaming\Sammsoft
[2010/07/28 18:26:12 | 000,000,000 | ---D | C] -- C:\Program Files\MemTurbo 4
[2010/07/28 18:25:23 | 000,000,000 | ---D | C] -- C:\Program Files\Advanced Registry Optimizer
[2010/07/28 18:19:34 | 000,000,000 | ---D | C] -- C:\Users\sharont6\Desktop\movies
[2010/07/28 16:32:13 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll
[2010/07/28 16:32:12 | 001,652,688 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
[2010/07/28 16:32:12 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll
[2010/07/28 16:22:58 | 000,233,136 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys
[2010/07/28 16:22:58 | 000,100,136 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys
[2010/07/28 16:22:47 | 000,218,592 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
[2010/07/28 16:22:47 | 000,088,040 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys
[2010/07/28 16:22:34 | 000,063,360 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
[2010/07/28 16:22:14 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/07/28 16:22:14 | 000,000,000 | ---D | C] -- C:\Users\sharont6\AppData\Roaming\PC Tools
[2010/07/28 16:22:14 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2010/07/28 16:22:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/07/28 16:06:48 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010/07/28 07:52:24 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/07/26 17:50:56 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010/07/25 09:54:31 | 000,117,760 | ---- | C] (Hewlett-Packard Company) -- C:\Windows\System32\hpzll64X.dll
[2010/07/25 09:50:44 | 000,000,000 | ---D | C] -- C:\Users\sharont6\AppData\Roaming\HpUpdate
[2010/07/25 09:50:39 | 000,000,000 | ---D | C] -- C:\Windows\Hewlett-Packard
[2010/07/23 21:13:56 | 000,000,000 | ---D | C] -- C:\Users\sharont6\Documents\X-Lite
[2010/07/23 21:03:04 | 000,000,000 | ---D | C] -- C:\ProgramData\CounterPath
[2010/07/23 21:02:58 | 000,000,000 | ---D | C] -- C:\Users\sharont6\AppData\Local\CounterPath
[2010/07/23 21:02:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intel
[2010/07/23 21:02:46 | 000,000,000 | ---D | C] -- C:\Program Files\CounterPath
[2010/07/23 19:49:48 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/07/23 19:42:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/07/23 19:33:40 | 000,000,000 | ---D | C] -- C:\Users\sharont6\Documents\Remote Assistance Logs
[2010/07/09 18:50:47 | 000,000,000 | ---D | C] -- C:\Users\sharont6\Desktop\Lynne's Art
[2010/07/02 13:02:51 | 000,000,000 | ---D | C] -- C:\ProgramData\{728FC1F2-CDDF-47DE-9CD1-E5787B8B3764}
[1 C:\Users\sharont6\Documents\*.tmp files -> C:\Users\sharont6\Documents\*.tmp -> ]

[color="#e56717"]========== Files - Modified Within 30 Days ==========[/color]

[2010/07/29 20:13:00 | 005,242,880 | -HS- | M] () -- C:\Users\sharont6\NTUSER.DAT
[2010/07/29 20:04:00 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/29 19:53:00 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-990035405-2007910519-4216647221-1000UA.job
[2010/07/29 18:54:11 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/07/29 18:54:11 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/07/29 17:33:44 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{59EBA438-37C2-4E7D-89B7-E443A28A035A}.job
[2010/07/29 17:04:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/29 13:53:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-990035405-2007910519-4216647221-1000Core.job
[2010/07/29 13:11:07 | 000,198,116 | ---- | M] () -- C:\Users\sharont6\Desktop\calendar.1.2.3.zip
[2010/07/29 06:54:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/07/28 19:15:10 | 000,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/07/28 19:15:10 | 000,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/07/28 19:15:09 | 000,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/07/28 19:13:26 | 000,000,824 | ---- | M] () -- C:\Users\sharont6\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MemTurbo.lnk
[2010/07/28 19:13:06 | 000,000,279 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2010/07/28 19:09:25 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/07/28 19:09:20 | 3211,190,272 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/28 19:08:09 | 000,524,288 | -HS- | M] () -- C:\Users\sharont6\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000001.regtrans-ms
[2010/07/28 19:08:09 | 000,065,536 | -HS- | M] () -- C:\Users\sharont6\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TM.blf
[2010/07/28 19:08:08 | 001,527,590 | -H-- | M] () -- C:\Users\sharont6\AppData\Local\IconCache.db
[2010/07/28 18:29:53 | 000,016,384 | ---- | M] () -- C:\Users\sharont6\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/28 18:26:15 | 000,001,824 | ---- | M] () -- C:\Users\sharont6\Application Data\Microsoft\Internet Explorer\Quick Launch\Check PC For Errors.lnk
[2010/07/28 18:26:14 | 000,000,786 | ---- | M] () -- C:\Users\sharont6\Application Data\Microsoft\Internet Explorer\Quick Launch\MemTurbo - PC Optimizer.lnk
[2010/07/28 07:46:51 | 000,551,610 | ---- | M] () -- C:\Users\sharont6\Desktop\The-Butterfly-Effect-Report-New.pdf
[2010/07/26 17:07:39 | 000,817,664 | ---- | M] () -- C:\Users\sharont6\Desktop\thesecretpathof.docx
[2010/07/26 17:07:39 | 000,817,664 | ---- | M] () -- C:\Users\sharont6\Desktop\thesecretpathof - Copy.docx
[2010/07/25 23:15:18 | 196,393,250 | ---- | M] () -- C:\Users\sharont6\Desktop\FinancialAbundance-Download.zip
[2010/07/25 15:34:55 | 000,002,627 | ---- | M] () -- C:\Users\sharont6\Desktop\Microsoft Office Word 2007 (2).lnk
[2010/07/25 15:34:31 | 000,782,542 | ---- | M] () -- C:\Users\sharont6\Documents\thesecretpathof.pdf
[2010/07/25 14:54:37 | 000,012,677 | ---- | M] () -- C:\Users\sharont6\Documents\How to Raise Vibrational Rates.docx
[2010/07/25 12:03:07 | 000,031,232 | ---- | M] () -- C:\Users\sharont6\Documents\Tic-Tac-ToeSoc…udiesBoard.doc
[2010/07/25 09:45:34 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\Driver Fetch.job
[2010/07/24 14:52:05 | 000,012,139 | ---- | M] () -- C:\Users\sharont6\Documents\My New Life.docx
[2010/07/23 21:02:51 | 000,000,924 | ---- | M] () -- C:\Users\sharont6\Desktop\X-Lite.lnk
[2010/07/23 19:33:40 | 000,000,176 | ---- | M] () -- C:\Users\sharont6\AppData\Local\rahistory.xml
[2010/07/22 20:43:23 | 000,010,261 | ---- | M] () -- C:\Users\sharont6\Desktop\isbn#.docx
[2010/07/22 20:42:51 | 000,497,958 | ---- | M] () -- C:\Users\sharont6\Desktop\Minitemplate.docx
[2010/07/22 20:38:09 | 000,010,253 | ---- | M] () -- C:\Users\sharont6\Documents\isbn#.docx
[2010/07/21 18:32:34 | 000,051,200 | ---- | M] () -- C:\Users\sharont6\AppData\Roaming\b047c0e9.exe
[2010/07/20 22:16:00 | 000,009,704 | ---- | M] () -- C:\Users\sharont6\.recently-used.xbel
[2010/07/19 16:28:54 | 005,468,981 | ---- | M] () -- C:\Users\sharont6\Desktop\Hi, My Name Is Rocky.pptx
[2010/07/19 15:01:13 | 000,312,376 | ---- | M] () -- C:\Users\sharont6\Desktop\healing.docx
[2010/07/18 19:55:46 | 000,011,755 | ---- | M] () -- C:\Users\sharont6\Documents\Help Rocky.docx
[2010/07/16 21:22:33 | 000,019,357 | ---- | M] () -- C:\Users\sharont6\Documents\The List.docx
[2010/07/16 20:48:41 | 000,059,392 | ---- | M] () -- C:\Users\sharont6\Desktop\Rockypoems.doc
[2010/07/16 14:40:12 | 002,711,875 | ---- | M] () -- C:\Users\sharont6\Documents\Hi, My Name Is Rocky.pptx
[2010/07/10 17:14:44 | 000,011,199 | ---- | M] () -- C:\Users\sharont6\Desktop\Teaching Tips to Start the Year.docx
[2010/07/06 16:35:11 | 000,075,997 | ---- | M] () -- C:\Users\sharont6\Desktop\The List.docx
[2010/07/02 07:09:50 | 000,053,922 | ---- | M] () -- C:\Users\sharont6\Documents\Michaelresume.docx
[2010/07/01 19:49:21 | 000,054,644 | ---- | M] () -- C:\Users\sharont6\Documents\res.docx
[2010/07/01 09:01:09 | 000,012,747 | ---- | M] () -- C:\Users\sharont6\Desktop\50 Ways to Increase Traffic.docx
[1 C:\Users\sharont6\Documents\*.tmp files -> C:\Users\sharont6\Documents\*.tmp -> ]

[color="#e56717"]========== Files Created - No Company Name ==========[/color]

[2010/07/29 13:11:05 | 000,198,116 | ---- | C] () -- C:\Users\sharont6\Desktop\calendar.1.2.3.zip
[2010/07/28 18:26:15 | 000,001,824 | ---- | C] () -- C:\Users\sharont6\Application Data\Microsoft\Internet Explorer\Quick Launch\Check PC For Errors.lnk
[2010/07/28 18:26:14 | 000,000,824 | ---- | C] () -- C:\Users\sharont6\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MemTurbo.lnk
[2010/07/28 18:26:14 | 000,000,786 | ---- | C] () -- C:\Users\sharont6\Application Data\Microsoft\Internet Explorer\Quick Launch\MemTurbo - PC Optimizer.lnk
[2010/07/28 16:32:14 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2010/07/28 16:32:13 | 001,152,444 | ---- | C] () -- C:\Windows\UDB.zip
[2010/07/28 16:32:13 | 000,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml
[2010/07/28 16:32:13 | 000,000,879 | ---- | C] () -- C:\Windows\RegISSImport.xml
[2010/07/28 16:32:13 | 000,000,131 | ---- | C] () -- C:\Windows\IDB.zip
[2010/07/28 16:22:58 | 000,007,387 | ---- | C] () -- C:\Windows\System32\drivers\pctgntdi.cat
[2010/07/28 16:22:47 | 000,007,412 | ---- | C] () -- C:\Windows\System32\drivers\PCTAppEvent.cat
[2010/07/28 16:22:47 | 000,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctcore.cat
[2010/07/28 16:22:34 | 000,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctplsg.cat
[2010/07/28 07:46:51 | 000,551,610 | ---- | C] () -- C:\Users\sharont6\Desktop\The-Butterfly-Effect-Report-New.pdf
[2010/07/26 17:10:13 | 000,817,664 | ---- | C] () -- C:\Users\sharont6\Desktop\thesecretpathof - Copy.docx
[2010/07/25 15:34:27 | 000,782,542 | ---- | C] () -- C:\Users\sharont6\Documents\thesecretpathof.pdf
[2010/07/25 12:42:28 | 000,012,677 | ---- | C] () -- C:\Users\sharont6\Documents\How to Raise Vibrational Rates.docx
[2010/07/24 09:11:29 | 000,012,139 | ---- | C] () -- C:\Users\sharont6\Documents\My New Life.docx
[2010/07/23 21:02:51 | 000,000,924 | ---- | C] () -- C:\Users\sharont6\Desktop\X-Lite.lnk
[2010/07/23 19:33:40 | 000,000,176 | ---- | C] () -- C:\Users\sharont6\AppData\Local\rahistory.xml
[2010/07/22 20:43:22 | 000,010,261 | ---- | C] () -- C:\Users\sharont6\Desktop\isbn#.docx
[2010/07/22 20:38:08 | 000,010,253 | ---- | C] () -- C:\Users\sharont6\Documents\isbn#.docx
[2010/07/22 17:11:25 | 000,497,958 | ---- | C] () -- C:\Users\sharont6\Desktop\Minitemplate.docx
[2010/07/21 18:32:34 | 000,051,200 | ---- | C] () -- C:\Users\sharont6\AppData\Roaming\b047c0e9.exe
[2010/07/20 22:16:00 | 000,009,704 | ---- | C] () -- C:\Users\sharont6\.recently-used.xbel
[2010/07/19 15:01:12 | 000,312,376 | ---- | C] () -- C:\Users\sharont6\Desktop\healing.docx
[2010/07/18 19:55:45 | 000,011,755 | ---- | C] () -- C:\Users\sharont6\Documents\Help Rocky.docx
[2010/07/16 21:22:33 | 000,019,357 | ---- | C] () -- C:\Users\sharont6\Documents\The List.docx
[2010/07/16 14:46:46 | 005,468,981 | ---- | C] () -- C:\Users\sharont6\Desktop\Hi, My Name Is Rocky.pptx
[2010/07/16 14:42:43 | 000,016,384 | ---- | C] () -- C:\Users\sharont6\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/16 14:04:35 | 002,711,875 | ---- | C] () -- C:\Users\sharont6\Documents\Hi, My Name Is Rocky.pptx
[2010/07/16 13:35:47 | 000,059,392 | ---- | C] () -- C:\Users\sharont6\Desktop\Rockypoems.doc
[2010/07/10 16:41:49 | 000,011,199 | ---- | C] () -- C:\Users\sharont6\Desktop\Teaching Tips to Start the Year.docx
[2010/07/02 16:27:28 | 196,393,250 | ---- | C] () -- C:\Users\sharont6\Desktop\FinancialAbundance-Download.zip
[2010/07/01 19:49:21 | 000,054,644 | ---- | C] () -- C:\Users\sharont6\Documents\res.docx
[2010/06/30 18:05:05 | 000,053,922 | ---- | C] () -- C:\Users\sharont6\Documents\Michaelresume.docx
[2010/06/01 13:31:20 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2008/12/14 16:55:42 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008/02/10 21:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2008/01/20 21:23:41 | 000,081,158 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en
[2006/11/02 07:34:20 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/03/09 17:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/05/06 20:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll

[color="#e56717"]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 24 bytes -> C:\Windows:321853CCE3400771
@Alternate Data Stream - 170 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:A8ADE5D8
< End of report >
[/quote]Is this the Extra?
OTL Extras logfile created on: 7/29/2010 8:07:44 PM - Run 2
OTL by OldTimer - Version 3.2.9.1    Folder = C:\Users\sharont6\Desktop\Media Files
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 45.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 66.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 173.48 Gb Total Space | 57.09 Gb Free Space | 32.91% Space Free | Partition Type: NTFS
Drive D: | 12.83 Gb Total Space | 12.74 Gb Free Space | 99.32% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SHARONT6-PC
Current User Name: sharont6
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{4788B68F-C191-4ABB-8FC4-64CAC09EB819}" = rport=445 | protocol=6 | dir=out | app=system |
"{49977757-7F9D-4016-BCB7-E7AD25D1691A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=c:\windows\system32\spoolsv.exe |
"{4F313F30-CA30-4009-B1CD-BAF87FF36403}" = lport=138 | protocol=17 | dir=in | app=system |
"{605AAFF6-7984-4292-A004-C90A51508189}" = rport=138 | protocol=17 | dir=out | app=system |
"{74245940-CA6C-4DA6-9697-8CFF8FFA7236}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{811FFA1A-54AA-4DC4-BC5B-30CA2031C83E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=file and printer sharing (spooler service - rpc-epmap) |
"{84A57273-D89F-402F-9772-579E30C7EC6B}" = lport=445 | protocol=6 | dir=in | app=system |
"{93BC8ED2-A664-40C7-BF5D-ED773DB68E55}" = rport=139 | protocol=6 | dir=out | app=system |
"{B53B0D8A-9AEF-41A3-8828-A8AAD4F34024}" = lport=67 | protocol=17 | dir=in | name=dhcp discovery service |
"{C34290BC-7B3E-43B6-A312-97F3D161EA2B}" = lport=67 | protocol=17 | dir=in | name=dhcp discovery service |
"{CB3C7D61-53CA-4008-8ADC-A51BF1E0E96A}" = rport=137 | protocol=17 | dir=out | app=system |
"{DACF26BF-D208-4E89-AD1A-3E48B134581E}" = lport=139 | protocol=6 | dir=in | app=system |
"{EBBC3ED1-0250-4E98-B1E4-BC3FF4F4D7BC}" = lport=137 | protocol=17 | dir=in | app=system |
"{F6CFA15D-7805-42A7-ABF8-1F2D6586236F}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0CE4CCA5-1DED-4B02-8854-AE26F57C38C7}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{10B6CEC0-BBEA-4E48-981D-344DCF3C2B00}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1A37A410-901B-4B98-86F7-403FA19F0B40}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{29BD4D47-DB05-46C3-A016-4F8BB68B6CDA}" = protocol=58 | dir=in | name=file and printer sharing (echo request - icmpv6-in) |
"{2DD2E8ED-4CF5-4D10-ABC8-168F950A78EE}" = protocol=1 | dir=out | name=file and printer sharing (echo request - icmpv4-out) |
"{39CF86E0-7414-4B51-9034-FE97A7C879C2}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{3AD89BB3-0E0B-4FD5-9431-FA9CF66F9E17}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3E2B1BEC-F84F-400B-B8E6-E1D071409F7F}" = protocol=58 | dir=out | name=file and printer sharing (echo request - icmpv6-out) |
"{443E5841-76A7-46C0-8D0E-05B287D4B23D}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{47EB578A-DC83-4F99-A4C1-91DAC4E86D62}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{54F553E7-0C1A-4B74-9664-704CDE71DD67}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{66EE03F6-E5FC-45A5-9FC0-19CCBD1EFAC3}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{6AF59B94-C25B-417F-8704-81459DC91975}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{74322C78-E1B4-4E95-A27A-96BBD9C4CAE9}" = protocol=17 | dir=in | app=c:\program files\common files\pure networks shared\platform\nmsrvc.exe |
"{8F6A2C0E-CCCC-4FBB-9EDC-03DF7983DB78}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{A4015357-7009-419E-A6AE-45A467C6C960}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{AA8917F7-7290-429F-9D89-4E8B7D5A3438}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{BC08EE18-495A-4D4E-8450-1BCF87F9060D}" = protocol=1 | dir=in | name=file and printer sharing (echo request - icmpv4-in) |
"{D34CEF0F-5470-435D-8705-39D95BD40ACC}" = protocol=6 | dir=in | app=c:\program files\common files\pure networks shared\platform\nmsrvc.exe |
"{D574F928-32AB-493E-A7B0-225A6EC447CE}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{FC31FAFD-4884-4D81-B7B6-961904CB8790}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{FD78058D-A757-42DD-82BD-C98E9B1A4754}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"TCP Query User{2E236CB7-D22B-4E05-88B2-827043010A49}C:\program files\counterpath\x-lite\x-lite.exe" = protocol=6 | dir=in | app=c:\program files\counterpath\x-lite\x-lite.exe |
"TCP Query User{5A9F7F1D-301F-406C-96C0-6631742D5863}C:\program files\counterpath\x-lite\x-lite.exe" = protocol=6 | dir=in | app=c:\program files\counterpath\x-lite\x-lite.exe |
"TCP Query User{8F1D38FA-395D-4341-8180-85B199A276AC}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{2037AB80-71F5-4998-B484-B04C03D50942}C:\program files\counterpath\x-lite\x-lite.exe" = protocol=17 | dir=in | app=c:\program files\counterpath\x-lite\x-lite.exe |
"UDP Query User{8ED96A20-EFEB-431A-A5FA-F9E805FA12B5}C:\program files\counterpath\x-lite\x-lite.exe" = protocol=17 | dir=in | app=c:\program files\counterpath\x-lite\x-lite.exe |
"UDP Query User{F7A0A60D-8A01-4605-B0F3-F113AD06E9A3}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{22466889-7642-488d-AA0E-F619704CF7AB}" = DeviceDiscovery
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java(TM) 6 Update 20
"{26B878A8-5704-3B64-BDBC-4F0EACA38121}" = Google Talk Plugin
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{30DAA715-5032-40F9-A0AE-95C9AEBB3E3F}" = HP QuickTouch 1.00 D2
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 H2
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.6
"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}" = Photo Story 3 for Windows
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6DC0CBB2-F919-4bdd-A608-E8FE35E03237}" = MX Skype Recorder v3.4
"{6EE738C2-0ECE-4917-B62D-D3061A6B29E7}" = Skype Integration
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{835E1FFE-7B14-45F9-9A93-18B6EDAC255D}" = VoIPVoice Integration
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F018A9E-56DE-4A79-A5EF-25F413F1D538}" = WeatherBug
"{90120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{90120000-0014-0000-0000-0000000FF1CE}_PRO_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0014-0000-0000-0000000FF1CE}_PRO_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120

guestolo · « **Reply #18 on:** July 29, 2010, 09:45:18 PM »

I have a feeling you unintentionally installed a few programs you don't need, but if I'm mistaken, ensure to post back here and let me know

Do the following
Go to START>>Control Panel>>
When the Control Panel window opens click on the Uninstall a program option under the Programs category.
If you are using the Classic View of the Control Panel, then you would double-click on the Programs and Features icon instead.

Close down all Browser windows before continuing then uninstall all the following
My.Freeze.com NetAssistant
Browser Defender 2.0.6.15
Advanced Registry Optimizer
Spyware Doctor

Reboot the computer after all the above are removed
Back in Windows
Again, Right click on OTL.exe and choose to "Run as Admin"
This time, select QUICK SCAN
When done, post it's new log that opens

Additionally, you must keep me updated how things are now running, if you are experiencing any problems

sharont6 · « **Reply #19 on:** July 30, 2010, 09:50:56 AM »

I couldn't find Browser Defender here. Could it be hiding somewhere else?
Here is the new list.

OTL logfile created on: 7/30/2010 9:46:08 AM - Run 3
OTL by OldTimer - Version 3.2.9.1    Folder = C:\Users\sharont6\Desktop\Media Files
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 58.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 173.48 Gb Total Space | 56.24 Gb Free Space | 32.42% Space Free | Partition Type: NTFS
Drive D: | 12.83 Gb Total Space | 12.74 Gb Free Space | 99.32% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SHARONT6-PC
Current User Name: sharont6
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/07/23 21:41:15 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\sharont6\Desktop\Media Files\OTL.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/06/01 14:53:46 | 001,093,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2010/05/09 19:39:35 | 000,030,192 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
PRC - [2010/04/02 19:34:54 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2010/01/04 20:13:28 | 023,941,120 | ---- | M] () -- C:\Program Files\CounterPath\X-Lite\x-lite.exe
PRC - [2009/12/29 10:08:28 | 001,653,248 | R--- | M] (AWS Convergence Technologies, Inc.) -- C:\Program Files\AWS\WeatherBug\Weather.exe
PRC - [2009/12/01 18:11:15 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/10/26 14:46:54 | 001,458,176 | ---- | M] (Motorola Inc.) -- C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
PRC - [2009/07/24 14:52:02 | 003,121,760 | ---- | M] (SammSoft (www.sammsoft.com)) -- C:\Program Files\MemTurbo 4\MemTurbo.exe
PRC - [2009/06/09 10:25:54 | 007,539,232 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

========== Modules (SafeList) ==========

MOD - [2010/07/23 21:41:15 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\sharont6\Desktop\Media Files\OTL.exe
MOD - [2009/04/11 01:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/01/20 21:22:45 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/05/09 19:39:35 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-110309-193829)
SRV - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/01/20 21:21:41 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2010/03/25 21:30:22 | 000,151,216 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\MpFilter.sys -- (MpFilter)
DRV - [2010/03/25 21:30:22 | 000,042,368 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2009/10/26 15:09:06 | 001,095,936 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2009/06/09 10:13:42 | 002,366,752 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/04/10 23:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2009/02/14 13:55:22 | 000,024,232 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2009/02/13 20:28:22 | 000,103,744 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2008/11/17 16:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2008/03/28 03:06:00 | 000,199,472 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2008/02/10 21:36:10 | 002,302,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008/01/20 21:21:35 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 21:21:35 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 21:21:35 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 21:21:34 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 21:21:34 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 21:21:34 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 21:21:34 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [2008/01/20 21:21:33 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 21:21:33 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 21:21:33 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008/01/20 21:21:33 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 21:21:32 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 21:21:32 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 21:21:32 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 21:21:31 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 21:21:31 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 21:21:31 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 21:21:31 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 21:21:30 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 21:21:29 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 21:21:29 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 21:21:29 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 21:21:28 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2008/01/20 21:21:28 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 21:21:09 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 21:21:09 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 21:21:09 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/10/31 19:36:32 | 002,252,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2007/07/11 03:30:22 | 000,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqRemHid.sys -- (HpqRemHid)
DRV - [2007/06/18 18:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2006/11/14 18:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006/11/02 04:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 04:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 04:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 04:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 04:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 04:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 04:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 04:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 04:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 04:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 03:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 03:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 03:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 03:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 03:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 03:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 02:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 02:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2005/12/22 18:02:22 | 000,051,840 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/12/12 12:56:00 | 000,015,232 | ---- | M] (Micronas GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\uac4pdt.sys -- (uac4pdt)
DRV - [2005/11/16 21:28:32 | 000,028,928 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.wisdominparenting.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/?fr=w3i&type=W3i_SP,151,0_0,StartPage,20100625,6692,0,16,0"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {5835466c-49af-4cbe-b102-a8c8b6313749}:1.0.6
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..extensions.enabledItems: {BFF829B6-B433-42CE-9A19-E459D3E4E483}:3.6.3
FF - prefs.js..extensions.netassistant.keyword.url: "http://click.w3i.com/?Programid=132&Elementname=Keyword&Applicationid=#netassistant_id#&Version=#netassistant_version#&Vintage=20100625&Defaultbrowserid=16&Productid=1982&Vendorid=3655&Offerid=6693&searchterm="
FF - prefs.js..network.proxy.socks: "127.0.0.1"
FF - prefs.js..network.proxy.socks_port: 8080

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/04/02 19:50:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/24 20:57:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/24 20:57:48 | 000,000,000 | ---D | M]

[2010/04/17 18:08:03 | 000,000,000 | ---D | M] -- C:\Users\sharont6\AppData\Roaming\Mozilla\Extensions
[2010/04/17 18:08:03 | 000,000,000 | ---D | M] -- C:\Users\sharont6\AppData\Roaming\Mozilla\Extensions\[email protected]
[2010/07/24 15:16:37 | 000,000,000 | ---D | M] -- C:\Users\sharont6\AppData\Roaming\Mozilla\Firefox\Profiles\0bgzwofg.default\extensions
[2010/06/17 00:42:43 | 000,000,000 | ---D | M] (Shop to Win) -- C:\Users\sharont6\AppData\Roaming\Mozilla\Firefox\Profiles\0bgzwofg.default\extensions\{5835466c-49af-4cbe-b102-a8c8b6313749}
[2010/06/17 00:41:39 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\sharont6\AppData\Roaming\Mozilla\Firefox\Profiles\0bgzwofg.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/07/16 21:00:36 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\sharont6\AppData\Roaming\Mozilla\Firefox\Profiles\0bgzwofg.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/04/09 18:41:37 | 000,002,424 | ---- | M] () -- C:\Users\sharont6\AppData\Roaming\Mozilla\Firefox\Profiles\0bgzwofg.default\searchplugins\askcom.xml
[2010/06/17 00:45:59 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/14 18:18:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1    localhost
O1 - Hosts: ::1    localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [eyeBeam SIP Client] C:\Program Files\CounterPath\X-Lite\x-lite.exe ()
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [Power2GoExpress] File not found
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
O4 - Startup: C:\Users\sharont6\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MemTurbo.lnk = C:\Program Files\MemTurbo 4\MemTurbo.exe (SammSoft (www.sammsoft.com))
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} http://picasaweb.google.com/s/v/63.11/uploader2.cab (UploadListView Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab (GMNRev Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\sharont6\Pictures\sunsets\cruise 044.jpg
O24 - Desktop BackupWallPaper: C:\Users\sharont6\Pictures\sunsets\cruise 044.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/07/28 18:54:28 | 000,000,000 | ---D | C] -- C:\Users\sharont6\AppData\Roaming\Malwarebytes
[2010/07/28 18:54:18 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/07/28 18:54:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/07/28 18:54:16 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/07/28 18:54:16 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/28 18:26:12 | 000,000,000 | ---D | C] -- C:\Program Files\MemTurbo 4
[2010/07/28 18:19:34 | 000,000,000 | ---D | C] -- C:\Users\sharont6\Desktop\movies
[2010/07/28 16:06:48 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010/07/28 07:52:24 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/07/26 17:50:56 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010/07/25 09:50:44 | 000,000,000 | ---D | C] -- C:\Users\sharont6\AppData\Roaming\HpUpdate
[2010/07/25 09:50:39 | 000,000,000 | ---D | C] -- C:\Windows\Hewlett-Packard
[2010/07/23 21:13:56 | 000,000,000 | ---D | C] -- C:\Users\sharont6\Documents\X-Lite
[2010/07/23 21:03:04 | 000,000,000 | ---D | C] -- C:\ProgramData\CounterPath
[2010/07/23 21:02:58 | 000,000,000 | ---D | C] -- C:\Users\sharont6\AppData\Local\CounterPath
[2010/07/23 21:02:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intel
[2010/07/23 21:02:46 | 000,000,000 | ---D | C] -- C:\Program Files\CounterPath
[2010/07/23 19:49:48 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/07/23 19:42:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/07/23 19:33:40 | 000,000,000 | ---D | C] -- C:\Users\sharont6\Documents\Remote Assistance Logs
[2010/07/09 18:50:47 | 000,000,000 | ---D | C] -- C:\Users\sharont6\Desktop\Lynne's Art
[2010/07/02 13:02:51 | 000,000,000 | ---D | C] -- C:\ProgramData\{728FC1F2-CDDF-47DE-9CD1-E5787B8B3764}
[2010/06/19 21:13:46 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/06/19 21:13:43 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/06/19 21:09:02 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/06/17 00:59:10 | 000,000,000 | ---D | C] -- C:\Users\sharont6\AppData\Roaming\gtk-2.0
[2010/06/17 00:58:42 | 000,000,000 | ---D | C] -- C:\Users\sharont6\.thumbnails
[2010/06/17 00:57:00 | 000,000,000 | ---D | C] -- C:\Users\sharont6\Documents\gegl-0.0
[2010/06/17 00:56:17 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP-2.0
[2010/06/17 00:47:38 | 000,000,000 | ---D | C] -- C:\Users\sharont6\.gimp-2.6
[2010/06/17 00:47:37 | 000,000,000 | ---D | C] -- C:\Users\sharont6\.gegl-0.0
[2010/06/17 00:44:04 | 000,000,000 | ---D | C] -- C:\Users\sharont6\AppData\Local\WeatherBug
[2010/06/17 00:43:53 | 000,000,000 | ---D | C] -- C:\Users\sharont6\AppData\Roaming\WeatherBug
[2010/06/17 00:43:50 | 000,000,000 | ---D | C] -- C:\Program Files\AWS
[2010/06/17 00:43:09 | 000,000,000 | ---D | C] -- C:\Program Files\Free Offers from Freeze.com
[2010/06/17 00:42:58 | 000,000,000 | ---D | C] -- C:\Users\sharont6\AppData\Local\Gist Desktop
[2010/06/17 00:41:24 | 000,000,000 | ---D | C] -- C:\Users\sharont6\AppData\Roaming\Yahoo!
[2010/06/14 21:13:34 | 000,000,000 | ---D | C] -- C:\Users\sharont6\Desktop\poems
[2010/06/14 19:49:40 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/06/14 19:47:05 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/06/14 14:07:54 | 000,000,000 | ---D | C] -- C:\Users\sharont6\Desktop\revised parenting book
[2010/06/14 11:10:53 | 000,000,000 | ---D | C] -- C:\Users\sharont6\AppData\Local\Yahoo!
[2010/06/14 08:08:26 | 000,000,000 | ---D | C] -- C:\Users\sharont6\Desktop\my ebook
[2010/06/01 22:48:26 | 000,000,000 | ---D | C] -- C:\Users\sharont6\Desktop\Tiffani
[2010/06/01 16:46:30 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2010/06/01 16:46:30 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2010/06/01 16:46:30 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2010/06/01 16:26:34 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2010/05/31 20:03:24 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010/05/31 19:59:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2010/05/31 19:53:17 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2010/05/31 19:51:44 | 000,000,000 | ---D | C] -- C:\Windows\System32\RTCOM
[2010/05/31 19:51:44 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2010/05/31 19:45:25 | 000,000,000 | ---D | C] -- C:\Program Files\Motorola
[2010/05/22 19:17:27 | 000,000,000 | ---D | C] -- C:\Users\sharont6\Desktop\new
[2010/05/15 17:09:05 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2010/05/14 22:01:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010/05/14 18:25:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/05/14 18:25:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/05/14 08:20:44 | 000,000,000 | ---D | C] -- C:\Users\sharont6\Desktop\New Folder
[2010/05/09 20:15:12 | 000,000,000 | ---D | C] -- C:\Users\sharont6\Desktop\hypnotic gold
[2010/05/09 19:40:21 | 000,000,000 | ---D | C] -- C:\Users\sharont6\Documents\My Google Gadgets
[2010/05/02 20:47:37 | 000,000,000 | ---D | C] -- C:\Users\sharont6\Desktop\Spanish
[1 C:\Users\sharont6\Documents\*.tmp files -> C:\Users\sharont6\Documents\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/07/30 09:48:38 | 005,242,880 | -HS- | M] () -- C:\Users\sharont6\NTUSER.DAT
[2010/07/30 09:38:41 | 000,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/07/30 09:38:41 | 000,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/07/30 09:38:41 | 000,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/07/30 09:34:42 | 000,000,824 | ---- | M] () -- C:\Users\sharont6\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MemTurbo.lnk
[2010/07/30 09:34:29 | 000,000,279 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2010/07/30 09:32:46 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/30 09:32:11 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/07/30 09:32:11 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/07/30 09:32:06 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/07/30 09:32:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/07/30 09:32:02 | 3211,190,272 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/30 09:30:53 | 000,524,288 | -HS- | M] () -- C:\Users\sharont6\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000001.regtrans-ms
[2010/07/30 09:30:53 | 000,065,536 | -HS- | M] () -- C:\Users\sharont6\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TM.blf
[2010/07/30 09:30:51 | 001,896,864 | -H-- | M] () -- C:\Users\sharont6\AppData\Local\IconCache.db
[2010/07/30 09:22:46 | 000,002,627 | ---- | M] () -- C:\Users\sharont6\Desktop\Microsoft Office Word 2007 (2).lnk
[2010/07/30 09:04:00 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/30 08:53:00 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-990035405-2007910519-4216647221-1000UA.job
[2010/07/29 21:36:47 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{59EBA438-37C2-4E7D-89B7-E443A28A035A}.job
[2010/07/29 13:53:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-990035405-2007910519-4216647221-1000Core.job
[2010/07/29 13:11:07 | 000,198,116 | ---- | M] () -- C:\Users\sharont6\Desktop\calendar.1.2.3.zip
[2010/07/28 18:29:53 | 000,016,384 | ---- | M] () -- C:\Users\sharont6\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/28 18:26:14 | 000,000,786 | ---- | M] () -- C:\Users\sharont6\Application Data\Microsoft\Internet Explorer\Quick Launch\MemTurbo - PC Optimizer.lnk
[2010/07/28 07:46:51 | 000,551,610 | ---- | M] () -- C:\Users\sharont6\Desktop\The-Butterfly-Effect-Report-New.pdf
[2010/07/26 17:07:39 | 000,817,664 | ---- | M] () -- C:\Users\sharont6\Desktop\thesecretpathof.docx
[2010/07/26 17:07:39 | 000,817,664 | ---- | M] () -- C:\Users\sharont6\Desktop\thesecretpathof - Copy.docx
[2010/07/25 23:15:18 | 196,393,250 | ---- | M] () -- C:\Users\sharont6\Desktop\FinancialAbundance-Download.zip
[2010/07/25 15:34:31 | 000,782,542 | ---- | M] () -- C:\Users\sharont6\Documents\thesecretpathof.pdf
[2010/07/25 14:54:37 | 000,012,677 | ---- | M] () -- C:\Users\sharont6\Documents\How to Raise Vibrational Rates.docx
[2010/07/25 12:03:07 | 000,031,232 | ---- | M] () -- C:\Users\sharont6\Documents\Tic-Tac-ToeSoc…udiesBoard.doc
[2010/07/25 09:45:34 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\Driver Fetch.job
[2010/07/24 14:52:05 | 000,012,139 | ---- | M] () -- C:\Users\sharont6\Documents\My New Life.docx
[2010/07/23 21:02:51 | 000,000,924 | ---- | M] () -- C:\Users\sharont6\Desktop\X-Lite.lnk
[2010/07/23 19:33:40 | 000,000,176 | ---- | M] () -- C:\Users\sharont6\AppData\Local\rahistory.xml
[2010/07/22 20:43:23 | 000,010,261 | ---- | M] () -- C:\Users\sharont6\Desktop\isbn#.docx
[2010/07/22 20:42:51 | 000,497,958 | ---- | M] () -- C:\Users\sharont6\Desktop\Minitemplate.docx
[2010/07/22 20:38:09 | 000,010,253 | ---- | M] () -- C:\Users\sharont6\Documents\isbn#.docx
[2010/07/21 18:32:34 | 000,051,200 | ---- | M] () -- C:\Users\sharont6\AppData\Roaming\b047c0e9.exe
[2010/07/20 22:16:00 | 000,009,704 | ---- | M] () -- C:\Users\sharont6\.recently-used.xbel
[2010/07/19 16:28:54 | 005,468,981 | ---- | M] () -- C:\Users\sharont6\Desktop\Hi, My Name Is Rocky.pptx
[2010/07/19 15:01:13 | 000,312,376 | ---- | M] () -- C:\Users\sharont6\Desktop\healing.docx
[2010/07/18 19:55:46 | 000,011,755 | ---- | M] () -- C:\Users\sharont6\Documents\Help Rocky.docx
[2010/07/16 21:22:33 | 000,019,357 | ---- | M] () -- C:\Users\sharont6\Documents\The List.docx
[2010/07/16 20:48:41 | 000,059,392 | ---- | M] () -- C:\Users\sharont6\Desktop\Rockypoems.doc
[2010/07/16 14:40:12 | 002,711,875 | ---- | M] () -- C:\Users\sharont6\Documents\Hi, My Name Is Rocky.pptx
[2010/07/10 17:14:44 | 000,011,199 | ---- | M] () -- C:\Users\sharont6\Desktop\Teaching Tips to Start the Year.docx
[2010/07/06 16:35:11 | 000,075,997 | ---- | M] () -- C:\Users\sharont6\Desktop\The List.docx
[2010/07/02 07:09:50 | 000,053,922 | ---- | M] () -- C:\Users\sharont6\Documents\Michaelresume.docx
[2010/07/01 19:49:21 | 000,054,644 | ---- | M] () -- C:\Users\sharont6\Documents\res.docx
[2010/07/01 09:01:09 | 000,012,747 | ---- | M] () -- C:\Users\sharont6\Desktop\50 Ways to Increase Traffic.docx
[2010/06/29 13:21:31 | 000,032,768 | ---- | M] () -- C:\Users\sharont6\Documents\Weight loss intro.doc
[2010/06/29 08:10:52 | 000,000,162 | -H-- | M] () -- C:\Users\sharont6\Desktop\~$e List.docx
[2010/06/28 22:43:03 | 000,000,162 | -H-- | M] () -- C:\Users\sharont6\Desktop\~$rent Heal Thyself finished - Copy.docx
[2010/06/28 22:38:31 | 000,000,162 | -H-- | M] () -- C:\Users\sharont6\Desktop\~$e Secret Path of Successful Parents.docx
[2010/06/28 07:42:14 | 000,764,762 | ---- | M] () -- C:\Users\sharont6\Documents\The Secret Path of Successful Parents.docx
[2010/06/26 14:47:46 | 000,038,400 | ---- | M] () -- C:\Users\sharont6\Documents\Weight Loss Tips.doc
[2010/06/23 15:09:29 | 000,014,720 | ---- | M] () -- C:\Users\sharont6\Documents\1 Money doesn.docx
[2010/06/23 15:09:29 | 000,000,162 | -H-- | M] () -- C:\Users\sharont6\Documents\~$Money doesn.docx
[2010/06/22 16:33:04 | 000,011,334 | ---- | M] () -- C:\Users\sharont6\Desktop\Advertising.docx
[2010/06/17 16:24:56 | 000,102,128 | ---- | M] () -- C:\Users\sharont6\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/06/17 13:41:16 | 000,057,344 | ---- | M] () -- C:\Users\sharont6\Documents\HOMEOPATHY NOTES.doc
[2010/06/17 00:56:45 | 000,000,898 | ---- | M] () -- C:\Users\Public\Desktop\GIMP 2.lnk
[2010/06/17 00:43:51 | 000,001,843 | ---- | M] () -- C:\Users\sharont6\Desktop\WeatherBug.lnk
[2010/06/14 08:21:35 | 007,354,755 | ---- | M] () -- C:\Users\sharont6\Documents\THE PETER PATTER BOOK.docx
[2010/06/14 08:21:22 | 001,031,028 | ---- | M] () -- C:\Users\sharont6\Documents\THE PETER PATTER BOOK.pdf
[2010/06/10 03:26:47 | 000,375,832 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/06/08 14:17:13 | 001,400,832 | ---- | M] () -- C:\Users\sharont6\Desktop\Geography.ppt
[2010/06/06 18:35:21 | 000,297,895 | ---- | M] () -- C:\Users\sharont6\Desktop\kitchen.docx
[2010/06/02 11:22:28 | 000,456,671 | ---- | M] () -- C:\Users\sharont6\Desktop\Complaint_Free_Kids_edit_0417081.pdf
[2010/05/31 20:12:27 | 000,524,288 | -HS- | M] () -- C:\ProgramData\ntuser.dat{4e5ea52d-6d18-11df-b01f-001e6885906f}.TMContainer00000000000000000002.regtrans-ms
[2010/05/31 20:12:27 | 000,524,288 | -HS- | M] () -- C:\ProgramData\ntuser.dat{4e5ea52d-6d18-11df-b01f-001e6885906f}.TMContainer00000000000000000001.regtrans-ms
[2010/05/31 20:12:27 | 000,065,536 | -HS- | M] () -- C:\ProgramData\ntuser.dat{4e5ea52d-6d18-11df-b01f-001e6885906f}.TM.blf
[2010/05/31 20:12:26 | 000,262,144 | ---- | M] () -- C:\ProgramData\ntuser.dat
[2010/05/31 20:03:34 | 000,001,887 | ---- | M] () -- C:\Users\sharont6\Desktop\Adobe Reader 9.lnk
[2010/05/31 19:58:29 | 000,000,943 | ---- | M] () -- C:\Users\sharont6\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/05/28 07:05:04 | 000,021,095 | ---- | M] () -- C:\Users\sharont6\Desktop\Oreo culture vs civilization.docx
[2010/05/26 20:38:30 | 000,086,672 | ---- | M] () -- C:\Users\sharont6\Desktop\pict0063.jpg
[2010/05/17 15:49:41 | 000,001,017 | ---- | M] () -- C:\Users\sharont6\.powerschool_gradebook.properties
[2010/05/09 19:40:20 | 000,001,083 | ---- | M] () -- C:\Users\Public\Desktop\Google Desktop.lnk
[1 C:\Users\sharont6\Documents\*.tmp files -> C:\Users\sharont6\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/29 13:11:05 | 000,198,116 | ---- | C] () -- C:\Users\sharont6\Desktop\calendar.1.2.3.zip
[2010/07/28 18:26:14 | 000,000,824 | ---- | C] () -- C:\Users\sharont6\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MemTurbo.lnk
[2010/07/28 18:26:14 | 000,000,786 | ---- | C] () -- C:\Users\sharont6\Application Data\Microsoft\Internet Explorer\Quick Launch\MemTurbo - PC Optimizer.lnk
[2010/07/28 07:46:51 | 000,551,610 | ---- | C] () -- C:\Users\sharont6\Desktop\The-Butterfly-Effect-Report-New.pdf
[2010/07/26 17:10:13 | 000,817,664 | ---- | C] () -- C:\Users\sharont6\Desktop\thesecretpathof - Copy.docx
[2010/07/25 15:34:27 | 000,782,542 | ---- | C] () -- C:\Users\sharont6\Documents\thesecretpathof.pdf
[2010/07/25 12:42:28 | 000,012,677 | ---- | C] () -- C:\Users\sharont6\Documents\How to Raise Vibrational Rates.docx
[2010/07/24 09:11:29 | 000,012,139 | ---- | C] () -- C:\Users\sharont6\Documents\My New Life.docx
[2010/07/23 21:02:51 | 000,000,924 | ---- | C] () -- C:\Users\sharont6\Desktop\X-Lite.lnk
[2010/07/23 19:33:40 | 000,000,176 | ---- | C] () -- C:\Users\sharont6\AppData\Local\rahistory.xml
[2010/07/22 20:43:22 | 000,010,261 | ---- | C] () -- C:\Users\sharont6\Desktop\isbn#.docx
[2010/07/22 20:38:08 | 000,010,253 | ---- | C] () -- C:\Users\sharont6\Documents\isbn#.docx
[2010/07/22 17:11:25 | 000,497,958 | ---- | C] () -- C:\Users\sharont6\Desktop\Minitemplate.docx
[2010/07/21 18:32:34 | 000,051,200 | ---- | C] () -- C:\Users\sharont6\AppData\Roaming\b047c0e9.exe
[2010/07/20 22:16:00 | 000,009,704 | ---- | C] () -- C:\Users\sharont6\.recently-used.xbel
[2010/07/19 15:01:12 | 000,312,376 | ---- | C] () -- C:\Users\sharont6\Desktop\healing.docx
[2010/07/18 19:55:45 | 000,011,755 | ---- | C] () -- C:\Users\sharont6\Documents\Help Rocky.docx
[2010/07/16 21:22:33 | 000,019,357 | ---- | C] () -- C:\Users\sharont6\Documents\The List.docx
[2010/07/16 14:46:46 | 005,468,981 | ---- | C] () -- C:\Users\sharont6\Desktop\Hi, My Name Is Rocky.pptx
[2010/07/16 14:42:43 | 000,016,384 | ---- | C] () -- C:\Users\sharont6\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/16 14:04:35 | 002,711,875 | ---- | C] () -- C:\Users\sharont6\Documents\Hi, My Name Is Rocky.pptx
[2010/07/16 13:35:47 | 000,059,392 | ---- | C] () -- C:\Users\sharont6\Desktop\Rockypoems.doc
[2010/07/10 16:41:49 | 000,011,199 | ---- | C] () -- C:\Users\sharont6\Desktop\Teaching Tips to Start the Year.docx
[2010/07/02 16:27:28 | 196,393,250 | ---- | C] () -- C:\Users\sharont6\Desktop\FinancialAbundance-Download.zip
[2010/07/01 19:49:21 | 000,054,644 | ---- | C] () -- C:\Users\sharont6\Documents\res.docx
[2010/06/30 18:05:05 | 000,053,922 | ---- | C] () -- C:\Users\sharont6\Documents\Michaelresume.docx
[2010/06/29 08:10:52 | 000,000,162 | -H-- | C] () -- C:\Users\sharont6\Desktop\~$e List.docx
[2010/06/29 00:52:48 | 000,817,664 | ---- | C] () -- C:\Users\sharont6\Desktop\thesecretpathof.docx
[2010/06/28 22:43:03 | 000,000,162 | -H-- | C] () -- C:\Users\sharont6\Desktop\~$rent Heal Thyself finished - Copy.docx
[2010/06/28 22:38:31 | 000,000,162 | -H-- | C] () -- C:\Users\sharont6\Desktop\~$e Secret Path of Successful Parents.docx
[2010/06/28 07:42:13 | 000,764,762 | ---- | C] () -- C:\Users\sharont6\Documents\The Secret Path of Successful Parents.docx
[2010/06/24 07:16:33 | 000,000,000 | ---- | C] () -- C:\Users\sharont6\AppData\Local\QSwitch.txt
[2010/06/24 07:16:33 | 000,000,000 | ---- | C] () -- C:\Users\sharont6\AppData\Local\DSwitch.txt
[2010/06/24 07:16:33 | 000,000,000 | ---- | C] () -- C:\Users\sharont6\AppData\Local\AtStart.txt
[2010/06/23 15:09:29 | 000,000,162 | -H-- | C] () -- C:\Users\sharont6\Documents\~$Money doesn.docx
[2010/06/23 15:09:28 | 000,014,720 | ---- | C] () -- C:\Users\sharont6\Documents\1 Money doesn.docx
[2010/06/19 16:36:20 | 000,011,334 | ---- | C] () -- C:\Users\sharont6\Desktop\Advertising.docx
[2010/06/17 00:56:45 | 000,000,898 | ---- | C] () -- C:\Users\Public\Desktop\GIMP 2.lnk
[2010/06/17 00:43:51 | 000,001,843 | ---- | C] () -- C:\Users\sharont6\Desktop\WeatherBug.lnk
[2010/06/14 08:21:19 | 001,031,028 | ---- | C] () -- C:\Users\sharont6\Documents\THE PETER PATTER BOOK.pdf
[2010/06/10 09:00:04 | 000,057,344 | ---- | C] () -- C:\Users\sharont6\Documents\HOMEOPATHY NOTES.doc
[2010/06/08 21:26:24 | 000,086,672 | ---- | C] () -- C:\Users\sharont6\Desktop\pict0063.jpg
[2010/06/08 14:51:25 | 000,012,747 | ---- | C] () -- C:\Users\sharont6\Desktop\50 Ways to Increase Traffic.docx
[2010/06/08 14:17:11 | 001,400,832 | ---- | C] () -- C:\Users\sharont6\Desktop\Geography.ppt
[2010/06/07 16:19:20 | 007,354,755 | ---- | C] () -- C:\Users\sharont6\Documents\THE PETER PATTER BOOK.docx
[2010/06/04 08:26:38 | 000,297,895 | ---- | C] () -- C:\Users\sharont6\Desktop\kitchen.docx
[2010/06/02 20:31:29 | 000,075,997 | ---- | C] () -- C:\Users\sharont6\Desktop\The List.docx
[2010/06/02 11:22:22 | 000,456,671 | ---- | C] () -- C:\Users\sharont6\Desktop\Complaint_Free_Kids_edit_0417081.pdf
[2010/06/01 13:31:32 | 000,130,008 | ---- | C] () -- C:\Windows\System32\systemsf.ebd
[2010/06/01 13:31:30 | 000,009,239 | ---- | C] () -- C:\Windows\System32\spcinstrumentation.man
[2010/06/01 13:31:22 | 000,442,788 | ---- | C] () -- C:\Windows\System32\dot3.tmf
[2010/06/01 13:31:20 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/06/01 13:31:20 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/06/01 13:31:17 | 003,662,128 | ---- | C] () -- C:\Windows\System32\locale.nls
[2010/06/01 13:31:17 | 000,392,170 | ---- | C] () -- C:\Windows\System32\onex.tmf
[2010/06/01 13:31:13 | 000,344,698 | ---- | C] () -- C:\Windows\System32\eaphost.tmf
[2010/06/01 13:30:56 | 000,208,966 | ---- | C] () -- C:\Windows\System32\WFP.TMF
[2010/06/01 13:30:53 | 000,092,918 | ---- | C] () -- C:\Windows\System32\slmgr.vbs
[2010/06/01 13:30:14 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2010/06/01 13:30:08 | 000,009,212 | ---- | C] () -- C:\Windows\System32\RacUR.xml
[2010/06/01 13:30:01 | 000,000,153 | ---- | C] () -- C:\Windows\System32\RacUREx.xml
[2010/05/31 20:12:26 | 000,524,288 | -HS- | C] () -- C:\ProgramData\ntuser.dat{4e5ea52d-6d18-11df-b01f-001e6885906f}.TMContainer00000000000000000002.regtrans-ms
[2010/05/31 20:12:26 | 000,524,288 | -HS- | C] () -- C:\ProgramData\ntuser.dat{4e5ea52d-6d18-11df-b01f-001e6885906f}.TMContainer00000000000000000001.regtrans-ms
[2010/05/31 20:12:26 | 000,065,536 | -HS- | C] () -- C:\ProgramData\ntuser.dat{4e5ea52d-6d18-11df-b01f-001e6885906f}.TM.blf
[2010/05/31 20:12:25 | 000,262,144 | ---- | C] () -- C:\ProgramData\ntuser.dat
[2010/05/31 20:12:25 | 000,005,120 | -H-- | C] () -- C:\ProgramData\ntuser.dat.LOG1
[2010/05/31 20:12:25 | 000,000,000 | -H-- | C] () -- C:\ProgramData\ntuser.dat.LOG2
[2010/05/31 20:03:34 | 000,001,887 | ---- | C] () -- C:\Users\sharont6\Desktop\Adobe Reader 9.lnk
[2010/05/31 19:39:37 | 000,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2010/05/27 07:49:28 | 000,021,095 | ---- | C] () -- C:\Users\sharont6\Desktop\Oreo culture vs civilization.docx
[2010/05/09 19:40:20 | 000,001,083 | ---- | C] () -- C:\Users\Public\Desktop\Google Desktop.lnk
[2010/05/03 18:43:22 | 000,000,920 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-990035405-2007910519-4216647221-1000UA.job
[2010/05/03 18:43:21 | 000,000,868 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-990035405-2007910519-4216647221-1000Core.job
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2008/12/14 16:55:42 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008/02/10 21:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2008/01/20 21:23:41 | 000,081,158 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en
[2006/11/02 07:34:20 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/03/09 17:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/05/06 20:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll

========== LOP Check ==========

[2010/07/03 15:16:20 | 000,000,000 | ---D | M] -- C:\Users\sharont6\AppData\Roaming\gtk-2.0
[2008/12/04 19:32:04 | 000,000,000 | ---D | M] -- C:\Users\sharont6\AppData\Roaming\MXSkypeRec
[2010/06/17 00:43:53 | 000,000,000 | ---D | M] -- C:\Users\sharont6\AppData\Roaming\WeatherBug
[2010/07/25 09:45:34 | 000,000,354 | ---- | M] () -- C:\Windows\Tasks\Driver Fetch.job
[2010/07/30 09:30:57 | 000,031,816 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/07/29 21:36:47 | 000,000,424 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{59EBA438-37C2-4E7D-89B7-E443A28A035A}.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 24 bytes -> C:\Windows:321853CCE3400771
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
< End of report >

Thank you!

News:

Author Topic: Virus detected (Read 2222 times)