PDA

View Full Version : Cannot remove microsoft.windows.redirectedhosts


womble
2011-12-13, 01:37
Hi,

Spybot finds but cannot remove Microsoft.Windows.RedirectedHosts and Fraud.Windows.ProtectionSuite

I have run MalwareBytes and it did not find anything.

Cheers
Alex

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_30
Run by Kathie at 18:14:56 on 2011-12-12
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.2.1033.18.3999.2407 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG10\avgchsva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
C:\ProgramData\Clickfree\HDDV2USB3\UACProxy.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
C:\Program Files (x86)\AVG\AVG10\avgemca.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\ProgramData\Clickfree\HDDV2USB3\reminder\SacReminder.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\HP\QuickPlay\QPService.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\AVG\AVG10\avgtray.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\PROGRA~2\AVG\AVG10\avgrsa.exe
C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ca/
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_CA&c=94&bd=Pavilion&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_CA&c=94&bd=Pavilion&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_CA&c=94&bd=Pavilion&pf=cnnb
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [SacReminderHDDV2] C:\ProgramData\Clickfree\HDDV2USB3\reminder\SacReminder.exe
mRun: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe"
mRun: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Kathie\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
uPolicies-explorer: DisallowRun = 1 (0x1)
uPolicies-system: WallpaperStyle = 2
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 2 (0x2)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
dPolicies-system: WallpaperStyle = 2
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: DhcpNameServer = 207.164.234.193 207.164.234.129
TCP: Interfaces\{C5BC8390-B45F-474A-B33A-5549C62205D4} : DhcpNameServer = 207.164.234.193 207.164.234.129
TCP: Interfaces\{C5BC8390-B45F-474A-B33A-5549C62205D4}\E6F6D6F627567796275637 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{E7EAA283-14ED-403A-BFF6-561E2637DBB4} : DhcpNameServer = 192.168.0.1
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
IFEO: image file execution options - svchost.exe
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: AVG Security Toolbar BHO: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
TB-X64: AVG Security Toolbar: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe"
mRun-x64: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
mRun-x64: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun-x64: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun-x64: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
IFEO-X64: image file execution options - svchost.exe
Hosts: 74.125.45.100 4-open-davinci.com
Hosts: 74.125.45.100 securitysoftwarepayments.com
Hosts: 74.125.45.100 privatesecuredpayments.com
Hosts: 74.125.45.100 secure.privatesecuredpayments.com
Hosts: 74.125.45.100 getantivirusplusnow.com
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Kathie\AppData\Roaming\Mozilla\Firefox\Profiles\1b950fcb.default\
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-8-18 7390560]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2011-2-8 269520]
R2 CFUACProxy_hddv2usb3;CFUACProxy_hddv2usb3;C:\ProgramData\Clickfree\HDDV2USB3\UACProxy.exe [2011-4-14 83792]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-14 92216]
R2 HsfXAudioService;HsfXAudioService;C:\Windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-3-11 1153368]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 CAXHWAZL;CAXHWAZL;C:\Windows\system32\DRIVERS\CAXHWAZL.sys --> C:\Windows\system32\DRIVERS\CAXHWAZL.sys [?]
R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-8-21 227896]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2010-11-22 517448]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
.
=============== Created Last 30 ================
.
2011-12-12 23:13:12 -------- d-----w- C:\Users\Kathie\AppData\Local\{A75D3F95-6A88-4640-BBD5-5326D0CDDD81}
2011-12-12 23:12:59 -------- d-----w- C:\Users\Kathie\AppData\Local\{89767B68-AD6D-47AA-8C5F-E882FA34E974}
2011-12-12 21:52:45 -------- d-----w- C:\Users\Kathie\AppData\Local\{77CE178B-4B84-4F78-994F-37AB4B909FF7}
2011-12-12 21:52:32 -------- d-----w- C:\Users\Kathie\AppData\Local\{0AAF965D-C8FB-4B80-9123-A6A0B4CDCBDD}
2011-12-10 22:35:14 -------- d-----w- C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
2011-12-10 22:32:51 -------- d-----w- C:\Program Files\CCleaner
2011-12-10 22:18:41 -------- d-----w- C:\Users\Kathie\AppData\Local\{023C6E61-532D-4641-81FC-705C60E91011}
2011-12-09 16:32:56 -------- d-----w- C:\Users\Kathie\AppData\Local\{450F7D98-9159-4C18-BE79-8D804FD85D65}
2011-12-09 16:32:45 -------- d-----w- C:\Users\Kathie\AppData\Local\{22307D9E-F8C2-43A6-9458-EBD9149D5628}
2011-12-09 15:39:52 -------- d-----w- C:\Users\Kathie\AppData\Local\{72E58DF3-6EE2-4050-BA27-091DE906F487}
2011-12-09 15:39:40 -------- d-----w- C:\Users\Kathie\AppData\Local\{A1E0C00D-49CE-4695-8435-3DD460202A50}
2011-12-09 15:36:26 -------- d-----w- C:\Users\Kathie\AppData\Local\{51A50125-7F36-4403-9749-A760DEAD6FD0}
2011-12-09 15:36:15 -------- d-----w- C:\Users\Kathie\AppData\Local\{3D3BABC5-5103-4904-8CEE-DAD27B620A2F}
2011-12-09 14:44:37 -------- d-----w- C:\Users\Kathie\AppData\Local\{CDDB2CA8-8B5F-4A3A-B5BA-0D907E95BC73}
2011-12-09 14:44:26 -------- d-----w- C:\Users\Kathie\AppData\Local\{17601612-36C4-48B7-91A7-28ED90D34C9C}
2011-12-09 14:34:52 -------- d-----w- C:\Users\Kathie\AppData\Local\{5AB40E53-B2E7-48FD-BA58-CEC8961DA6DF}
2011-12-09 14:34:38 -------- d-----w- C:\Users\Kathie\AppData\Local\{2A2A2287-9CB5-4361-B2CB-5B5C5607FAC7}
2011-12-09 14:31:03 -------- d-----w- C:\Users\Kathie\AppData\Local\{7001276F-409C-458F-9854-9C028D57F3E6}
2011-12-09 14:30:52 -------- d-----w- C:\Users\Kathie\AppData\Local\{320312F1-7883-455F-B9B7-73AD279755A3}
2011-12-09 04:51:59 -------- d-----w- C:\Users\Kathie\AppData\Local\{7EE235D6-64A8-4F8A-9B22-B6EA80FD1174}
2011-12-09 04:51:48 -------- d-----w- C:\Users\Kathie\AppData\Local\{84EF98DC-2CAC-44B2-AE9A-02EF3A6ADE53}
2011-12-09 04:36:45 -------- d-----w- C:\Users\Kathie\AppData\Local\{0D755FCC-679B-42E9-8D04-1E0526161F49}
2011-12-09 04:36:33 -------- d-----w- C:\Users\Kathie\AppData\Local\{9F978E04-4418-434A-8E21-6E864AA4533F}
2011-12-09 04:16:29 -------- d-----w- C:\Users\Kathie\AppData\Local\{CF7ABF91-7D26-4673-84D3-7BD29BC3E8C2}
2011-12-09 04:16:14 -------- d-----w- C:\Users\Kathie\AppData\Local\{5CF77BB4-27F8-44CE-9985-37A0580F9210}
2011-12-09 03:07:50 -------- d-----w- C:\Users\Kathie\AppData\Local\{BBFC937A-2E66-44BD-A398-41D65659A367}
2011-12-09 03:07:35 -------- d-----w- C:\Users\Kathie\AppData\Local\{3AE734B8-73B5-4043-9B9F-640D24534684}
2011-12-08 19:22:53 -------- d-----w- C:\Users\Kathie\AppData\Local\{217733F6-9FFB-4565-9ACA-FD25763359BD}
2011-12-08 19:22:39 -------- d-----w- C:\Users\Kathie\AppData\Local\{78128607-A530-480E-AAC8-C6852BB6914F}
2011-12-07 23:08:24 -------- d-----w- C:\Users\Kathie\AppData\Local\{43F6DD77-CCBB-423E-BAA5-FEF55D2252F3}
2011-12-07 23:08:10 -------- d-----w- C:\Users\Kathie\AppData\Local\{632ADA3C-9F9F-419C-B40E-DDFC1C570853}
2011-12-07 21:57:09 -------- d-----w- C:\Users\Kathie\AppData\Local\{9A0F9709-0119-4DA6-97E6-D012BA54AA99}
2011-12-07 21:56:53 -------- d-----w- C:\Users\Kathie\AppData\Local\{AC968916-73D1-49C0-B2C5-C4B1CA37B51B}
2011-12-07 17:08:20 -------- d-----w- C:\Users\Kathie\AppData\Local\{B19E5CF8-DD7D-4AAE-A7A6-C64428688361}
2011-12-07 17:08:05 -------- d-----w- C:\Users\Kathie\AppData\Local\{0AE421BA-C77C-4DC8-9221-CD7CA68A3D04}
2011-12-07 16:54:11 -------- d-----w- C:\Users\Kathie\AppData\Local\{291231F9-6AE9-4C25-BFDE-BC8D2DA5FEAF}
2011-12-07 16:53:57 -------- d-----w- C:\Users\Kathie\AppData\Local\{C0B64FE7-A843-442A-8D6A-B27B651E7584}
2011-12-07 16:09:59 -------- d-----w- C:\Users\Kathie\AppData\Local\{42A94201-467B-4E10-B55A-5137064AA5FF}
2011-12-07 16:09:48 -------- d-----w- C:\Users\Kathie\AppData\Local\{0400C205-475C-4B8F-B826-6BFC32507A99}
2011-12-07 15:51:14 -------- d-----w- C:\Users\Kathie\AppData\Local\{5384E053-C875-406F-B4E2-B50907010A30}
2011-12-07 15:50:55 -------- d-----w- C:\Users\Kathie\AppData\Local\{E7BD2639-EAEF-45D1-B8F0-296DC89092DB}
2011-12-07 03:55:10 -------- d-----w- C:\Users\Kathie\AppData\Local\{A39D7C8B-C80C-475D-8C5F-11C8F9E177A4}
2011-12-07 03:54:56 -------- d-----w- C:\Users\Kathie\AppData\Local\{B1C51B52-8030-4EF4-B574-ACA27BEE5C41}
2011-12-06 15:30:55 -------- d-----w- C:\Users\Kathie\AppData\Local\{9C27A182-3D34-4580-9DE6-69ED4CAC06ED}
2011-12-06 15:30:37 -------- d-----w- C:\Users\Kathie\AppData\Local\{345ED00A-DB19-4C1F-B753-28D06AA1C1DF}
2011-12-06 15:12:36 -------- d-----w- C:\Users\Kathie\AppData\Local\{E373F822-6DD8-4AE6-813F-F2840C52228A}
2011-12-06 15:12:11 -------- d-----w- C:\Users\Kathie\AppData\Local\{11C0DD6B-A173-4334-8A7D-44216DF9F868}
2011-12-06 15:07:45 -------- d-----w- C:\Users\Kathie\AppData\Local\{7A516B4B-A1D1-429E-88CC-CF16603B3D0E}
2011-12-06 15:07:22 -------- d-----w- C:\Users\Kathie\AppData\Local\{1B5AC597-7F04-46E9-B763-6CE9BFF92AAB}
2011-12-06 14:50:29 -------- d-----w- C:\Users\Kathie\AppData\Local\{8013957C-0F89-4CBB-92D9-A922C66A0248}
2011-12-06 14:50:17 -------- d-----w- C:\Users\Kathie\AppData\Local\{2A5AA366-B5E4-4521-8335-1F931D072282}
2011-12-06 14:15:57 -------- d-----w- C:\Users\Kathie\AppData\Local\{17A7AA2C-1B92-4A50-AFD1-1104C6F73392}
2011-12-06 14:15:46 -------- d-----w- C:\Users\Kathie\AppData\Local\{1309A731-5AB4-4162-B5C4-1B16C1315ED5}
2011-12-06 05:07:19 -------- d-----w- C:\Users\Kathie\AppData\Local\{64C61BB0-C0DA-43A1-9B9F-088EF00D9915}
2011-12-06 05:07:06 -------- d-----w- C:\Users\Kathie\AppData\Local\{A79DCD66-CCE7-41C4-8979-EC1922C46B02}
2011-12-06 04:50:55 -------- d-----w- C:\Users\Kathie\AppData\Local\{EEADF6C0-AADA-4CD8-8834-251EF1E680A7}
2011-12-06 04:50:42 -------- d-----w- C:\Users\Kathie\AppData\Local\{D6DDE5E1-11E6-488C-95AE-8FAC64538AC4}
2011-12-05 23:14:52 -------- d-----w- C:\Users\Kathie\AppData\Local\{730DC85F-A1CF-4B03-93F9-D18B8CB9666B}
2011-12-05 23:14:41 -------- d-----w- C:\Users\Kathie\AppData\Local\{1BFB432E-74D2-4D02-9612-50631BB55951}
2011-12-05 22:57:21 -------- d-----w- C:\Users\Kathie\AppData\Local\{34559E18-F04F-4C75-A5AB-5D060A2691BC}
2011-12-05 22:57:11 -------- d-----w- C:\Users\Kathie\AppData\Local\{BFA30C6C-4163-495A-B8FE-F8D0FB9250DC}
2011-12-05 21:54:08 -------- d-----w- C:\Users\Kathie\AppData\Local\{1D67E896-0ED5-4B48-9739-046143DE1992}
2011-12-05 21:53:55 -------- d-----w- C:\Users\Kathie\AppData\Local\{C55AB930-9995-43FE-BA74-114CCF519E81}
2011-12-05 20:47:03 -------- d-----w- C:\Users\Kathie\AppData\Local\{88DD116F-F492-4B1E-8C7C-30CB7538662F}
2011-12-05 20:46:51 -------- d-----w- C:\Users\Kathie\AppData\Local\{05D8BF1B-88BD-4808-B467-9B0C34041A04}
2011-12-05 20:18:14 -------- d-----w- C:\Users\Kathie\AppData\Local\{6029A32B-A1CE-470D-912D-32094859550C}
2011-12-05 20:18:03 -------- d-----w- C:\Users\Kathie\AppData\Local\{BA884EC3-36BF-414D-B46D-E894F12B1194}
2011-12-05 06:26:48 -------- d-----w- C:\Users\Kathie\AppData\Local\{13ECE90F-96F1-4256-BD2B-F20AA6EA2615}
2011-12-05 06:26:32 -------- d-----w- C:\Users\Kathie\AppData\Local\{F632442D-7C2F-45CF-A254-9ABF5C5CF7E5}
2011-12-05 05:19:53 -------- d-----w- C:\Users\Kathie\AppData\Local\{AD5D0785-04C9-422D-8374-2DAD375A1183}
2011-12-05 05:19:38 -------- d-----w- C:\Users\Kathie\AppData\Local\{4FA08D46-112B-4743-A512-56DF30DC5BF8}
2011-12-05 02:15:03 -------- d-----w- C:\Users\Kathie\AppData\Local\{0193DCDC-02AB-4B9F-A877-FC580D26D139}
2011-12-05 02:14:51 -------- d-----w- C:\Users\Kathie\AppData\Local\{87F035E9-9AC2-4FEC-9285-D302E7659BB6}
2011-12-05 00:24:08 -------- d-----w- C:\Users\Kathie\AppData\Local\{CF5EB042-2565-4A89-91ED-A0EB0F6D103C}
2011-12-05 00:23:54 -------- d-----w- C:\Users\Kathie\AppData\Local\{BCD771E6-D579-4CF4-A89D-E466FF73EC78}
2011-12-04 21:52:42 -------- d-----w- C:\Users\Kathie\AppData\Local\{C535D99B-F77A-4586-87D0-57862BF82E51}
2011-12-04 21:52:28 -------- d-----w- C:\Users\Kathie\AppData\Local\{62248A99-E7B6-4F31-A356-B5D5021BAC40}
2011-12-03 02:50:20 -------- d-----w- C:\Users\Kathie\AppData\Local\{91BCB7B8-F1EB-49B4-8489-18B74D61F5CF}
2011-12-03 02:50:09 -------- d-----w- C:\Users\Kathie\AppData\Local\{2FEE6B09-61B6-4BDC-8784-A7C76F9A70C9}
2011-12-02 00:15:55 -------- d-----w- C:\Users\Kathie\AppData\Local\{08D58AF9-42BF-4DAC-871C-128EE97EE5AA}
2011-12-02 00:15:43 -------- d-----w- C:\Users\Kathie\AppData\Local\{F5E23578-CCE6-470A-A189-8320B697B60E}
2011-12-01 18:39:50 -------- d-----w- C:\Users\Kathie\AppData\Local\{5F6F2D66-DB20-4702-8E9D-1D3D0D6C597E}
2011-12-01 18:39:37 -------- d-----w- C:\Users\Kathie\AppData\Local\{1B010E0E-DAA9-4ED0-A564-5E783856A6C5}
2011-12-01 14:24:55 -------- d-----w- C:\Users\Kathie\AppData\Local\{33A941C2-685E-4C0D-9F31-049CEC3EC597}
2011-12-01 14:24:43 -------- d-----w- C:\Users\Kathie\AppData\Local\{26F3E38C-63E0-430E-8B75-5580433C6973}
2011-11-30 18:15:22 -------- d-----w- C:\Users\Kathie\AppData\Local\{F31B93BC-241F-4F75-A1DD-7F98085C9EC7}
2011-11-30 18:15:12 -------- d-----w- C:\Users\Kathie\AppData\Local\{B3ABED28-A90D-43D5-8F46-6A820672553D}
2011-11-30 17:22:15 -------- d-----w- C:\Users\Kathie\AppData\Local\{C4A12574-6CA7-4D2B-A051-4A1331FE1CEB}
2011-11-30 17:22:04 -------- d-----w- C:\Users\Kathie\AppData\Local\{23FBC25C-E77D-46D2-A74C-42B1D378A490}
2011-11-30 15:18:31 -------- d-----w- C:\Users\Kathie\AppData\Local\{BFBEC189-74F9-44E9-B00E-7DB0AF0256F4}
2011-11-30 15:18:17 -------- d-----w- C:\Users\Kathie\AppData\Local\{C0CBE688-4C18-4E9F-9EC1-051C8C24D0C8}
2011-11-30 01:34:21 -------- d-----w- C:\Users\Kathie\AppData\Local\{884A451F-18A6-453B-BE04-290CB9542511}
2011-11-30 01:34:08 -------- d-----w- C:\Users\Kathie\AppData\Local\{A6C4F515-96D5-4DE7-A3BA-0A763755626F}
2011-11-29 21:31:04 -------- d-----w- C:\Users\Kathie\AppData\Local\{0D493F3A-6005-448A-BE49-EBA99106C5F4}
2011-11-29 21:30:53 -------- d-----w- C:\Users\Kathie\AppData\Local\{97F18D61-C555-470B-AE84-6BB8C398989E}
2011-11-29 21:17:46 -------- d-----w- C:\Users\Kathie\AppData\Local\{29F04B1E-8496-425C-9EBE-8D84E089FAF1}
2011-11-29 21:17:35 -------- d-----w- C:\Users\Kathie\AppData\Local\{2667CEE5-0E80-4CAA-B26F-0169603894B2}
2011-11-29 19:32:11 -------- d-----w- C:\Users\Kathie\AppData\Local\{4D7BC681-70C0-411F-A8B2-EE446A299779}
2011-11-29 19:31:59 -------- d-----w- C:\Users\Kathie\AppData\Local\{83A3583C-E945-4BDD-BF3E-D241F4AB9F46}
2011-11-29 15:23:40 -------- d-----w- C:\Users\Kathie\AppData\Local\{E64DFD34-4E16-443B-8CE3-9AC7CFB4B83C}
2011-11-29 15:23:28 -------- d-----w- C:\Users\Kathie\AppData\Local\{8748B5F1-D5B5-4E6F-98BB-56E2378D705B}
2011-11-29 15:12:23 -------- d-----w- C:\Users\Kathie\AppData\Local\{D4FA95E1-4BF6-44E5-B7D9-7647DDC4C1E1}
2011-11-29 15:12:13 -------- d-----w- C:\Users\Kathie\AppData\Local\{0D82E1D6-87B1-4557-9C2E-05919AED84C7}
2011-11-29 13:49:37 -------- d-----w- C:\Users\Kathie\AppData\Local\{C4B15C21-93D2-456A-BAEA-B8045F56A71B}
2011-11-29 13:49:21 -------- d-----w- C:\Users\Kathie\AppData\Local\{A59132D4-9150-4304-A957-C38D1B795253}
2011-11-29 05:43:04 -------- d-----w- C:\Users\Kathie\AppData\Local\{CDAA8332-E852-4E80-B79D-4D505C5219C0}
2011-11-29 05:42:53 -------- d-----w- C:\Users\Kathie\AppData\Local\{7C2C1311-E590-443B-AF1A-9D00EB4453E2}
2011-11-28 21:26:31 -------- d-----w- C:\Users\Kathie\AppData\Local\{BB6160D4-FF4C-4915-853C-17E7AE3F6B3A}
2011-11-28 21:26:20 -------- d-----w- C:\Users\Kathie\AppData\Local\{6C30E465-6630-44B4-930F-EA05FB80D420}
2011-11-28 13:46:25 -------- d-----w- C:\Users\Kathie\AppData\Local\{ACE3D8D5-5D47-4152-AECC-052A5AE99C4F}
2011-11-28 13:46:10 -------- d-----w- C:\Users\Kathie\AppData\Local\{7C211AF9-2B5C-451D-A324-1CDD30BE133D}
2011-11-28 01:10:41 -------- d-----w- C:\Users\Kathie\AppData\Local\{D1B425AC-0120-4913-86B3-698A360874F0}
2011-11-28 01:10:26 -------- d-----w- C:\Users\Kathie\AppData\Local\{1586DBE7-FC4F-4FB9-9629-AA24997D4D64}
2011-11-27 05:35:34 -------- d-----w- C:\Users\Kathie\AppData\Local\{AB2D1940-919E-45B1-9B2E-CB8E401270C3}
2011-11-27 05:35:19 -------- d-----w- C:\Users\Kathie\AppData\Local\{32A3B90A-D68A-46DA-BCCB-732D7B6698EA}
2011-11-27 02:00:36 -------- d-----w- C:\Users\Kathie\AppData\Local\{BAC94C35-0EEB-4D53-A26C-9E0539220604}
2011-11-27 02:00:22 -------- d-----w- C:\Users\Kathie\AppData\Local\{F8515D2D-1B04-4A6B-AA18-F004997E0E82}
2011-11-25 13:01:12 -------- d-----w- C:\Users\Kathie\AppData\Local\{6FC6454B-DF86-4855-87DA-0746D498AD97}
2011-11-25 13:00:58 -------- d-----w- C:\Users\Kathie\AppData\Local\{8FA3B695-3E9E-4001-ACE7-88E68BA05E9B}
2011-11-24 16:44:27 -------- d-----w- C:\Users\Kathie\AppData\Local\{A205CCBD-F221-48EA-BBDE-441D5E29769B}
2011-11-24 16:44:14 -------- d-----w- C:\Users\Kathie\AppData\Local\{7E2CF4C6-F4BB-488A-96D1-F463619121DF}
2011-11-24 16:33:30 -------- d-----w- C:\Users\Kathie\AppData\Local\{1680A03A-A475-4961-8E74-B1E363D28C99}
2011-11-24 16:33:17 -------- d-----w- C:\Users\Kathie\AppData\Local\{EBAD4862-9430-40DE-9E66-C91187BDF460}
2011-11-24 03:18:58 -------- d-----w- C:\Users\Kathie\AppData\Local\{E361426D-3954-41DC-B187-56A31611C1D6}
2011-11-24 03:18:47 -------- d-----w- C:\Users\Kathie\AppData\Local\{E36EF0C2-B2D6-474E-BD8D-0A9AC09CC888}
2011-11-24 00:58:45 -------- d-----w- C:\Users\Kathie\AppData\Local\{4E5033B0-D24E-422B-A80B-AC9D66E044E8}
2011-11-24 00:58:31 -------- d-----w- C:\Users\Kathie\AppData\Local\{F0A3A42D-5910-4415-BAD8-C3A5E789B4A2}
2011-11-22 22:11:51 -------- d-----w- C:\Users\Kathie\AppData\Local\{4DE0A5A2-638F-4918-AAA8-BF5293EDE3EE}
2011-11-22 22:11:34 -------- d-----w- C:\Users\Kathie\AppData\Local\{659E6BB9-1988-4EB0-978E-4D704B82DD94}
2011-11-22 15:42:21 -------- d-----w- C:\Users\Kathie\AppData\Local\{C17495F7-EA00-48FA-B6A3-4D3BD014940E}
2011-11-22 15:42:07 -------- d-----w- C:\Users\Kathie\AppData\Local\{8F1664D1-7BF8-4B19-92BD-E810EC8CA16E}
2011-11-22 05:38:58 -------- d-----w- C:\Users\Kathie\AppData\Local\{61F07B05-6C76-4216-8028-4D910C8BB3CF}
2011-11-22 05:38:46 -------- d-----w- C:\Users\Kathie\AppData\Local\{C4F3DBCB-562C-490C-9098-2421B907E566}
2011-11-22 05:17:36 -------- d-----w- C:\Users\Kathie\AppData\Local\{10D43195-D23B-4F8B-84EE-732BFBACE811}
2011-11-22 05:17:22 -------- d-----w- C:\Users\Kathie\AppData\Local\{C703102B-317B-4F2C-AAC7-4E0FF17BD348}
2011-11-22 04:53:23 -------- d-----w- C:\Users\Kathie\AppData\Local\{1BA28B04-A150-41B6-98A7-9E6D2F5AA36D}
2011-11-22 04:53:11 -------- d-----w- C:\Users\Kathie\AppData\Local\{61270267-2512-4AE1-AEB4-E3912A27AF8A}
2011-11-21 23:00:35 -------- d-----w- C:\Users\Kathie\AppData\Local\{A733A1C0-CD46-40BF-8DDA-C2977EF48577}
2011-11-21 23:00:17 -------- d-----w- C:\Users\Kathie\AppData\Local\{34008902-6161-4C78-A3F0-74AB081FC5C6}
2011-11-21 20:05:08 -------- d-----w- C:\Users\Kathie\AppData\Local\{79E80520-AA8E-467C-99A4-9794FE39F557}
2011-11-21 20:04:51 -------- d-----w- C:\Users\Kathie\AppData\Local\{469FE05B-CF71-4DC6-98D2-4256C1AA8DBD}
2011-11-21 03:22:21 -------- d-----w- C:\Users\Kathie\AppData\Local\{D03A5F24-E7E7-41D5-9B58-AAB4F0E64B40}
2011-11-21 03:22:05 -------- d-----w- C:\Users\Kathie\AppData\Local\{2F26DFD1-E836-4128-B4BB-BFFB30053A84}
2011-11-21 02:06:41 -------- d-----w- C:\Users\Kathie\AppData\Local\{D369BFEA-1C49-47FA-BC13-213D2AC06B27}
2011-11-21 02:06:30 -------- d-----w- C:\Users\Kathie\AppData\Local\{031F9EAD-12D5-49F7-96B0-A71A527175A8}
2011-11-20 22:24:24 -------- d-----w- C:\Users\Kathie\AppData\Local\{22CAECAB-10DF-48BD-AEB7-90629E91CD3A}
2011-11-20 22:24:12 -------- d-----w- C:\Users\Kathie\AppData\Local\{0FB5A3D0-C123-4577-94FD-CB17CB4FE47E}
2011-11-19 19:30:48 -------- d-----w- C:\Users\Kathie\AppData\Local\{0B63D4DF-B7B9-4F62-9A3C-59848411DF71}
2011-11-19 19:30:36 -------- d-----w- C:\Users\Kathie\AppData\Local\{C4C24ECB-8EDE-43BF-9A17-ABB3662FC7E6}
2011-11-19 15:07:58 -------- d-----w- C:\Users\Kathie\AppData\Local\{DAE88209-60F4-4D45-9C68-B4AC6655C7C3}
2011-11-19 15:07:41 -------- d-----w- C:\Users\Kathie\AppData\Local\{33D6A28D-3EB1-4466-82EB-C2DB5A19F15E}
2011-11-19 05:20:41 -------- d-----w- C:\Users\Kathie\AppData\Local\{E1B9FD9F-9DBD-405E-A44F-FA1E8932FD6F}
2011-11-19 05:20:30 -------- d-----w- C:\Users\Kathie\AppData\Local\{3AAE152F-A442-4A0B-BAA4-4B49FD58DA4A}
2011-11-18 21:37:18 -------- d-----w- C:\Users\Kathie\AppData\Local\{8DF097E0-615B-4F74-A999-F072A9CD1ED3}
2011-11-18 21:37:07 -------- d-----w- C:\Users\Kathie\AppData\Local\{8521FCAC-2943-4D9F-B259-1D939CF30A5B}
2011-11-18 18:15:55 -------- d-----w- C:\Users\Kathie\AppData\Local\{DCD77134-DE6A-4F8A-A6EA-DF87E88E46D9}
2011-11-18 18:15:41 -------- d-----w- C:\Users\Kathie\AppData\Local\{0203BE57-D700-408F-8AF1-7D877A49E5CE}
2011-11-18 15:56:51 -------- d-----w- C:\Users\Kathie\AppData\Local\{3D5D86A1-F16E-480E-912D-92378BF2B81A}
2011-11-18 15:56:37 -------- d-----w- C:\Users\Kathie\AppData\Local\{22F7677D-4106-40E7-B1AA-B1FFB5FA7D2B}
2011-11-18 14:13:07 -------- d-----w- C:\Users\Kathie\AppData\Local\{4AE1DF2E-4D95-49C0-BEF8-762179BFD880}
2011-11-18 14:12:55 -------- d-----w- C:\Users\Kathie\AppData\Local\{E5A78A5C-FC4A-4EF9-88B7-FCF8509A3481}
2011-11-18 04:00:39 -------- d-----w- C:\Users\Kathie\AppData\Local\{A7F83F1A-D976-4024-BB73-18F47F42A96C}
2011-11-18 04:00:26 -------- d-----w- C:\Users\Kathie\AppData\Local\{73232BED-B6DD-4CD8-8258-5BACB023C443}
2011-11-18 01:08:37 -------- d-----w- C:\Users\Kathie\AppData\Local\{718E36AA-4FF8-4CC5-8B89-0BA8A452CA34}
2011-11-18 01:08:15 -------- d-----w- C:\Users\Kathie\AppData\Local\{47B063F3-AAF5-4DA2-8404-77C0C7392605}
2011-11-17 20:38:13 -------- d-----w- C:\Users\Kathie\AppData\Local\{84024590-539F-4ABB-92C7-9D42E2AA8B93}
2011-11-17 20:38:00 -------- d-----w- C:\Users\Kathie\AppData\Local\{A2073432-6C08-453D-9C7D-B36F71B1AA3F}
2011-11-16 02:51:30 -------- d-----w- C:\Users\Kathie\AppData\Local\{AE855A96-179C-4E80-A4D7-82B242F00043}
2011-11-16 02:51:18 -------- d-----w- C:\Users\Kathie\AppData\Local\{299A0D50-74EE-4C79-94F7-1A91A6A2D189}
2011-11-16 00:38:55 -------- d-----w- C:\Users\Kathie\AppData\Local\{C9101548-0CB0-48C0-92BF-E0FEECC24527}
2011-11-16 00:38:34 -------- d-----w- C:\Users\Kathie\AppData\Local\{A589F84B-9477-4807-9114-1631F775B268}
2011-11-15 22:14:50 -------- d-----w- C:\Users\Kathie\AppData\Local\{A1E1BFBD-FCCC-404A-8136-10B86C383BAA}
2011-11-15 22:14:38 -------- d-----w- C:\Users\Kathie\AppData\Local\{2DC6EC73-FDF3-4795-AD1D-7A6D2BB1B3C5}
2011-11-15 19:30:49 -------- d-----w- C:\Users\Kathie\AppData\Local\{FB157507-A870-4111-AF3A-E3A82EFBEFFB}
2011-11-15 19:30:37 -------- d-----w- C:\Users\Kathie\AppData\Local\{93D50DBD-A040-42A3-AA6A-96302CBF93C7}
2011-11-15 15:42:19 -------- d-----w- C:\Users\Kathie\AppData\Local\{432457CF-AEB8-4028-B754-579319072469}
2011-11-15 15:42:01 -------- d-----w- C:\Users\Kathie\AppData\Local\{F1F09580-0D9E-4AB8-BBFA-2A3569038A90}
2011-11-15 14:45:10 -------- d-----w- C:\Users\Kathie\AppData\Local\{FF18F52D-4EEC-4887-A2B9-22CFCCDA3B75}
2011-11-15 14:44:59 -------- d-----w- C:\Users\Kathie\AppData\Local\{1BCC0F70-3269-434A-A374-FBA821C6451D}
2011-11-15 04:31:54 -------- d-----w- C:\Users\Kathie\AppData\Local\{7881EC81-2DEC-4B04-ACE6-7C6A2260EC08}
2011-11-15 04:31:40 -------- d-----w- C:\Users\Kathie\AppData\Local\{205EDF1E-01F9-4B84-A845-9BC827940330}
2011-11-15 03:29:15 -------- d-----w- C:\Users\Kathie\AppData\Local\{DA8B7643-7DF0-44D0-B9E5-6BF67AAD4B27}
2011-11-15 03:29:01 -------- d-----w- C:\Users\Kathie\AppData\Local\{D4EA85AA-DADF-4D9F-B9E1-0ECF0C3F18FE}
2011-11-14 20:51:19 -------- d-----w- C:\Users\Kathie\AppData\Local\{CC5591A0-4C6A-455D-93B2-F74923EFCC27}
2011-11-14 20:51:05 -------- d-----w- C:\Users\Kathie\AppData\Local\{65FD3B5A-529F-42F7-B823-D1A3AABB5E89}
2011-11-14 16:40:41 -------- d-----w- C:\Users\Kathie\AppData\Local\{38FA71A5-3AA8-4E9D-8618-381607ABB432}
2011-11-14 16:40:30 -------- d-----w- C:\Users\Kathie\AppData\Local\{4E54712A-9D73-40CE-9976-85EF78B504D1}
2011-11-14 13:01:21 -------- d-----w- C:\Users\Kathie\AppData\Local\{DA72CA6C-8C3E-4B77-9C63-BEBCC11444EB}
2011-11-14 13:01:09 -------- d-----w- C:\Users\Kathie\AppData\Local\{2F0653F7-60E0-45A4-BD63-E7DB8E5BE21A}
.
==================== Find3M ====================
.
2011-11-10 10:54:13 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-10-01 03:21:20 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-10-01 02:59:14 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-09-29 16:24:44 1897328 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-09-29 04:09:30 3141120 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 18:16:45.76 ===============
ken545
2011-12-16, 00:12
:snwelcome:


Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.

Running programs with Vista or Windows 7 , you need to Right Click on the program and select RUN AS ADMINISTATOR





Download ComboFix from one of these locations:

Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)


* IMPORTANT !!! Save ComboFix.exe to your Desktop


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link (http://www.bleepingcomputer.com/forums/topic114351.html) for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.


Double click on ComboFix.exe & follow the prompts.


As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.


Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



http://img.photobucket.com/albums/v706/ried7/RC1.png


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

http://img.photobucket.com/albums/v706/ried7/RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
womble
2011-12-16, 07:38
Hi Ken,

Thank you for helping me!

I have disabled all Anti-Virus and Spybot teatimer. Run Combofix and here is the log:

ComboFix 11-12-15.02 - Kathie 15/12/2011 23:53:37.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.2.1033.18.3999.2490 [GMT -5:00]
Running from: c:\users\Kathie\Desktop\ALEX\COMBOFIX.EXE
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\etc\hosts.txt
.
.
((((((((((((((((((((((((( Files Created from 2011-11-16 to 2011-12-16 )))))))))))))))))))))))))))))))
.
.
2011-12-16 04:59 . 2011-12-16 04:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-16 04:44 . 2011-12-16 04:44 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-16 04:36 . 2011-12-16 04:36 -------- d-----w- c:\programdata\AVG Secure Search
2011-12-16 04:36 . 2011-12-16 04:36 -------- d-----w- c:\program files (x86)\AVG Secure Search
2011-12-16 04:36 . 2011-12-16 04:36 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
2011-12-12 23:14 . 2011-12-12 23:14 -------- d-----w- c:\program files (x86)\ERUNT
2011-12-12 22:25 . 2011-12-12 22:25 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-12-11 00:36 . 2011-12-11 00:36 -------- d-----w- c:\users\Kathie\AppData\Local\Mozilla
2011-12-10 22:35 . 2011-12-12 22:31 -------- d-----w- c:\program files (x86)\MALWAREBYTES ANTI-MALWARE
2011-12-10 22:32 . 2011-12-10 22:32 -------- d-----w- c:\program files\CCleaner
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-10 10:54 . 2010-11-22 22:20 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-10-01 03:21 . 2011-10-13 05:07 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-10-01 02:59 . 2011-10-13 05:07 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-09-29 16:24 . 2011-11-10 17:21 1897328 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-09-29 04:09 . 2011-11-10 17:21 3141120 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2011-12-16 04:36 1547104 ----a-w- c:\program files (x86)\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll" [2011-12-16 1547104]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-07-16 1668664]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392]
"SacReminderHDDV2"="c:\programdata\Clickfree\HDDV2USB3\reminder\SacReminder.exe" [2010-12-03 444240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QPService"="c:\program files (x86)\HP\QuickPlay\QPService.exe" [2009-06-24 468264]
"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-18 218408]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-24 323640]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-05-13 581480]
"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG10\avgtray.exe" [2011-09-10 2338656]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2011-12-16 827232]
.
c:\users\Kathie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 2 (0x2)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"WallpaperStyle"= 2
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG10\avgchsva.exe /sync\0c:\progra~2\AVG\AVG10\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-11-10 167264]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-08-18 7390560]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG10\avgwdsvc.exe [2011-02-08 269520]
S2 CFUACProxy_hddv2usb3;CFUACProxy_hddv2usb3;c:\programdata\Clickfree\HDDV2USB3\UACProxy.exe [2010-12-03 83792]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-14 92216]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 vToolbarUpdater;vToolbarUpdater;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe [2011-12-16 855904]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [x]
S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-01-12 227896]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 20:11 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-09 c:\windows\Tasks\HPCeeScheduleForKathie.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 09:22]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2009-07-14 495104]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-21 171520]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_CA&c=94&bd=Pavilion&pf=cnnb
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 207.164.234.193 207.164.234.129
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll
FF - ProfilePath - c:\users\Kathie\AppData\Roaming\Mozilla\Firefox\Profiles\1b950fcb.default\
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{08DB3902-2CE0-474D-BCE3-0177766CE9F1} - c:\program files (x86)\InstallShield Installation Information\{08DB3902-2CE0-474D-BCE3-0177766CE9F1}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
.
**************************************************************************
.
Completion time: 2011-12-16 00:10:24 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-16 05:10
.
Pre-Run: 191,805,804,544 bytes free
Post-Run: 191,306,625,024 bytes free
.
- - End Of File - - 553C5C6CB6472089DCA756FFDB18AABF
womble
2011-12-16, 07:42
And here is ComboFix.txt

ComboFix 11-12-15.02 - Kathie 15/12/2011 23:53:37.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.2.1033.18.3999.2490 [GMT -5:00]
Running from: c:\users\Kathie\Desktop\ALEX\COMBOFIX.EXE
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\etc\hosts.txt
.
.
((((((((((((((((((((((((( Files Created from 2011-11-16 to 2011-12-16 )))))))))))))))))))))))))))))))
.
.
2011-12-16 04:59 . 2011-12-16 04:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-16 04:44 . 2011-12-16 04:44 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-16 04:36 . 2011-12-16 04:36 -------- d-----w- c:\programdata\AVG Secure Search
2011-12-16 04:36 . 2011-12-16 04:36 -------- d-----w- c:\program files (x86)\AVG Secure Search
2011-12-16 04:36 . 2011-12-16 04:36 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
2011-12-12 23:14 . 2011-12-12 23:14 -------- d-----w- c:\program files (x86)\ERUNT
2011-12-12 22:25 . 2011-12-12 22:25 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-12-11 00:36 . 2011-12-11 00:36 -------- d-----w- c:\users\Kathie\AppData\Local\Mozilla
2011-12-10 22:35 . 2011-12-12 22:31 -------- d-----w- c:\program files (x86)\MALWAREBYTES ANTI-MALWARE
2011-12-10 22:32 . 2011-12-10 22:32 -------- d-----w- c:\program files\CCleaner
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-10 10:54 . 2010-11-22 22:20 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-10-01 03:21 . 2011-10-13 05:07 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-10-01 02:59 . 2011-10-13 05:07 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-09-29 16:24 . 2011-11-10 17:21 1897328 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-09-29 04:09 . 2011-11-10 17:21 3141120 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2011-12-16 04:36 1547104 ----a-w- c:\program files (x86)\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll" [2011-12-16 1547104]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-07-16 1668664]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392]
"SacReminderHDDV2"="c:\programdata\Clickfree\HDDV2USB3\reminder\SacReminder.exe" [2010-12-03 444240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QPService"="c:\program files (x86)\HP\QuickPlay\QPService.exe" [2009-06-24 468264]
"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-18 218408]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-24 323640]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-05-13 581480]
"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG10\avgtray.exe" [2011-09-10 2338656]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2011-12-16 827232]
.
c:\users\Kathie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 2 (0x2)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"WallpaperStyle"= 2
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG10\avgchsva.exe /sync\0c:\progra~2\AVG\AVG10\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-11-10 167264]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-08-18 7390560]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG10\avgwdsvc.exe [2011-02-08 269520]
S2 CFUACProxy_hddv2usb3;CFUACProxy_hddv2usb3;c:\programdata\Clickfree\HDDV2USB3\UACProxy.exe [2010-12-03 83792]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-14 92216]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 vToolbarUpdater;vToolbarUpdater;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe [2011-12-16 855904]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [x]
S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-01-12 227896]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 20:11 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-09 c:\windows\Tasks\HPCeeScheduleForKathie.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 09:22]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2009-07-14 495104]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-21 171520]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_CA&c=94&bd=Pavilion&pf=cnnb
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 207.164.234.193 207.164.234.129
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll
FF - ProfilePath - c:\users\Kathie\AppData\Roaming\Mozilla\Firefox\Profiles\1b950fcb.default\
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{08DB3902-2CE0-474D-BCE3-0177766CE9F1} - c:\program files (x86)\InstallShield Installation Information\{08DB3902-2CE0-474D-BCE3-0177766CE9F1}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
.
**************************************************************************
.
Completion time: 2011-12-16 00:10:24 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-16 05:10
.
Pre-Run: 191,805,804,544 bytes free
Post-Run: 191,306,625,024 bytes free
.
- - End Of File - - 553C5C6CB6472089DCA756FFDB18AABF
ken545
2011-12-16, 12:15
Good Morning,

Your Hosts file was infected and Combofix replaced it.

I am not really sure what all these entries are related to, lets check one of them. You need the 64Bit version


Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1 (http://jpshortstuff.247fixes.com/SystemLook.exe)
Download Mirror #2 (http://images.malwareremoval.com/jpshortstuff/SystemLook.exe)
64 Bit Version (http://jpshortstuff.247Fixes.com/SystemLook_x64.exe)


Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:


:dir
C:\Users\Kathie\AppData\Local\{217733F6-9FFB-4565-9ACA-FD25763359BD}


Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt




Also lets check for rootkit, it looks like Combofix did not find one but lets double check anyway

Download aswMBR.exe (http://public.avast.com/~gmerek/aswMBR.exe) ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
http://public.avast.com/~gmerek/aswMBR1.png

On completion of the scan click save log, save it to your desktop and post in your next reply
http://public.avast.com/~gmerek/aswMBR2.png
womble
2011-12-17, 00:30
Hi Ken,

This is the log from SystemLook:

SystemLook 30.07.11 by jpshortstuff
Log created at 17:28 on 16/12/2011 by Kathie
Administrator - Elevation successful

========== dir ==========

C:\Users\Kathie\AppData\Local\{217733F6-9FFB-4565-9ACA-FD25763359BD} - Parameters: "(none)"

---Files---
None found.

---Folders---
None found.

-= EOF =-
womble
2011-12-17, 00:33
And this is the log from aswMBR log:

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-12-16 17:30:49
-----------------------------
17:30:49.055 OS Version: Windows x64 6.1.7600
17:30:49.055 Number of processors: 2 586 0x170A
17:30:49.055 ComputerName: KATHIE-PC UserName: Kathie
17:30:50.787 Initialize success
17:31:29.523 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
17:31:29.523 Disk 0 Vendor: WDC_WD3200BEVT-60ZCT1 13.01A13 Size: 305245MB BusType: 11
17:31:31.551 Disk 0 MBR read successfully
17:31:31.551 Disk 0 MBR scan
17:31:31.551 Disk 0 unknown MBR code
17:31:31.551 Service scanning
17:31:39.648 Modules scanning
17:31:39.648 Disk 0 trace - called modules:
17:31:39.663 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
17:31:39.679 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c60060]
17:31:39.679 3 CLASSPNP.SYS[fffff880010cd43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800479c060]
17:31:39.694 Scan finished successfully
17:31:59.460 Disk 0 MBR has been saved successfully to "C:\Users\Kathie\Desktop\ALEX\MBR.dat"
17:31:59.460 The log file has been saved successfully to "C:\Users\Kathie\Desktop\ALEX\aswMBR.txt"
ken545
2011-12-17, 00:53
Hi,

aswMBR log looks fine. Have the redirects stopped ????

Those directories may have been removed

Plug this in to System Look

:dir
C:\Users\Kathie\AppData\Local


Then run this scanner


OTL by OldTimer

Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the "Scan All Users" checkbox.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
womble
2011-12-17, 03:13
Hi Ken,

Redirects appear to have stopped and the laptop is behaving itself.

Results from SYSTEMLOOK:

SystemLook 30.07.11 by jpshortstuff
Log created at 20:11 on 16/12/2011 by Kathie
Administrator - Elevation successful

========== dir ==========

C:\Users\Kathie\AppData\Local - Parameters: "(none)"

---Files---
AtStart.txt --a---- 0 bytes [15:05 11/01/2010] [15:05 11/01/2010]
DSwitch.txt --a---- 0 bytes [15:05 11/01/2010] [15:05 11/01/2010]
GDIPFONTCACHEV1.DAT --a---- 84240 bytes [02:37 12/01/2010] [22:22 23/11/2010]
IconCache.db --ah--- 2960296 bytes [20:13 11/01/2010] [22:50 16/12/2011]
QSwitch.txt --a---- 0 bytes [15:05 11/01/2010] [15:05 11/01/2010]

---Folders---
Adobe d------ [14:53 25/11/2010]
Application Data d--hs-- [02:29 12/01/2010]
Diagnostics d------ [03:15 19/02/2010]
Google d------ [14:29 28/03/2011]
Hewlett-Packard d------ [15:04 11/01/2010]
History d--hs-- [02:29 12/01/2010]
Microsoft d------ [02:29 12/01/2010]
Microsoft Help d------ [02:31 12/01/2010]
Mozilla d------ [00:36 11/12/2011]
QuickPlay d------ [14:08 15/01/2010]
Temp d------ [02:29 12/01/2010]
Temporary Internet Files d--hs-- [02:29 12/01/2010]
VirtualStore d------ [15:04 11/01/2010]
Windows Live d------ [01:02 23/11/2010]
Windows Live Writer d------ [19:16 22/12/2010]
{005A4817-394F-49E2-9A9E-77CC49C88773} d------ [00:18 02/10/2011]
{00B19E28-6EF5-4968-ADC5-A3F43F18CD84} d------ [14:00 12/06/2011]
{017A220C-E3CB-484C-82B6-9747046E7D0A} d------ [04:32 16/12/2011]
{0193DCDC-02AB-4B9F-A877-FC580D26D139} d------ [02:15 05/12/2011]
{0203BE57-D700-408F-8AF1-7D877A49E5CE} d------ [18:15 18/11/2011]
{023C6E61-532D-4641-81FC-705C60E91011} d------ [22:18 10/12/2011]
{03108C53-C092-4A54-9B71-DD9047381461} d------ [17:14 10/11/2011]
{031F9EAD-12D5-49F7-96B0-A71A527175A8} d------ [02:06 21/11/2011]
{0359897B-153E-4B35-AA22-F7D34F5DDAC0} d------ [15:17 12/10/2011]
{0400C205-475C-4B8F-B826-6BFC32507A99} d------ [16:09 07/12/2011]
{043794B3-8DBA-40D3-B075-B013371E6C44} d------ [23:06 08/10/2011]
{05C4CC55-46BB-40BF-9FCB-BE7CE7C0BA5A} d------ [05:21 06/10/2011]
{05D8BF1B-88BD-4808-B467-9B0C34041A04} d------ [20:46 05/12/2011]
{06C32742-EE4D-4EF1-A926-4F922FBD6D41} d------ [19:33 14/04/2011]
{087407DB-5D9E-4117-B7DC-AFB61D4E217B} d------ [20:43 30/03/2011]
{08916CDE-F145-4313-8C1C-9F566B1FB862} d------ [14:53 09/08/2011]
{08D58AF9-42BF-4DAC-871C-128EE97EE5AA} d------ [00:15 02/12/2011]
{0AAF965D-C8FB-4B80-9123-A6A0B4CDCBDD} d------ [21:52 12/12/2011]
{0AE421BA-C77C-4DC8-9221-CD7CA68A3D04} d------ [17:08 07/12/2011]
{0B63D4DF-B7B9-4F62-9A3C-59848411DF71} d------ [19:30 19/11/2011]
{0BEA1EC8-E653-43B0-9F44-88CAFFBF03E9} d------ [16:05 03/05/2011]
{0CCD7B04-4599-4D78-ADF7-39B11B2E337C} d------ [03:02 18/04/2011]
{0D493F3A-6005-448A-BE49-EBA99106C5F4} d------ [21:31 29/11/2011]
{0D74894F-2DBF-4490-9D1A-6647B62E863F} d------ [18:06 29/09/2011]
{0D755FCC-679B-42E9-8D04-1E0526161F49} d------ [04:36 09/12/2011]
{0D82E1D6-87B1-4557-9C2E-05919AED84C7} d------ [15:12 29/11/2011]
{0DA49173-D187-4972-890F-B40EB0BAE50A} d------ [14:33 17/04/2011]
{0DEC16C9-2210-4666-8F0F-5D0540ABEB5B} d------ [16:49 29/10/2011]
{0FB5A3D0-C123-4577-94FD-CB17CB4FE47E} d------ [22:24 20/11/2011]
{0FC19B21-6448-4036-AE2D-759D0C2B016A} d------ [20:19 21/08/2011]
{101D6817-7ED3-40DB-AE7C-183F1048DF67} d------ [03:47 07/11/2011]
{10D43195-D23B-4F8B-84EE-732BFBACE811} d------ [05:17 22/11/2011]
{11BCA7A8-F2B5-4201-AC8D-210018A2D90D} d------ [21:53 21/09/2011]
{11C0DD6B-A173-4334-8A7D-44216DF9F868} d------ [15:12 06/12/2011]
{11FE7B75-D305-4DA5-8B14-552A655E1ED4} d------ [01:57 10/08/2011]
{1309A731-5AB4-4162-B5C4-1B16C1315ED5} d------ [14:15 06/12/2011]
{13ECE90F-96F1-4256-BD2B-F20AA6EA2615} d------ [06:26 05/12/2011]
{14E23D50-5602-4548-8719-1BFB920F86E6} d------ [16:07 05/11/2011]
{1547D435-8C6B-43E0-B6AA-640B74234D9D} d------ [17:59 09/05/2011]
{15579016-3366-424E-965F-670A88A59816} d------ [18:29 02/11/2011]
{1586DBE7-FC4F-4FB9-9629-AA24997D4D64} d------ [01:10 28/11/2011]
{1680A03A-A475-4961-8E74-B1E363D28C99} d------ [16:33 24/11/2011]
{173CBA0E-A734-41E6-A539-0A32FA77CA74} d------ [17:36 25/04/2011]
{17601612-36C4-48B7-91A7-28ED90D34C9C} d------ [14:44 09/12/2011]
{17A7AA2C-1B92-4A50-AFD1-1104C6F73392} d------ [14:15 06/12/2011]
{186F61AC-F6B2-4BC0-B4D6-F4472CD82229} d------ [14:50 25/04/2011]
{18784474-50A7-4DC3-8FAE-BD491CD037F1} d------ [21:30 27/04/2011]
{1A841A0A-34AF-4B01-B7A9-4FA3C263ED7C} d------ [15:13 05/11/2011]
{1AD1BC5E-924A-4981-A3BD-EF41FCC97EC5} d------ [04:02 17/10/2011]
{1B010E0E-DAA9-4ED0-A564-5E783856A6C5} d------ [18:39 01/12/2011]
{1B5AC597-7F04-46E9-B763-6CE9BFF92AAB} d------ [15:07 06/12/2011]
{1BA28B04-A150-41B6-98A7-9E6D2F5AA36D} d------ [04:53 22/11/2011]
{1BCC0F70-3269-434A-A374-FBA821C6451D} d------ [14:44 15/11/2011]
{1BFB432E-74D2-4D02-9612-50631BB55951} d------ [23:14 05/12/2011]
{1D49ECC5-79F0-442F-809A-75949E66D059} d------ [16:04 02/11/2011]
{1D67E896-0ED5-4B48-9739-046143DE1992} d------ [21:54 05/12/2011]
{1D8B4B5A-5F4A-4719-8FE2-4BA77A47B486} d------ [02:05 12/10/2011]
{1E301486-39A6-40AD-8FA2-99A9BE5CDBDA} d------ [04:32 16/12/2011]
{1E8B8CA5-710B-4E06-82A9-128274074A46} d------ [16:50 30/09/2011]
{205EDF1E-01F9-4B84-A845-9BC827940330} d------ [04:31 15/11/2011]
{21126DE4-CDE9-4701-86ED-E413F261E4A2} d------ [23:46 16/10/2011]
{217733F6-9FFB-4565-9ACA-FD25763359BD} d------ [19:22 08/12/2011]
{2206ED97-67A7-4F83-8F7F-FE0D372D177E} d------ [04:38 10/10/2011]
{22307D9E-F8C2-43A6-9458-EBD9149D5628} d------ [16:32 09/12/2011]
{22380D17-B39B-444D-93ED-0CE2B7B0F8DA} d------ [13:18 01/05/2011]
{22C9D58F-D44E-4A72-9A7F-675A35835F0D} d------ [00:53 17/10/2011]
{22CAECAB-10DF-48BD-AEB7-90629E91CD3A} d------ [22:24 20/11/2011]
{22F7677D-4106-40E7-B1AA-B1FFB5FA7D2B} d------ [15:56 18/11/2011]
{231F62D1-82CF-4333-AD41-6DB0DE786003} d------ [21:50 27/04/2011]
{23BE68DE-BCDF-471D-9897-35769BB27585} d------ [04:59 06/10/2011]
{23FBC25C-E77D-46D2-A74C-42B1D378A490} d------ [17:22 30/11/2011]
{24290D5F-652B-418F-BB6D-E0A91A796705} d------ [23:22 12/09/2011]
{245BC9E9-9486-400E-B309-3492F6A98ED3} d------ [20:58 05/07/2011]
{256BF1EA-E8CE-47E7-9C1C-B9F7B636CDD1} d------ [05:00 20/06/2011]
{26012691-8C92-4BD7-843D-36B9D72FD287} d------ [18:00 28/10/2011]
{2667CEE5-0E80-4CAA-B26F-0169603894B2} d------ [21:17 29/11/2011]
{26F0EEF3-BD5C-4E32-B4B6-7687DB378E14} d------ [04:38 10/10/2011]
{26F3E38C-63E0-430E-8B75-5580433C6973} d------ [14:24 01/12/2011]
{27D21BEC-2499-4E1A-9F7B-E22BC0FAFD83} d------ [23:33 31/05/2011]
{28A57EF2-D093-4DFC-ACB8-E75AADAA038D} d------ [20:17 30/05/2011]
{291231F9-6AE9-4C25-BFDE-BC8D2DA5FEAF} d------ [16:54 07/12/2011]
{296AB670-A248-497B-95E3-42154C479772} d------ [15:15 25/06/2011]
{299A0D50-74EE-4C79-94F7-1A91A6A2D189} d------ [02:51 16/11/2011]
{29F04B1E-8496-425C-9EBE-8D84E089FAF1} d------ [21:17 29/11/2011]
{2A2A2287-9CB5-4361-B2CB-5B5C5607FAC7} d------ [14:34 09/12/2011]
{2A535F8F-A0AC-44FE-A99D-1EEF3A144868} d------ [16:25 13/10/2011]
{2A5AA366-B5E4-4521-8335-1F931D072282} d------ [14:50 06/12/2011]
{2AB79F84-D194-4BA1-BA71-1EEBB39C6376} d------ [23:03 01/11/2011]
{2C2B98CF-3C76-46BC-ADC3-4065E501472C} d------ [11:22 23/08/2011]
{2CD04E6B-DE16-49F5-8E12-EF13F5B1567E} d------ [14:06 12/04/2011]
{2CE2501F-4099-4D71-8D2F-7ED0D8666DDA} d------ [16:50 10/10/2011]
{2DC6EC73-FDF3-4795-AD1D-7A6D2BB1B3C5} d------ [22:14 15/11/2011]
{2E264570-7ADF-4805-BC16-52FE21AA5869} d------ [03:44 01/04/2011]
{2F0653F7-60E0-45A4-BD63-E7DB8E5BE21A} d------ [13:01 14/11/2011]
{2F26DFD1-E836-4128-B4BB-BFFB30053A84} d------ [03:22 21/11/2011]
{2FE4BFCB-07E6-423D-8F96-FEE60BBBA310} d------ [19:37 05/04/2011]
{2FEE6B09-61B6-4BDC-8784-A7C76F9A70C9} d------ [02:50 03/12/2011]
{3064276F-F61F-45D9-89B8-081A51C0E9B7} d------ [14:17 29/04/2011]
{30EEE42E-BFB7-422B-A1D2-BC7FCC128BA4} d------ [12:51 22/06/2011]
{31B6D66A-3EAB-48C8-821E-2E8DC4706810} d------ [16:49 10/10/2011]
{31D0CEC8-D964-43BD-91C5-31903CE52EA6} d------ [13:56 16/10/2011]
{320312F1-7883-455F-B9B7-73AD279755A3} d------ [14:30 09/12/2011]
{32A3B90A-D68A-46DA-BCCB-732D7B6698EA} d------ [05:35 27/11/2011]
{33A941C2-685E-4C0D-9F31-049CEC3EC597} d------ [14:24 01/12/2011]
{33D6A28D-3EB1-4466-82EB-C2DB5A19F15E} d------ [15:07 19/11/2011]
{34008902-6161-4C78-A3F0-74AB081FC5C6} d------ [23:00 21/11/2011]
{34559E18-F04F-4C75-A5AB-5D060A2691BC} d------ [22:57 05/12/2011]
{345ED00A-DB19-4C1F-B753-28D06AA1C1DF} d------ [15:30 06/12/2011]
{34691D42-DD36-4F89-B091-EE68510F6ACE} d------ [23:06 08/10/2011]
{347A1DC6-8164-4B55-BC02-3024A7935DB3} d------ [20:19 21/08/2011]
{347CBFC7-33C2-49FF-954E-31AB38741C78} d------ [19:54 15/10/2011]
{348351EC-735A-4AA9-AD03-16C2402EF309} d------ [02:14 01/11/2011]
{352D7834-1452-4A08-A912-828D4BE50C47} d------ [18:41 11/10/2011]
{36429530-DEFA-43CF-96BE-81538D0FB2FD} d------ [16:11 03/10/2011]
{365E1F12-39F7-4B85-ADDB-199DEE7F8316} d------ [12:29 29/09/2011]
{36710890-2208-441D-A046-3E4F9E522468} d------ [12:37 30/08/2011]
{38FA71A5-3AA8-4E9D-8618-381607ABB432} d------ [16:40 14/11/2011]
{3946F96B-90FF-4A00-875C-6AD2E6A82808} d------ [14:17 11/10/2011]
{3954CB1C-1CDB-49C8-BF33-6FA171A85F31} d------ [14:23 05/10/2011]
{395806B3-5BB2-4D08-B445-4FD03A22F3B1} d------ [03:20 12/10/2011]
{3AAE152F-A442-4A0B-BAA4-4B49FD58DA4A} d------ [05:20 19/11/2011]
{3AE734B8-73B5-4043-9B9F-640D24534684} d------ [03:07 09/12/2011]
{3B1ED089-EBCD-4BC3-BD33-792D8101A3F3} d------ [00:42 16/06/2011]
{3BCDF69B-8BDD-4E78-B703-07219B897AC1} d------ [04:21 31/10/2011]
{3CF4423F-9550-4F90-BD51-B90C722BCEC5} d------ [00:28 02/10/2011]
{3D3B69E2-2BCD-4B42-9C09-CE01F74169BD} d------ [05:04 19/05/2011]
{3D3BABC5-5103-4904-8CEE-DAD27B620A2F} d------ [15:36 09/12/2011]
{3D5D86A1-F16E-480E-912D-92378BF2B81A} d------ [15:56 18/11/2011]
{3DA1C0F8-BA31-4C3B-989A-D3BB000AB4BB} d------ [14:09 15/10/2011]
{3DACB088-0B5D-4E37-8207-FBE6F7F33D0B} d------ [20:16 07/08/2011]
{3DF6E589-5482-4C6B-977F-4AFF00B77FEA} d------ [23:39 29/10/2011]
{3E74E093-CD94-4A08-A288-95564FB03E81} d------ [00:18 02/10/2011]
{3EBB0AD1-D590-4F56-8924-C20834DCF091} d------ [03:47 07/11/2011]
{3ED891DA-C67C-4288-93E4-B526FE22B451} d------ [04:19 23/04/2011]
{3EE1242F-EB3E-4C3C-9E5F-B537B5B558C4} d------ [14:14 11/11/2011]
{41FA5CB9-E2A8-484D-BC80-643C4774F976} d------ [23:54 28/10/2011]
{4203E08B-B279-4150-B7EF-DF3EFEFE6A9F} d------ [14:06 23/06/2011]
{42374419-5FE5-45B0-8B84-3DE8B4401C65} d------ [12:24 05/05/2011]
{42A94201-467B-4E10-B55A-5137064AA5FF} d------ [16:09 07/12/2011]
{432457CF-AEB8-4028-B754-579319072469} d------ [15:42 15/11/2011]
{43CF24CE-06F6-4649-9944-3BA3C763F25F} d------ [16:56 22/08/2011]
{43F6DD77-CCBB-423E-BAA5-FEF55D2252F3} d------ [23:08 07/12/2011]
{442B509C-A6BF-4FC2-BAC8-DCD59F506B51} d------ [04:21 31/10/2011]
{450F7D98-9159-4C18-BE79-8D804FD85D65} d------ [16:32 09/12/2011]
{4690A298-15E2-4909-AB28-098E0F928112} d------ [02:58 27/06/2011]
{469FE05B-CF71-4DC6-98D2-4256C1AA8DBD} d------ [20:04 21/11/2011]
{46EA5BD2-87B2-41B5-9C3B-88F3DD762AE5} d------ [08:22 10/10/2011]
{47916D0A-2EB6-45F7-A996-517491875CF0} d------ [02:52 02/11/2011]
{47B063F3-AAF5-4DA2-8404-77C0C7392605} d------ [01:08 18/11/2011]
{47CFA059-8618-4086-9323-AB4EF12C4945} d------ [03:08 29/10/2011]
{481F0843-57F2-4776-B66F-1C531B504FCE} d------ [22:18 27/06/2011]
{48F27DE7-2C05-4871-B952-5E18304876C7} d------ [03:20 12/10/2011]
{497722CF-C2E0-4B72-8B49-D8C08ED19B16} d------ [20:18 19/05/2011]
{49926F1A-D05B-40C2-B397-F62DF7EACCA8} d------ [15:45 01/10/2011]
{49A76F4F-DBA0-410E-BCBB-D1875D0D5087} d------ [17:13 11/09/2011]
{4AC3E774-C51F-4D25-8743-7A60A8DFEF1F} d------ [13:33 04/10/2011]
{4AE1DF2E-4D95-49C0-BEF8-762179BFD880} d------ [14:13 18/11/2011]
{4BFFEC02-4ABF-44A6-9F47-E39FEED49A7A} d------ [16:04 02/11/2011]
{4D7BC681-70C0-411F-A8B2-EE446A299779} d------ [19:32 29/11/2011]
{4DE0A5A2-638F-4918-AAA8-BF5293EDE3EE} d------ [22:11 22/11/2011]
{4E5033B0-D24E-422B-A80B-AC9D66E044E8} d------ [00:58 24/11/2011]
{4E54712A-9D73-40CE-9976-85EF78B504D1} d------ [16:40 14/11/2011]
{4F9BAF90-889A-4504-AF56-073A5F62AA9A} d------ [00:30 04/11/2011]
{4FA08D46-112B-4743-A512-56DF30DC5BF8} d------ [05:19 05/12/2011]
{51004795-E703-4038-B37E-C6DBE04F4671} d------ [14:17 10/10/2011]
{51A50125-7F36-4403-9749-A760DEAD6FD0} d------ [15:36 09/12/2011]
{522CCC08-F217-4A03-B24B-D7C0F85A325F} d------ [18:06 29/09/2011]
{5384E053-C875-406F-B4E2-B50907010A30} d------ [15:51 07/12/2011]
{5398F441-4F4E-4778-BFA6-51243B83FAA6} d------ [01:19 11/05/2011]
{53C1BFE2-C88F-4F19-BEC8-FAC5CAEF3732} d------ [17:01 22/08/2011]
{53CE4260-E8F2-4CEF-A828-A6A2D5D79A0D} d------ [16:07 05/11/2011]
{53F0A9B6-FE3D-4AD3-AF0A-456D26ADDCF3} d------ [03:56 14/10/2011]
{552EB9C1-3A90-484E-93DD-7AA92C6F75B7} d------ [03:18 25/05/2011]
{555E5ACE-E8BF-4B0A-8E12-496B8340C357} d------ [03:03 30/09/2011]
{55A3450D-7C90-429E-987A-3BD39BFEEBD2} d------ [19:32 07/08/2011]
{56A68E71-E72C-4E75-AE37-D4A3E1927C70} d------ [14:23 05/10/2011]
{56AC25F3-A5B9-45B2-9966-1EA01ABC887E} d------ [08:22 10/10/2011]
{57FD24B3-B794-4BA0-B936-F330774710D6} d------ [14:24 02/04/2011]
{587FBC06-1B20-47D3-AD15-F2FF8466E3D4} d------ [17:12 11/09/2011]
{5A1180F7-5412-467A-8A2E-145FEF8A6994} d------ [02:03 20/09/2011]
{5A893777-4A2A-43A8-BBDA-7240D24E4C89} d------ [23:04 10/11/2011]
{5AB40E53-B2E7-48FD-BA58-CEC8961DA6DF} d------ [14:34 09/12/2011]
{5AB464FE-EFB6-4335-B336-F3BEDAF87AAB} d------ [03:40 14/10/2011]
{5B48B50D-F39A-45F6-A07C-5EE2676972B2} d------ [15:17 12/10/2011]
{5C0E0049-02A8-425E-B422-A27C8566CBBC} d------ [21:03 10/10/2011]
{5C6F59B2-24FD-4CA5-A5F8-4C4E53A07211} d------ [16:03 29/08/2011]
{5CF77BB4-27F8-44CE-9985-37A0580F9210} d------ [04:16 09/12/2011]
{5DD99C29-29AD-49C0-800A-D567BCBC7D03} d------ [15:50 28/06/2011]
{5DDF3AB3-AC59-4B85-AD5E-CCA55181D5B1} d------ [15:55 06/11/2011]
{5F1E43BE-B2C6-4C12-BD4B-F2A61DE0FB18} d------ [13:23 01/05/2011]
{5F5D62EC-D45C-4BC6-B087-09CBC9492CC2} d------ [04:44 16/12/2011]
{5F6F2D66-DB20-4702-8E9D-1D3D0D6C597E} d------ [18:39 01/12/2011]
{600EEE51-EE88-40E5-82D8-21A8EB2223CE} d------ [15:03 18/04/2011]
{6029A32B-A1CE-470D-912D-32094859550C} d------ [20:18 05/12/2011]
{608F12B8-3FE3-420B-B71D-4DC448EC6566} d------ [15:17 27/09/2011]
{60BA9806-4AA7-4FD4-B6F0-2C6F335F52C7} d------ [23:46 02/11/2011]
{61270267-2512-4AE1-AEB4-E3912A27AF8A} d------ [04:53 22/11/2011]
{616BA63C-3A17-46FA-8101-A4D531FBC99F} d------ [02:05 12/10/2011]
{61F07B05-6C76-4216-8028-4D910C8BB3CF} d------ [05:38 22/11/2011]
{62248A99-E7B6-4F31-A356-B5D5021BAC40} d------ [21:52 04/12/2011]
{623E9AC9-1224-412D-8BCF-DBA1DAE49578} d------ [00:10 02/06/2011]
{62A9455D-20B2-4E81-9B22-077CEFF9A671} d------ [19:24 29/06/2011]
{62F94057-0E34-45C3-9B9A-83D0392FBFAB} d------ [04:49 13/10/2011]
{632ADA3C-9F9F-419C-B40E-DDFC1C570853} d------ [23:08 07/12/2011]
{63499CD2-7C50-4A14-B004-35AB0947D166} d------ [23:04 10/11/2011]
{6359E992-D58D-45E2-8650-7038CB026A52} d------ [11:59 15/04/2011]
{643A4718-0A9F-4FB5-946A-6568191EA376} d------ [04:55 17/06/2011]
{64C61BB0-C0DA-43A1-9B9F-088EF00D9915} d------ [05:07 06/12/2011]
{659E6BB9-1988-4EB0-978E-4D704B82DD94} d------ [22:11 22/11/2011]
{65FD3B5A-529F-42F7-B823-D1A3AABB5E89} d------ [20:51 14/11/2011]
{66A8FB0E-7E7F-447D-A7A5-4A66386FF47B} d------ [17:26 05/09/2011]
{66DE9948-A0A2-4B02-BF34-88AD1A014F9A} d------ [16:11 03/10/2011]
{68D68CA9-ECC4-4E26-9D4C-9B563F7069DE} d------ [13:09 28/04/2011]
{690898CA-7DA8-4863-B727-6558EE0A45AB} d------ [19:24 04/06/2011]
{69124193-404F-4851-8712-B5D59B24A027} d------ [03:03 19/04/2011]
{6A89FFF8-6C8E-43DE-8C17-231F4A2BBBCF} d------ [13:29 05/11/2011]
{6B5A7A8A-C00E-4C89-BDE8-997D841FB2F0} d------ [01:53 10/08/2011]
{6C30E465-6630-44B4-930F-EA05FB80D420} d------ [21:26 28/11/2011]
{6CE84042-FE79-4317-B48C-40E1003F1C5F} d------ [14:11 17/10/2011]
{6D1489C5-503E-445B-8DC8-91C2435452BA} d------ [11:22 23/08/2011]
{6D1A4909-C9D4-4F6B-BDF8-9D2DB7B29CEF} d------ [15:03 01/11/2011]
{6D828C36-5405-4551-BF4F-6F6F9953944A} d------ [04:49 13/10/2011]
{6E36EBB7-7438-4E7C-B297-FB31A0536A0C} d------ [14:17 11/10/2011]
{6F978627-90E8-4CC7-97F8-7377D9BD89F2} d------ [20:16 07/08/2011]
{6FB51E61-01F8-40D8-9626-4E57470330F2} d------ [02:03 20/09/2011]
{6FC6454B-DF86-4855-87DA-0746D498AD97} d------ [13:01 25/11/2011]
{7001276F-409C-458F-9854-9C028D57F3E6} d------ [14:31 09/12/2011]
{705904E3-68DE-4158-8022-89633A2D6EDC} d------ [21:33 26/04/2011]
{718E36AA-4FF8-4CC5-8B89-0BA8A452CA34} d------ [01:08 18/11/2011]
{72136D3C-D58C-4BC5-9AF1-8CFC7EEB3774} d------ [21:54 21/09/2011]
{72AC673E-EFEF-4BBF-B2AD-F16AC5643AB9} d------ [05:21 06/10/2011]
{72E58DF3-6EE2-4050-BA27-091DE906F487} d------ [15:39 09/12/2011]
{730DC85F-A1CF-4B03-93F9-D18B8CB9666B} d------ [23:14 05/12/2011]
{7322D64F-1EAB-4BE0-9750-CEBF899A5817} d------ [21:03 10/10/2011]
{73232BED-B6DD-4CD8-8258-5BACB023C443} d------ [04:00 18/11/2011]
{738F6757-289C-4568-9584-AA1DA24FD21C} d------ [20:42 27/04/2011]
{745545D7-2B1C-496A-B289-7673E1939620} d------ [03:04 30/09/2011]
{7493C50D-3E47-45A9-BA1A-C6CCDC3E717C} d------ [13:16 27/05/2011]
{764CC19F-28AE-4B04-8430-A51B19360DD6} d------ [00:53 17/10/2011]
{77CE178B-4B84-4F78-994F-37AB4B909FF7} d------ [21:52 12/12/2011]
{78128607-A530-480E-AAC8-C6852BB6914F} d------ [19:22 08/12/2011]
{78487A47-BB6A-408E-B653-571750FC90D8} d------ [13:24 30/09/2011]
{7881EC81-2DEC-4B04-ACE6-7C6A2260EC08} d------ [04:31 15/11/2011]
{78DADF21-8F0A-4D25-947C-EB7C51F2E740} d------ [19:50 27/09/2011]
{79E80520-AA8E-467C-99A4-9794FE39F557} d------ [20:05 21/11/2011]
{7A516B4B-A1D1-429E-88CC-CF16603B3D0E} d------ [15:07 06/12/2011]
{7B9773ED-EA09-454C-BE31-EB0BA8E87A46} d------ [13:38 04/11/2011]
{7B9B0B33-8594-434D-A965-3673A3855FE6} d------ [15:45 01/10/2011]
{7BC1F688-E9F2-4DB7-ACB5-3AF223A99253} d------ [13:29 05/11/2011]
{7C211AF9-2B5C-451D-A324-1CDD30BE133D} d------ [13:46 28/11/2011]
{7C2C1311-E590-443B-AF1A-9D00EB4453E2} d------ [05:42 29/11/2011]
{7C2E4988-83E6-4A65-9AF6-F05FC867FECE} d------ [13:56 16/10/2011]
{7C9E5B0E-B4BC-4C7A-AFDB-8781DD170A28} d------ [17:04 14/10/2011]
{7E2CF4C6-F4BB-488A-96D1-F463619121DF} d------ [16:44 24/11/2011]
{7EE235D6-64A8-4F8A-9B22-B6EA80FD1174} d------ [04:51 09/12/2011]
{7FF35697-3FEC-4119-8C2F-B38982F817BB} d------ [15:02 01/11/2011]
{8013957C-0F89-4CBB-92D9-A922C66A0248} d------ [14:50 06/12/2011]
{8049C0BD-6E96-4BE6-8494-A03E6EAC5B58} d------ [06:24 06/11/2011]
{82013638-D80B-4A07-8886-58F988942911} d------ [14:24 20/04/2011]
{82D90DFB-1691-4F9F-AE5A-83DDB05357A9} d------ [01:09 09/05/2011]
{8332BCA2-2B5E-44D0-A3FD-9FC72A2B9395} d------ [16:18 31/10/2011]
{83A3583C-E945-4BDD-BF3E-D241F4AB9F46} d------ [19:31 29/11/2011]
{84024590-539F-4ABB-92C7-9D42E2AA8B93} d------ [20:38 17/11/2011]
{84630D5B-D422-4EB4-BD5C-ADD2E21338F1} d------ [01:20 28/09/2011]
{8475C183-E714-4345-BE43-504BB7AC9CCE} d------ [03:23 15/10/2011]
{84EF98DC-2CAC-44B2-AE9A-02EF3A6ADE53} d------ [04:51 09/12/2011]
{84FAD432-36F9-4954-B7CF-6B12830903A4} d------ [15:16 12/09/2011]
{8521FCAC-2943-4D9F-B259-1D939CF30A5B} d------ [21:37 18/11/2011]
{869E1806-5019-4691-A378-3BA7AD771A52} d------ [14:09 15/10/2011]
{8748B5F1-D5B5-4E6F-98BB-56E2378D705B} d------ [15:23 29/11/2011]
{87F035E9-9AC2-4FEC-9285-D302E7659BB6} d------ [02:14 05/12/2011]
{88338CFE-B7E5-4185-A04A-41C42B268A07} d------ [22:52 23/04/2011]
{884A451F-18A6-453B-BE04-290CB9542511} d------ [01:34 30/11/2011]
{88867BB2-1436-4754-A3A8-C464BB89E7DE} d------ [02:15 14/06/2011]
{88DD116F-F492-4B1E-8C7C-30CB7538662F} d------ [20:47 05/12/2011]
{88F56AB2-843D-4F57-99FE-DF67F689B4D0} d------ [17:27 27/04/2011]
{89111E73-4F13-4F63-86DE-28AE35A01600} d------ [23:53 17/05/2011]
{891BA131-09F0-4B6B-8FDE-B0127131098C} d------ [21:07 02/11/2011]
{89767B68-AD6D-47AA-8C5F-E882FA34E974} d------ [23:12 12/12/2011]
{8A37A191-FC72-40AE-8759-483BBD207F79} d------ [15:50 04/10/2011]
{8DF097E0-615B-4F74-A999-F072A9CD1ED3} d------ [21:37 18/11/2011]
{8E9DF5B8-34D0-4E3F-A92C-E09B756AB55E} d------ [12:37 30/08/2011]
{8EFE8A25-008A-4E7D-B4D1-20995F38229F} d------ [00:19 12/11/2011]
{8F1664D1-7BF8-4B19-92BD-E810EC8CA16E} d------ [15:42 22/11/2011]
{8F301466-D7F2-454B-B417-24E25AA32DE8} d------ [16:03 29/08/2011]
{8F5A9F24-5C5A-419F-9C4B-9C53D74AC208} d------ [07:34 26/04/2011]
{8F93EE9C-F3C1-4A0E-A192-CD539B7A28D0} d------ [17:26 05/09/2011]
{8FA3B695-3E9E-4001-ACE7-88E68BA05E9B} d------ [13:00 25/11/2011]
{90894D07-3CBA-4461-BA28-B292590E3BD7} d------ [14:12 17/10/2011]
{90FFCDC5-6AD7-44B4-8EB6-C3F0394E859C} d------ [21:42 20/06/2011]
{919C15ED-CE61-4598-B999-AAAA220A11B9} d------ [00:52 30/05/2011]
{91BCB7B8-F1EB-49B4-8489-18B74D61F5CF} d------ [02:50 03/12/2011]
{93D50DBD-A040-42A3-AA6A-96302CBF93C7} d------ [19:30 15/11/2011]
{94753A26-3C40-453E-B669-17BD5522D2C6} d------ [16:49 24/04/2011]
{94A1B43C-9EFD-443A-819C-D94D875A8A27} d------ [23:38 29/10/2011]
{961C60B8-2E5E-4287-BAAA-FA36DE4EFC4A} d------ [23:02 14/06/2011]
{967BCB71-2037-40DC-83DB-636F6BB24C0C} d------ [14:41 18/05/2011]
{96F0DEAE-AB0B-4FD5-A1F0-272E60E398CE} d------ [02:59 13/04/2011]
{97F18D61-C555-470B-AE84-6BB8C398989E} d------ [21:30 29/11/2011]
{9A0F9709-0119-4DA6-97E6-D012BA54AA99} d------ [21:57 07/12/2011]
{9A269E6E-22F0-4BDC-96C4-ADD5EAC94357} d------ [15:17 27/09/2011]
{9AE9B765-1C19-4FEA-AC53-4FEB2ED16D19} d------ [18:30 02/11/2011]
{9C27A182-3D34-4580-9DE6-69ED4CAC06ED} d------ [15:30 06/12/2011]
{9CFD1432-8D83-4F29-97DD-939868E3AD95} d------ [12:23 11/04/2011]
{9CFDC33D-2FBE-4CDD-952D-69BF597FE4D5} d------ [01:50 30/09/2011]
{9D8EC8BB-D463-402C-A79A-49BE6194D21C} d------ [19:02 07/05/2011]
{9EAF9E81-8435-41A9-8695-A24BF4541B0D} d------ [14:59 13/04/2011]
{9F978E04-4418-434A-8E21-6E864AA4533F} d------ [04:36 09/12/2011]
{9F9874AC-6878-4DE6-9B7F-BCF2ECCE1932} d------ [13:28 04/05/2011]
{A04933F6-FC3A-48EC-A154-222FF36E50A4} d------ [16:14 05/10/2011]
{A1E0C00D-49CE-4695-8435-3DD460202A50} d------ [15:39 09/12/2011]
{A1E1BFBD-FCCC-404A-8136-10B86C383BAA} d------ [22:14 15/11/2011]
{A1FEFB99-4C56-4D37-9167-0339DAD1A88F} d------ [03:56 14/10/2011]
{A205CCBD-F221-48EA-BBDE-441D5E29769B} d------ [16:44 24/11/2011]
{A2073432-6C08-453D-9C7D-B36F71B1AA3F} d------ [20:38 17/11/2011]
{A2B33282-E367-4B3E-99EB-D294B0F179AF} d------ [16:14 05/10/2011]
{A3035E05-4379-4CB2-BE7D-DEBF8C6521FE} d------ [03:23 15/10/2011]
{A31A2FB0-79FA-46FE-BF3F-0B331FDE03F2} d------ [13:37 06/05/2011]
{A3263427-82FC-4447-8546-17FA6033CDBC} d------ [18:02 03/04/2011]
{A39D7C8B-C80C-475D-8C5F-11C8F9E177A4} d------ [03:55 07/12/2011]
{A4152B1C-7958-4565-A865-E610ECAEB6B5} d------ [16:49 29/10/2011]
{A4D45305-9F50-4DE1-BDF3-7D7F5188A1D4} d------ [12:29 29/09/2011]
{A589F84B-9477-4807-9114-1631F775B268} d------ [00:38 16/11/2011]
{A59132D4-9150-4304-A957-C38D1B795253} d------ [13:49 29/11/2011]
{A6C4F515-96D5-4DE7-A3BA-0A763755626F} d------ [01:34 30/11/2011]
{A733A1C0-CD46-40BF-8DDA-C2977EF48577} d------ [23:00 21/11/2011]
{A75D3F95-6A88-4640-BBD5-5326D0CDDD81} d------ [23:13 12/12/2011]
{A79DCD66-CCE7-41C4-8979-EC1922C46B02} d------ [05:07 06/12/2011]
{A7F83F1A-D976-4024-BB73-18F47F42A96C} d------ [04:00 18/11/2011]
{A85953BF-C216-4CE8-8FB8-0DBE9FE4114E} d------ [21:08 02/11/2011]
{AA1FE1E6-F4B2-4C62-A3F0-18212500999B} d------ [18:01 28/10/2011]
{AA9001AD-66A8-4580-B5AD-218E741C81D1} d------ [19:11 29/09/2011]
{AA9CF86C-D3C2-417C-884A-FDE71AD6B8AB} d------ [16:29 14/10/2011]
{AAA864EC-5656-4CB2-9727-B03012C53955} d------ [13:34 12/10/2011]
{AAE54B63-EE02-4856-A288-B74E76A23B4E} d------ [03:17 02/11/2011]
{AAF6EC21-D3AA-411A-A591-36C25381516E} d------ [21:47 26/05/2011]
{AB2D1940-919E-45B1-9B2E-CB8E401270C3} d------ [05:35 27/11/2011]
{AB8ACD36-E447-4D30-BCAD-BAF7098B8E1C} d------ [23:38 30/03/2011]
{AC968916-73D1-49C0-B2C5-C4B1CA37B51B} d------ [21:56 07/12/2011]
{ACDA5C85-F7E1-4B5C-BD0D-F0E068A6F6AB} d------ [13:37 04/11/2011]
{ACE3D8D5-5D47-4152-AECC-052A5AE99C4F} d------ [13:46 28/11/2011]
{AD5D0785-04C9-422D-8374-2DAD375A1183} d------ [05:19 05/12/2011]
{AE855A96-179C-4E80-A4D7-82B242F00043} d------ [02:51 16/11/2011]
{AEC6C66A-1EEE-45D7-9416-FF972F66668E} d------ [13:24 25/04/2011]
{AFB4D1DF-AD24-464F-95B5-D8E671BB915A} d------ [13:42 07/04/2011]
{AFD2C127-4A58-4955-B6CF-85051F7C1530} d------ [17:04 14/10/2011]
{B17E226D-956F-4DFD-BE93-6B545FACFEC6} d------ [15:50 04/10/2011]
{B19E5CF8-DD7D-4AAE-A7A6-C64428688361} d------ [17:08 07/12/2011]
{B1C51B52-8030-4EF4-B574-ACA27BEE5C41} d------ [03:54 07/12/2011]
{B3175E9B-420F-4C98-8AD5-DF507C5ED5F3} d------ [22:38 10/09/2011]
{B31E6ABB-EFEB-4081-B9DA-D8AC944B4B14} d------ [19:54 15/10/2011]
{B3ABED28-A90D-43D5-8F46-6A820672553D} d------ [18:15 30/11/2011]
{B41B57E9-99B4-4849-8B78-3AEAF7F020A2} d------ [19:51 31/10/2011]
{B45053A4-E27A-4E2A-A101-20ACD895ED4A} d------ [13:04 28/04/2011]
{B563015B-1E8C-47B5-9E7C-CD3988536E35} d------ [16:18 31/10/2011]
{B6A5C02A-7411-430F-A463-F347BF51AA03} d------ [18:12 21/04/2011]
{B75BEC98-19BD-4E3C-BCCC-5F84272FC70A} d------ [02:52 02/11/2011]
{B80CD5F3-53E9-4AE1-B004-0929C56A71B3} d------ [23:46 02/11/2011]
{B8CD6C18-96F4-4254-886E-C9CFCBE59B6C} d------ [23:46 16/10/2011]
{BA544BA8-0609-47EB-8C5C-85EBD4173C1B} d------ [13:21 27/07/2011]
{BA5E2C83-E247-433A-8C6B-4CADE1E82B6E} d------ [15:21 18/07/2011]
{BA600802-7987-475F-A27F-92DE7DCFA435} d------ [13:14 10/05/2011]
{BA884EC3-36BF-414D-B46D-E894F12B1194} d------ [20:18 05/12/2011]
{BAC94C35-0EEB-4D53-A26C-9E0539220604} d------ [02:00 27/11/2011]
{BB6160D4-FF4C-4915-853C-17E7AE3F6B3A} d------ [21:26 28/11/2011]
{BB80CFAC-6A49-4DB2-9FCB-A4DDE48B516D} d------ [00:29 02/10/2011]
{BBFC937A-2E66-44BD-A398-41D65659A367} d------ [03:07 09/12/2011]
{BCD771E6-D579-4CF4-A89D-E466FF73EC78} d------ [00:23 05/12/2011]
{BCF5D5BB-35D8-440A-B9E3-A9F32C0D3090} d------ [17:05 22/08/2011]
{BDAD3A6F-AC69-40D3-B885-33A2E913D22B} d------ [01:34 08/06/2011]
{BF46675C-5313-4DFB-89CA-001372B76EBB} d------ [15:55 06/11/2011]
{BF8E39C8-1008-4F79-A259-1EF18517F0C7} d------ [01:55 05/04/2011]
{BFA30C6C-4163-495A-B8FE-F8D0FB9250DC} d------ [22:57 05/12/2011]
{BFBEC189-74F9-44E9-B00E-7DB0AF0256F4} d------ [15:18 30/11/2011]
{C0030D43-886D-40FE-A4A5-C1ED6FD2351A} d------ [05:00 06/10/2011]
{C07FD8E7-4172-4AA5-BFC5-FDFCACBBEE49} d------ [03:42 03/11/2011]
{C0B64FE7-A843-442A-8D6A-B27B651E7584} d------ [16:53 07/12/2011]
{C0CBE688-4C18-4E9F-9EC1-051C8C24D0C8} d------ [15:18 30/11/2011]
{C17495F7-EA00-48FA-B6A3-4D3BD014940E} d------ [15:42 22/11/2011]
{C1CAB1FF-7C21-4CD4-BA01-4226941D5149} d------ [13:34 12/10/2011]
{C37DF65C-F580-41E9-A01B-86F42EA2C486} d------ [15:47 08/08/2011]
{C4088C68-08A3-496E-8944-65B81A42D20E} d------ [00:29 04/11/2011]
{C4A12574-6CA7-4D2B-A051-4A1331FE1CEB} d------ [17:22 30/11/2011]
{C4B15C21-93D2-456A-BAEA-B8045F56A71B} d------ [13:49 29/11/2011]
{C4C24ECB-8EDE-43BF-9A17-ABB3662FC7E6} d------ [19:30 19/11/2011]
{C4F3DBCB-562C-490C-9098-2421B907E566} d------ [05:38 22/11/2011]
{C535D99B-F77A-4586-87D0-57862BF82E51} d------ [21:52 04/12/2011]
{C55AB930-9995-43FE-BA74-114CCF519E81} d------ [21:53 05/12/2011]
{C62DC250-6B11-489E-8B62-540C76B02AE8} d------ [19:49 27/09/2011]
{C645ABE6-0489-43ED-9AAD-AD3813982F99} d------ [15:13 05/11/2011]
{C703102B-317B-4F2C-AAC7-4E0FF17BD348} d------ [05:17 22/11/2011]
{C7EBD9F9-9B5D-4FA6-95EB-0ED4D542696A} d------ [03:46 28/07/2011]
{C88F072E-9E7C-4A78-BC80-737E2D52C662} d------ [20:47 04/11/2011]
{C89EE863-E46B-429F-9A5F-E33787B991E0} d------ [01:09 12/04/2011]
{C8DBED49-54B0-4B32-875A-258BD34C918E} d------ [13:11 07/11/2011]
{C8E1A940-7FCD-43DE-BB36-28DE64C077BC} d------ [13:33 04/10/2011]
{C90417B6-AE7E-43E0-BD69-80FAEBC95226} d------ [14:39 04/11/2011]
{C9101548-0CB0-48C0-92BF-E0FEECC24527} d------ [00:38 16/11/2011]
{C9962647-557D-4C74-9B5D-205CCF60C181} d------ [12:11 13/06/2011]
{CB229E05-AD30-4F16-98C1-A06730B25908} d------ [15:46 08/08/2011]
{CB9319D0-E695-46BA-BF0B-F956712C05F3} d------ [03:08 29/10/2011]
{CC5591A0-4C6A-455D-93B2-F74923EFCC27} d------ [20:51 14/11/2011]
{CD68F2C7-F330-4847-A43E-73C92E437A76} d------ [00:19 12/11/2011]
{CDAA8332-E852-4E80-B79D-4D505C5219C0} d------ [05:43 29/11/2011]
{CDDB2CA8-8B5F-4A3A-B5BA-0D907E95BC73} d------ [14:44 09/12/2011]
{CE570F78-2E56-45E8-B9C0-3273982D4C72} d------ [19:11 06/04/2011]
{CF5EB042-2565-4A89-91ED-A0EB0F6D103C} d------ [00:24 05/12/2011]
{CF60BC51-4C50-48B3-A0AA-B35CD6574AB9} d------ [03:17 02/11/2011]
{CF7ABF91-7D26-4673-84D3-7BD29BC3E8C2} d------ [04:16 09/12/2011]
{D01C3294-EB68-4D95-A56C-165CFD3AE31B} d------ [01:20 28/09/2011]
{D03A5F24-E7E7-41D5-9B58-AAB4F0E64B40} d------ [03:22 21/11/2011]
{D074B766-2528-48D6-8784-421C25B2898C} d------ [23:51 02/05/2011]
{D1315387-A178-4C08-B256-4B7884665304} d------ [14:07 31/03/2011]
{D1B312C5-F3F9-4524-9311-80EA02822042} d------ [16:30 14/10/2011]
{D1B425AC-0120-4913-86B3-698A360874F0} d------ [01:10 28/11/2011]
{D29A74D6-E654-4487-B36B-449845A1E9DA} d------ [19:32 07/08/2011]
{D35D5781-8A9A-4184-B76D-27C19E74AC56} d------ [22:38 10/09/2011]
{D369BFEA-1C49-47FA-BC13-213D2AC06B27} d------ [02:06 21/11/2011]
{D3994ECA-7D2A-4816-830B-1B47E0B8422D} d------ [18:05 01/04/2011]
{D43E2522-6061-468C-9EC1-91C395AB2812} d------ [13:25 30/09/2011]
{D48A6C09-09AD-4DB7-B753-33F7A48C2E11} d------ [16:50 30/09/2011]
{D4EA85AA-DADF-4D9F-B9E1-0ECF0C3F18FE} d------ [03:29 15/11/2011]
{D4FA95E1-4BF6-44E5-B7D9-7647DDC4C1E1} d------ [15:12 29/11/2011]
{D5488110-4BCD-4F0D-BD3A-898E623BFEC3} d------ [12:35 22/04/2011]
{D583DC3C-C839-43D8-8B59-507BB0805BD1} d------ [14:14 11/11/2011]
{D628B33E-DB79-415C-BB18-C4A42B4FDA61} d------ [15:17 12/09/2011]
{D6DDE5E1-11E6-488C-95AE-8FAC64538AC4} d------ [04:50 06/12/2011]
{D87CABD7-8BD7-4235-8B29-D6E2F56B17FB} d------ [18:41 11/10/2011]
{DA72CA6C-8C3E-4B77-9C63-BEBCC11444EB} d------ [13:01 14/11/2011]
{DA8B7643-7DF0-44D0-B9E5-6BF67AAD4B27} d------ [03:29 15/11/2011]
{DAE88209-60F4-4D45-9C68-B4AC6655C7C3} d------ [15:07 19/11/2011]
{DB229771-A41D-4246-91B1-1E00FEF05709} d------ [08:14 10/10/2011]
{DB98C1C0-45BE-4AB8-8C88-73D90909E0EE} d------ [12:53 02/06/2011]
{DBF1ECB4-9901-4B22-B8E4-ACFD07A5E38F} d------ [21:10 01/10/2011]
{DC055807-D50B-4B66-8322-281312390B94} d------ [13:11 07/11/2011]
{DC06770D-0593-4D3D-A8D7-B4E264284269} d------ [16:25 13/10/2011]
{DC13C4BC-9C18-477B-A4AC-832B42BE6D1E} d------ [03:05 12/05/2011]
{DC660B4E-9FC3-424B-9F52-7803819F5924} d------ [03:41 29/05/2011]
{DCD77134-DE6A-4F8A-A6EA-DF87E88E46D9} d------ [18:15 18/11/2011]
{DE1E1E19-E820-495D-AD31-41384F3BCF37} d------ [01:21 12/10/2011]
{DE819AD1-B088-481C-A313-A1137706063D} d------ [19:35 26/04/2011]
{DEDB6B82-6566-4A63-B7D9-25CE2ABA6EF2} d------ [13:20 11/05/2011]
{DF24CF58-0A14-4E78-B11C-8C4C08663B65} d------ [21:10 01/10/2011]
{E0D9C283-86A3-42EA-837D-E638A7DCCAB1} d------ [19:07 12/05/2011]
{E1B9FD9F-9DBD-405E-A44F-FA1E8932FD6F} d------ [05:20 19/11/2011]
{E35C8022-8F8C-42E8-B3C7-18A07187593F} d------ [19:50 31/10/2011]
{E361426D-3954-41DC-B187-56A31611C1D6} d------ [03:18 24/11/2011]
{E36EF0C2-B2D6-474E-BD8D-0A9AC09CC888} d------ [03:18 24/11/2011]
{E373F822-6DD8-4AE6-813F-F2840C52228A} d------ [15:12 06/12/2011]
{E4DB9261-254C-44E5-83A8-C46B4FD6571B} d------ [03:40 14/10/2011]
{E577FCCB-41CD-4C75-AC78-ECAA0FF613C8} d------ [20:47 04/11/2011]
{E5A78A5C-FC4A-4EF9-88B7-FCF8509A3481} d------ [14:12 18/11/2011]
{E5FF6DDD-BB50-4F81-911F-85D17D6374BD} d------ [23:13 06/06/2011]
{E64DFD34-4E16-443B-8CE3-9AC7CFB4B83C} d------ [15:23 29/11/2011]
{E69411E8-9E6A-44DC-9CD3-58126C93568E} d------ [15:02 31/03/2011]
{E6CD773A-34D9-44C3-9173-0E654322D39F} d------ [01:21 12/10/2011]
{E6DE1C7A-D8EA-427A-9AF2-F14423E49673} d------ [04:44 16/12/2011]
{E7BD2639-EAEF-45D1-B8F0-296DC89092DB} d------ [15:50 07/12/2011]
{EA36BA92-D624-49D7-BCB0-5B8721DD67B4} d------ [01:50 30/09/2011]
{EA7ABE5C-2E8E-422A-9D3A-4AE431ED5A47} d------ [16:46 16/04/2011]
{EBAD4862-9430-40DE-9E66-C91187BDF460} d------ [16:33 24/11/2011]
{EC53F1C4-C94C-42DE-81BE-CFE404A51296} d------ [23:54 28/10/2011]
{EC812742-4FE1-42C4-9134-FD35707125AE} d------ [14:39 04/11/2011]
{ECA15E89-9E1D-42B0-89FB-638AB84228CC} d------ [01:11 23/06/2011]
{EE370FC7-8D85-4DBE-8DD8-957947394833} d------ [06:24 06/11/2011]
{EE81AAD4-5983-48B5-9C58-67871C077E47} d------ [18:33 19/04/2011]
{EEADF6C0-AADA-4CD8-8834-251EF1E680A7} d------ [04:50 06/12/2011]
{EF966FF1-07CC-4FF3-8282-0E8EFEAA04CB} d------ [19:11 29/09/2011]
{F0A3A42D-5910-4415-BAD8-C3A5E789B4A2} d------ [00:58 24/11/2011]
{F111BC5E-82D7-4707-8D22-EE2D6E4B6E3E} d------ [14:16 10/10/2011]
{F1AA70EF-FC45-4737-87F0-FC782DEF24A7} d------ [13:55 04/04/2011]
{F1F09580-0D9E-4AB8-BBFA-2A3569038A90} d------ [15:42 15/11/2011]
{F2193A6A-3104-4F76-ADAB-1A6CF3CFC555} d------ [04:02 17/10/2011]
{F21ADECE-B7A2-4ECB-BE41-DE459FAA0F60} d------ [03:42 03/11/2011]
{F21F1F7B-B2D1-4FDC-A6D1-E8E485DBBEAA} d------ [17:05 22/08/2011]
{F3065CC4-3AB2-48BB-9A19-AA69946781FC} d------ [03:29 08/04/2011]
{F31B93BC-241F-4F75-A1DD-7F98085C9EC7} d------ [18:15 30/11/2011]
{F40A1543-5833-4836-A643-237BE38527F0} d------ [16:36 19/04/2011]
{F4992D41-F564-4CBD-A7CB-A1BB71BB6E92} d------ [23:21 12/09/2011]
{F5E23578-CCE6-470A-A189-8320B697B60E} d------ [00:15 02/12/2011]
{F632442D-7C2F-45CF-A254-9ABF5C5CF7E5} d------ [06:26 05/12/2011]
{F8515D2D-1B04-4A6B-AA18-F004997E0E82} d------ [02:00 27/11/2011]
{F9AA5C5D-4A66-427A-B5DF-E47568348565} d------ [03:51 29/06/2011]
{FB157507-A870-4111-AF3A-E3A82EFBEFFB} d------ [19:30 15/11/2011]
{FCF041AF-D2E5-429A-ADA0-FB57E3096B8D} d------ [02:14 01/11/2011]
{FEA23FE6-8B6C-463D-B032-38C2BB61C83E} d------ [23:03 01/11/2011]
{FF18F52D-4EEC-4887-A2B9-22CFCCDA3B75} d------ [14:45 15/11/2011]
{FFA26EA4-0E07-4015-BB32-B59E18EBCB85} d------ [17:14 10/11/2011]
{FFB26D6C-56CF-4D21-83E7-F66B4BA7A044} d------ [01:58 10/08/2011]

-= EOF =-
womble
2011-12-17, 03:26
OTL.txt



OTL logfile created on: 12/16/2011 8:16:24 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Kathie\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.91 Gb Total Physical Memory | 2.55 Gb Available Physical Memory | 65.38% Memory free
7.81 Gb Paging File | 6.26 Gb Available in Paging File | 80.15% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.37 Gb Total Space | 178.56 Gb Free Space | 62.57% Space Free | Partition Type: NTFS
Drive D: | 12.53 Gb Total Space | 2.09 Gb Free Space | 16.66% Space Free | Partition Type: NTFS

Computer Name: KATHIE-PC | User Name: Kathie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Kathie\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe ()
PRC - C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
PRC - C:\Program Files (x86)\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe ()
PRC - C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\ProgramData\Clickfree\HDDV2USB3\UACProxy.exe (Storage Appliance Corp.)
PRC - C:\ProgramData\Clickfree\HDDV2USB3\reminder\SacReminder.exe (SAC)
PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\cc6713be0e405d5a89a2783103f7e771\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\5672e6b9d976feca51deb06d8dd1df0e\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\018d2569cf208acbe8ad73908705f607\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\45a20172acfdcc160ecb6bd358179c31\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\09e39322b47f9b4e8dd2199ff03acb2e\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\0e245eb9c1067cabd5673fe832d28613\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\a3f989a61ab0468876629134c49514b2\UIAutomationTypes.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\d2dc021a8311197516e4fa325b292f21\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\3136e12cfb8809d39813e76c766c782c\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\275680f2b9db0501d53c50ea7d7a43f0\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e9ebeb7959f1c916ebf6fca8f7077d6c\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\95b9866ab6e4437ef5dc5855ebab4e33\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe ()
MOD - C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()


========== Win32 Services (SafeList) ==========

SRV:[b]64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (vToolbarUpdater) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe ()
SRV - (AVG Security Toolbar Service) -- C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe ()
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (CFUACProxy_hddv2usb3) -- C:\ProgramData\Clickfree\HDDV2USB3\UACProxy.exe (Storage Appliance Corp.)
SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (HsfXAudioService) -- C:\Windows\SysWOW64\XAudio64.dll (Conexant Systems, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (GameConsoleService) -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSEH) -- C:\Windows\SysNative\drivers\AVGIDSEH.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSFilter) -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (IntcHdmiAddService) Intel(R) -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel(R) Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (Dot4Scan) -- C:\Windows\SysNative\drivers\Dot4Scan.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (XAudio) -- C:\Windows\SysNative\drivers\XAudio64.sys (Conexant Systems, Inc.)
DRV:64bit: - (HSF_DPV) -- C:\Windows\SysNative\drivers\CAX_DPV.sys (Conexant Systems, Inc.)
DRV:64bit: - (mdmxsdk) -- C:\Windows\SysNative\drivers\mdmxsdk.sys (Conexant)
DRV:64bit: - (winachsf) -- C:\Windows\SysNative\drivers\CAX_CNXT.sys (Conexant Systems, Inc.)
DRV:64bit: - (CAXHWAZL) -- C:\Windows\SysNative\drivers\CAXHWAZL.sys (Conexant Systems, Inc.)
DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (netw5v64) Intel(R) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_CA&c=94&bd=Pavilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_CA&c=94&bd=Pavilion&pf=cnnb


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-793441373-2273776425-1934341863-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKU\S-1-5-21-793441373-2273776425-1934341863-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/08/21 14:06:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/11/29 19:47:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG10\Firefox4\ [2011/12/05 15:24:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\9.0.0.18\ [2011/12/15 23:36:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/12/10 19:36:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/12/10 19:36:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kathie\AppData\Roaming\Mozilla\Extensions
[2011/12/12 17:24:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/12/12 17:24:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
[2011/12/05 15:24:30 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES (X86)\AVG\AVG10\FIREFOX4
[2011/12/15 23:36:18 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\9.0.0.18
[2011/09/29 01:53:40 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/12/15 23:36:01 | 000,003,766 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2011/09/28 19:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/12/16 00:02:08 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-793441373-2273776425-1934341863-1000\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKU\S-1-5-21-793441373-2273776425-1934341863-1000..\Run: [SacReminderHDDV2] C:\ProgramData\Clickfree\HDDV2USB3\reminder\SacReminder.exe (SAC)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-793441373-2273776425-1934341863-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-793441373-2273776425-1934341863-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-21-793441373-2273776425-1934341863-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 207.164.234.193 207.164.234.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C5BC8390-B45F-474A-B33A-5549C62205D4}: DhcpNameServer = 207.164.234.193 207.164.234.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E7EAA283-14ED-403A-BFF6-561E2637DBB4}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll ()
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgchsva.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/16 20:14:15 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Kathie\Desktop\OTL.exe
[2011/12/16 17:13:51 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/12/16 00:11:24 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011/12/16 00:11:24 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011/12/16 00:11:24 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/12/16 00:11:24 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/12/16 00:11:23 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011/12/16 00:11:23 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011/12/16 00:11:23 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011/12/16 00:11:23 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/12/16 00:11:23 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/12/16 00:11:23 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/12/16 00:11:23 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/12/16 00:11:23 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2011/12/16 00:11:23 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011/12/16 00:11:23 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011/12/16 00:11:23 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2011/12/16 00:10:28 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/12/15 23:51:52 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/12/15 23:51:52 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/12/15 23:51:52 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/12/15 23:51:45 | 000,000,000 | ---D | C] -- C:\COMBOFIX
[2011/12/15 23:51:41 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/15 23:49:50 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2011/12/15 23:49:43 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2011/12/15 23:49:43 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2011/12/15 23:44:36 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{5F5D62EC-D45C-4BC6-B087-09CBC9492CC2}
[2011/12/15 23:44:22 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{E6DE1C7A-D8EA-427A-9AF2-F14423E49673}
[2011/12/15 23:44:16 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/12/15 23:36:05 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2011/12/15 23:36:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search
[2011/12/15 23:36:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search
[2011/12/15 23:32:52 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{1E301486-39A6-40AD-8FA2-99A9BE5CDBDA}
[2011/12/15 23:32:37 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{017A220C-E3CB-484C-82B6-9747046E7D0A}
[2011/12/12 18:14:35 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/12/12 18:14:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011/12/12 18:14:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2011/12/12 18:13:12 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{A75D3F95-6A88-4640-BBD5-5326D0CDDD81}
[2011/12/12 18:12:59 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{89767B68-AD6D-47AA-8C5F-E882FA34E974}
[2011/12/12 17:25:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011/12/12 17:24:32 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011/12/12 17:24:32 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011/12/12 17:24:32 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011/12/12 16:52:45 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{77CE178B-4B84-4F78-994F-37AB4B909FF7}
[2011/12/12 16:52:32 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{0AAF965D-C8FB-4B80-9123-A6A0B4CDCBDD}
[2011/12/10 19:36:10 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Roaming\Mozilla
[2011/12/10 19:36:10 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\Mozilla
[2011/12/10 19:36:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2011/12/10 19:29:51 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Roaming\Real
[2011/12/10 17:35:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
[2011/12/10 17:32:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/12/10 17:32:51 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/12/10 17:24:15 | 000,000,000 | ---D | C] -- C:\Users\Kathie\Desktop\ALEX
[2011/12/10 17:18:41 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{023C6E61-532D-4641-81FC-705C60E91011}
[2011/12/09 11:32:56 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{450F7D98-9159-4C18-BE79-8D804FD85D65}
[2011/12/09 11:32:45 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{22307D9E-F8C2-43A6-9458-EBD9149D5628}
[2011/12/09 10:39:52 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{72E58DF3-6EE2-4050-BA27-091DE906F487}
[2011/12/09 10:39:40 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{A1E0C00D-49CE-4695-8435-3DD460202A50}
[2011/12/09 10:36:26 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{51A50125-7F36-4403-9749-A760DEAD6FD0}
[2011/12/09 10:36:15 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{3D3BABC5-5103-4904-8CEE-DAD27B620A2F}
[2011/12/09 09:44:37 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{CDDB2CA8-8B5F-4A3A-B5BA-0D907E95BC73}
[2011/12/09 09:44:26 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{17601612-36C4-48B7-91A7-28ED90D34C9C}
[2011/12/09 09:34:52 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{5AB40E53-B2E7-48FD-BA58-CEC8961DA6DF}
[2011/12/09 09:34:38 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{2A2A2287-9CB5-4361-B2CB-5B5C5607FAC7}
[2011/12/09 09:31:03 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{7001276F-409C-458F-9854-9C028D57F3E6}
[2011/12/09 09:30:52 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{320312F1-7883-455F-B9B7-73AD279755A3}
[2011/12/08 23:51:59 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{7EE235D6-64A8-4F8A-9B22-B6EA80FD1174}
[2011/12/08 23:51:48 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{84EF98DC-2CAC-44B2-AE9A-02EF3A6ADE53}
[2011/12/08 23:36:45 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{0D755FCC-679B-42E9-8D04-1E0526161F49}
[2011/12/08 23:36:33 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{9F978E04-4418-434A-8E21-6E864AA4533F}
[2011/12/08 23:16:29 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{CF7ABF91-7D26-4673-84D3-7BD29BC3E8C2}
[2011/12/08 23:16:14 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{5CF77BB4-27F8-44CE-9985-37A0580F9210}
[2011/12/08 22:07:50 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{BBFC937A-2E66-44BD-A398-41D65659A367}
[2011/12/08 22:07:35 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{3AE734B8-73B5-4043-9B9F-640D24534684}
[2011/12/08 14:22:53 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{217733F6-9FFB-4565-9ACA-FD25763359BD}
[2011/12/08 14:22:39 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{78128607-A530-480E-AAC8-C6852BB6914F}
[2011/12/07 18:08:24 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{43F6DD77-CCBB-423E-BAA5-FEF55D2252F3}
[2011/12/07 18:08:10 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{632ADA3C-9F9F-419C-B40E-DDFC1C570853}
[2011/12/07 16:57:09 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{9A0F9709-0119-4DA6-97E6-D012BA54AA99}
[2011/12/07 16:56:53 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{AC968916-73D1-49C0-B2C5-C4B1CA37B51B}
[2011/12/07 12:08:20 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{B19E5CF8-DD7D-4AAE-A7A6-C64428688361}
[2011/12/07 12:08:05 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{0AE421BA-C77C-4DC8-9221-CD7CA68A3D04}
[2011/12/07 11:54:11 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{291231F9-6AE9-4C25-BFDE-BC8D2DA5FEAF}
[2011/12/07 11:53:57 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{C0B64FE7-A843-442A-8D6A-B27B651E7584}
[2011/12/07 11:09:59 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{42A94201-467B-4E10-B55A-5137064AA5FF}
[2011/12/07 11:09:48 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{0400C205-475C-4B8F-B826-6BFC32507A99}
[2011/12/07 10:51:14 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{5384E053-C875-406F-B4E2-B50907010A30}
[2011/12/07 10:50:55 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{E7BD2639-EAEF-45D1-B8F0-296DC89092DB}
[2011/12/06 22:55:10 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{A39D7C8B-C80C-475D-8C5F-11C8F9E177A4}
[2011/12/06 22:54:56 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{B1C51B52-8030-4EF4-B574-ACA27BEE5C41}
[2011/12/06 10:30:55 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{9C27A182-3D34-4580-9DE6-69ED4CAC06ED}
[2011/12/06 10:30:37 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{345ED00A-DB19-4C1F-B753-28D06AA1C1DF}
[2011/12/06 10:12:36 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{E373F822-6DD8-4AE6-813F-F2840C52228A}
[2011/12/06 10:12:11 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{11C0DD6B-A173-4334-8A7D-44216DF9F868}
[2011/12/06 10:07:45 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{7A516B4B-A1D1-429E-88CC-CF16603B3D0E}
[2011/12/06 10:07:22 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{1B5AC597-7F04-46E9-B763-6CE9BFF92AAB}
[2011/12/06 09:50:29 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{8013957C-0F89-4CBB-92D9-A922C66A0248}
[2011/12/06 09:50:17 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{2A5AA366-B5E4-4521-8335-1F931D072282}
[2011/12/06 09:15:57 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{17A7AA2C-1B92-4A50-AFD1-1104C6F73392}
[2011/12/06 09:15:46 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{1309A731-5AB4-4162-B5C4-1B16C1315ED5}
[2011/12/06 00:07:19 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{64C61BB0-C0DA-43A1-9B9F-088EF00D9915}
[2011/12/06 00:07:06 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{A79DCD66-CCE7-41C4-8979-EC1922C46B02}
[2011/12/05 23:50:55 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{EEADF6C0-AADA-4CD8-8834-251EF1E680A7}
[2011/12/05 23:50:42 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{D6DDE5E1-11E6-488C-95AE-8FAC64538AC4}
[2011/12/05 18:14:52 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{730DC85F-A1CF-4B03-93F9-D18B8CB9666B}
[2011/12/05 18:14:41 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{1BFB432E-74D2-4D02-9612-50631BB55951}
[2011/12/05 17:57:21 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{34559E18-F04F-4C75-A5AB-5D060A2691BC}
[2011/12/05 17:57:11 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{BFA30C6C-4163-495A-B8FE-F8D0FB9250DC}
[2011/12/05 16:54:08 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{1D67E896-0ED5-4B48-9739-046143DE1992}
[2011/12/05 16:53:55 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{C55AB930-9995-43FE-BA74-114CCF519E81}
[2011/12/05 15:47:03 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{88DD116F-F492-4B1E-8C7C-30CB7538662F}
[2011/12/05 15:46:51 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{05D8BF1B-88BD-4808-B467-9B0C34041A04}
[2011/12/05 15:18:14 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{6029A32B-A1CE-470D-912D-32094859550C}
[2011/12/05 15:18:03 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{BA884EC3-36BF-414D-B46D-E894F12B1194}
[2011/12/05 01:26:48 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{13ECE90F-96F1-4256-BD2B-F20AA6EA2615}
[2011/12/05 01:26:32 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{F632442D-7C2F-45CF-A254-9ABF5C5CF7E5}
[2011/12/05 00:19:53 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{AD5D0785-04C9-422D-8374-2DAD375A1183}
[2011/12/05 00:19:38 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{4FA08D46-112B-4743-A512-56DF30DC5BF8}
[2011/12/04 21:15:03 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{0193DCDC-02AB-4B9F-A877-FC580D26D139}
[2011/12/04 21:14:51 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{87F035E9-9AC2-4FEC-9285-D302E7659BB6}
[2011/12/04 19:24:08 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{CF5EB042-2565-4A89-91ED-A0EB0F6D103C}
[2011/12/04 19:23:54 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{BCD771E6-D579-4CF4-A89D-E466FF73EC78}
[2011/12/04 16:52:42 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{C535D99B-F77A-4586-87D0-57862BF82E51}
[2011/12/04 16:52:28 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{62248A99-E7B6-4F31-A356-B5D5021BAC40}
[2011/12/02 21:50:20 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{91BCB7B8-F1EB-49B4-8489-18B74D61F5CF}
[2011/12/02 21:50:09 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{2FEE6B09-61B6-4BDC-8784-A7C76F9A70C9}
[2011/12/01 19:15:55 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{08D58AF9-42BF-4DAC-871C-128EE97EE5AA}
[2011/12/01 19:15:43 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{F5E23578-CCE6-470A-A189-8320B697B60E}
[2011/12/01 13:39:50 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{5F6F2D66-DB20-4702-8E9D-1D3D0D6C597E}
[2011/12/01 13:39:37 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{1B010E0E-DAA9-4ED0-A564-5E783856A6C5}
[2011/12/01 09:24:55 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{33A941C2-685E-4C0D-9F31-049CEC3EC597}
[2011/12/01 09:24:43 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{26F3E38C-63E0-430E-8B75-5580433C6973}
[2011/11/30 13:15:22 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{F31B93BC-241F-4F75-A1DD-7F98085C9EC7}
[2011/11/30 13:15:12 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{B3ABED28-A90D-43D5-8F46-6A820672553D}
[2011/11/30 12:22:15 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{C4A12574-6CA7-4D2B-A051-4A1331FE1CEB}
[2011/11/30 12:22:04 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{23FBC25C-E77D-46D2-A74C-42B1D378A490}
[2011/11/30 10:18:31 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{BFBEC189-74F9-44E9-B00E-7DB0AF0256F4}
[2011/11/30 10:18:17 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{C0CBE688-4C18-4E9F-9EC1-051C8C24D0C8}
[2011/11/29 20:34:21 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{884A451F-18A6-453B-BE04-290CB9542511}
[2011/11/29 20:34:08 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{A6C4F515-96D5-4DE7-A3BA-0A763755626F}
[2011/11/29 16:31:04 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{0D493F3A-6005-448A-BE49-EBA99106C5F4}
[2011/11/29 16:30:53 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{97F18D61-C555-470B-AE84-6BB8C398989E}
[2011/11/29 16:17:46 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{29F04B1E-8496-425C-9EBE-8D84E089FAF1}
[2011/11/29 16:17:35 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{2667CEE5-0E80-4CAA-B26F-0169603894B2}
[2011/11/29 14:32:11 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{4D7BC681-70C0-411F-A8B2-EE446A299779}
[2011/11/29 14:31:59 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{83A3583C-E945-4BDD-BF3E-D241F4AB9F46}
[2011/11/29 10:23:40 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{E64DFD34-4E16-443B-8CE3-9AC7CFB4B83C}
[2011/11/29 10:23:28 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{8748B5F1-D5B5-4E6F-98BB-56E2378D705B}
[2011/11/29 10:12:23 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{D4FA95E1-4BF6-44E5-B7D9-7647DDC4C1E1}
[2011/11/29 10:12:13 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{0D82E1D6-87B1-4557-9C2E-05919AED84C7}
[2011/11/29 08:49:37 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{C4B15C21-93D2-456A-BAEA-B8045F56A71B}
[2011/11/29 08:49:21 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{A59132D4-9150-4304-A957-C38D1B795253}
[2011/11/29 00:43:04 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{CDAA8332-E852-4E80-B79D-4D505C5219C0}
[2011/11/29 00:42:53 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{7C2C1311-E590-443B-AF1A-9D00EB4453E2}
[2011/11/28 16:26:31 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{BB6160D4-FF4C-4915-853C-17E7AE3F6B3A}
[2011/11/28 16:26:20 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{6C30E465-6630-44B4-930F-EA05FB80D420}
[2011/11/28 08:46:25 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{ACE3D8D5-5D47-4152-AECC-052A5AE99C4F}
[2011/11/28 08:46:10 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{7C211AF9-2B5C-451D-A324-1CDD30BE133D}
[2011/11/27 20:10:41 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{D1B425AC-0120-4913-86B3-698A360874F0}
[2011/11/27 20:10:26 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{1586DBE7-FC4F-4FB9-9629-AA24997D4D64}
[2011/11/27 00:35:34 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{AB2D1940-919E-45B1-9B2E-CB8E401270C3}
[2011/11/27 00:35:19 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{32A3B90A-D68A-46DA-BCCB-732D7B6698EA}
[2011/11/26 21:00:36 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{BAC94C35-0EEB-4D53-A26C-9E0539220604}
[2011/11/26 21:00:22 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{F8515D2D-1B04-4A6B-AA18-F004997E0E82}
[2011/11/25 08:01:12 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{6FC6454B-DF86-4855-87DA-0746D498AD97}
[2011/11/25 08:00:58 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{8FA3B695-3E9E-4001-ACE7-88E68BA05E9B}
[2011/11/24 11:44:27 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{A205CCBD-F221-48EA-BBDE-441D5E29769B}
[2011/11/24 11:44:14 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{7E2CF4C6-F4BB-488A-96D1-F463619121DF}
[2011/11/24 11:33:30 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{1680A03A-A475-4961-8E74-B1E363D28C99}
[2011/11/24 11:33:17 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{EBAD4862-9430-40DE-9E66-C91187BDF460}
[2011/11/23 22:18:58 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{E361426D-3954-41DC-B187-56A31611C1D6}
[2011/11/23 22:18:47 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{E36EF0C2-B2D6-474E-BD8D-0A9AC09CC888}
[2011/11/23 19:58:45 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{4E5033B0-D24E-422B-A80B-AC9D66E044E8}
[2011/11/23 19:58:31 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{F0A3A42D-5910-4415-BAD8-C3A5E789B4A2}
[2011/11/22 17:11:51 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{4DE0A5A2-638F-4918-AAA8-BF5293EDE3EE}
[2011/11/22 17:11:34 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{659E6BB9-1988-4EB0-978E-4D704B82DD94}
[2011/11/22 10:42:21 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{C17495F7-EA00-48FA-B6A3-4D3BD014940E}
[2011/11/22 10:42:07 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{8F1664D1-7BF8-4B19-92BD-E810EC8CA16E}
[2011/11/22 00:38:58 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{61F07B05-6C76-4216-8028-4D910C8BB3CF}
[2011/11/22 00:38:46 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{C4F3DBCB-562C-490C-9098-2421B907E566}
[2011/11/22 00:17:36 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{10D43195-D23B-4F8B-84EE-732BFBACE811}
[2011/11/22 00:17:22 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{C703102B-317B-4F2C-AAC7-4E0FF17BD348}
[2011/11/21 23:53:23 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{1BA28B04-A150-41B6-98A7-9E6D2F5AA36D}
[2011/11/21 23:53:11 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{61270267-2512-4AE1-AEB4-E3912A27AF8A}
[2011/11/21 18:00:35 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{A733A1C0-CD46-40BF-8DDA-C2977EF48577}
[2011/11/21 18:00:17 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{34008902-6161-4C78-A3F0-74AB081FC5C6}
[2011/11/21 15:05:08 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{79E80520-AA8E-467C-99A4-9794FE39F557}
[2011/11/21 15:04:51 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{469FE05B-CF71-4DC6-98D2-4256C1AA8DBD}
[2011/11/20 22:22:21 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{D03A5F24-E7E7-41D5-9B58-AAB4F0E64B40}
[2011/11/20 22:22:05 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{2F26DFD1-E836-4128-B4BB-BFFB30053A84}
[2011/11/20 21:06:41 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{D369BFEA-1C49-47FA-BC13-213D2AC06B27}
[2011/11/20 21:06:30 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{031F9EAD-12D5-49F7-96B0-A71A527175A8}
[2011/11/20 17:24:24 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{22CAECAB-10DF-48BD-AEB7-90629E91CD3A}
[2011/11/20 17:24:12 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{0FB5A3D0-C123-4577-94FD-CB17CB4FE47E}
[2011/11/19 14:30:48 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{0B63D4DF-B7B9-4F62-9A3C-59848411DF71}
[2011/11/19 14:30:36 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{C4C24ECB-8EDE-43BF-9A17-ABB3662FC7E6}
[2011/11/19 10:07:58 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{DAE88209-60F4-4D45-9C68-B4AC6655C7C3}
[2011/11/19 10:07:41 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{33D6A28D-3EB1-4466-82EB-C2DB5A19F15E}
[2011/11/19 00:20:41 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{E1B9FD9F-9DBD-405E-A44F-FA1E8932FD6F}
[2011/11/19 00:20:30 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{3AAE152F-A442-4A0B-BAA4-4B49FD58DA4A}
[2011/11/18 16:37:18 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{8DF097E0-615B-4F74-A999-F072A9CD1ED3}
[2011/11/18 16:37:07 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{8521FCAC-2943-4D9F-B259-1D939CF30A5B}
[2011/11/18 13:15:55 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{DCD77134-DE6A-4F8A-A6EA-DF87E88E46D9}
[2011/11/18 13:15:41 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{0203BE57-D700-408F-8AF1-7D877A49E5CE}
[2011/11/18 10:56:51 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{3D5D86A1-F16E-480E-912D-92378BF2B81A}
[2011/11/18 10:56:37 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{22F7677D-4106-40E7-B1AA-B1FFB5FA7D2B}
[2011/11/18 09:13:07 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{4AE1DF2E-4D95-49C0-BEF8-762179BFD880}
[2011/11/18 09:12:55 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{E5A78A5C-FC4A-4EF9-88B7-FCF8509A3481}
[2011/11/17 23:00:39 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{A7F83F1A-D976-4024-BB73-18F47F42A96C}
[2011/11/17 23:00:26 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{73232BED-B6DD-4CD8-8258-5BACB023C443}
[2011/11/17 20:08:37 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{718E36AA-4FF8-4CC5-8B89-0BA8A452CA34}
[2011/11/17 20:08:15 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{47B063F3-AAF5-4DA2-8404-77C0C7392605}
[2011/11/17 15:38:13 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{84024590-539F-4ABB-92C7-9D42E2AA8B93}
[2011/11/17 15:38:00 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{A2073432-6C08-453D-9C7D-B36F71B1AA3F}

========== Files - Modified Within 30 Days ==========

[2011/12/16 20:14:15 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Kathie\Desktop\OTL.exe
[2011/12/16 20:13:12 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/16 20:13:12 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/16 20:05:50 | 000,000,290 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2011/12/16 20:04:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/16 20:04:01 | 3145,089,024 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/16 17:34:48 | 140,621,544 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2011/12/16 17:09:47 | 000,347,384 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/12/16 00:02:08 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/12/15 23:44:16 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/12/10 19:39:27 | 000,001,258 | ---- | M] () -- C:\Users\Kathie\Desktop\Spybot - Search & Destroy.lnk
[2011/12/10 19:36:07 | 000,001,138 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/12/09 10:35:13 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForKathie.job
[2011/12/06 00:10:58 | 000,001,854 | ---- | M] () -- C:\Users\Kathie\AppData\Roaming\GhostObjGAFix.xml
[2011/12/05 15:24:30 | 000,000,953 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2011/11/19 14:33:58 | 000,732,510 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/11/19 14:33:58 | 000,632,602 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/11/19 14:33:58 | 000,112,556 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

========== Files Created - No Company Name ==========

[2011/12/15 23:51:52 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/12/15 23:51:52 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/12/15 23:51:52 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/12/15 23:51:52 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/12/15 23:51:52 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/12/10 19:39:27 | 000,001,258 | ---- | C] () -- C:\Users\Kathie\Desktop\Spybot - Search & Destroy.lnk
[2011/12/10 19:36:07 | 000,001,150 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/12/10 19:36:07 | 000,001,138 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/11/20 21:17:56 | 000,000,336 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForKathie.job
[2011/04/19 12:47:48 | 000,000,838 | ---- | C] () -- C:\Users\Kathie\AppData\Roaming\wklnhst.dat
[2011/03/27 21:38:55 | 000,001,854 | ---- | C] () -- C:\Users\Kathie\AppData\Roaming\GhostObjGAFix.xml
[2010/08/25 19:34:30 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2010/08/25 19:34:30 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2010/08/25 19:34:30 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2010/08/25 18:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/08/25 18:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2009/11/17 23:25:36 | 000,000,290 | ---- | C] () -- C:\ProgramData\hpqp.ini
[2009/07/15 19:50:42 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:59:36 | 001,498,564 | ---- | C] () -- C:\Windows\SysWow64\igkrng400.bin
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/06/03 14:14:52 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin

========== LOP Check ==========

[2010/11/23 17:06:31 | 000,000,000 | ---D | M] -- C:\Users\Kathie\AppData\Roaming\AVG
[2010/11/22 22:31:53 | 000,000,000 | ---D | M] -- C:\Users\Kathie\AppData\Roaming\AVG10
[2011/04/19 12:47:50 | 000,000,000 | ---D | M] -- C:\Users\Kathie\AppData\Roaming\Template
[2010/01/22 10:02:32 | 000,000,000 | ---D | M] -- C:\Users\Kathie\AppData\Roaming\WildTangent
[2011/04/11 22:10:04 | 000,000,000 | ---D | M] -- C:\Users\Kathie\AppData\Roaming\Windows Live Writer
[2011/12/05 15:46:02 | 000,032,630 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:0B4227B4

< End of report >
womble
2011-12-17, 03:28
Extras.Txt


OTL Extras logfile created on: 12/16/2011 8:16:24 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Kathie\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.91 Gb Total Physical Memory | 2.55 Gb Available Physical Memory | 65.38% Memory free
7.81 Gb Paging File | 6.26 Gb Available in Paging File | 80.15% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.37 Gb Total Space | 178.56 Gb Free Space | 62.57% Space Free | Partition Type: NTFS
Drive D: | 12.53 Gb Total Space | 2.09 Gb Free Space | 16.66% Space Free | Partition Type: NTFS

Computer Name: KATHIE-PC | User Name: Kathie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[b]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416014FF}" = Java(TM) 6 Update 14 (64-bit)
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{E198D3E0-87EC-4FB9-9CF4-AB925CE1FF1C}" = AVG 2011
"{EB505EA6-2D5E-4920-A3BD-89C28EEFA5FA}" = AVG 2011
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"AVG" = AVG 2011
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08DB3902-2CE0-474D-BCE3-0177766CE9F1}" = HP Support Assistant
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 30
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{293F900D-3743-A8CC-46AD-5AFBFF8E29CF}" = muvee Reveal
"{2D4E1F8A-901B-4BBD-B311-B6E56059066E}" = Microsoft Live Search Toolbar
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = PowerRecover
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.7
"{49A143E9-4A6A-43E7-86B1-388194C79248}" = HP Smart Web Printing
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup 2011
"{54CC7901-804D-4155-B353-21F0CC9112AB}" = HP Wireless Assistant
"{64A7418C-6BD4-48BE-A2E3-CAEC3BCD9E81}" = HP User Guides 0156
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{82EF29B1-9B60-4142-A155-0599216DD053}" = LightScribe System Software
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B53E61D7-7C80-40DF-82D2-CF5390D6D20A}" = HP Advisor
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Activate Norton Online Backup
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DF802C05-4660-418c-970C-B988ADB1D316}" = Microsoft Live Search Toolbar
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}" = HP Setup
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"ERUNT_is1" = ERUNT 1.1j
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Smart Web Printing" = HP Smart Web Printing
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Mozilla Firefox 7.0.1 (x86 en-US)" = Mozilla Firefox 7.0.1 (x86 en-US)
"Picasa 3" = Picasa 3
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/22/2011 9:57:55 AM | Computer Name = Kathie-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 6/22/2011 10:32:14 AM | Computer Name = Kathie-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 6/22/2011 10:32:38 AM | Computer Name = Kathie-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 6/22/2011 10:32:38 AM | Computer Name = Kathie-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 6/22/2011 10:35:48 AM | Computer Name = Kathie-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 6/22/2011 9:11:01 PM | Computer Name = Kathie-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 6/23/2011 10:05:44 AM | Computer Name = Kathie-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 6/25/2011 11:14:52 AM | Computer Name = Kathie-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 6/25/2011 11:19:54 AM | Computer Name = Kathie-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 6/25/2011 11:20:18 AM | Computer Name = Kathie-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

[ Hewlett-Packard Events ]
Error - 5/27/2010 10:27:06 PM | Computer Name = Kathie-PC | Source = Hewlett-Packard | ID = 0
Description = en-CA Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a()

Error - 7/12/2010 6:37:23 PM | Computer Name = Kathie-PC | Source = Hewlett-Packard | ID = 0
Description = en-CA Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a()

Error - 9/28/2010 10:42:35 AM | Computer Name = Kathie-PC | Source = Hewlett-Packard | ID = 0
Description = en-CA Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a()

Error - 11/23/2010 6:24:13 PM | Computer Name = Kathie-PC | Source = Hewlett-Packard | ID = 0
Description = en-CA Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a()

Error - 3/27/2011 10:38:53 PM | Computer Name = Kathie-PC | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\031127103843.xml
File not created by asset agent

Error - 3/27/2011 10:38:56 PM | Computer Name = Kathie-PC | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\031127103853.xml
File not created by asset agent

Error - 4/17/2011 12:30:10 PM | Computer Name = Kathie-PC | Source = Hewlett-Packard | ID = 0
Description = en-CA Exception of type 'System.Exception' was thrown. Configurator
at Configurator.ConfiguratorClass.loadXML() at Configurator.ConfiguratorClass..ctor(Boolean
loadxml) at HPSFConfigReader.ConfigHelper..ctor() at HPAssistant.csSettings.loadApplicationResources(Boolean
isOnAppLoad)

Error - 9/5/2011 1:36:03 PM | Computer Name = Kathie-PC | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\091105013553.xml
File not created by asset agent

Error - 10/16/2011 2:35:14 PM | Computer Name = Kathie-PC | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\101116023509.xml
File not created by asset agent

Error - 11/20/2011 10:15:39 PM | Computer Name = Kathie-PC | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\111120091535.xml
File not created by asset agent

[ Media Center Events ]
Error - 4/26/2011 3:06:25 PM | Computer Name = Kathie-PC | Source = MCUpdate | ID = 0
Description = 3:06:25 PM - Error connecting to the internet. 3:06:25 PM - Unable
to contact server..

Error - 4/26/2011 3:06:37 PM | Computer Name = Kathie-PC | Source = MCUpdate | ID = 0
Description = 3:06:31 PM - Error connecting to the internet. 3:06:31 PM - Unable
to contact server..

Error - 4/26/2011 4:06:46 PM | Computer Name = Kathie-PC | Source = MCUpdate | ID = 0
Description = 4:06:46 PM - Error connecting to the internet. 4:06:46 PM - Unable
to contact server..

Error - 4/26/2011 4:07:03 PM | Computer Name = Kathie-PC | Source = MCUpdate | ID = 0
Description = 4:06:51 PM - Error connecting to the internet. 4:06:51 PM - Unable
to contact server..

Error - 4/26/2011 5:39:22 PM | Computer Name = Kathie-PC | Source = MCUpdate | ID = 0
Description = 5:39:22 PM - Error connecting to the internet. 5:39:22 PM - Unable
to contact server..

Error - 4/26/2011 5:39:36 PM | Computer Name = Kathie-PC | Source = MCUpdate | ID = 0
Description = 5:39:27 PM - Error connecting to the internet. 5:39:27 PM - Unable
to contact server..

Error - 4/27/2011 4:46:09 PM | Computer Name = Kathie-PC | Source = MCUpdate | ID = 0
Description = 4:46:08 PM - Error connecting to the internet. 4:46:09 PM - Unable
to contact server..

Error - 4/27/2011 4:46:26 PM | Computer Name = Kathie-PC | Source = MCUpdate | ID = 0
Description = 4:46:14 PM - Error connecting to the internet. 4:46:14 PM - Unable
to contact server..

[ System Events ]
Error - 11/15/2011 11:41:38 AM | Computer Name = Kathie-PC | Source = Service Control Manager | ID = 7000
Description = The SBSD Security Center Service service failed to start due to the
following error: %%1053

Error - 11/24/2011 12:32:36 PM | Computer Name = Kathie-PC | Source = Service Control Manager | ID = 7023
Description = The Server service terminated with the following error: %%14

Error - 11/29/2011 9:49:03 AM | Computer Name = Kathie-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the SBSD
Security Center Service service to connect.

Error - 11/29/2011 9:49:03 AM | Computer Name = Kathie-PC | Source = Service Control Manager | ID = 7000
Description = The SBSD Security Center Service service failed to start due to the
following error: %%1053

Error - 12/16/2011 12:51:37 AM | Computer Name = Kathie-PC | Source = Service Control Manager | ID = 7034
Description = The CFUACProxy_hddv2usb3 service terminated unexpectedly. It has
done this 1 time(s).

Error - 12/16/2011 12:56:38 AM | Computer Name = Kathie-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 12/16/2011 12:59:17 AM | Computer Name = Kathie-PC | Source = Application Popup | ID = 1060
Description = \??\C:\COMBOFIX\catchme.sys has been blocked from loading due to incompatibility
with this system. Please contact your software vendor for a compatible version
of the driver.

Error - 12/16/2011 1:00:07 AM | Computer Name = Kathie-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 12/16/2011 1:02:59 AM | Computer Name = Kathie-PC | Source = Service Control Manager | ID = 7000
Description = The Windows Presentation Foundation Font Cache 3.0.0.0 service failed
to start due to the following error: %%31

Error - 12/16/2011 1:04:49 AM | Computer Name = Kathie-PC | Source = Service Control Manager | ID = 7000
Description = The HP Health Check Service service failed to start due to the following
error: %%31


< End of report >
ken545
2011-12-17, 03:35
I believe those entries are ok.

ESET Online Scanner
I'd like us to scan your machine with ESET OnlineScan

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.



Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://eset.com/onlinescan)
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
Click on http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png icon on your desktop.

Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetStart.png button.
Accept any security warnings from your browser.
Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png
Make sure that the option "Remove found threats" is Unchecked
Push the Start button.
ESET will then download updates for itself, install itself, and begin
scanning your computer. Please be patient as this can take some time.
When the scan completes, push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png, and save the file to your desktop using a unique name, such as
ESETScan. Include the contents of this report in your next reply.
Push the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetBack.png button.
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetFinish.png
Please make sure you include the following items in your next post:
The log that was produced after running ESET Online Scanner.
womble
2011-12-17, 10:24
Hi Ken,

Looks like it found something:

C:\Users\Kathie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\2c3ebeda-49a8d3fd a variant of Java/TrojanDownloader.OpenStream.NBF trojan
ken545
2011-12-17, 12:50
Good Morning,

That bad entry is in your Java Cache, lets flush it all out.



Open OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL



:processes
killallprocesses

:OTL

:Services

:Reg

:Files
ipconfig /flushdns /c


:Commands
[purity]
[resethosts]
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces



Also let me know how your system is behaving now ??
womble
2011-12-17, 20:53
Hi Ken,

Thank you for being so fast with this problem. The laptop appears to be fine. No redirects and is much faster!

Log from OTL

All processes killed
========== PROCESSES ==========
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Kathie\Desktop\ALEX\cmd.bat deleted successfully.
C:\Users\Kathie\Desktop\ALEX\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Kathie
->Temp folder emptied: 32902 bytes
->Temporary Internet Files folder emptied: 30426185 bytes
->Java cache emptied: 1205029 bytes
->FireFox cache emptied: 9989731 bytes
->Flash cache emptied: 470 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1290566 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 41.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 12172011_134028

Files\Folders moved on Reboot...
C:\Users\Kathie\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...
ken545
2011-12-17, 21:35
Wonderful :bigthumb:

Lets just check for leftovers and if nothing is found you will be good to go.

Please download Malwarebytes from Here (http://www.malwarebytes.org/mbam-download.php) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)


Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
http://i24.photobucket.com/albums/c30/ken545/MBAMCapture.jpg
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please
womble
2011-12-17, 22:42
Hi Ken,

All looks good!


Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8388

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

17/12/2011 3:41:36 PM
mbam-log-2011-12-17 (15-41-36).txt

Scan type: Quick scan
Objects scanned: 175131
Time elapsed: 2 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
ken545
2011-12-17, 22:47
Great, glad things are back to normal for you.


Open OTL and click on Clean Up and it will remove programs we used to clean your system along with there backups, any programs that where not removed you can just drag to the trash.

Malwarebytes is the free version and yours to keep and will not be removed



How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
Tutorial for System Restore (http://www.bleepingcomputer.com/tutorials/tutorial56.html) <-- Do this first to prevent yourself from being reinfected.
WhattheTech (http://forums.whatthetech.com/So_how_did_I_get_infected_in_the_first_place_t57817.html)
Grinler BleepingComputer (http://www.bleepingcomputer.com/forums/topic2520.html)
GeeksTo Go (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Dslreports (http://www.dslreports.com/faq/10002)



Safe Surfn
Ken
womble
2011-12-18, 02:18
Thank you very much Ken for fixing this issue, all is working great.
I really appreciate the time you have dedicated to this thread.

Please close this thread.

Btw, the WhattheTech link on your last post is dead!

Cheers
Alex
ken545
2011-12-18, 02:24
Hello Alex,

It worked for me, maybe I just need to redo it.
http://forums.whatthetech.com/index.php?showtopic=57817
ken545
2011-12-20, 15:24
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.