win32adware-gen that Avast can't remove [Archive]

joykins

2010-12-14, 02:39

Below is the OTL.txt file that resulted from my OTL scan. The Extras.txt file will be included in a separate post.

Thanks so much,
Joy

OTL logfile created on: 12/13/2010 8:24:44 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Downloads\Software
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 59.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 270.65 Gb Total Space | 32.09 Gb Free Space | 11.86% Space Free | Partition Type: NTFS
Drive D: | 8.78 Gb Total Space | 0.48 Gb Free Space | 5.50% Space Free | Partition Type: FAT32
Drive E: | 460.11 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 465.76 Gb Total Space | 223.16 Gb Free Space | 47.91% Space Free | Partition Type: NTFS

Computer Name: JOY-PC | User Name: Joy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Downloads\Software\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\GamesBar\SearchEngineProtection.exe (Oberon Media )
PRC - C:\Program Files\Free Download Manager\fdm.exe (FreeDownloadManager.ORG)
PRC - C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE ()
PRC - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\dvd43\DVD43_Tray.exe ()
PRC - C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe (Amazon.com)
PRC - C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe (Amazon.com)
PRC - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\Program Files\Microsoft Office\Office14\OfficeSAS\OfficeSAS.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Office\Office14\OfficeSAS\OfficeSASScheduler.exe (Microsoft Corporation)
PRC - C:\Program Files\Citrix\ICA Client\pnamain.exe (Citrix Systems, Inc.)
PRC - C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
PRC - C:\Program Files\Citrix\ICA Client\wfcrun32.exe (Citrix Systems, Inc.)
PRC - C:\Program Files\Citrix\ICA Client\ssonsvr.exe (Citrix Systems, Inc.)
PRC - C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
PRC - C:\Windows\System32\wisptis.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)

========== Modules (SafeList) ==========

MOD - C:\Downloads\Software\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\softkbd.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (Akamai) -- c:\Program Files\Common Files\Akamai\netsession_win_5632d69.dll ()
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (sftvsa) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (Amazon Download Agent) -- C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe (Amazon.com)
SRV - (IntuitUpdateService) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
SRV - (Fabs) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)

========== Driver Services (SafeList) ==========

DRV - (dvd43llh) -- C:\Windows\System32\drivers\dvd43llh.sys (RIF)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (Sftvol) -- C:\Windows\System32\drivers\Sftvollh.sys (Microsoft Corporation)
DRV - (Sftredir) -- C:\Windows\System32\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV - (Sftplay) -- C:\Windows\System32\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV - (Sftfs) -- C:\Windows\System32\drivers\Sftfslh.sys (Microsoft Corporation)
DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (ctxusbm) -- C:\Windows\System32\drivers\ctxusbm.sys (Citrix Systems, Inc.)
DRV - (YMIDUSBW) Yamaha USB-MIDI Driver (WDM) -- C:\Windows\System32\drivers\ymidusbw.sys (Yamaha Corporation)
DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- C:\Windows\system32\DRIVERS\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\Windows\System32\drivers\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (LSI Corp)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (USBPNPA) -- C:\Windows\System32\drivers\CM108.sys (C-Media Inc)
DRV - (Icam4USB) -- C:\Windows\System32\drivers\Icam4USB.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook: {e917fc61-7f80-4f1f-a882-cdffffbe4c8d} - C:\Program Files\D-Link Toolbar\dlinktb.dll (AOL LLC.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.att.iplay.com/?o=shp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5A 78 17 69 30 7E CA 01 [binary data]
IE - HKCU\..\URLSearchHook: {e917fc61-7f80-4f1f-a882-cdffffbe4c8d} - C:\Program Files\D-Link Toolbar\dlinktb.dll (AOL LLC.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo!"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=IEFM1&q="
FF - prefs.js..browser.search.selectedEngine: "Yahoo!"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://google.com"
FF - prefs.js..extensions.enabledItems: anycolor.pavlos256@gmail.com:0.3.3
FF - prefs.js..extensions.enabledItems: isreaditlater@ideashower.com:2.0.6
FF - prefs.js..extensions.enabledItems: morningCoffee@shaneliesegang:1.33
FF - prefs.js..extensions.enabledItems: OberonGameHost@OberonGames.com:1.0.5.1462
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.1
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.0.2
FF - prefs.js..extensions.enabledItems: {3e0e7d2a-070f-4a47-b019-91fe5385ba79}:3.1.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..extensions.enabledItems: {926a10d2-4ce7-4331-b96f-ca4e22590fac}:5.45.3.3629
FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..keyword.URL: "http://search.addthis.com/search?pco=fxe-3.1.0&locale=en-US&sl=ub&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - user.js..browser.search.openintab: false

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/11/25 08:45:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/13 20:05:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/13 20:05:19 | 000,000,000 | ---D | M]

[2010/01/11 04:13:49 | 000,000,000 | ---D | M] -- C:\Users\Joy\AppData\Roaming\Mozilla\Extensions
[2010/01/10 17:43:16 | 000,000,000 | ---D | M] -- C:\Users\Joy\AppData\Roaming\Mozilla\Firefox\extensions
[2010/01/10 17:43:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Joy\AppData\Roaming\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2010/12/13 20:07:45 | 000,000,000 | ---D | M] -- C:\Users\Joy\AppData\Roaming\Mozilla\Firefox\Profiles\9ak4t7jr.default\extensions
[2010/09/24 19:09:32 | 000,000,000 | ---D | M] (Forecastfox Weather) -- C:\Users\Joy\AppData\Roaming\Mozilla\Firefox\Profiles\9ak4t7jr.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2010/04/28 03:33:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Joy\AppData\Roaming\Mozilla\Firefox\Profiles\9ak4t7jr.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/08/05 05:41:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Joy\AppData\Roaming\Mozilla\Firefox\Profiles\9ak4t7jr.default\extensions\{27c60876-b5c9-4335-b4f3-52b26782220c}
[2010/09/09 05:14:01 | 000,000,000 | ---D | M] (AddThis) -- C:\Users\Joy\AppData\Roaming\Mozilla\Firefox\Profiles\9ak4t7jr.default\extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79}
[2010/08/05 05:41:19 | 000,000,000 | ---D | M] (D-Link Toolbar) -- C:\Users\Joy\AppData\Roaming\Mozilla\Firefox\Profiles\9ak4t7jr.default\extensions\{926a10d2-4ce7-4331-b96f-ca4e22590fac}
[2010/08/23 01:47:36 | 000,000,000 | ---D | M] -- C:\Users\Joy\AppData\Roaming\Mozilla\Firefox\Profiles\9ak4t7jr.default\extensions\anycolor.pavlos256@gmail.com
[2010/04/07 04:55:59 | 000,000,000 | ---D | M] -- C:\Users\Joy\AppData\Roaming\Mozilla\Firefox\Profiles\9ak4t7jr.default\extensions\isreaditlater@ideashower.com
[2010/01/10 17:43:20 | 000,000,000 | ---D | M] -- C:\Users\Joy\AppData\Roaming\Mozilla\Firefox\Profiles\9ak4t7jr.default\extensions\morningCoffee@shaneliesegang
[2010/07/03 06:41:21 | 000,000,000 | ---D | M] -- C:\Users\Joy\AppData\Roaming\Mozilla\Firefox\Profiles\9ak4t7jr.default\extensions\OberonGameHost@OberonGames.com
[2010/09/13 03:12:07 | 000,000,000 | ---D | M] -- C:\Users\Joy\AppData\Roaming\Mozilla\Firefox\Profiles\9ak4t7jr.default\extensions\personas@christopher.beard
[2009/12/16 04:46:28 | 000,002,171 | ---- | M] () -- C:\Users\Joy\AppData\Roaming\Mozilla\Firefox\Profiles\9ak4t7jr.default\searchplugins\bing.xml
[2010/11/24 06:32:00 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/09/29 04:50:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/24 06:32:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2009/09/12 23:05:42 | 000,124,240 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\CCMSDK.dll
[2009/09/12 23:06:22 | 000,070,488 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\CgpCore.dll
[2009/09/12 23:06:32 | 000,091,480 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\confmgr.dll
[2009/09/12 23:06:28 | 000,022,360 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\ctxlogging.dll
[2009/03/23 22:29:44 | 000,060,824 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\npatgpc.dll
[2010/12/01 07:05:45 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPcol400.dll
[2010/12/01 07:05:45 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPcol500.dll
[2009/11/19 17:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/09/12 23:08:36 | 000,406,864 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npicaN.dll
[2009/11/19 17:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
[2009/08/03 15:07:42 | 000,373,104 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npOGAPlugin.dll
[2009/09/12 23:06:24 | 000,023,896 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\TcpPServ.dll
[2010/10/16 18:47:54 | 000,001,943 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\Yahooober26752984.xml

O1 HOSTS File: ([2009/06/10 16:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (GamesBarBHO Class) - {CB0D163C-E9F4-4236-9496-0597E24B23A5} - C:\Program Files\GamesBar\2.0.1.55\oberontb.dll (Oberon Media Ltd.)
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll ()
O2 - BHO: (D-Link Toolbar Loader) - {f01858c7-2a68-4d93-9e22-502eae3917c2} - C:\Program Files\D-Link Toolbar\dlinktb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (D-Link Toolbar) - {61874dfa-9adf-44e5-8e61-f3913707e7d7} - C:\Program Files\D-Link Toolbar\dlinktb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (GamesBar) - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\2.0.1.55\oberontb.dll (Oberon Media Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (D-Link Toolbar) - {61874DFA-9ADF-44E5-8E61-F3913707E7D7} - C:\Program Files\D-Link Toolbar\dlinktb.dll (AOL LLC.)
O4 - HKLM..\Run: [AmazonGSDownloaderTray] C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe (Amazon.com)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [dvd43] C:\Program Files\dvd43\DVD43_Tray.exe ()
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe (FreeDownloadManager.ORG)
O4 - HKCU..\Run: [SearchEngineProtection] C:\Program Files\GamesBar\SearchEngineProtection.exe (Oberon Media )
O4 - HKCU..\Run: [Software Informer] C:\Program Files\Software Informer\softinfo.exe File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - Startup: C:\Users\Joy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\desktop\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Users\Joy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Download all with Free Download Manager - C:\Program Files\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Download selected with Free Download Manager - C:\Program Files\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Download video with Free Download Manager - C:\Program Files\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Download with Free Download Manager - C:\Program Files\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - Reg Error: Value error. File not found
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: //@surf.mar@/ ([]money in Local intranet)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} http://games.att.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 15:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 07:01:14 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2009/07/01 18:49:32 | 000,000,062 | ---- | M] () - F:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/12/13 20:04:52 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/12/01 07:05:45 | 000,000,000 | ---D | C] -- C:\Users\Joy\AppData\Roaming\Catalina Marketing Corp
[2010/12/01 06:33:40 | 000,000,000 | ---D | C] -- C:\Program Files\Coupons
[2010/11/30 05:52:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/11/30 05:52:05 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/11/30 05:27:46 | 000,000,000 | ---D | C] -- C:\Users\Joy\AppData\Local\WinZip
[2010/11/30 05:27:41 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2010/11/29 17:38:30 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\Windows\System32\QuickTimeVR.qtx
[2010/11/29 17:38:30 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\Windows\System32\QuickTime.qts
[2010/11/28 16:16:45 | 000,038,848 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2010/11/27 09:08:08 | 000,000,000 | ---D | C] -- C:\Program Files\WIDI 3.3 Pro
[2010/11/25 08:46:41 | 000,000,000 | ---D | C] -- C:\Users\Joy\AppData\Local\Real
[2010/11/25 08:45:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2010/11/25 08:45:37 | 000,199,904 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll
[2010/11/25 08:45:13 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll
[2010/11/25 08:45:13 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll
[2010/11/25 08:45:12 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\Windows\System32\pncrt.dll
[2010/11/24 06:31:57 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/11/24 06:31:57 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/11/24 06:31:57 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/11/17 05:18:05 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/11/17 05:18:03 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/10/23 06:45:14 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Joy\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2010/12/13 20:09:39 | 000,002,503 | ---- | M] () -- C:\Users\Joy\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/12/13 20:09:38 | 000,002,479 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2010/12/13 20:05:11 | 000,001,826 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/12/13 20:05:00 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/12/13 19:57:07 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/12/13 19:56:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/12/04 07:44:33 | 000,013,440 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/12/04 07:44:33 | 000,013,440 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/12/03 21:57:23 | 000,028,160 | ---- | M] () -- C:\Users\Joy\Desktop\Help Me.doc
[2010/11/30 07:02:32 | 1603,112,960 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/30 05:52:14 | 000,001,251 | ---- | M] () -- C:\Users\Joy\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/11/30 05:52:14 | 000,001,227 | ---- | M] () -- C:\Users\Joy\Desktop\Spybot - Search & Destroy.lnk
[2010/11/30 05:27:55 | 000,002,216 | ---- | M] () -- C:\Users\Public\Desktop\WinZip.lnk
[2010/11/30 04:48:42 | 000,000,860 | ---- | M] () -- C:\Users\Joy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/11/30 04:48:29 | 000,000,685 | ---- | M] () -- C:\Users\Joy\Application Data\Microsoft\Internet Explorer\Quick Launch\ERUNT.lnk
[2010/11/30 04:48:29 | 000,000,680 | ---- | M] () -- C:\Users\Joy\Desktop\NTREGOPT.lnk
[2010/11/30 04:48:29 | 000,000,661 | ---- | M] () -- C:\Users\Joy\Desktop\ERUNT.lnk
[2010/11/29 17:38:30 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\Windows\System32\QuickTimeVR.qtx
[2010/11/29 17:38:30 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\Windows\System32\QuickTime.qts
[2010/11/28 16:16:46 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2010/11/27 09:08:09 | 000,001,004 | ---- | M] () -- C:\Users\Joy\Desktop\WIDI 3.3 Pro.lnk
[2010/11/25 08:46:06 | 000,001,012 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2010/11/25 08:45:37 | 000,199,904 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll
[2010/11/25 08:45:13 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll
[2010/11/25 08:45:13 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll
[2010/11/25 08:45:12 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\System32\pncrt.dll
[2010/11/23 08:21:31 | 000,627,288 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/11/23 08:21:31 | 000,107,346 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/11/20 10:53:49 | 000,025,600 | ---- | M] () -- C:\Users\Joy\Documents\ControlChartRules.xls
[2010/11/18 01:41:19 | 000,001,995 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/11/17 05:19:53 | 000,001,764 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

========== Files Created - No Company Name ==========

[2010/12/13 20:05:11 | 000,001,826 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/11/30 05:52:14 | 000,001,251 | ---- | C] () -- C:\Users\Joy\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/11/30 05:52:14 | 000,001,227 | ---- | C] () -- C:\Users\Joy\Desktop\Spybot - Search & Destroy.lnk
[2010/11/30 05:27:55 | 000,002,216 | ---- | C] () -- C:\Users\Public\Desktop\WinZip.lnk
[2010/11/30 04:48:42 | 000,000,860 | ---- | C] () -- C:\Users\Joy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/11/30 04:48:29 | 000,000,685 | ---- | C] () -- C:\Users\Joy\Application Data\Microsoft\Internet Explorer\Quick Launch\ERUNT.lnk
[2010/11/27 09:08:09 | 000,001,004 | ---- | C] () -- C:\Users\Joy\Desktop\WIDI 3.3 Pro.lnk
[2010/11/25 08:46:06 | 000,001,012 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2010/11/18 01:41:19 | 000,001,995 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/11/17 05:19:53 | 000,001,764 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/10/23 06:45:59 | 000,000,034 | ---- | C] () -- C:\Users\Joy\AppData\Roaming\pcouffin.log
[2010/10/23 06:45:14 | 000,087,608 | ---- | C] () -- C:\Users\Joy\AppData\Roaming\inst.exe
[2010/10/23 06:45:14 | 000,007,887 | ---- | C] () -- C:\Users\Joy\AppData\Roaming\pcouffin.cat
[2010/10/23 06:45:14 | 000,001,144 | ---- | C] () -- C:\Users\Joy\AppData\Roaming\pcouffin.inf
[2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2008/01/15 03:31:00 | 000,000,530 | ---- | C] () -- C:\Windows\System32\tx14_ic.ini
[2007/04/27 08:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2002/06/06 01:01:58 | 000,029,696 | ---- | C] () -- C:\Windows\System32\asutl8.dll

========== LOP Check ==========

[2010/04/11 07:28:07 | 000,000,000 | ---D | M] -- C:\Users\Joy\AppData\Roaming\Alawar Entertainment
[2010/05/23 10:59:57 | 000,000,000 | ---D | M] -- C:\Users\Joy\AppData\Roaming\Amazon
[2010/09/25 20:33:19 | 000,000,000 | ---D | M] -- C:\Users\Joy\AppData\Roaming\Anvil Studio
[2010/04/18 20:25:15 | 000,000,000 | ---D | M] -- C:\Users\Joy\AppData\Roaming\Arkadium
[2010/01/24 16:17:26 | 000,000,000 | ---D | M] -- C:\Users\Joy\AppData\Roaming\Articulate
[2010/05/22 10:19:25 | 000,000,000 | ---D | M] -- C:\Users\Joy\AppData\Roaming\Artogon
[2010/04/19 03:51:44 | 000,000,000 | ---D | M] -- C:\Users\Joy\AppData\Roaming\Big Fish Games
[2010/12/01 07:05:45 | 000,000,000 | ---D | M] -- C:\Users\Joy\AppData\Roaming\Catalina Marketing Corp
[2010/01/11 06:38:36 | 000,000,000 | ---D | M] -- C:\Users\Joy\AppData\Roaming\Citrix
[2010/09/06 04:43:10 | 000,000,000 | ---D | M] -- C:\Users\Joy\AppData\Roaming\Crosswind PM Inc
[2010/10/20 03:37:00 | 000,000,000 | ---D | M] -- C:\Users\Joy\AppData\Roaming\DVDVideoSoft
[2010/06/13 11:30:40 | 000,000,000 | ---D | M] -- C:\Users\Joy\AppData\Roaming\Farm Mania
[2010/05/08 08:10:35 | 000,000,000 | ---D | M] -- C:\Users\Joy\AppData\Roaming\Flood Light Games
[2010/06/05 09:18:05 | 000,000,000 | ---D | M] -- C:\Users\Joy\AppData\Roaming\Floodlight Games
[2010/12/13 20:25:44 | 000,000,000 | ---D | M] -- C:\Users\Joy\AppData\Roaming\Free Download Manager
[2010/02/28 03:50:53 | 000,000,000 | ---D | M] -- C:\Users\Joy\AppData\Roaming\Gaijin Ent
[2010/06/13 18:47:04 | 000,000,000 | ---D | M] -- C:\Users\Joy\AppData\Roaming\GetRightToGo
[2010/04/04 18:59:33 | 000,000,000 | ---D | M] -- C:\Users\Joy\AppData\Roaming\GOA
[2010/10/17 18:09:32 | 000,000,000 | ---D | M] -- C:\Users\Joy\AppData\Roaming\Hardcore
[2010/01/17 10:26:58 | 000,000,000 | ---D | M] -- C:\Users\Joy\AppData\Roaming\ICAClient
[2010/06/10 04:15:41 | 000,000,000 | ---D | M] -- C:\Users\Joy\AppData\Roaming\iWin
[2010/05/24 05:31:25 | 000,000,000 | ---D | M] -- C:\Users\Joy\AppData\Roaming\JewelMatch2
[2010/11/07 17:34:12 | 000,000,000 | ---D | M] -- C:\Users\Joy\AppData\Roaming\MAGIX
[2010/03/27 17:44:08 | 000,000,000 | ---D | M] -- C:\Users\Joy\AppData\Roaming\Merscom
[2010/11/27 09:08:42 | 000,000,000 | ---D | M] -- C:\Users\Joy\AppData\Roaming\Music Recognition
[2010/04/02 04:36:06 | 000,000,000 | ---D | M] -- C:\Users\Joy\AppData\Roaming\MysteryStudio
[2010/10/16 18:49:23 | 000,000,000 | ---D | M] -- C:\Users\Joy\AppData\Roaming\Oberon Media
[2010/10/16 18:50:00 | 000,000,000 | ---D | M] -- C:\Users\Joy\AppData\Roaming\Oberonv1000
[2010/03/04 01:25:07 | 000,000,000 | ---D | M] -- C:\Users\Joy\AppData\Roaming\Oberonv1002
[2010/03/27 11:50:16 | 000,000,000 | ---D | M] -- C:\Users\Joy\AppData\Roaming\Princess Isabella
[2010/04/24 06:15:36 | 000,000,000 | ---D | M] -- C:\Users\Joy\AppData\Roaming\Settlement. Colossus
[2010/04/25 06:56:34 | 000,000,000 | ---D | M] -- C:\Users\Joy\AppData\Roaming\Silverback Productions
[2010/02/28 04:57:42 | 000,000,000 | ---D | M] -- C:\Users\Joy\AppData\Roaming\Skunk Studios
[2010/11/30 07:00:50 | 000,000,000 | ---D | M] -- C:\Users\Joy\AppData\Roaming\SoftGrid Client
[2010/11/27 05:50:11 | 000,000,000 | ---D | M] -- C:\Users\Joy\AppData\Roaming\TP
[2010/11/06 18:29:03 | 000,000,000 | ---D | M] -- C:\Users\Joy\AppData\Roaming\Vso
[2010/09/25 16:29:26 | 000,000,000 | ---D | M] -- C:\Users\Joy\AppData\Roaming\Z-Systems
[2009/07/13 23:53:46 | 000,032,108 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 655 bytes -> C:\Users\Joy\Documents\Important _ Billing Problem.eml:OECustomProperty
@Alternate Data Stream - 207 bytes -> C:\ProgramData\TEMP:1013B07C
@Alternate Data Stream - 206 bytes -> C:\ProgramData\TEMP:F8A67568
@Alternate Data Stream - 204 bytes -> C:\ProgramData\TEMP:B84EF836
@Alternate Data Stream - 202 bytes -> C:\ProgramData\TEMP:3965C4E8
@Alternate Data Stream - 198 bytes -> C:\ProgramData\TEMP:48529647
@Alternate Data Stream - 197 bytes -> C:\ProgramData\TEMP:373C6DC2
@Alternate Data Stream - 196 bytes -> C:\ProgramData\TEMP:C44E62F1
@Alternate Data Stream - 194 bytes -> C:\ProgramData\TEMP:EF4B1DA9
@Alternate Data Stream - 193 bytes -> C:\ProgramData\TEMP:1198CD34
@Alternate Data Stream - 189 bytes -> C:\ProgramData\TEMP:8C885EDD
@Alternate Data Stream - 186 bytes -> C:\ProgramData\TEMP:2A8A3140
@Alternate Data Stream - 185 bytes -> C:\ProgramData\TEMP:91CF76E3
@Alternate Data Stream - 182 bytes -> C:\ProgramData\TEMP:017D5143
@Alternate Data Stream - 181 bytes -> C:\ProgramData\TEMP:7E4695C4
@Alternate Data Stream - 179 bytes -> C:\ProgramData\TEMP:B623B5B8
@Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:AE8D8202
@Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:8F7ECF6A
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:1AB9C966
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:C8E9D804
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:CDF47D67
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:3867977D
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:E8C4808B
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:1BC99E01
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:E35A81F4
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:940C4202
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:3FBB88CF
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:41B89F80
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:D8EA2847
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:D0F51BEA
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:E60C72DB
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:81B52FA6
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:E1069F99
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:DB0CD29E
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:8DCF53BE
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:252E6179
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:029E021F
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:C18032C3
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:2B9724CF

< End of report >

joykins

2010-12-14, 02:43

Here is the Extras.txt from the OTL scan:

OTL Extras logfile created on: 12/13/2010 8:24:52 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Downloads\Software
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 59.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 270.65 Gb Total Space | 32.09 Gb Free Space | 11.86% Space Free | Partition Type: NTFS
Drive D: | 8.78 Gb Total Space | 0.48 Gb Free Space | 5.50% Space Free | Partition Type: FAT32
Drive E: | 460.11 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 465.76 Gb Total Space | 223.16 Gb Free Space | 47.91% Space Free | Partition Type: NTFS

Computer Name: JOY-PC | User Name: Joy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0BCA9EFD-F2D6-4638-B053-8693BA0404BE}" = Citrix online plug-in (Web)
"{12D7CFCA-F231-4744-9FD0-6D80B3C68EFF}" = MAGIX Screenshare
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010 (Beta)
"{20140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010 (Beta)
"{20140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010 (Beta)
"{20140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010 (Beta)
"{20140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010 (Beta)
"{20140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010 (Beta)
"{20140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 (Beta)
"{20140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 (Beta)
"{20140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 (Beta)
"{20140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010 (Beta)
"{20140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010 (Beta)
"{20140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010 (Beta)
"{20140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010 (Beta)
"{20140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010 (Beta)
"{20140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010 (Beta)
"{20140000-011A-0000-0000-0000000FF1CE}" = Microsoft Office Send-a-Smile
"{21C4741D-6DAA-498D-8317-7C4549A51019}" = Articulate Studio '09 Pro
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 22
"{271A659B-A7D3-405E-AE31-3086133BE0B7}" = Yamaha USB-MIDI Driver
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2C9D8A37-9321-41A6-BF36-B2207D681D55}" = VA CPRS Demo
"{2F270D4D-3F3C-4FDE-B326-8E63149E4ABD}" = WebEx Event Manager for Firefox/Netscape/Chrome
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{325CEECA-0C31-4BB3-B1A9-8032611FB991}" = MAGIX 3D Maker (embedded MSI)
"{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{3C9AE630-EAA2-012B-AEB0-000000000000}" = TurboTax 2009 wsciper
"{3E5131E9-1241-4E43-8036-E870C0DEDD97}" = Articulate Studio '09 Pro
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{465692CB-7EF5-40A7-B07F-DC4DAB7416FC}" = MAGIX PhotoStory on CD & DVD 9 deluxe Download Version
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{55392E52-1AAD-44C4-BE49-258FFE72434F}" = Citrix online plug-in (USB)
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5A52C32C-6F99-4732-B088-19228D1D3CF2}" = Articulate Studio '09 Pro
"{5B955039-FDD1-497C-8522-5AD592F16131}" = MAGIX Xtreme Photo Designer 6
"{5C0856B6-6260-4952-8FF5-C79C3FD3AA44}" = e-Sword
"{5F6047B0-E9C5-4681-A7DF-0A19D23AF348}" = Z-Maestro
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari
"{6D3C6846-CDB6-418F-8FDB-DA21FE064F86}" = YAMAHA Musicsoft Downloader 5
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{7C84DDDF-DEC9-4E02-8222-D86E73531CEB}" = Citrix online plug-in (SSON)
"{812424AC-A8B5-44E6-8D48-07E939D1AD9A}" = Citrix online plug-in (HDX)
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113555820}" = Mahjongg Artifacts 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117693570}" = Zuma’s Revenge
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-118189163}" = Women’s Murder Club - Triple Crime Pack
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-118291513}" = Shutter Island
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-118442410}" = Mortimer Beckett and the Lost King
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11847863}" = Farm Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-119022657}" = Escape Whisper Valley
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C2690CF-5B74-4F93-8139-7B5644CD6A3B}" = MobileMe Control Panel
"{90140000-006D-0409-0000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{90140011-0061-0409-0000-0000000FF1CE}" = Microsoft Office Home and Student 2010 - English
"{90140011-0062-0409-0000-0000000FF1CE}" = Microsoft Office Home and Business 2010 - English
"{929709C5-C179-4DC9-8FD7-757FC955EC2E}" = MAGIX Speed 2 (MSI)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = iSEEK AnswerWorks English Runtime
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{AD99658D-C90E-4C24-86AA-A5B47F98575B}" = Articulate Studio '09 Pro
"{B32E6282-AE31-4466-BBC1-FC726268FC31}" = MAGIX Music Maker 16 Premium Download Version
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B8A2256E-6225-4D9E-B1C9-C26CA1E22FEB}" = Citrix online plug-in (PNA)
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BF}" = WinZip 15.0
"{CF53CF7C-D996-43EB-9904-DBED57C25625}" = Citrix online plug-in (DV)
"{E424255A-C125-400A-BE1E-182B8B1B4BCD}" = MAGIX PhotoStory on CD & DVD 9 deluxe (Design elements)
"{E8843212-F0FC-4C3B-BFF3-D51829CB4F19}" = iTunes
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"1Click DVD Copy Pro_is1" = 1Click DVD Copy Pro 4.2.3.3
"ActiveTouchMeetingClient" = WebEx
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Akamai" = Akamai NetSession Interface
"Amazon Games & Software Downloader_is1" = Amazon Games & Software Downloader
"ASIO4ALL" = ASIO4ALL
"AsUninst.exe" = Anvil Studio
"avast5" = avast! Free Antivirus
"CitrixOnlinePluginFull" = Citrix online plug-in
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"Creative Jukebox Driver" = Creative Jukebox Driver
"D-Link Toolbar" = D-Link Toolbar
"Drumaxx" = Drumaxx
"DVD43_is1" = DVD43 v4.6.0
"ERUNT_is1" = ERUNT 1.1j
"FL Studio 9" = FL Studio 9
"Free Download Manager_is1" = Free Download Manager 3.0
"Free Video to Flash Converter_is1" = Free Video to Flash Converter version 4.7.16
"GamesBar" = GamesBar 2.0.1.55
"Hardcore" = Hardcore
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"IL Download Manager" = IL Download Manager
"MAGIX Screenshare US" = MAGIX Screenshare
"MAGIX_MSI_Fotos_auf_CD_DVD_9_dlx" = MAGIX PhotoStory on CD & DVD 9 deluxe Download Version
"MAGIX_MSI_mm16dlx" = MAGIX Music Maker 16 Premium Download Version
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Midnight Mysteries Salem Witch Trials_is1" = Midnight Mysteries Salem Witch Trials
"Mozilla Firefox (3.6.2)" = Mozilla Firefox (3.6.2)
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Office14.SingleImage" = Microsoft Office Professional 2010
"PoiZone" = PoiZone
"RealPlayer 12.0" = RealPlayer
"Sakura" = Sakura
"Sawer" = Sawer
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Style Time Editor_is1" = Style Time Editor 1.4
"The QI Macros for Excel" = The QI Macros for Excel
"Toxic Biohazard" = Toxic Biohazard
"TurboTax 2009" = TurboTax 2009
"Uninstall_is1" = Uninstall 1.0.0.1
"WIDI Recognition System Pro 3.3" = WIDI Recognition System Pro 3.3 (remove only)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Amazon Kindle For PC" = Amazon Kindle For PC v1.1
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/3/2010 10:03:07 PM | Computer Name = Joy-PC | Source = Application Hang | ID = 1002
Description = The program e-Sword.exe version 9.5.0.1 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: 1464 Start Time:
01cb9357490300c4 Termination Time: 16 Application Path: C:\Program Files\e-Sword\e-Sword.exe

Report
Id: 9f60069d-ff4a-11df-8500-001731c5e6a4

Error - 12/4/2010 6:56:02 AM | Computer Name = Joy-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\real\realplayer\plugins\rmxrend.dll".
Dependent
Assembly Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 12/4/2010 6:56:32 AM | Computer Name = Joy-PC | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 1.9.2.3727 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 490 Start
Time: 01cb935a791e858b Termination Time: 16 Application Path: C:\Program Files\Mozilla
Firefox\firefox.exe Report Id:

Error - 12/9/2010 2:33:17 PM | Computer Name = Joy-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\real\realplayer\plugins\rmxrend.dll".
Dependent
Assembly Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 12/9/2010 2:33:21 PM | Computer Name = Joy-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\real\realplayer\plugins\rmxrend.dll".
Dependent
Assembly Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 12/9/2010 2:33:33 PM | Computer Name = Joy-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\real\realplayer\plugins\rmxrend.dll".
Dependent
Assembly Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 12/9/2010 3:00:57 PM | Computer Name = Joy-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program files\spybot
- search & destroy\DelZip179.dll" on line 8. The value "*" of attribute "language"
in element "assemblyIdentity" is invalid.

Error - 12/13/2010 8:56:56 PM | Computer Name = Joy-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\real\realplayer\plugins\rmxrend.dll".
Dependent
Assembly Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 12/13/2010 8:57:01 PM | Computer Name = Joy-PC | Source = CVHSVC | ID = 100
Description = Information only. (Patch task for {90140011-0061-0409-0000-0000000FF1CE}):
DownloadLatest Failed: There are currently no active network connections. Background
Intelligent Transfer Service (BITS) will try again when an adapter is connected.

Error - 12/13/2010 8:57:01 PM | Computer Name = Joy-PC | Source = CVHSVC | ID = 100
Description = Information only. (Patch task for {90140011-0062-0409-0000-0000000FF1CE}):
DownloadLatest Failed: There are currently no active network connections. Background
Intelligent Transfer Service (BITS) will try again when an adapter is connected.

[ Media Center Events ]
Error - 2/10/2010 7:25:54 PM | Computer Name = Joy-PC | Source = MCUpdate | ID = 0
Description = 6:25:44 PM - Error connecting to the internet. 6:25:45 PM - Unable
to contact server..

Error - 2/11/2010 11:20:22 AM | Computer Name = Joy-PC | Source = MCUpdate | ID = 0
Description = 10:20:11 AM - Error connecting to the internet. 10:20:11 AM - Unable
to contact server..

Error - 2/13/2010 11:40:48 AM | Computer Name = Joy-PC | Source = MCUpdate | ID = 0
Description = 10:40:43 AM - Error connecting to the internet. 10:40:43 AM - Unable
to contact server..

Error - 2/13/2010 12:40:55 PM | Computer Name = Joy-PC | Source = MCUpdate | ID = 0
Description = 11:40:53 AM - Error connecting to the internet. 11:40:53 AM - Unable
to contact server..

Error - 2/16/2010 11:03:53 AM | Computer Name = Joy-PC | Source = MCUpdate | ID = 0
Description = 10:03:47 AM - Error connecting to the internet. 10:03:47 AM - Unable
to contact server..

Error - 2/19/2010 3:48:00 PM | Computer Name = Joy-PC | Source = MCUpdate | ID = 0
Description = 2:47:59 PM - Error connecting to the internet. 2:47:59 PM - Unable
to contact server..

Error - 2/19/2010 3:48:10 PM | Computer Name = Joy-PC | Source = MCUpdate | ID = 0
Description = 2:48:05 PM - Error connecting to the internet. 2:48:05 PM - Unable
to contact server..

Error - 2/19/2010 4:49:48 PM | Computer Name = Joy-PC | Source = MCUpdate | ID = 0
Description = 3:49:48 PM - Error connecting to the internet. 3:49:48 PM - Unable
to contact server..

Error - 2/19/2010 4:49:54 PM | Computer Name = Joy-PC | Source = MCUpdate | ID = 0
Description = 3:49:53 PM - Error connecting to the internet. 3:49:53 PM - Unable
to contact server..

Error - 3/3/2010 11:20:29 AM | Computer Name = Joy-PC | Source = MCUpdate | ID = 0
Description = 10:20:24 AM - Error connecting to the internet. 10:20:24 AM - Unable
to contact server..

[ System Events ]
Error - 12/1/2010 9:12:02 AM | Computer Name = Joy-PC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.

Error - 12/1/2010 9:12:05 AM | Computer Name = Joy-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 12/1/2010 7:19:36 PM | Computer Name = Joy-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the ShellHWDetection service.

Error - 12/1/2010 7:19:50 PM | Computer Name = Joy-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 12/4/2010 6:55:49 AM | Computer Name = Joy-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the ShellHWDetection service.

Error - 12/4/2010 6:56:02 AM | Computer Name = Joy-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 12/4/2010 6:56:04 AM | Computer Name = Joy-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 12/4/2010 9:32:00 AM | Computer Name = Joy-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 12/4/2010 9:32:01 AM | Computer Name = Joy-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 12/13/2010 9:08:27 PM | Computer Name = Joy-PC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.

< End of report >