Cannot remove microsoft.windows.redirectedhosts

[womble]

Hi,

Spybot finds but cannot remove Microsoft.Windows.RedirectedHosts and Fraud.Windows.ProtectionSuite

I have run MalwareBytes and it did not find anything.

Cheers
Alex

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_30
Run by Kathie at 18:14:56 on 2011-12-12
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.2.1033.18.3999.2407 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG10\avgchsva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
C:\ProgramData\Clickfree\HDDV2USB3\UACProxy.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
C:\Program Files (x86)\AVG\AVG10\avgemca.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\ProgramData\Clickfree\HDDV2USB3\reminder\SacReminder.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\HP\QuickPlay\QPService.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\AVG\AVG10\avgtray.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\PROGRA~2\AVG\AVG10\avgrsa.exe
C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ca/
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_CA&c=94&bd=Pavilion&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_CA&c=94&bd=Pavilion&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_CA&c=94&bd=Pavilion&pf=cnnb
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [SacReminderHDDV2] C:\ProgramData\Clickfree\HDDV2USB3\reminder\SacReminder.exe
mRun: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe"
mRun: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Kathie\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
uPolicies-explorer: DisallowRun = 1 (0x1)
uPolicies-system: WallpaperStyle = 2
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 2 (0x2)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
dPolicies-system: WallpaperStyle = 2
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: DhcpNameServer = 207.164.234.193 207.164.234.129
TCP: Interfaces\{C5BC8390-B45F-474A-B33A-5549C62205D4} : DhcpNameServer = 207.164.234.193 207.164.234.129
TCP: Interfaces\{C5BC8390-B45F-474A-B33A-5549C62205D4}\E6F6D6F627567796275637 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{E7EAA283-14ED-403A-BFF6-561E2637DBB4} : DhcpNameServer = 192.168.0.1
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
IFEO: image file execution options - svchost.exe
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: AVG Security Toolbar BHO: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
TB-X64: AVG Security Toolbar: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe"
mRun-x64: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
mRun-x64: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun-x64: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun-x64: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
IFEO-X64: image file execution options - svchost.exe
Hosts: 74.125.45.100 4-open-davinci.com
Hosts: 74.125.45.100 securitysoftwarepayments.com
Hosts: 74.125.45.100 privatesecuredpayments.com
Hosts: 74.125.45.100 secure.privatesecuredpayments.com
Hosts: 74.125.45.100 getantivirusplusnow.com
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Kathie\AppData\Roaming\Mozilla\Firefox\Profiles\1b950fcb.default\
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-8-18 7390560]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2011-2-8 269520]
R2 CFUACProxy_hddv2usb3;CFUACProxy_hddv2usb3;C:\ProgramData\Clickfree\HDDV2USB3\UACProxy.exe [2011-4-14 83792]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-14 92216]
R2 HsfXAudioService;HsfXAudioService;C:\Windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-3-11 1153368]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 CAXHWAZL;CAXHWAZL;C:\Windows\system32\DRIVERS\CAXHWAZL.sys --> C:\Windows\system32\DRIVERS\CAXHWAZL.sys [?]
R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-8-21 227896]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2010-11-22 517448]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
.
=============== Created Last 30 ================
.
2011-12-12 23:13:12 -------- d-----w- C:\Users\Kathie\AppData\Local\{A75D3F95-6A88-4640-BBD5-5326D0CDDD81}
2011-12-12 23:12:59 -------- d-----w- C:\Users\Kathie\AppData\Local\{89767B68-AD6D-47AA-8C5F-E882FA34E974}
2011-12-12 21:52:45 -------- d-----w- C:\Users\Kathie\AppData\Local\{77CE178B-4B84-4F78-994F-37AB4B909FF7}
2011-12-12 21:52:32 -------- d-----w- C:\Users\Kathie\AppData\Local\{0AAF965D-C8FB-4B80-9123-A6A0B4CDCBDD}
2011-12-10 22:35:14 -------- d-----w- C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
2011-12-10 22:32:51 -------- d-----w- C:\Program Files\CCleaner
2011-12-10 22:18:41 -------- d-----w- C:\Users\Kathie\AppData\Local\{023C6E61-532D-4641-81FC-705C60E91011}
2011-12-09 16:32:56 -------- d-----w- C:\Users\Kathie\AppData\Local\{450F7D98-9159-4C18-BE79-8D804FD85D65}
2011-12-09 16:32:45 -------- d-----w- C:\Users\Kathie\AppData\Local\{22307D9E-F8C2-43A6-9458-EBD9149D5628}
2011-12-09 15:39:52 -------- d-----w- C:\Users\Kathie\AppData\Local\{72E58DF3-6EE2-4050-BA27-091DE906F487}
2011-12-09 15:39:40 -------- d-----w- C:\Users\Kathie\AppData\Local\{A1E0C00D-49CE-4695-8435-3DD460202A50}
2011-12-09 15:36:26 -------- d-----w- C:\Users\Kathie\AppData\Local\{51A50125-7F36-4403-9749-A760DEAD6FD0}
2011-12-09 15:36:15 -------- d-----w- C:\Users\Kathie\AppData\Local\{3D3BABC5-5103-4904-8CEE-DAD27B620A2F}
2011-12-09 14:44:37 -------- d-----w- C:\Users\Kathie\AppData\Local\{CDDB2CA8-8B5F-4A3A-B5BA-0D907E95BC73}
2011-12-09 14:44:26 -------- d-----w- C:\Users\Kathie\AppData\Local\{17601612-36C4-48B7-91A7-28ED90D34C9C}
2011-12-09 14:34:52 -------- d-----w- C:\Users\Kathie\AppData\Local\{5AB40E53-B2E7-48FD-BA58-CEC8961DA6DF}
2011-12-09 14:34:38 -------- d-----w- C:\Users\Kathie\AppData\Local\{2A2A2287-9CB5-4361-B2CB-5B5C5607FAC7}
2011-12-09 14:31:03 -------- d-----w- C:\Users\Kathie\AppData\Local\{7001276F-409C-458F-9854-9C028D57F3E6}
2011-12-09 14:30:52 -------- d-----w- C:\Users\Kathie\AppData\Local\{320312F1-7883-455F-B9B7-73AD279755A3}
2011-12-09 04:51:59 -------- d-----w- C:\Users\Kathie\AppData\Local\{7EE235D6-64A8-4F8A-9B22-B6EA80FD1174}
2011-12-09 04:51:48 -------- d-----w- C:\Users\Kathie\AppData\Local\{84EF98DC-2CAC-44B2-AE9A-02EF3A6ADE53}
2011-12-09 04:36:45 -------- d-----w- C:\Users\Kathie\AppData\Local\{0D755FCC-679B-42E9-8D04-1E0526161F49}
2011-12-09 04:36:33 -------- d-----w- C:\Users\Kathie\AppData\Local\{9F978E04-4418-434A-8E21-6E864AA4533F}
2011-12-09 04:16:29 -------- d-----w- C:\Users\Kathie\AppData\Local\{CF7ABF91-7D26-4673-84D3-7BD29BC3E8C2}
2011-12-09 04:16:14 -------- d-----w- C:\Users\Kathie\AppData\Local\{5CF77BB4-27F8-44CE-9985-37A0580F9210}
2011-12-09 03:07:50 -------- d-----w- C:\Users\Kathie\AppData\Local\{BBFC937A-2E66-44BD-A398-41D65659A367}
2011-12-09 03:07:35 -------- d-----w- C:\Users\Kathie\AppData\Local\{3AE734B8-73B5-4043-9B9F-640D24534684}
2011-12-08 19:22:53 -------- d-----w- C:\Users\Kathie\AppData\Local\{217733F6-9FFB-4565-9ACA-FD25763359BD}
2011-12-08 19:22:39 -------- d-----w- C:\Users\Kathie\AppData\Local\{78128607-A530-480E-AAC8-C6852BB6914F}
2011-12-07 23:08:24 -------- d-----w- C:\Users\Kathie\AppData\Local\{43F6DD77-CCBB-423E-BAA5-FEF55D2252F3}
2011-12-07 23:08:10 -------- d-----w- C:\Users\Kathie\AppData\Local\{632ADA3C-9F9F-419C-B40E-DDFC1C570853}
2011-12-07 21:57:09 -------- d-----w- C:\Users\Kathie\AppData\Local\{9A0F9709-0119-4DA6-97E6-D012BA54AA99}
2011-12-07 21:56:53 -------- d-----w- C:\Users\Kathie\AppData\Local\{AC968916-73D1-49C0-B2C5-C4B1CA37B51B}
2011-12-07 17:08:20 -------- d-----w- C:\Users\Kathie\AppData\Local\{B19E5CF8-DD7D-4AAE-A7A6-C64428688361}
2011-12-07 17:08:05 -------- d-----w- C:\Users\Kathie\AppData\Local\{0AE421BA-C77C-4DC8-9221-CD7CA68A3D04}
2011-12-07 16:54:11 -------- d-----w- C:\Users\Kathie\AppData\Local\{291231F9-6AE9-4C25-BFDE-BC8D2DA5FEAF}
2011-12-07 16:53:57 -------- d-----w- C:\Users\Kathie\AppData\Local\{C0B64FE7-A843-442A-8D6A-B27B651E7584}
2011-12-07 16:09:59 -------- d-----w- C:\Users\Kathie\AppData\Local\{42A94201-467B-4E10-B55A-5137064AA5FF}
2011-12-07 16:09:48 -------- d-----w- C:\Users\Kathie\AppData\Local\{0400C205-475C-4B8F-B826-6BFC32507A99}
2011-12-07 15:51:14 -------- d-----w- C:\Users\Kathie\AppData\Local\{5384E053-C875-406F-B4E2-B50907010A30}
2011-12-07 15:50:55 -------- d-----w- C:\Users\Kathie\AppData\Local\{E7BD2639-EAEF-45D1-B8F0-296DC89092DB}
2011-12-07 03:55:10 -------- d-----w- C:\Users\Kathie\AppData\Local\{A39D7C8B-C80C-475D-8C5F-11C8F9E177A4}
2011-12-07 03:54:56 -------- d-----w- C:\Users\Kathie\AppData\Local\{B1C51B52-8030-4EF4-B574-ACA27BEE5C41}
2011-12-06 15:30:55 -------- d-----w- C:\Users\Kathie\AppData\Local\{9C27A182-3D34-4580-9DE6-69ED4CAC06ED}
2011-12-06 15:30:37 -------- d-----w- C:\Users\Kathie\AppData\Local\{345ED00A-DB19-4C1F-B753-28D06AA1C1DF}
2011-12-06 15:12:36 -------- d-----w- C:\Users\Kathie\AppData\Local\{E373F822-6DD8-4AE6-813F-F2840C52228A}
2011-12-06 15:12:11 -------- d-----w- C:\Users\Kathie\AppData\Local\{11C0DD6B-A173-4334-8A7D-44216DF9F868}
2011-12-06 15:07:45 -------- d-----w- C:\Users\Kathie\AppData\Local\{7A516B4B-A1D1-429E-88CC-CF16603B3D0E}
2011-12-06 15:07:22 -------- d-----w- C:\Users\Kathie\AppData\Local\{1B5AC597-7F04-46E9-B763-6CE9BFF92AAB}
2011-12-06 14:50:29 -------- d-----w- C:\Users\Kathie\AppData\Local\{8013957C-0F89-4CBB-92D9-A922C66A0248}
2011-12-06 14:50:17 -------- d-----w- C:\Users\Kathie\AppData\Local\{2A5AA366-B5E4-4521-8335-1F931D072282}
2011-12-06 14:15:57 -------- d-----w- C:\Users\Kathie\AppData\Local\{17A7AA2C-1B92-4A50-AFD1-1104C6F73392}
2011-12-06 14:15:46 -------- d-----w- C:\Users\Kathie\AppData\Local\{1309A731-5AB4-4162-B5C4-1B16C1315ED5}
2011-12-06 05:07:19 -------- d-----w- C:\Users\Kathie\AppData\Local\{64C61BB0-C0DA-43A1-9B9F-088EF00D9915}
2011-12-06 05:07:06 -------- d-----w- C:\Users\Kathie\AppData\Local\{A79DCD66-CCE7-41C4-8979-EC1922C46B02}
2011-12-06 04:50:55 -------- d-----w- C:\Users\Kathie\AppData\Local\{EEADF6C0-AADA-4CD8-8834-251EF1E680A7}
2011-12-06 04:50:42 -------- d-----w- C:\Users\Kathie\AppData\Local\{D6DDE5E1-11E6-488C-95AE-8FAC64538AC4}
2011-12-05 23:14:52 -------- d-----w- C:\Users\Kathie\AppData\Local\{730DC85F-A1CF-4B03-93F9-D18B8CB9666B}
2011-12-05 23:14:41 -------- d-----w- C:\Users\Kathie\AppData\Local\{1BFB432E-74D2-4D02-9612-50631BB55951}
2011-12-05 22:57:21 -------- d-----w- C:\Users\Kathie\AppData\Local\{34559E18-F04F-4C75-A5AB-5D060A2691BC}
2011-12-05 22:57:11 -------- d-----w- C:\Users\Kathie\AppData\Local\{BFA30C6C-4163-495A-B8FE-F8D0FB9250DC}
2011-12-05 21:54:08 -------- d-----w- C:\Users\Kathie\AppData\Local\{1D67E896-0ED5-4B48-9739-046143DE1992}
2011-12-05 21:53:55 -------- d-----w- C:\Users\Kathie\AppData\Local\{C55AB930-9995-43FE-BA74-114CCF519E81}
2011-12-05 20:47:03 -------- d-----w- C:\Users\Kathie\AppData\Local\{88DD116F-F492-4B1E-8C7C-30CB7538662F}
2011-12-05 20:46:51 -------- d-----w- C:\Users\Kathie\AppData\Local\{05D8BF1B-88BD-4808-B467-9B0C34041A04}
2011-12-05 20:18:14 -------- d-----w- C:\Users\Kathie\AppData\Local\{6029A32B-A1CE-470D-912D-32094859550C}
2011-12-05 20:18:03 -------- d-----w- C:\Users\Kathie\AppData\Local\{BA884EC3-36BF-414D-B46D-E894F12B1194}
2011-12-05 06:26:48 -------- d-----w- C:\Users\Kathie\AppData\Local\{13ECE90F-96F1-4256-BD2B-F20AA6EA2615}
2011-12-05 06:26:32 -------- d-----w- C:\Users\Kathie\AppData\Local\{F632442D-7C2F-45CF-A254-9ABF5C5CF7E5}
2011-12-05 05:19:53 -------- d-----w- C:\Users\Kathie\AppData\Local\{AD5D0785-04C9-422D-8374-2DAD375A1183}
2011-12-05 05:19:38 -------- d-----w- C:\Users\Kathie\AppData\Local\{4FA08D46-112B-4743-A512-56DF30DC5BF8}
2011-12-05 02:15:03 -------- d-----w- C:\Users\Kathie\AppData\Local\{0193DCDC-02AB-4B9F-A877-FC580D26D139}
2011-12-05 02:14:51 -------- d-----w- C:\Users\Kathie\AppData\Local\{87F035E9-9AC2-4FEC-9285-D302E7659BB6}
2011-12-05 00:24:08 -------- d-----w- C:\Users\Kathie\AppData\Local\{CF5EB042-2565-4A89-91ED-A0EB0F6D103C}
2011-12-05 00:23:54 -------- d-----w- C:\Users\Kathie\AppData\Local\{BCD771E6-D579-4CF4-A89D-E466FF73EC78}
2011-12-04 21:52:42 -------- d-----w- C:\Users\Kathie\AppData\Local\{C535D99B-F77A-4586-87D0-57862BF82E51}
2011-12-04 21:52:28 -------- d-----w- C:\Users\Kathie\AppData\Local\{62248A99-E7B6-4F31-A356-B5D5021BAC40}
2011-12-03 02:50:20 -------- d-----w- C:\Users\Kathie\AppData\Local\{91BCB7B8-F1EB-49B4-8489-18B74D61F5CF}
2011-12-03 02:50:09 -------- d-----w- C:\Users\Kathie\AppData\Local\{2FEE6B09-61B6-4BDC-8784-A7C76F9A70C9}
2011-12-02 00:15:55 -------- d-----w- C:\Users\Kathie\AppData\Local\{08D58AF9-42BF-4DAC-871C-128EE97EE5AA}
2011-12-02 00:15:43 -------- d-----w- C:\Users\Kathie\AppData\Local\{F5E23578-CCE6-470A-A189-8320B697B60E}
2011-12-01 18:39:50 -------- d-----w- C:\Users\Kathie\AppData\Local\{5F6F2D66-DB20-4702-8E9D-1D3D0D6C597E}
2011-12-01 18:39:37 -------- d-----w- C:\Users\Kathie\AppData\Local\{1B010E0E-DAA9-4ED0-A564-5E783856A6C5}
2011-12-01 14:24:55 -------- d-----w- C:\Users\Kathie\AppData\Local\{33A941C2-685E-4C0D-9F31-049CEC3EC597}
2011-12-01 14:24:43 -------- d-----w- C:\Users\Kathie\AppData\Local\{26F3E38C-63E0-430E-8B75-5580433C6973}
2011-11-30 18:15:22 -------- d-----w- C:\Users\Kathie\AppData\Local\{F31B93BC-241F-4F75-A1DD-7F98085C9EC7}
2011-11-30 18:15:12 -------- d-----w- C:\Users\Kathie\AppData\Local\{B3ABED28-A90D-43D5-8F46-6A820672553D}
2011-11-30 17:22:15 -------- d-----w- C:\Users\Kathie\AppData\Local\{C4A12574-6CA7-4D2B-A051-4A1331FE1CEB}
2011-11-30 17:22:04 -------- d-----w- C:\Users\Kathie\AppData\Local\{23FBC25C-E77D-46D2-A74C-42B1D378A490}
2011-11-30 15:18:31 -------- d-----w- C:\Users\Kathie\AppData\Local\{BFBEC189-74F9-44E9-B00E-7DB0AF0256F4}
2011-11-30 15:18:17 -------- d-----w- C:\Users\Kathie\AppData\Local\{C0CBE688-4C18-4E9F-9EC1-051C8C24D0C8}
2011-11-30 01:34:21 -------- d-----w- C:\Users\Kathie\AppData\Local\{884A451F-18A6-453B-BE04-290CB9542511}
2011-11-30 01:34:08 -------- d-----w- C:\Users\Kathie\AppData\Local\{A6C4F515-96D5-4DE7-A3BA-0A763755626F}
2011-11-29 21:31:04 -------- d-----w- C:\Users\Kathie\AppData\Local\{0D493F3A-6005-448A-BE49-EBA99106C5F4}
2011-11-29 21:30:53 -------- d-----w- C:\Users\Kathie\AppData\Local\{97F18D61-C555-470B-AE84-6BB8C398989E}
2011-11-29 21:17:46 -------- d-----w- C:\Users\Kathie\AppData\Local\{29F04B1E-8496-425C-9EBE-8D84E089FAF1}
2011-11-29 21:17:35 -------- d-----w- C:\Users\Kathie\AppData\Local\{2667CEE5-0E80-4CAA-B26F-0169603894B2}
2011-11-29 19:32:11 -------- d-----w- C:\Users\Kathie\AppData\Local\{4D7BC681-70C0-411F-A8B2-EE446A299779}
2011-11-29 19:31:59 -------- d-----w- C:\Users\Kathie\AppData\Local\{83A3583C-E945-4BDD-BF3E-D241F4AB9F46}
2011-11-29 15:23:40 -------- d-----w- C:\Users\Kathie\AppData\Local\{E64DFD34-4E16-443B-8CE3-9AC7CFB4B83C}
2011-11-29 15:23:28 -------- d-----w- C:\Users\Kathie\AppData\Local\{8748B5F1-D5B5-4E6F-98BB-56E2378D705B}
2011-11-29 15:12:23 -------- d-----w- C:\Users\Kathie\AppData\Local\{D4FA95E1-4BF6-44E5-B7D9-7647DDC4C1E1}
2011-11-29 15:12:13 -------- d-----w- C:\Users\Kathie\AppData\Local\{0D82E1D6-87B1-4557-9C2E-05919AED84C7}
2011-11-29 13:49:37 -------- d-----w- C:\Users\Kathie\AppData\Local\{C4B15C21-93D2-456A-BAEA-B8045F56A71B}
2011-11-29 13:49:21 -------- d-----w- C:\Users\Kathie\AppData\Local\{A59132D4-9150-4304-A957-C38D1B795253}
2011-11-29 05:43:04 -------- d-----w- C:\Users\Kathie\AppData\Local\{CDAA8332-E852-4E80-B79D-4D505C5219C0}
2011-11-29 05:42:53 -------- d-----w- C:\Users\Kathie\AppData\Local\{7C2C1311-E590-443B-AF1A-9D00EB4453E2}
2011-11-28 21:26:31 -------- d-----w- C:\Users\Kathie\AppData\Local\{BB6160D4-FF4C-4915-853C-17E7AE3F6B3A}
2011-11-28 21:26:20 -------- d-----w- C:\Users\Kathie\AppData\Local\{6C30E465-6630-44B4-930F-EA05FB80D420}
2011-11-28 13:46:25 -------- d-----w- C:\Users\Kathie\AppData\Local\{ACE3D8D5-5D47-4152-AECC-052A5AE99C4F}
2011-11-28 13:46:10 -------- d-----w- C:\Users\Kathie\AppData\Local\{7C211AF9-2B5C-451D-A324-1CDD30BE133D}
2011-11-28 01:10:41 -------- d-----w- C:\Users\Kathie\AppData\Local\{D1B425AC-0120-4913-86B3-698A360874F0}
2011-11-28 01:10:26 -------- d-----w- C:\Users\Kathie\AppData\Local\{1586DBE7-FC4F-4FB9-9629-AA24997D4D64}
2011-11-27 05:35:34 -------- d-----w- C:\Users\Kathie\AppData\Local\{AB2D1940-919E-45B1-9B2E-CB8E401270C3}
2011-11-27 05:35:19 -------- d-----w- C:\Users\Kathie\AppData\Local\{32A3B90A-D68A-46DA-BCCB-732D7B6698EA}
2011-11-27 02:00:36 -------- d-----w- C:\Users\Kathie\AppData\Local\{BAC94C35-0EEB-4D53-A26C-9E0539220604}
2011-11-27 02:00:22 -------- d-----w- C:\Users\Kathie\AppData\Local\{F8515D2D-1B04-4A6B-AA18-F004997E0E82}
2011-11-25 13:01:12 -------- d-----w- C:\Users\Kathie\AppData\Local\{6FC6454B-DF86-4855-87DA-0746D498AD97}
2011-11-25 13:00:58 -------- d-----w- C:\Users\Kathie\AppData\Local\{8FA3B695-3E9E-4001-ACE7-88E68BA05E9B}
2011-11-24 16:44:27 -------- d-----w- C:\Users\Kathie\AppData\Local\{A205CCBD-F221-48EA-BBDE-441D5E29769B}
2011-11-24 16:44:14 -------- d-----w- C:\Users\Kathie\AppData\Local\{7E2CF4C6-F4BB-488A-96D1-F463619121DF}
2011-11-24 16:33:30 -------- d-----w- C:\Users\Kathie\AppData\Local\{1680A03A-A475-4961-8E74-B1E363D28C99}
2011-11-24 16:33:17 -------- d-----w- C:\Users\Kathie\AppData\Local\{EBAD4862-9430-40DE-9E66-C91187BDF460}
2011-11-24 03:18:58 -------- d-----w- C:\Users\Kathie\AppData\Local\{E361426D-3954-41DC-B187-56A31611C1D6}
2011-11-24 03:18:47 -------- d-----w- C:\Users\Kathie\AppData\Local\{E36EF0C2-B2D6-474E-BD8D-0A9AC09CC888}
2011-11-24 00:58:45 -------- d-----w- C:\Users\Kathie\AppData\Local\{4E5033B0-D24E-422B-A80B-AC9D66E044E8}
2011-11-24 00:58:31 -------- d-----w- C:\Users\Kathie\AppData\Local\{F0A3A42D-5910-4415-BAD8-C3A5E789B4A2}
2011-11-22 22:11:51 -------- d-----w- C:\Users\Kathie\AppData\Local\{4DE0A5A2-638F-4918-AAA8-BF5293EDE3EE}
2011-11-22 22:11:34 -------- d-----w- C:\Users\Kathie\AppData\Local\{659E6BB9-1988-4EB0-978E-4D704B82DD94}
2011-11-22 15:42:21 -------- d-----w- C:\Users\Kathie\AppData\Local\{C17495F7-EA00-48FA-B6A3-4D3BD014940E}
2011-11-22 15:42:07 -------- d-----w- C:\Users\Kathie\AppData\Local\{8F1664D1-7BF8-4B19-92BD-E810EC8CA16E}
2011-11-22 05:38:58 -------- d-----w- C:\Users\Kathie\AppData\Local\{61F07B05-6C76-4216-8028-4D910C8BB3CF}
2011-11-22 05:38:46 -------- d-----w- C:\Users\Kathie\AppData\Local\{C4F3DBCB-562C-490C-9098-2421B907E566}
2011-11-22 05:17:36 -------- d-----w- C:\Users\Kathie\AppData\Local\{10D43195-D23B-4F8B-84EE-732BFBACE811}
2011-11-22 05:17:22 -------- d-----w- C:\Users\Kathie\AppData\Local\{C703102B-317B-4F2C-AAC7-4E0FF17BD348}
2011-11-22 04:53:23 -------- d-----w- C:\Users\Kathie\AppData\Local\{1BA28B04-A150-41B6-98A7-9E6D2F5AA36D}
2011-11-22 04:53:11 -------- d-----w- C:\Users\Kathie\AppData\Local\{61270267-2512-4AE1-AEB4-E3912A27AF8A}
2011-11-21 23:00:35 -------- d-----w- C:\Users\Kathie\AppData\Local\{A733A1C0-CD46-40BF-8DDA-C2977EF48577}
2011-11-21 23:00:17 -------- d-----w- C:\Users\Kathie\AppData\Local\{34008902-6161-4C78-A3F0-74AB081FC5C6}
2011-11-21 20:05:08 -------- d-----w- C:\Users\Kathie\AppData\Local\{79E80520-AA8E-467C-99A4-9794FE39F557}
2011-11-21 20:04:51 -------- d-----w- C:\Users\Kathie\AppData\Local\{469FE05B-CF71-4DC6-98D2-4256C1AA8DBD}
2011-11-21 03:22:21 -------- d-----w- C:\Users\Kathie\AppData\Local\{D03A5F24-E7E7-41D5-9B58-AAB4F0E64B40}
2011-11-21 03:22:05 -------- d-----w- C:\Users\Kathie\AppData\Local\{2F26DFD1-E836-4128-B4BB-BFFB30053A84}
2011-11-21 02:06:41 -------- d-----w- C:\Users\Kathie\AppData\Local\{D369BFEA-1C49-47FA-BC13-213D2AC06B27}
2011-11-21 02:06:30 -------- d-----w- C:\Users\Kathie\AppData\Local\{031F9EAD-12D5-49F7-96B0-A71A527175A8}
2011-11-20 22:24:24 -------- d-----w- C:\Users\Kathie\AppData\Local\{22CAECAB-10DF-48BD-AEB7-90629E91CD3A}
2011-11-20 22:24:12 -------- d-----w- C:\Users\Kathie\AppData\Local\{0FB5A3D0-C123-4577-94FD-CB17CB4FE47E}
2011-11-19 19:30:48 -------- d-----w- C:\Users\Kathie\AppData\Local\{0B63D4DF-B7B9-4F62-9A3C-59848411DF71}
2011-11-19 19:30:36 -------- d-----w- C:\Users\Kathie\AppData\Local\{C4C24ECB-8EDE-43BF-9A17-ABB3662FC7E6}
2011-11-19 15:07:58 -------- d-----w- C:\Users\Kathie\AppData\Local\{DAE88209-60F4-4D45-9C68-B4AC6655C7C3}
2011-11-19 15:07:41 -------- d-----w- C:\Users\Kathie\AppData\Local\{33D6A28D-3EB1-4466-82EB-C2DB5A19F15E}
2011-11-19 05:20:41 -------- d-----w- C:\Users\Kathie\AppData\Local\{E1B9FD9F-9DBD-405E-A44F-FA1E8932FD6F}
2011-11-19 05:20:30 -------- d-----w- C:\Users\Kathie\AppData\Local\{3AAE152F-A442-4A0B-BAA4-4B49FD58DA4A}
2011-11-18 21:37:18 -------- d-----w- C:\Users\Kathie\AppData\Local\{8DF097E0-615B-4F74-A999-F072A9CD1ED3}
2011-11-18 21:37:07 -------- d-----w- C:\Users\Kathie\AppData\Local\{8521FCAC-2943-4D9F-B259-1D939CF30A5B}
2011-11-18 18:15:55 -------- d-----w- C:\Users\Kathie\AppData\Local\{DCD77134-DE6A-4F8A-A6EA-DF87E88E46D9}
2011-11-18 18:15:41 -------- d-----w- C:\Users\Kathie\AppData\Local\{0203BE57-D700-408F-8AF1-7D877A49E5CE}
2011-11-18 15:56:51 -------- d-----w- C:\Users\Kathie\AppData\Local\{3D5D86A1-F16E-480E-912D-92378BF2B81A}
2011-11-18 15:56:37 -------- d-----w- C:\Users\Kathie\AppData\Local\{22F7677D-4106-40E7-B1AA-B1FFB5FA7D2B}
2011-11-18 14:13:07 -------- d-----w- C:\Users\Kathie\AppData\Local\{4AE1DF2E-4D95-49C0-BEF8-762179BFD880}
2011-11-18 14:12:55 -------- d-----w- C:\Users\Kathie\AppData\Local\{E5A78A5C-FC4A-4EF9-88B7-FCF8509A3481}
2011-11-18 04:00:39 -------- d-----w- C:\Users\Kathie\AppData\Local\{A7F83F1A-D976-4024-BB73-18F47F42A96C}
2011-11-18 04:00:26 -------- d-----w- C:\Users\Kathie\AppData\Local\{73232BED-B6DD-4CD8-8258-5BACB023C443}
2011-11-18 01:08:37 -------- d-----w- C:\Users\Kathie\AppData\Local\{718E36AA-4FF8-4CC5-8B89-0BA8A452CA34}
2011-11-18 01:08:15 -------- d-----w- C:\Users\Kathie\AppData\Local\{47B063F3-AAF5-4DA2-8404-77C0C7392605}
2011-11-17 20:38:13 -------- d-----w- C:\Users\Kathie\AppData\Local\{84024590-539F-4ABB-92C7-9D42E2AA8B93}
2011-11-17 20:38:00 -------- d-----w- C:\Users\Kathie\AppData\Local\{A2073432-6C08-453D-9C7D-B36F71B1AA3F}
2011-11-16 02:51:30 -------- d-----w- C:\Users\Kathie\AppData\Local\{AE855A96-179C-4E80-A4D7-82B242F00043}
2011-11-16 02:51:18 -------- d-----w- C:\Users\Kathie\AppData\Local\{299A0D50-74EE-4C79-94F7-1A91A6A2D189}
2011-11-16 00:38:55 -------- d-----w- C:\Users\Kathie\AppData\Local\{C9101548-0CB0-48C0-92BF-E0FEECC24527}
2011-11-16 00:38:34 -------- d-----w- C:\Users\Kathie\AppData\Local\{A589F84B-9477-4807-9114-1631F775B268}
2011-11-15 22:14:50 -------- d-----w- C:\Users\Kathie\AppData\Local\{A1E1BFBD-FCCC-404A-8136-10B86C383BAA}
2011-11-15 22:14:38 -------- d-----w- C:\Users\Kathie\AppData\Local\{2DC6EC73-FDF3-4795-AD1D-7A6D2BB1B3C5}
2011-11-15 19:30:49 -------- d-----w- C:\Users\Kathie\AppData\Local\{FB157507-A870-4111-AF3A-E3A82EFBEFFB}
2011-11-15 19:30:37 -------- d-----w- C:\Users\Kathie\AppData\Local\{93D50DBD-A040-42A3-AA6A-96302CBF93C7}
2011-11-15 15:42:19 -------- d-----w- C:\Users\Kathie\AppData\Local\{432457CF-AEB8-4028-B754-579319072469}
2011-11-15 15:42:01 -------- d-----w- C:\Users\Kathie\AppData\Local\{F1F09580-0D9E-4AB8-BBFA-2A3569038A90}
2011-11-15 14:45:10 -------- d-----w- C:\Users\Kathie\AppData\Local\{FF18F52D-4EEC-4887-A2B9-22CFCCDA3B75}
2011-11-15 14:44:59 -------- d-----w- C:\Users\Kathie\AppData\Local\{1BCC0F70-3269-434A-A374-FBA821C6451D}
2011-11-15 04:31:54 -------- d-----w- C:\Users\Kathie\AppData\Local\{7881EC81-2DEC-4B04-ACE6-7C6A2260EC08}
2011-11-15 04:31:40 -------- d-----w- C:\Users\Kathie\AppData\Local\{205EDF1E-01F9-4B84-A845-9BC827940330}
2011-11-15 03:29:15 -------- d-----w- C:\Users\Kathie\AppData\Local\{DA8B7643-7DF0-44D0-B9E5-6BF67AAD4B27}
2011-11-15 03:29:01 -------- d-----w- C:\Users\Kathie\AppData\Local\{D4EA85AA-DADF-4D9F-B9E1-0ECF0C3F18FE}
2011-11-14 20:51:19 -------- d-----w- C:\Users\Kathie\AppData\Local\{CC5591A0-4C6A-455D-93B2-F74923EFCC27}
2011-11-14 20:51:05 -------- d-----w- C:\Users\Kathie\AppData\Local\{65FD3B5A-529F-42F7-B823-D1A3AABB5E89}
2011-11-14 16:40:41 -------- d-----w- C:\Users\Kathie\AppData\Local\{38FA71A5-3AA8-4E9D-8618-381607ABB432}
2011-11-14 16:40:30 -------- d-----w- C:\Users\Kathie\AppData\Local\{4E54712A-9D73-40CE-9976-85EF78B504D1}
2011-11-14 13:01:21 -------- d-----w- C:\Users\Kathie\AppData\Local\{DA72CA6C-8C3E-4B77-9C63-BEBCC11444EB}
2011-11-14 13:01:09 -------- d-----w- C:\Users\Kathie\AppData\Local\{2F0653F7-60E0-45A4-BD63-E7DB8E5BE21A}
.
==================== Find3M ====================
.
2011-11-10 10:54:13 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-10-01 03:21:20 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-10-01 02:59:14 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-09-29 16:24:44 1897328 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-09-29 04:09:30 3141120 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 18:16:45.76 ===============

[ken545]

Please read Before You Post
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.

Running programs with Vista or Windows 7 , you need to Right Click on the program and select RUN AS ADMINISTATOR





Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
• See this Link for programs that need to be disabled and instruction on how to disable them.
• Remember to re-enable them when we're done.
  
  
• Double click on ComboFix.exe & follow the prompts.
  
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

[womble]

Hi Ken,

Thank you for helping me!

I have disabled all Anti-Virus and Spybot teatimer. Run Combofix and here is the log:

ComboFix 11-12-15.02 - Kathie 15/12/2011 23:53:37.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.2.1033.18.3999.2490 [GMT -5:00]
Running from: c:\users\Kathie\Desktop\ALEX\COMBOFIX.EXE
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\etc\hosts.txt
.
.
((((((((((((((((((((((((( Files Created from 2011-11-16 to 2011-12-16 )))))))))))))))))))))))))))))))
.
.
2011-12-16 04:59 . 2011-12-16 04:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-16 04:44 . 2011-12-16 04:44 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-16 04:36 . 2011-12-16 04:36 -------- d-----w- c:\programdata\AVG Secure Search
2011-12-16 04:36 . 2011-12-16 04:36 -------- d-----w- c:\program files (x86)\AVG Secure Search
2011-12-16 04:36 . 2011-12-16 04:36 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
2011-12-12 23:14 . 2011-12-12 23:14 -------- d-----w- c:\program files (x86)\ERUNT
2011-12-12 22:25 . 2011-12-12 22:25 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-12-11 00:36 . 2011-12-11 00:36 -------- d-----w- c:\users\Kathie\AppData\Local\Mozilla
2011-12-10 22:35 . 2011-12-12 22:31 -------- d-----w- c:\program files (x86)\MALWAREBYTES ANTI-MALWARE
2011-12-10 22:32 . 2011-12-10 22:32 -------- d-----w- c:\program files\CCleaner
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-10 10:54 . 2010-11-22 22:20 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-10-01 03:21 . 2011-10-13 05:07 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-10-01 02:59 . 2011-10-13 05:07 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-09-29 16:24 . 2011-11-10 17:21 1897328 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-09-29 04:09 . 2011-11-10 17:21 3141120 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2011-12-16 04:36 1547104 ----a-w- c:\program files (x86)\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll" [2011-12-16 1547104]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-07-16 1668664]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392]
"SacReminderHDDV2"="c:\programdata\Clickfree\HDDV2USB3\reminder\SacReminder.exe" [2010-12-03 444240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QPService"="c:\program files (x86)\HP\QuickPlay\QPService.exe" [2009-06-24 468264]
"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-18 218408]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-24 323640]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-05-13 581480]
"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG10\avgtray.exe" [2011-09-10 2338656]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2011-12-16 827232]
.
c:\users\Kathie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 2 (0x2)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"WallpaperStyle"= 2
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG10\avgchsva.exe /sync\0c:\progra~2\AVG\AVG10\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-11-10 167264]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-08-18 7390560]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG10\avgwdsvc.exe [2011-02-08 269520]
S2 CFUACProxy_hddv2usb3;CFUACProxy_hddv2usb3;c:\programdata\Clickfree\HDDV2USB3\UACProxy.exe [2010-12-03 83792]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-14 92216]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 vToolbarUpdater;vToolbarUpdater;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe [2011-12-16 855904]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [x]
S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-01-12 227896]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 20:11 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-09 c:\windows\Tasks\HPCeeScheduleForKathie.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 09:22]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2009-07-14 495104]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-21 171520]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_CA&c=94&bd=Pavilion&pf=cnnb
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 207.164.234.193 207.164.234.129
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll
FF - ProfilePath - c:\users\Kathie\AppData\Roaming\Mozilla\Firefox\Profiles\1b950fcb.default\
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{08DB3902-2CE0-474D-BCE3-0177766CE9F1} - c:\program files (x86)\InstallShield Installation Information\{08DB3902-2CE0-474D-BCE3-0177766CE9F1}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
.
**************************************************************************
.
Completion time: 2011-12-16 00:10:24 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-16 05:10
.
Pre-Run: 191,805,804,544 bytes free
Post-Run: 191,306,625,024 bytes free
.
- - End Of File - - 553C5C6CB6472089DCA756FFDB18AABF

[womble]

And here is ComboFix.txt

ComboFix 11-12-15.02 - Kathie 15/12/2011 23:53:37.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.2.1033.18.3999.2490 [GMT -5:00]
Running from: c:\users\Kathie\Desktop\ALEX\COMBOFIX.EXE
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\etc\hosts.txt
.
.
((((((((((((((((((((((((( Files Created from 2011-11-16 to 2011-12-16 )))))))))))))))))))))))))))))))
.
.
2011-12-16 04:59 . 2011-12-16 04:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-16 04:44 . 2011-12-16 04:44 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-16 04:36 . 2011-12-16 04:36 -------- d-----w- c:\programdata\AVG Secure Search
2011-12-16 04:36 . 2011-12-16 04:36 -------- d-----w- c:\program files (x86)\AVG Secure Search
2011-12-16 04:36 . 2011-12-16 04:36 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
2011-12-12 23:14 . 2011-12-12 23:14 -------- d-----w- c:\program files (x86)\ERUNT
2011-12-12 22:25 . 2011-12-12 22:25 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-12-11 00:36 . 2011-12-11 00:36 -------- d-----w- c:\users\Kathie\AppData\Local\Mozilla
2011-12-10 22:35 . 2011-12-12 22:31 -------- d-----w- c:\program files (x86)\MALWAREBYTES ANTI-MALWARE
2011-12-10 22:32 . 2011-12-10 22:32 -------- d-----w- c:\program files\CCleaner
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-10 10:54 . 2010-11-22 22:20 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-10-01 03:21 . 2011-10-13 05:07 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-10-01 02:59 . 2011-10-13 05:07 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-09-29 16:24 . 2011-11-10 17:21 1897328 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-09-29 04:09 . 2011-11-10 17:21 3141120 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2011-12-16 04:36 1547104 ----a-w- c:\program files (x86)\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll" [2011-12-16 1547104]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-07-16 1668664]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392]
"SacReminderHDDV2"="c:\programdata\Clickfree\HDDV2USB3\reminder\SacReminder.exe" [2010-12-03 444240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QPService"="c:\program files (x86)\HP\QuickPlay\QPService.exe" [2009-06-24 468264]
"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-18 218408]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-24 323640]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-05-13 581480]
"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG10\avgtray.exe" [2011-09-10 2338656]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2011-12-16 827232]
.
c:\users\Kathie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 2 (0x2)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"WallpaperStyle"= 2
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG10\avgchsva.exe /sync\0c:\progra~2\AVG\AVG10\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-11-10 167264]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-08-18 7390560]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG10\avgwdsvc.exe [2011-02-08 269520]
S2 CFUACProxy_hddv2usb3;CFUACProxy_hddv2usb3;c:\programdata\Clickfree\HDDV2USB3\UACProxy.exe [2010-12-03 83792]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-14 92216]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 vToolbarUpdater;vToolbarUpdater;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe [2011-12-16 855904]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [x]
S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-01-12 227896]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 20:11 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-09 c:\windows\Tasks\HPCeeScheduleForKathie.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 09:22]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2009-07-14 495104]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-21 171520]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_CA&c=94&bd=Pavilion&pf=cnnb
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 207.164.234.193 207.164.234.129
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll
FF - ProfilePath - c:\users\Kathie\AppData\Roaming\Mozilla\Firefox\Profiles\1b950fcb.default\
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{08DB3902-2CE0-474D-BCE3-0177766CE9F1} - c:\program files (x86)\InstallShield Installation Information\{08DB3902-2CE0-474D-BCE3-0177766CE9F1}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
.
**************************************************************************
.
Completion time: 2011-12-16 00:10:24 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-16 05:10
.
Pre-Run: 191,805,804,544 bytes free
Post-Run: 191,306,625,024 bytes free
.
- - End Of File - - 553C5C6CB6472089DCA756FFDB18AABF

[ken545]

Good Morning,

Your Hosts file was infected and Combofix replaced it.

I am not really sure what all these entries are related to, lets check one of them. You need the 64Bit version


Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
64 Bit Version

• Double-click SystemLook.exe to run it.
• Copy the content of the following codebox into the main textfield:
  
  Code:

  :dir
  C:\Users\Kathie\AppData\Local\{217733F6-9FFB-4565-9ACA-FD25763359BD}

• Click the Look button to start the scan.
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt




Also lets check for rootkit, it looks like Combofix did not find one but lets double check anyway

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan


On completion of the scan click save log, save it to your desktop and post in your next reply

[womble]

Hi Ken,

This is the log from SystemLook:

SystemLook 30.07.11 by jpshortstuff
Log created at 17:28 on 16/12/2011 by Kathie
Administrator - Elevation successful

========== dir ==========

C:\Users\Kathie\AppData\Local\{217733F6-9FFB-4565-9ACA-FD25763359BD} - Parameters: "(none)"

---Files---
None found.

---Folders---
None found.

-= EOF =-

[womble]

And this is the log from aswMBR log:

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-12-16 17:30:49
-----------------------------
17:30:49.055 OS Version: Windows x64 6.1.7600
17:30:49.055 Number of processors: 2 586 0x170A
17:30:49.055 ComputerName: KATHIE-PC UserName: Kathie
17:30:50.787 Initialize success
17:31:29.523 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
17:31:29.523 Disk 0 Vendor: WDC_WD3200BEVT-60ZCT1 13.01A13 Size: 305245MB BusType: 11
17:31:31.551 Disk 0 MBR read successfully
17:31:31.551 Disk 0 MBR scan
17:31:31.551 Disk 0 unknown MBR code
17:31:31.551 Service scanning
17:31:39.648 Modules scanning
17:31:39.648 Disk 0 trace - called modules:
17:31:39.663 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
17:31:39.679 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c60060]
17:31:39.679 3 CLASSPNP.SYS[fffff880010cd43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800479c060]
17:31:39.694 Scan finished successfully
17:31:59.460 Disk 0 MBR has been saved successfully to "C:\Users\Kathie\Desktop\ALEX\MBR.dat"
17:31:59.460 The log file has been saved successfully to "C:\Users\Kathie\Desktop\ALEX\aswMBR.txt"

[ken545]

Hi,

aswMBR log looks fine. Have the redirects stopped ????

Those directories may have been removed

Plug this in to System Look

:dir
C:\Users\Kathie\AppData\Local


Then run this scanner


OTL by OldTimer

• Download OTL to your desktop.
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top change it to Minimal Output.
• Click the "Scan All Users" checkbox.
• Check the boxes beside LOP Check and Purity Check.
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
    Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

[womble]

Hi Ken,

Redirects appear to have stopped and the laptop is behaving itself.

Results from SYSTEMLOOK:

SystemLook 30.07.11 by jpshortstuff
Log created at 20:11 on 16/12/2011 by Kathie
Administrator - Elevation successful

========== dir ==========

C:\Users\Kathie\AppData\Local - Parameters: "(none)"

---Files---
AtStart.txt --a---- 0 bytes [15:05 11/01/2010] [15:05 11/01/2010]
DSwitch.txt --a---- 0 bytes [15:05 11/01/2010] [15:05 11/01/2010]
GDIPFONTCACHEV1.DAT --a---- 84240 bytes [02:37 12/01/2010] [22:22 23/11/2010]
IconCache.db --ah--- 2960296 bytes [20:13 11/01/2010] [22:50 16/12/2011]
QSwitch.txt --a---- 0 bytes [15:05 11/01/2010] [15:05 11/01/2010]

---Folders---
Adobe d------ [14:53 25/11/2010]
Application Data d--hs-- [02:29 12/01/2010]
Diagnostics d------ [03:15 19/02/2010]
Google d------ [14:29 28/03/2011]
Hewlett-Packard d------ [15:04 11/01/2010]
History d--hs-- [02:29 12/01/2010]
Microsoft d------ [02:29 12/01/2010]
Microsoft Help d------ [02:31 12/01/2010]
Mozilla d------ [00:36 11/12/2011]
QuickPlay d------ [14:08 15/01/2010]
Temp d------ [02:29 12/01/2010]
Temporary Internet Files d--hs-- [02:29 12/01/2010]
VirtualStore d------ [15:04 11/01/2010]
Windows Live d------ [01:02 23/11/2010]
Windows Live Writer d------ [19:16 22/12/2010]
{005A4817-394F-49E2-9A9E-77CC49C88773} d------ [00:18 02/10/2011]
{00B19E28-6EF5-4968-ADC5-A3F43F18CD84} d------ [14:00 12/06/2011]
{017A220C-E3CB-484C-82B6-9747046E7D0A} d------ [04:32 16/12/2011]
{0193DCDC-02AB-4B9F-A877-FC580D26D139} d------ [02:15 05/12/2011]
{0203BE57-D700-408F-8AF1-7D877A49E5CE} d------ [18:15 18/11/2011]
{023C6E61-532D-4641-81FC-705C60E91011} d------ [22:18 10/12/2011]
{03108C53-C092-4A54-9B71-DD9047381461} d------ [17:14 10/11/2011]
{031F9EAD-12D5-49F7-96B0-A71A527175A8} d------ [02:06 21/11/2011]
{0359897B-153E-4B35-AA22-F7D34F5DDAC0} d------ [15:17 12/10/2011]
{0400C205-475C-4B8F-B826-6BFC32507A99} d------ [16:09 07/12/2011]
{043794B3-8DBA-40D3-B075-B013371E6C44} d------ [23:06 08/10/2011]
{05C4CC55-46BB-40BF-9FCB-BE7CE7C0BA5A} d------ [05:21 06/10/2011]
{05D8BF1B-88BD-4808-B467-9B0C34041A04} d------ [20:46 05/12/2011]
{06C32742-EE4D-4EF1-A926-4F922FBD6D41} d------ [19:33 14/04/2011]
{087407DB-5D9E-4117-B7DC-AFB61D4E217B} d------ [20:43 30/03/2011]
{08916CDE-F145-4313-8C1C-9F566B1FB862} d------ [14:53 09/08/2011]
{08D58AF9-42BF-4DAC-871C-128EE97EE5AA} d------ [00:15 02/12/2011]
{0AAF965D-C8FB-4B80-9123-A6A0B4CDCBDD} d------ [21:52 12/12/2011]
{0AE421BA-C77C-4DC8-9221-CD7CA68A3D04} d------ [17:08 07/12/2011]
{0B63D4DF-B7B9-4F62-9A3C-59848411DF71} d------ [19:30 19/11/2011]
{0BEA1EC8-E653-43B0-9F44-88CAFFBF03E9} d------ [16:05 03/05/2011]
{0CCD7B04-4599-4D78-ADF7-39B11B2E337C} d------ [03:02 18/04/2011]
{0D493F3A-6005-448A-BE49-EBA99106C5F4} d------ [21:31 29/11/2011]
{0D74894F-2DBF-4490-9D1A-6647B62E863F} d------ [18:06 29/09/2011]
{0D755FCC-679B-42E9-8D04-1E0526161F49} d------ [04:36 09/12/2011]
{0D82E1D6-87B1-4557-9C2E-05919AED84C7} d------ [15:12 29/11/2011]
{0DA49173-D187-4972-890F-B40EB0BAE50A} d------ [14:33 17/04/2011]
{0DEC16C9-2210-4666-8F0F-5D0540ABEB5B} d------ [16:49 29/10/2011]
{0FB5A3D0-C123-4577-94FD-CB17CB4FE47E} d------ [22:24 20/11/2011]
{0FC19B21-6448-4036-AE2D-759D0C2B016A} d------ [20:19 21/08/2011]
{101D6817-7ED3-40DB-AE7C-183F1048DF67} d------ [03:47 07/11/2011]
{10D43195-D23B-4F8B-84EE-732BFBACE811} d------ [05:17 22/11/2011]
{11BCA7A8-F2B5-4201-AC8D-210018A2D90D} d------ [21:53 21/09/2011]
{11C0DD6B-A173-4334-8A7D-44216DF9F868} d------ [15:12 06/12/2011]
{11FE7B75-D305-4DA5-8B14-552A655E1ED4} d------ [01:57 10/08/2011]
{1309A731-5AB4-4162-B5C4-1B16C1315ED5} d------ [14:15 06/12/2011]
{13ECE90F-96F1-4256-BD2B-F20AA6EA2615} d------ [06:26 05/12/2011]
{14E23D50-5602-4548-8719-1BFB920F86E6} d------ [16:07 05/11/2011]
{1547D435-8C6B-43E0-B6AA-640B74234D9D} d------ [17:59 09/05/2011]
{15579016-3366-424E-965F-670A88A59816} d------ [18:29 02/11/2011]
{1586DBE7-FC4F-4FB9-9629-AA24997D4D64} d------ [01:10 28/11/2011]
{1680A03A-A475-4961-8E74-B1E363D28C99} d------ [16:33 24/11/2011]
{173CBA0E-A734-41E6-A539-0A32FA77CA74} d------ [17:36 25/04/2011]
{17601612-36C4-48B7-91A7-28ED90D34C9C} d------ [14:44 09/12/2011]
{17A7AA2C-1B92-4A50-AFD1-1104C6F73392} d------ [14:15 06/12/2011]
{186F61AC-F6B2-4BC0-B4D6-F4472CD82229} d------ [14:50 25/04/2011]
{18784474-50A7-4DC3-8FAE-BD491CD037F1} d------ [21:30 27/04/2011]
{1A841A0A-34AF-4B01-B7A9-4FA3C263ED7C} d------ [15:13 05/11/2011]
{1AD1BC5E-924A-4981-A3BD-EF41FCC97EC5} d------ [04:02 17/10/2011]
{1B010E0E-DAA9-4ED0-A564-5E783856A6C5} d------ [18:39 01/12/2011]
{1B5AC597-7F04-46E9-B763-6CE9BFF92AAB} d------ [15:07 06/12/2011]
{1BA28B04-A150-41B6-98A7-9E6D2F5AA36D} d------ [04:53 22/11/2011]
{1BCC0F70-3269-434A-A374-FBA821C6451D} d------ [14:44 15/11/2011]
{1BFB432E-74D2-4D02-9612-50631BB55951} d------ [23:14 05/12/2011]
{1D49ECC5-79F0-442F-809A-75949E66D059} d------ [16:04 02/11/2011]
{1D67E896-0ED5-4B48-9739-046143DE1992} d------ [21:54 05/12/2011]
{1D8B4B5A-5F4A-4719-8FE2-4BA77A47B486} d------ [02:05 12/10/2011]
{1E301486-39A6-40AD-8FA2-99A9BE5CDBDA} d------ [04:32 16/12/2011]
{1E8B8CA5-710B-4E06-82A9-128274074A46} d------ [16:50 30/09/2011]
{205EDF1E-01F9-4B84-A845-9BC827940330} d------ [04:31 15/11/2011]
{21126DE4-CDE9-4701-86ED-E413F261E4A2} d------ [23:46 16/10/2011]
{217733F6-9FFB-4565-9ACA-FD25763359BD} d------ [19:22 08/12/2011]
{2206ED97-67A7-4F83-8F7F-FE0D372D177E} d------ [04:38 10/10/2011]
{22307D9E-F8C2-43A6-9458-EBD9149D5628} d------ [16:32 09/12/2011]
{22380D17-B39B-444D-93ED-0CE2B7B0F8DA} d------ [13:18 01/05/2011]
{22C9D58F-D44E-4A72-9A7F-675A35835F0D} d------ [00:53 17/10/2011]
{22CAECAB-10DF-48BD-AEB7-90629E91CD3A} d------ [22:24 20/11/2011]
{22F7677D-4106-40E7-B1AA-B1FFB5FA7D2B} d------ [15:56 18/11/2011]
{231F62D1-82CF-4333-AD41-6DB0DE786003} d------ [21:50 27/04/2011]
{23BE68DE-BCDF-471D-9897-35769BB27585} d------ [04:59 06/10/2011]
{23FBC25C-E77D-46D2-A74C-42B1D378A490} d------ [17:22 30/11/2011]
{24290D5F-652B-418F-BB6D-E0A91A796705} d------ [23:22 12/09/2011]
{245BC9E9-9486-400E-B309-3492F6A98ED3} d------ [20:58 05/07/2011]
{256BF1EA-E8CE-47E7-9C1C-B9F7B636CDD1} d------ [05:00 20/06/2011]
{26012691-8C92-4BD7-843D-36B9D72FD287} d------ [18:00 28/10/2011]
{2667CEE5-0E80-4CAA-B26F-0169603894B2} d------ [21:17 29/11/2011]
{26F0EEF3-BD5C-4E32-B4B6-7687DB378E14} d------ [04:38 10/10/2011]
{26F3E38C-63E0-430E-8B75-5580433C6973} d------ [14:24 01/12/2011]
{27D21BEC-2499-4E1A-9F7B-E22BC0FAFD83} d------ [23:33 31/05/2011]
{28A57EF2-D093-4DFC-ACB8-E75AADAA038D} d------ [20:17 30/05/2011]
{291231F9-6AE9-4C25-BFDE-BC8D2DA5FEAF} d------ [16:54 07/12/2011]
{296AB670-A248-497B-95E3-42154C479772} d------ [15:15 25/06/2011]
{299A0D50-74EE-4C79-94F7-1A91A6A2D189} d------ [02:51 16/11/2011]
{29F04B1E-8496-425C-9EBE-8D84E089FAF1} d------ [21:17 29/11/2011]
{2A2A2287-9CB5-4361-B2CB-5B5C5607FAC7} d------ [14:34 09/12/2011]
{2A535F8F-A0AC-44FE-A99D-1EEF3A144868} d------ [16:25 13/10/2011]
{2A5AA366-B5E4-4521-8335-1F931D072282} d------ [14:50 06/12/2011]
{2AB79F84-D194-4BA1-BA71-1EEBB39C6376} d------ [23:03 01/11/2011]
{2C2B98CF-3C76-46BC-ADC3-4065E501472C} d------ [11:22 23/08/2011]
{2CD04E6B-DE16-49F5-8E12-EF13F5B1567E} d------ [14:06 12/04/2011]
{2CE2501F-4099-4D71-8D2F-7ED0D8666DDA} d------ [16:50 10/10/2011]
{2DC6EC73-FDF3-4795-AD1D-7A6D2BB1B3C5} d------ [22:14 15/11/2011]
{2E264570-7ADF-4805-BC16-52FE21AA5869} d------ [03:44 01/04/2011]
{2F0653F7-60E0-45A4-BD63-E7DB8E5BE21A} d------ [13:01 14/11/2011]
{2F26DFD1-E836-4128-B4BB-BFFB30053A84} d------ [03:22 21/11/2011]
{2FE4BFCB-07E6-423D-8F96-FEE60BBBA310} d------ [19:37 05/04/2011]
{2FEE6B09-61B6-4BDC-8784-A7C76F9A70C9} d------ [02:50 03/12/2011]
{3064276F-F61F-45D9-89B8-081A51C0E9B7} d------ [14:17 29/04/2011]
{30EEE42E-BFB7-422B-A1D2-BC7FCC128BA4} d------ [12:51 22/06/2011]
{31B6D66A-3EAB-48C8-821E-2E8DC4706810} d------ [16:49 10/10/2011]
{31D0CEC8-D964-43BD-91C5-31903CE52EA6} d------ [13:56 16/10/2011]
{320312F1-7883-455F-B9B7-73AD279755A3} d------ [14:30 09/12/2011]
{32A3B90A-D68A-46DA-BCCB-732D7B6698EA} d------ [05:35 27/11/2011]
{33A941C2-685E-4C0D-9F31-049CEC3EC597} d------ [14:24 01/12/2011]
{33D6A28D-3EB1-4466-82EB-C2DB5A19F15E} d------ [15:07 19/11/2011]
{34008902-6161-4C78-A3F0-74AB081FC5C6} d------ [23:00 21/11/2011]
{34559E18-F04F-4C75-A5AB-5D060A2691BC} d------ [22:57 05/12/2011]
{345ED00A-DB19-4C1F-B753-28D06AA1C1DF} d------ [15:30 06/12/2011]
{34691D42-DD36-4F89-B091-EE68510F6ACE} d------ [23:06 08/10/2011]
{347A1DC6-8164-4B55-BC02-3024A7935DB3} d------ [20:19 21/08/2011]
{347CBFC7-33C2-49FF-954E-31AB38741C78} d------ [19:54 15/10/2011]
{348351EC-735A-4AA9-AD03-16C2402EF309} d------ [02:14 01/11/2011]
{352D7834-1452-4A08-A912-828D4BE50C47} d------ [18:41 11/10/2011]
{36429530-DEFA-43CF-96BE-81538D0FB2FD} d------ [16:11 03/10/2011]
{365E1F12-39F7-4B85-ADDB-199DEE7F8316} d------ [12:29 29/09/2011]
{36710890-2208-441D-A046-3E4F9E522468} d------ [12:37 30/08/2011]
{38FA71A5-3AA8-4E9D-8618-381607ABB432} d------ [16:40 14/11/2011]
{3946F96B-90FF-4A00-875C-6AD2E6A82808} d------ [14:17 11/10/2011]
{3954CB1C-1CDB-49C8-BF33-6FA171A85F31} d------ [14:23 05/10/2011]
{395806B3-5BB2-4D08-B445-4FD03A22F3B1} d------ [03:20 12/10/2011]
{3AAE152F-A442-4A0B-BAA4-4B49FD58DA4A} d------ [05:20 19/11/2011]
{3AE734B8-73B5-4043-9B9F-640D24534684} d------ [03:07 09/12/2011]
{3B1ED089-EBCD-4BC3-BD33-792D8101A3F3} d------ [00:42 16/06/2011]
{3BCDF69B-8BDD-4E78-B703-07219B897AC1} d------ [04:21 31/10/2011]
{3CF4423F-9550-4F90-BD51-B90C722BCEC5} d------ [00:28 02/10/2011]
{3D3B69E2-2BCD-4B42-9C09-CE01F74169BD} d------ [05:04 19/05/2011]
{3D3BABC5-5103-4904-8CEE-DAD27B620A2F} d------ [15:36 09/12/2011]
{3D5D86A1-F16E-480E-912D-92378BF2B81A} d------ [15:56 18/11/2011]
{3DA1C0F8-BA31-4C3B-989A-D3BB000AB4BB} d------ [14:09 15/10/2011]
{3DACB088-0B5D-4E37-8207-FBE6F7F33D0B} d------ [20:16 07/08/2011]
{3DF6E589-5482-4C6B-977F-4AFF00B77FEA} d------ [23:39 29/10/2011]
{3E74E093-CD94-4A08-A288-95564FB03E81} d------ [00:18 02/10/2011]
{3EBB0AD1-D590-4F56-8924-C20834DCF091} d------ [03:47 07/11/2011]
{3ED891DA-C67C-4288-93E4-B526FE22B451} d------ [04:19 23/04/2011]
{3EE1242F-EB3E-4C3C-9E5F-B537B5B558C4} d------ [14:14 11/11/2011]
{41FA5CB9-E2A8-484D-BC80-643C4774F976} d------ [23:54 28/10/2011]
{4203E08B-B279-4150-B7EF-DF3EFEFE6A9F} d------ [14:06 23/06/2011]
{42374419-5FE5-45B0-8B84-3DE8B4401C65} d------ [12:24 05/05/2011]
{42A94201-467B-4E10-B55A-5137064AA5FF} d------ [16:09 07/12/2011]
{432457CF-AEB8-4028-B754-579319072469} d------ [15:42 15/11/2011]
{43CF24CE-06F6-4649-9944-3BA3C763F25F} d------ [16:56 22/08/2011]
{43F6DD77-CCBB-423E-BAA5-FEF55D2252F3} d------ [23:08 07/12/2011]
{442B509C-A6BF-4FC2-BAC8-DCD59F506B51} d------ [04:21 31/10/2011]
{450F7D98-9159-4C18-BE79-8D804FD85D65} d------ [16:32 09/12/2011]
{4690A298-15E2-4909-AB28-098E0F928112} d------ [02:58 27/06/2011]
{469FE05B-CF71-4DC6-98D2-4256C1AA8DBD} d------ [20:04 21/11/2011]
{46EA5BD2-87B2-41B5-9C3B-88F3DD762AE5} d------ [08:22 10/10/2011]
{47916D0A-2EB6-45F7-A996-517491875CF0} d------ [02:52 02/11/2011]
{47B063F3-AAF5-4DA2-8404-77C0C7392605} d------ [01:08 18/11/2011]
{47CFA059-8618-4086-9323-AB4EF12C4945} d------ [03:08 29/10/2011]
{481F0843-57F2-4776-B66F-1C531B504FCE} d------ [22:18 27/06/2011]
{48F27DE7-2C05-4871-B952-5E18304876C7} d------ [03:20 12/10/2011]
{497722CF-C2E0-4B72-8B49-D8C08ED19B16} d------ [20:18 19/05/2011]
{49926F1A-D05B-40C2-B397-F62DF7EACCA8} d------ [15:45 01/10/2011]
{49A76F4F-DBA0-410E-BCBB-D1875D0D5087} d------ [17:13 11/09/2011]
{4AC3E774-C51F-4D25-8743-7A60A8DFEF1F} d------ [13:33 04/10/2011]
{4AE1DF2E-4D95-49C0-BEF8-762179BFD880} d------ [14:13 18/11/2011]
{4BFFEC02-4ABF-44A6-9F47-E39FEED49A7A} d------ [16:04 02/11/2011]
{4D7BC681-70C0-411F-A8B2-EE446A299779} d------ [19:32 29/11/2011]
{4DE0A5A2-638F-4918-AAA8-BF5293EDE3EE} d------ [22:11 22/11/2011]
{4E5033B0-D24E-422B-A80B-AC9D66E044E8} d------ [00:58 24/11/2011]
{4E54712A-9D73-40CE-9976-85EF78B504D1} d------ [16:40 14/11/2011]
{4F9BAF90-889A-4504-AF56-073A5F62AA9A} d------ [00:30 04/11/2011]
{4FA08D46-112B-4743-A512-56DF30DC5BF8} d------ [05:19 05/12/2011]
{51004795-E703-4038-B37E-C6DBE04F4671} d------ [14:17 10/10/2011]
{51A50125-7F36-4403-9749-A760DEAD6FD0} d------ [15:36 09/12/2011]
{522CCC08-F217-4A03-B24B-D7C0F85A325F} d------ [18:06 29/09/2011]
{5384E053-C875-406F-B4E2-B50907010A30} d------ [15:51 07/12/2011]
{5398F441-4F4E-4778-BFA6-51243B83FAA6} d------ [01:19 11/05/2011]
{53C1BFE2-C88F-4F19-BEC8-FAC5CAEF3732} d------ [17:01 22/08/2011]
{53CE4260-E8F2-4CEF-A828-A6A2D5D79A0D} d------ [16:07 05/11/2011]
{53F0A9B6-FE3D-4AD3-AF0A-456D26ADDCF3} d------ [03:56 14/10/2011]
{552EB9C1-3A90-484E-93DD-7AA92C6F75B7} d------ [03:18 25/05/2011]
{555E5ACE-E8BF-4B0A-8E12-496B8340C357} d------ [03:03 30/09/2011]
{55A3450D-7C90-429E-987A-3BD39BFEEBD2} d------ [19:32 07/08/2011]
{56A68E71-E72C-4E75-AE37-D4A3E1927C70} d------ [14:23 05/10/2011]
{56AC25F3-A5B9-45B2-9966-1EA01ABC887E} d------ [08:22 10/10/2011]
{57FD24B3-B794-4BA0-B936-F330774710D6} d------ [14:24 02/04/2011]
{587FBC06-1B20-47D3-AD15-F2FF8466E3D4} d------ [17:12 11/09/2011]
{5A1180F7-5412-467A-8A2E-145FEF8A6994} d------ [02:03 20/09/2011]
{5A893777-4A2A-43A8-BBDA-7240D24E4C89} d------ [23:04 10/11/2011]
{5AB40E53-B2E7-48FD-BA58-CEC8961DA6DF} d------ [14:34 09/12/2011]
{5AB464FE-EFB6-4335-B336-F3BEDAF87AAB} d------ [03:40 14/10/2011]
{5B48B50D-F39A-45F6-A07C-5EE2676972B2} d------ [15:17 12/10/2011]
{5C0E0049-02A8-425E-B422-A27C8566CBBC} d------ [21:03 10/10/2011]
{5C6F59B2-24FD-4CA5-A5F8-4C4E53A07211} d------ [16:03 29/08/2011]
{5CF77BB4-27F8-44CE-9985-37A0580F9210} d------ [04:16 09/12/2011]
{5DD99C29-29AD-49C0-800A-D567BCBC7D03} d------ [15:50 28/06/2011]
{5DDF3AB3-AC59-4B85-AD5E-CCA55181D5B1} d------ [15:55 06/11/2011]
{5F1E43BE-B2C6-4C12-BD4B-F2A61DE0FB18} d------ [13:23 01/05/2011]
{5F5D62EC-D45C-4BC6-B087-09CBC9492CC2} d------ [04:44 16/12/2011]
{5F6F2D66-DB20-4702-8E9D-1D3D0D6C597E} d------ [18:39 01/12/2011]
{600EEE51-EE88-40E5-82D8-21A8EB2223CE} d------ [15:03 18/04/2011]
{6029A32B-A1CE-470D-912D-32094859550C} d------ [20:18 05/12/2011]
{608F12B8-3FE3-420B-B71D-4DC448EC6566} d------ [15:17 27/09/2011]
{60BA9806-4AA7-4FD4-B6F0-2C6F335F52C7} d------ [23:46 02/11/2011]
{61270267-2512-4AE1-AEB4-E3912A27AF8A} d------ [04:53 22/11/2011]
{616BA63C-3A17-46FA-8101-A4D531FBC99F} d------ [02:05 12/10/2011]
{61F07B05-6C76-4216-8028-4D910C8BB3CF} d------ [05:38 22/11/2011]
{62248A99-E7B6-4F31-A356-B5D5021BAC40} d------ [21:52 04/12/2011]
{623E9AC9-1224-412D-8BCF-DBA1DAE49578} d------ [00:10 02/06/2011]
{62A9455D-20B2-4E81-9B22-077CEFF9A671} d------ [19:24 29/06/2011]
{62F94057-0E34-45C3-9B9A-83D0392FBFAB} d------ [04:49 13/10/2011]
{632ADA3C-9F9F-419C-B40E-DDFC1C570853} d------ [23:08 07/12/2011]
{63499CD2-7C50-4A14-B004-35AB0947D166} d------ [23:04 10/11/2011]
{6359E992-D58D-45E2-8650-7038CB026A52} d------ [11:59 15/04/2011]
{643A4718-0A9F-4FB5-946A-6568191EA376} d------ [04:55 17/06/2011]
{64C61BB0-C0DA-43A1-9B9F-088EF00D9915} d------ [05:07 06/12/2011]
{659E6BB9-1988-4EB0-978E-4D704B82DD94} d------ [22:11 22/11/2011]
{65FD3B5A-529F-42F7-B823-D1A3AABB5E89} d------ [20:51 14/11/2011]
{66A8FB0E-7E7F-447D-A7A5-4A66386FF47B} d------ [17:26 05/09/2011]
{66DE9948-A0A2-4B02-BF34-88AD1A014F9A} d------ [16:11 03/10/2011]
{68D68CA9-ECC4-4E26-9D4C-9B563F7069DE} d------ [13:09 28/04/2011]
{690898CA-7DA8-4863-B727-6558EE0A45AB} d------ [19:24 04/06/2011]
{69124193-404F-4851-8712-B5D59B24A027} d------ [03:03 19/04/2011]
{6A89FFF8-6C8E-43DE-8C17-231F4A2BBBCF} d------ [13:29 05/11/2011]
{6B5A7A8A-C00E-4C89-BDE8-997D841FB2F0} d------ [01:53 10/08/2011]
{6C30E465-6630-44B4-930F-EA05FB80D420} d------ [21:26 28/11/2011]
{6CE84042-FE79-4317-B48C-40E1003F1C5F} d------ [14:11 17/10/2011]
{6D1489C5-503E-445B-8DC8-91C2435452BA} d------ [11:22 23/08/2011]
{6D1A4909-C9D4-4F6B-BDF8-9D2DB7B29CEF} d------ [15:03 01/11/2011]
{6D828C36-5405-4551-BF4F-6F6F9953944A} d------ [04:49 13/10/2011]
{6E36EBB7-7438-4E7C-B297-FB31A0536A0C} d------ [14:17 11/10/2011]
{6F978627-90E8-4CC7-97F8-7377D9BD89F2} d------ [20:16 07/08/2011]
{6FB51E61-01F8-40D8-9626-4E57470330F2} d------ [02:03 20/09/2011]
{6FC6454B-DF86-4855-87DA-0746D498AD97} d------ [13:01 25/11/2011]
{7001276F-409C-458F-9854-9C028D57F3E6} d------ [14:31 09/12/2011]
{705904E3-68DE-4158-8022-89633A2D6EDC} d------ [21:33 26/04/2011]
{718E36AA-4FF8-4CC5-8B89-0BA8A452CA34} d------ [01:08 18/11/2011]
{72136D3C-D58C-4BC5-9AF1-8CFC7EEB3774} d------ [21:54 21/09/2011]
{72AC673E-EFEF-4BBF-B2AD-F16AC5643AB9} d------ [05:21 06/10/2011]
{72E58DF3-6EE2-4050-BA27-091DE906F487} d------ [15:39 09/12/2011]
{730DC85F-A1CF-4B03-93F9-D18B8CB9666B} d------ [23:14 05/12/2011]
{7322D64F-1EAB-4BE0-9750-CEBF899A5817} d------ [21:03 10/10/2011]
{73232BED-B6DD-4CD8-8258-5BACB023C443} d------ [04:00 18/11/2011]
{738F6757-289C-4568-9584-AA1DA24FD21C} d------ [20:42 27/04/2011]
{745545D7-2B1C-496A-B289-7673E1939620} d------ [03:04 30/09/2011]
{7493C50D-3E47-45A9-BA1A-C6CCDC3E717C} d------ [13:16 27/05/2011]
{764CC19F-28AE-4B04-8430-A51B19360DD6} d------ [00:53 17/10/2011]
{77CE178B-4B84-4F78-994F-37AB4B909FF7} d------ [21:52 12/12/2011]
{78128607-A530-480E-AAC8-C6852BB6914F} d------ [19:22 08/12/2011]
{78487A47-BB6A-408E-B653-571750FC90D8} d------ [13:24 30/09/2011]
{7881EC81-2DEC-4B04-ACE6-7C6A2260EC08} d------ [04:31 15/11/2011]
{78DADF21-8F0A-4D25-947C-EB7C51F2E740} d------ [19:50 27/09/2011]
{79E80520-AA8E-467C-99A4-9794FE39F557} d------ [20:05 21/11/2011]
{7A516B4B-A1D1-429E-88CC-CF16603B3D0E} d------ [15:07 06/12/2011]
{7B9773ED-EA09-454C-BE31-EB0BA8E87A46} d------ [13:38 04/11/2011]
{7B9B0B33-8594-434D-A965-3673A3855FE6} d------ [15:45 01/10/2011]
{7BC1F688-E9F2-4DB7-ACB5-3AF223A99253} d------ [13:29 05/11/2011]
{7C211AF9-2B5C-451D-A324-1CDD30BE133D} d------ [13:46 28/11/2011]
{7C2C1311-E590-443B-AF1A-9D00EB4453E2} d------ [05:42 29/11/2011]
{7C2E4988-83E6-4A65-9AF6-F05FC867FECE} d------ [13:56 16/10/2011]
{7C9E5B0E-B4BC-4C7A-AFDB-8781DD170A28} d------ [17:04 14/10/2011]
{7E2CF4C6-F4BB-488A-96D1-F463619121DF} d------ [16:44 24/11/2011]
{7EE235D6-64A8-4F8A-9B22-B6EA80FD1174} d------ [04:51 09/12/2011]
{7FF35697-3FEC-4119-8C2F-B38982F817BB} d------ [15:02 01/11/2011]
{8013957C-0F89-4CBB-92D9-A922C66A0248} d------ [14:50 06/12/2011]
{8049C0BD-6E96-4BE6-8494-A03E6EAC5B58} d------ [06:24 06/11/2011]
{82013638-D80B-4A07-8886-58F988942911} d------ [14:24 20/04/2011]
{82D90DFB-1691-4F9F-AE5A-83DDB05357A9} d------ [01:09 09/05/2011]
{8332BCA2-2B5E-44D0-A3FD-9FC72A2B9395} d------ [16:18 31/10/2011]
{83A3583C-E945-4BDD-BF3E-D241F4AB9F46} d------ [19:31 29/11/2011]
{84024590-539F-4ABB-92C7-9D42E2AA8B93} d------ [20:38 17/11/2011]
{84630D5B-D422-4EB4-BD5C-ADD2E21338F1} d------ [01:20 28/09/2011]
{8475C183-E714-4345-BE43-504BB7AC9CCE} d------ [03:23 15/10/2011]
{84EF98DC-2CAC-44B2-AE9A-02EF3A6ADE53} d------ [04:51 09/12/2011]
{84FAD432-36F9-4954-B7CF-6B12830903A4} d------ [15:16 12/09/2011]
{8521FCAC-2943-4D9F-B259-1D939CF30A5B} d------ [21:37 18/11/2011]
{869E1806-5019-4691-A378-3BA7AD771A52} d------ [14:09 15/10/2011]
{8748B5F1-D5B5-4E6F-98BB-56E2378D705B} d------ [15:23 29/11/2011]
{87F035E9-9AC2-4FEC-9285-D302E7659BB6} d------ [02:14 05/12/2011]
{88338CFE-B7E5-4185-A04A-41C42B268A07} d------ [22:52 23/04/2011]
{884A451F-18A6-453B-BE04-290CB9542511} d------ [01:34 30/11/2011]
{88867BB2-1436-4754-A3A8-C464BB89E7DE} d------ [02:15 14/06/2011]
{88DD116F-F492-4B1E-8C7C-30CB7538662F} d------ [20:47 05/12/2011]
{88F56AB2-843D-4F57-99FE-DF67F689B4D0} d------ [17:27 27/04/2011]
{89111E73-4F13-4F63-86DE-28AE35A01600} d------ [23:53 17/05/2011]
{891BA131-09F0-4B6B-8FDE-B0127131098C} d------ [21:07 02/11/2011]
{89767B68-AD6D-47AA-8C5F-E882FA34E974} d------ [23:12 12/12/2011]
{8A37A191-FC72-40AE-8759-483BBD207F79} d------ [15:50 04/10/2011]
{8DF097E0-615B-4F74-A999-F072A9CD1ED3} d------ [21:37 18/11/2011]
{8E9DF5B8-34D0-4E3F-A92C-E09B756AB55E} d------ [12:37 30/08/2011]
{8EFE8A25-008A-4E7D-B4D1-20995F38229F} d------ [00:19 12/11/2011]
{8F1664D1-7BF8-4B19-92BD-E810EC8CA16E} d------ [15:42 22/11/2011]
{8F301466-D7F2-454B-B417-24E25AA32DE8} d------ [16:03 29/08/2011]
{8F5A9F24-5C5A-419F-9C4B-9C53D74AC208} d------ [07:34 26/04/2011]
{8F93EE9C-F3C1-4A0E-A192-CD539B7A28D0} d------ [17:26 05/09/2011]
{8FA3B695-3E9E-4001-ACE7-88E68BA05E9B} d------ [13:00 25/11/2011]
{90894D07-3CBA-4461-BA28-B292590E3BD7} d------ [14:12 17/10/2011]
{90FFCDC5-6AD7-44B4-8EB6-C3F0394E859C} d------ [21:42 20/06/2011]
{919C15ED-CE61-4598-B999-AAAA220A11B9} d------ [00:52 30/05/2011]
{91BCB7B8-F1EB-49B4-8489-18B74D61F5CF} d------ [02:50 03/12/2011]
{93D50DBD-A040-42A3-AA6A-96302CBF93C7} d------ [19:30 15/11/2011]
{94753A26-3C40-453E-B669-17BD5522D2C6} d------ [16:49 24/04/2011]
{94A1B43C-9EFD-443A-819C-D94D875A8A27} d------ [23:38 29/10/2011]
{961C60B8-2E5E-4287-BAAA-FA36DE4EFC4A} d------ [23:02 14/06/2011]
{967BCB71-2037-40DC-83DB-636F6BB24C0C} d------ [14:41 18/05/2011]
{96F0DEAE-AB0B-4FD5-A1F0-272E60E398CE} d------ [02:59 13/04/2011]
{97F18D61-C555-470B-AE84-6BB8C398989E} d------ [21:30 29/11/2011]
{9A0F9709-0119-4DA6-97E6-D012BA54AA99} d------ [21:57 07/12/2011]
{9A269E6E-22F0-4BDC-96C4-ADD5EAC94357} d------ [15:17 27/09/2011]
{9AE9B765-1C19-4FEA-AC53-4FEB2ED16D19} d------ [18:30 02/11/2011]
{9C27A182-3D34-4580-9DE6-69ED4CAC06ED} d------ [15:30 06/12/2011]
{9CFD1432-8D83-4F29-97DD-939868E3AD95} d------ [12:23 11/04/2011]
{9CFDC33D-2FBE-4CDD-952D-69BF597FE4D5} d------ [01:50 30/09/2011]
{9D8EC8BB-D463-402C-A79A-49BE6194D21C} d------ [19:02 07/05/2011]
{9EAF9E81-8435-41A9-8695-A24BF4541B0D} d------ [14:59 13/04/2011]
{9F978E04-4418-434A-8E21-6E864AA4533F} d------ [04:36 09/12/2011]
{9F9874AC-6878-4DE6-9B7F-BCF2ECCE1932} d------ [13:28 04/05/2011]
{A04933F6-FC3A-48EC-A154-222FF36E50A4} d------ [16:14 05/10/2011]
{A1E0C00D-49CE-4695-8435-3DD460202A50} d------ [15:39 09/12/2011]
{A1E1BFBD-FCCC-404A-8136-10B86C383BAA} d------ [22:14 15/11/2011]
{A1FEFB99-4C56-4D37-9167-0339DAD1A88F} d------ [03:56 14/10/2011]
{A205CCBD-F221-48EA-BBDE-441D5E29769B} d------ [16:44 24/11/2011]
{A2073432-6C08-453D-9C7D-B36F71B1AA3F} d------ [20:38 17/11/2011]
{A2B33282-E367-4B3E-99EB-D294B0F179AF} d------ [16:14 05/10/2011]
{A3035E05-4379-4CB2-BE7D-DEBF8C6521FE} d------ [03:23 15/10/2011]
{A31A2FB0-79FA-46FE-BF3F-0B331FDE03F2} d------ [13:37 06/05/2011]
{A3263427-82FC-4447-8546-17FA6033CDBC} d------ [18:02 03/04/2011]
{A39D7C8B-C80C-475D-8C5F-11C8F9E177A4} d------ [03:55 07/12/2011]
{A4152B1C-7958-4565-A865-E610ECAEB6B5} d------ [16:49 29/10/2011]
{A4D45305-9F50-4DE1-BDF3-7D7F5188A1D4} d------ [12:29 29/09/2011]
{A589F84B-9477-4807-9114-1631F775B268} d------ [00:38 16/11/2011]
{A59132D4-9150-4304-A957-C38D1B795253} d------ [13:49 29/11/2011]
{A6C4F515-96D5-4DE7-A3BA-0A763755626F} d------ [01:34 30/11/2011]
{A733A1C0-CD46-40BF-8DDA-C2977EF48577} d------ [23:00 21/11/2011]
{A75D3F95-6A88-4640-BBD5-5326D0CDDD81} d------ [23:13 12/12/2011]
{A79DCD66-CCE7-41C4-8979-EC1922C46B02} d------ [05:07 06/12/2011]
{A7F83F1A-D976-4024-BB73-18F47F42A96C} d------ [04:00 18/11/2011]
{A85953BF-C216-4CE8-8FB8-0DBE9FE4114E} d------ [21:08 02/11/2011]
{AA1FE1E6-F4B2-4C62-A3F0-18212500999B} d------ [18:01 28/10/2011]
{AA9001AD-66A8-4580-B5AD-218E741C81D1} d------ [19:11 29/09/2011]
{AA9CF86C-D3C2-417C-884A-FDE71AD6B8AB} d------ [16:29 14/10/2011]
{AAA864EC-5656-4CB2-9727-B03012C53955} d------ [13:34 12/10/2011]
{AAE54B63-EE02-4856-A288-B74E76A23B4E} d------ [03:17 02/11/2011]
{AAF6EC21-D3AA-411A-A591-36C25381516E} d------ [21:47 26/05/2011]
{AB2D1940-919E-45B1-9B2E-CB8E401270C3} d------ [05:35 27/11/2011]
{AB8ACD36-E447-4D30-BCAD-BAF7098B8E1C} d------ [23:38 30/03/2011]
{AC968916-73D1-49C0-B2C5-C4B1CA37B51B} d------ [21:56 07/12/2011]
{ACDA5C85-F7E1-4B5C-BD0D-F0E068A6F6AB} d------ [13:37 04/11/2011]
{ACE3D8D5-5D47-4152-AECC-052A5AE99C4F} d------ [13:46 28/11/2011]
{AD5D0785-04C9-422D-8374-2DAD375A1183} d------ [05:19 05/12/2011]
{AE855A96-179C-4E80-A4D7-82B242F00043} d------ [02:51 16/11/2011]
{AEC6C66A-1EEE-45D7-9416-FF972F66668E} d------ [13:24 25/04/2011]
{AFB4D1DF-AD24-464F-95B5-D8E671BB915A} d------ [13:42 07/04/2011]
{AFD2C127-4A58-4955-B6CF-85051F7C1530} d------ [17:04 14/10/2011]
{B17E226D-956F-4DFD-BE93-6B545FACFEC6} d------ [15:50 04/10/2011]
{B19E5CF8-DD7D-4AAE-A7A6-C64428688361} d------ [17:08 07/12/2011]
{B1C51B52-8030-4EF4-B574-ACA27BEE5C41} d------ [03:54 07/12/2011]
{B3175E9B-420F-4C98-8AD5-DF507C5ED5F3} d------ [22:38 10/09/2011]
{B31E6ABB-EFEB-4081-B9DA-D8AC944B4B14} d------ [19:54 15/10/2011]
{B3ABED28-A90D-43D5-8F46-6A820672553D} d------ [18:15 30/11/2011]
{B41B57E9-99B4-4849-8B78-3AEAF7F020A2} d------ [19:51 31/10/2011]
{B45053A4-E27A-4E2A-A101-20ACD895ED4A} d------ [13:04 28/04/2011]
{B563015B-1E8C-47B5-9E7C-CD3988536E35} d------ [16:18 31/10/2011]
{B6A5C02A-7411-430F-A463-F347BF51AA03} d------ [18:12 21/04/2011]
{B75BEC98-19BD-4E3C-BCCC-5F84272FC70A} d------ [02:52 02/11/2011]
{B80CD5F3-53E9-4AE1-B004-0929C56A71B3} d------ [23:46 02/11/2011]
{B8CD6C18-96F4-4254-886E-C9CFCBE59B6C} d------ [23:46 16/10/2011]
{BA544BA8-0609-47EB-8C5C-85EBD4173C1B} d------ [13:21 27/07/2011]
{BA5E2C83-E247-433A-8C6B-4CADE1E82B6E} d------ [15:21 18/07/2011]
{BA600802-7987-475F-A27F-92DE7DCFA435} d------ [13:14 10/05/2011]
{BA884EC3-36BF-414D-B46D-E894F12B1194} d------ [20:18 05/12/2011]
{BAC94C35-0EEB-4D53-A26C-9E0539220604} d------ [02:00 27/11/2011]
{BB6160D4-FF4C-4915-853C-17E7AE3F6B3A} d------ [21:26 28/11/2011]
{BB80CFAC-6A49-4DB2-9FCB-A4DDE48B516D} d------ [00:29 02/10/2011]
{BBFC937A-2E66-44BD-A398-41D65659A367} d------ [03:07 09/12/2011]
{BCD771E6-D579-4CF4-A89D-E466FF73EC78} d------ [00:23 05/12/2011]
{BCF5D5BB-35D8-440A-B9E3-A9F32C0D3090} d------ [17:05 22/08/2011]
{BDAD3A6F-AC69-40D3-B885-33A2E913D22B} d------ [01:34 08/06/2011]
{BF46675C-5313-4DFB-89CA-001372B76EBB} d------ [15:55 06/11/2011]
{BF8E39C8-1008-4F79-A259-1EF18517F0C7} d------ [01:55 05/04/2011]
{BFA30C6C-4163-495A-B8FE-F8D0FB9250DC} d------ [22:57 05/12/2011]
{BFBEC189-74F9-44E9-B00E-7DB0AF0256F4} d------ [15:18 30/11/2011]
{C0030D43-886D-40FE-A4A5-C1ED6FD2351A} d------ [05:00 06/10/2011]
{C07FD8E7-4172-4AA5-BFC5-FDFCACBBEE49} d------ [03:42 03/11/2011]
{C0B64FE7-A843-442A-8D6A-B27B651E7584} d------ [16:53 07/12/2011]
{C0CBE688-4C18-4E9F-9EC1-051C8C24D0C8} d------ [15:18 30/11/2011]
{C17495F7-EA00-48FA-B6A3-4D3BD014940E} d------ [15:42 22/11/2011]
{C1CAB1FF-7C21-4CD4-BA01-4226941D5149} d------ [13:34 12/10/2011]
{C37DF65C-F580-41E9-A01B-86F42EA2C486} d------ [15:47 08/08/2011]
{C4088C68-08A3-496E-8944-65B81A42D20E} d------ [00:29 04/11/2011]
{C4A12574-6CA7-4D2B-A051-4A1331FE1CEB} d------ [17:22 30/11/2011]
{C4B15C21-93D2-456A-BAEA-B8045F56A71B} d------ [13:49 29/11/2011]
{C4C24ECB-8EDE-43BF-9A17-ABB3662FC7E6} d------ [19:30 19/11/2011]
{C4F3DBCB-562C-490C-9098-2421B907E566} d------ [05:38 22/11/2011]
{C535D99B-F77A-4586-87D0-57862BF82E51} d------ [21:52 04/12/2011]
{C55AB930-9995-43FE-BA74-114CCF519E81} d------ [21:53 05/12/2011]
{C62DC250-6B11-489E-8B62-540C76B02AE8} d------ [19:49 27/09/2011]
{C645ABE6-0489-43ED-9AAD-AD3813982F99} d------ [15:13 05/11/2011]
{C703102B-317B-4F2C-AAC7-4E0FF17BD348} d------ [05:17 22/11/2011]
{C7EBD9F9-9B5D-4FA6-95EB-0ED4D542696A} d------ [03:46 28/07/2011]
{C88F072E-9E7C-4A78-BC80-737E2D52C662} d------ [20:47 04/11/2011]
{C89EE863-E46B-429F-9A5F-E33787B991E0} d------ [01:09 12/04/2011]
{C8DBED49-54B0-4B32-875A-258BD34C918E} d------ [13:11 07/11/2011]
{C8E1A940-7FCD-43DE-BB36-28DE64C077BC} d------ [13:33 04/10/2011]
{C90417B6-AE7E-43E0-BD69-80FAEBC95226} d------ [14:39 04/11/2011]
{C9101548-0CB0-48C0-92BF-E0FEECC24527} d------ [00:38 16/11/2011]
{C9962647-557D-4C74-9B5D-205CCF60C181} d------ [12:11 13/06/2011]
{CB229E05-AD30-4F16-98C1-A06730B25908} d------ [15:46 08/08/2011]
{CB9319D0-E695-46BA-BF0B-F956712C05F3} d------ [03:08 29/10/2011]
{CC5591A0-4C6A-455D-93B2-F74923EFCC27} d------ [20:51 14/11/2011]
{CD68F2C7-F330-4847-A43E-73C92E437A76} d------ [00:19 12/11/2011]
{CDAA8332-E852-4E80-B79D-4D505C5219C0} d------ [05:43 29/11/2011]
{CDDB2CA8-8B5F-4A3A-B5BA-0D907E95BC73} d------ [14:44 09/12/2011]
{CE570F78-2E56-45E8-B9C0-3273982D4C72} d------ [19:11 06/04/2011]
{CF5EB042-2565-4A89-91ED-A0EB0F6D103C} d------ [00:24 05/12/2011]
{CF60BC51-4C50-48B3-A0AA-B35CD6574AB9} d------ [03:17 02/11/2011]
{CF7ABF91-7D26-4673-84D3-7BD29BC3E8C2} d------ [04:16 09/12/2011]
{D01C3294-EB68-4D95-A56C-165CFD3AE31B} d------ [01:20 28/09/2011]
{D03A5F24-E7E7-41D5-9B58-AAB4F0E64B40} d------ [03:22 21/11/2011]
{D074B766-2528-48D6-8784-421C25B2898C} d------ [23:51 02/05/2011]
{D1315387-A178-4C08-B256-4B7884665304} d------ [14:07 31/03/2011]
{D1B312C5-F3F9-4524-9311-80EA02822042} d------ [16:30 14/10/2011]
{D1B425AC-0120-4913-86B3-698A360874F0} d------ [01:10 28/11/2011]
{D29A74D6-E654-4487-B36B-449845A1E9DA} d------ [19:32 07/08/2011]
{D35D5781-8A9A-4184-B76D-27C19E74AC56} d------ [22:38 10/09/2011]
{D369BFEA-1C49-47FA-BC13-213D2AC06B27} d------ [02:06 21/11/2011]
{D3994ECA-7D2A-4816-830B-1B47E0B8422D} d------ [18:05 01/04/2011]
{D43E2522-6061-468C-9EC1-91C395AB2812} d------ [13:25 30/09/2011]
{D48A6C09-09AD-4DB7-B753-33F7A48C2E11} d------ [16:50 30/09/2011]
{D4EA85AA-DADF-4D9F-B9E1-0ECF0C3F18FE} d------ [03:29 15/11/2011]
{D4FA95E1-4BF6-44E5-B7D9-7647DDC4C1E1} d------ [15:12 29/11/2011]
{D5488110-4BCD-4F0D-BD3A-898E623BFEC3} d------ [12:35 22/04/2011]
{D583DC3C-C839-43D8-8B59-507BB0805BD1} d------ [14:14 11/11/2011]
{D628B33E-DB79-415C-BB18-C4A42B4FDA61} d------ [15:17 12/09/2011]
{D6DDE5E1-11E6-488C-95AE-8FAC64538AC4} d------ [04:50 06/12/2011]
{D87CABD7-8BD7-4235-8B29-D6E2F56B17FB} d------ [18:41 11/10/2011]
{DA72CA6C-8C3E-4B77-9C63-BEBCC11444EB} d------ [13:01 14/11/2011]
{DA8B7643-7DF0-44D0-B9E5-6BF67AAD4B27} d------ [03:29 15/11/2011]
{DAE88209-60F4-4D45-9C68-B4AC6655C7C3} d------ [15:07 19/11/2011]
{DB229771-A41D-4246-91B1-1E00FEF05709} d------ [08:14 10/10/2011]
{DB98C1C0-45BE-4AB8-8C88-73D90909E0EE} d------ [12:53 02/06/2011]
{DBF1ECB4-9901-4B22-B8E4-ACFD07A5E38F} d------ [21:10 01/10/2011]
{DC055807-D50B-4B66-8322-281312390B94} d------ [13:11 07/11/2011]
{DC06770D-0593-4D3D-A8D7-B4E264284269} d------ [16:25 13/10/2011]
{DC13C4BC-9C18-477B-A4AC-832B42BE6D1E} d------ [03:05 12/05/2011]
{DC660B4E-9FC3-424B-9F52-7803819F5924} d------ [03:41 29/05/2011]
{DCD77134-DE6A-4F8A-A6EA-DF87E88E46D9} d------ [18:15 18/11/2011]
{DE1E1E19-E820-495D-AD31-41384F3BCF37} d------ [01:21 12/10/2011]
{DE819AD1-B088-481C-A313-A1137706063D} d------ [19:35 26/04/2011]
{DEDB6B82-6566-4A63-B7D9-25CE2ABA6EF2} d------ [13:20 11/05/2011]
{DF24CF58-0A14-4E78-B11C-8C4C08663B65} d------ [21:10 01/10/2011]
{E0D9C283-86A3-42EA-837D-E638A7DCCAB1} d------ [19:07 12/05/2011]
{E1B9FD9F-9DBD-405E-A44F-FA1E8932FD6F} d------ [05:20 19/11/2011]
{E35C8022-8F8C-42E8-B3C7-18A07187593F} d------ [19:50 31/10/2011]
{E361426D-3954-41DC-B187-56A31611C1D6} d------ [03:18 24/11/2011]
{E36EF0C2-B2D6-474E-BD8D-0A9AC09CC888} d------ [03:18 24/11/2011]
{E373F822-6DD8-4AE6-813F-F2840C52228A} d------ [15:12 06/12/2011]
{E4DB9261-254C-44E5-83A8-C46B4FD6571B} d------ [03:40 14/10/2011]
{E577FCCB-41CD-4C75-AC78-ECAA0FF613C8} d------ [20:47 04/11/2011]
{E5A78A5C-FC4A-4EF9-88B7-FCF8509A3481} d------ [14:12 18/11/2011]
{E5FF6DDD-BB50-4F81-911F-85D17D6374BD} d------ [23:13 06/06/2011]
{E64DFD34-4E16-443B-8CE3-9AC7CFB4B83C} d------ [15:23 29/11/2011]
{E69411E8-9E6A-44DC-9CD3-58126C93568E} d------ [15:02 31/03/2011]
{E6CD773A-34D9-44C3-9173-0E654322D39F} d------ [01:21 12/10/2011]
{E6DE1C7A-D8EA-427A-9AF2-F14423E49673} d------ [04:44 16/12/2011]
{E7BD2639-EAEF-45D1-B8F0-296DC89092DB} d------ [15:50 07/12/2011]
{EA36BA92-D624-49D7-BCB0-5B8721DD67B4} d------ [01:50 30/09/2011]
{EA7ABE5C-2E8E-422A-9D3A-4AE431ED5A47} d------ [16:46 16/04/2011]
{EBAD4862-9430-40DE-9E66-C91187BDF460} d------ [16:33 24/11/2011]
{EC53F1C4-C94C-42DE-81BE-CFE404A51296} d------ [23:54 28/10/2011]
{EC812742-4FE1-42C4-9134-FD35707125AE} d------ [14:39 04/11/2011]
{ECA15E89-9E1D-42B0-89FB-638AB84228CC} d------ [01:11 23/06/2011]
{EE370FC7-8D85-4DBE-8DD8-957947394833} d------ [06:24 06/11/2011]
{EE81AAD4-5983-48B5-9C58-67871C077E47} d------ [18:33 19/04/2011]
{EEADF6C0-AADA-4CD8-8834-251EF1E680A7} d------ [04:50 06/12/2011]
{EF966FF1-07CC-4FF3-8282-0E8EFEAA04CB} d------ [19:11 29/09/2011]
{F0A3A42D-5910-4415-BAD8-C3A5E789B4A2} d------ [00:58 24/11/2011]
{F111BC5E-82D7-4707-8D22-EE2D6E4B6E3E} d------ [14:16 10/10/2011]
{F1AA70EF-FC45-4737-87F0-FC782DEF24A7} d------ [13:55 04/04/2011]
{F1F09580-0D9E-4AB8-BBFA-2A3569038A90} d------ [15:42 15/11/2011]
{F2193A6A-3104-4F76-ADAB-1A6CF3CFC555} d------ [04:02 17/10/2011]
{F21ADECE-B7A2-4ECB-BE41-DE459FAA0F60} d------ [03:42 03/11/2011]
{F21F1F7B-B2D1-4FDC-A6D1-E8E485DBBEAA} d------ [17:05 22/08/2011]
{F3065CC4-3AB2-48BB-9A19-AA69946781FC} d------ [03:29 08/04/2011]
{F31B93BC-241F-4F75-A1DD-7F98085C9EC7} d------ [18:15 30/11/2011]
{F40A1543-5833-4836-A643-237BE38527F0} d------ [16:36 19/04/2011]
{F4992D41-F564-4CBD-A7CB-A1BB71BB6E92} d------ [23:21 12/09/2011]
{F5E23578-CCE6-470A-A189-8320B697B60E} d------ [00:15 02/12/2011]
{F632442D-7C2F-45CF-A254-9ABF5C5CF7E5} d------ [06:26 05/12/2011]
{F8515D2D-1B04-4A6B-AA18-F004997E0E82} d------ [02:00 27/11/2011]
{F9AA5C5D-4A66-427A-B5DF-E47568348565} d------ [03:51 29/06/2011]
{FB157507-A870-4111-AF3A-E3A82EFBEFFB} d------ [19:30 15/11/2011]
{FCF041AF-D2E5-429A-ADA0-FB57E3096B8D} d------ [02:14 01/11/2011]
{FEA23FE6-8B6C-463D-B032-38C2BB61C83E} d------ [23:03 01/11/2011]
{FF18F52D-4EEC-4887-A2B9-22CFCCDA3B75} d------ [14:45 15/11/2011]
{FFA26EA4-0E07-4015-BB32-B59E18EBCB85} d------ [17:14 10/11/2011]
{FFB26D6C-56CF-4D21-83E7-F66B4BA7A044} d------ [01:58 10/08/2011]

-= EOF =-

[womble]

OTL.txt



OTL logfile created on: 12/16/2011 8:16:24 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Kathie\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.91 Gb Total Physical Memory | 2.55 Gb Available Physical Memory | 65.38% Memory free
7.81 Gb Paging File | 6.26 Gb Available in Paging File | 80.15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.37 Gb Total Space | 178.56 Gb Free Space | 62.57% Space Free | Partition Type: NTFS
Drive D: | 12.53 Gb Total Space | 2.09 Gb Free Space | 16.66% Space Free | Partition Type: NTFS

Computer Name: KATHIE-PC | User Name: Kathie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Kathie\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe ()
PRC - C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
PRC - C:\Program Files (x86)\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe ()
PRC - C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\ProgramData\Clickfree\HDDV2USB3\UACProxy.exe (Storage Appliance Corp.)
PRC - C:\ProgramData\Clickfree\HDDV2USB3\reminder\SacReminder.exe (SAC)
PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\cc6713be0e405d5a89a2783103f7e771\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\5672e6b9d976feca51deb06d8dd1df0e\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\018d2569cf208acbe8ad73908705f607\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\45a20172acfdcc160ecb6bd358179c31\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\09e39322b47f9b4e8dd2199ff03acb2e\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\0e245eb9c1067cabd5673fe832d28613\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\a3f989a61ab0468876629134c49514b2\UIAutomationTypes.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\d2dc021a8311197516e4fa325b292f21\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\3136e12cfb8809d39813e76c766c782c\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\275680f2b9db0501d53c50ea7d7a43f0\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e9ebeb7959f1c916ebf6fca8f7077d6c\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\95b9866ab6e4437ef5dc5855ebab4e33\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe ()
MOD - C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (vToolbarUpdater) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe ()
SRV - (AVG Security Toolbar Service) -- C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe ()
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (CFUACProxy_hddv2usb3) -- C:\ProgramData\Clickfree\HDDV2USB3\UACProxy.exe (Storage Appliance Corp.)
SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (HsfXAudioService) -- C:\Windows\SysWOW64\XAudio64.dll (Conexant Systems, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (GameConsoleService) -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSEH) -- C:\Windows\SysNative\drivers\AVGIDSEH.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSFilter) -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (IntcHdmiAddService) Intel(R) -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel(R) Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (Dot4Scan) -- C:\Windows\SysNative\drivers\Dot4Scan.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (XAudio) -- C:\Windows\SysNative\drivers\XAudio64.sys (Conexant Systems, Inc.)
DRV:64bit: - (HSF_DPV) -- C:\Windows\SysNative\drivers\CAX_DPV.sys (Conexant Systems, Inc.)
DRV:64bit: - (mdmxsdk) -- C:\Windows\SysNative\drivers\mdmxsdk.sys (Conexant)
DRV:64bit: - (winachsf) -- C:\Windows\SysNative\drivers\CAX_CNXT.sys (Conexant Systems, Inc.)
DRV:64bit: - (CAXHWAZL) -- C:\Windows\SysNative\drivers\CAXHWAZL.sys (Conexant Systems, Inc.)
DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (netw5v64) Intel(R) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...vilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...vilion&pf=cnnb


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-793441373-2273776425-1934341863-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKU\S-1-5-21-793441373-2273776425-1934341863-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/08/21 14:06:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/11/29 19:47:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG10\Firefox4\ [2011/12/05 15:24:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\9.0.0.18\ [2011/12/15 23:36:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/12/10 19:36:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/12/10 19:36:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kathie\AppData\Roaming\Mozilla\Extensions
[2011/12/12 17:24:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/12/12 17:24:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
[2011/12/05 15:24:30 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES (X86)\AVG\AVG10\FIREFOX4
[2011/12/15 23:36:18 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\9.0.0.18
[2011/09/29 01:53:40 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/12/15 23:36:01 | 000,003,766 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2011/09/28 19:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/12/16 00:02:08 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-793441373-2273776425-1934341863-1000\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKU\S-1-5-21-793441373-2273776425-1934341863-1000..\Run: [SacReminderHDDV2] C:\ProgramData\Clickfree\HDDV2USB3\reminder\SacReminder.exe (SAC)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-793441373-2273776425-1934341863-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-793441373-2273776425-1934341863-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-21-793441373-2273776425-1934341863-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 207.164.234.193 207.164.234.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C5BC8390-B45F-474A-B33A-5549C62205D4}: DhcpNameServer = 207.164.234.193 207.164.234.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E7EAA283-14ED-403A-BFF6-561E2637DBB4}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll ()
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgchsva.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/16 20:14:15 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Kathie\Desktop\OTL.exe
[2011/12/16 17:13:51 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/12/16 00:11:24 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011/12/16 00:11:24 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011/12/16 00:11:24 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/12/16 00:11:24 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/12/16 00:11:23 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011/12/16 00:11:23 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011/12/16 00:11:23 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011/12/16 00:11:23 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/12/16 00:11:23 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/12/16 00:11:23 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/12/16 00:11:23 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/12/16 00:11:23 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2011/12/16 00:11:23 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011/12/16 00:11:23 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011/12/16 00:11:23 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2011/12/16 00:10:28 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/12/15 23:51:52 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/12/15 23:51:52 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/12/15 23:51:52 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/12/15 23:51:45 | 000,000,000 | ---D | C] -- C:\COMBOFIX
[2011/12/15 23:51:41 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/15 23:49:50 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2011/12/15 23:49:43 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2011/12/15 23:49:43 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2011/12/15 23:44:36 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{5F5D62EC-D45C-4BC6-B087-09CBC9492CC2}
[2011/12/15 23:44:22 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{E6DE1C7A-D8EA-427A-9AF2-F14423E49673}
[2011/12/15 23:44:16 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/12/15 23:36:05 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2011/12/15 23:36:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search
[2011/12/15 23:36:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search
[2011/12/15 23:32:52 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{1E301486-39A6-40AD-8FA2-99A9BE5CDBDA}
[2011/12/15 23:32:37 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{017A220C-E3CB-484C-82B6-9747046E7D0A}
[2011/12/12 18:14:35 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/12/12 18:14:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011/12/12 18:14:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2011/12/12 18:13:12 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{A75D3F95-6A88-4640-BBD5-5326D0CDDD81}
[2011/12/12 18:12:59 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{89767B68-AD6D-47AA-8C5F-E882FA34E974}
[2011/12/12 17:25:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011/12/12 17:24:32 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011/12/12 17:24:32 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011/12/12 17:24:32 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011/12/12 16:52:45 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{77CE178B-4B84-4F78-994F-37AB4B909FF7}
[2011/12/12 16:52:32 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{0AAF965D-C8FB-4B80-9123-A6A0B4CDCBDD}
[2011/12/10 19:36:10 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Roaming\Mozilla
[2011/12/10 19:36:10 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\Mozilla
[2011/12/10 19:36:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2011/12/10 19:29:51 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Roaming\Real
[2011/12/10 17:35:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
[2011/12/10 17:32:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/12/10 17:32:51 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/12/10 17:24:15 | 000,000,000 | ---D | C] -- C:\Users\Kathie\Desktop\ALEX
[2011/12/10 17:18:41 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{023C6E61-532D-4641-81FC-705C60E91011}
[2011/12/09 11:32:56 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{450F7D98-9159-4C18-BE79-8D804FD85D65}
[2011/12/09 11:32:45 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{22307D9E-F8C2-43A6-9458-EBD9149D5628}
[2011/12/09 10:39:52 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{72E58DF3-6EE2-4050-BA27-091DE906F487}
[2011/12/09 10:39:40 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{A1E0C00D-49CE-4695-8435-3DD460202A50}
[2011/12/09 10:36:26 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{51A50125-7F36-4403-9749-A760DEAD6FD0}
[2011/12/09 10:36:15 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{3D3BABC5-5103-4904-8CEE-DAD27B620A2F}
[2011/12/09 09:44:37 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{CDDB2CA8-8B5F-4A3A-B5BA-0D907E95BC73}
[2011/12/09 09:44:26 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{17601612-36C4-48B7-91A7-28ED90D34C9C}
[2011/12/09 09:34:52 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{5AB40E53-B2E7-48FD-BA58-CEC8961DA6DF}
[2011/12/09 09:34:38 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{2A2A2287-9CB5-4361-B2CB-5B5C5607FAC7}
[2011/12/09 09:31:03 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{7001276F-409C-458F-9854-9C028D57F3E6}
[2011/12/09 09:30:52 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{320312F1-7883-455F-B9B7-73AD279755A3}
[2011/12/08 23:51:59 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{7EE235D6-64A8-4F8A-9B22-B6EA80FD1174}
[2011/12/08 23:51:48 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{84EF98DC-2CAC-44B2-AE9A-02EF3A6ADE53}
[2011/12/08 23:36:45 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{0D755FCC-679B-42E9-8D04-1E0526161F49}
[2011/12/08 23:36:33 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{9F978E04-4418-434A-8E21-6E864AA4533F}
[2011/12/08 23:16:29 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{CF7ABF91-7D26-4673-84D3-7BD29BC3E8C2}
[2011/12/08 23:16:14 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{5CF77BB4-27F8-44CE-9985-37A0580F9210}
[2011/12/08 22:07:50 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{BBFC937A-2E66-44BD-A398-41D65659A367}
[2011/12/08 22:07:35 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{3AE734B8-73B5-4043-9B9F-640D24534684}
[2011/12/08 14:22:53 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{217733F6-9FFB-4565-9ACA-FD25763359BD}
[2011/12/08 14:22:39 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{78128607-A530-480E-AAC8-C6852BB6914F}
[2011/12/07 18:08:24 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{43F6DD77-CCBB-423E-BAA5-FEF55D2252F3}
[2011/12/07 18:08:10 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{632ADA3C-9F9F-419C-B40E-DDFC1C570853}
[2011/12/07 16:57:09 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{9A0F9709-0119-4DA6-97E6-D012BA54AA99}
[2011/12/07 16:56:53 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{AC968916-73D1-49C0-B2C5-C4B1CA37B51B}
[2011/12/07 12:08:20 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{B19E5CF8-DD7D-4AAE-A7A6-C64428688361}
[2011/12/07 12:08:05 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{0AE421BA-C77C-4DC8-9221-CD7CA68A3D04}
[2011/12/07 11:54:11 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{291231F9-6AE9-4C25-BFDE-BC8D2DA5FEAF}
[2011/12/07 11:53:57 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{C0B64FE7-A843-442A-8D6A-B27B651E7584}
[2011/12/07 11:09:59 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{42A94201-467B-4E10-B55A-5137064AA5FF}
[2011/12/07 11:09:48 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{0400C205-475C-4B8F-B826-6BFC32507A99}
[2011/12/07 10:51:14 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{5384E053-C875-406F-B4E2-B50907010A30}
[2011/12/07 10:50:55 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{E7BD2639-EAEF-45D1-B8F0-296DC89092DB}
[2011/12/06 22:55:10 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{A39D7C8B-C80C-475D-8C5F-11C8F9E177A4}
[2011/12/06 22:54:56 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{B1C51B52-8030-4EF4-B574-ACA27BEE5C41}
[2011/12/06 10:30:55 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{9C27A182-3D34-4580-9DE6-69ED4CAC06ED}
[2011/12/06 10:30:37 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{345ED00A-DB19-4C1F-B753-28D06AA1C1DF}
[2011/12/06 10:12:36 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{E373F822-6DD8-4AE6-813F-F2840C52228A}
[2011/12/06 10:12:11 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{11C0DD6B-A173-4334-8A7D-44216DF9F868}
[2011/12/06 10:07:45 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{7A516B4B-A1D1-429E-88CC-CF16603B3D0E}
[2011/12/06 10:07:22 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{1B5AC597-7F04-46E9-B763-6CE9BFF92AAB}
[2011/12/06 09:50:29 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{8013957C-0F89-4CBB-92D9-A922C66A0248}
[2011/12/06 09:50:17 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{2A5AA366-B5E4-4521-8335-1F931D072282}
[2011/12/06 09:15:57 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{17A7AA2C-1B92-4A50-AFD1-1104C6F73392}
[2011/12/06 09:15:46 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{1309A731-5AB4-4162-B5C4-1B16C1315ED5}
[2011/12/06 00:07:19 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{64C61BB0-C0DA-43A1-9B9F-088EF00D9915}
[2011/12/06 00:07:06 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{A79DCD66-CCE7-41C4-8979-EC1922C46B02}
[2011/12/05 23:50:55 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{EEADF6C0-AADA-4CD8-8834-251EF1E680A7}
[2011/12/05 23:50:42 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{D6DDE5E1-11E6-488C-95AE-8FAC64538AC4}
[2011/12/05 18:14:52 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{730DC85F-A1CF-4B03-93F9-D18B8CB9666B}
[2011/12/05 18:14:41 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{1BFB432E-74D2-4D02-9612-50631BB55951}
[2011/12/05 17:57:21 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{34559E18-F04F-4C75-A5AB-5D060A2691BC}
[2011/12/05 17:57:11 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{BFA30C6C-4163-495A-B8FE-F8D0FB9250DC}
[2011/12/05 16:54:08 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{1D67E896-0ED5-4B48-9739-046143DE1992}
[2011/12/05 16:53:55 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{C55AB930-9995-43FE-BA74-114CCF519E81}
[2011/12/05 15:47:03 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{88DD116F-F492-4B1E-8C7C-30CB7538662F}
[2011/12/05 15:46:51 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{05D8BF1B-88BD-4808-B467-9B0C34041A04}
[2011/12/05 15:18:14 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{6029A32B-A1CE-470D-912D-32094859550C}
[2011/12/05 15:18:03 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{BA884EC3-36BF-414D-B46D-E894F12B1194}
[2011/12/05 01:26:48 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{13ECE90F-96F1-4256-BD2B-F20AA6EA2615}
[2011/12/05 01:26:32 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{F632442D-7C2F-45CF-A254-9ABF5C5CF7E5}
[2011/12/05 00:19:53 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{AD5D0785-04C9-422D-8374-2DAD375A1183}
[2011/12/05 00:19:38 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{4FA08D46-112B-4743-A512-56DF30DC5BF8}
[2011/12/04 21:15:03 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{0193DCDC-02AB-4B9F-A877-FC580D26D139}
[2011/12/04 21:14:51 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{87F035E9-9AC2-4FEC-9285-D302E7659BB6}
[2011/12/04 19:24:08 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{CF5EB042-2565-4A89-91ED-A0EB0F6D103C}
[2011/12/04 19:23:54 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{BCD771E6-D579-4CF4-A89D-E466FF73EC78}
[2011/12/04 16:52:42 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{C535D99B-F77A-4586-87D0-57862BF82E51}
[2011/12/04 16:52:28 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{62248A99-E7B6-4F31-A356-B5D5021BAC40}
[2011/12/02 21:50:20 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{91BCB7B8-F1EB-49B4-8489-18B74D61F5CF}
[2011/12/02 21:50:09 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{2FEE6B09-61B6-4BDC-8784-A7C76F9A70C9}
[2011/12/01 19:15:55 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{08D58AF9-42BF-4DAC-871C-128EE97EE5AA}
[2011/12/01 19:15:43 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{F5E23578-CCE6-470A-A189-8320B697B60E}
[2011/12/01 13:39:50 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{5F6F2D66-DB20-4702-8E9D-1D3D0D6C597E}
[2011/12/01 13:39:37 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{1B010E0E-DAA9-4ED0-A564-5E783856A6C5}
[2011/12/01 09:24:55 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{33A941C2-685E-4C0D-9F31-049CEC3EC597}
[2011/12/01 09:24:43 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{26F3E38C-63E0-430E-8B75-5580433C6973}
[2011/11/30 13:15:22 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{F31B93BC-241F-4F75-A1DD-7F98085C9EC7}
[2011/11/30 13:15:12 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{B3ABED28-A90D-43D5-8F46-6A820672553D}
[2011/11/30 12:22:15 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{C4A12574-6CA7-4D2B-A051-4A1331FE1CEB}
[2011/11/30 12:22:04 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{23FBC25C-E77D-46D2-A74C-42B1D378A490}
[2011/11/30 10:18:31 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{BFBEC189-74F9-44E9-B00E-7DB0AF0256F4}
[2011/11/30 10:18:17 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{C0CBE688-4C18-4E9F-9EC1-051C8C24D0C8}
[2011/11/29 20:34:21 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{884A451F-18A6-453B-BE04-290CB9542511}
[2011/11/29 20:34:08 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{A6C4F515-96D5-4DE7-A3BA-0A763755626F}
[2011/11/29 16:31:04 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{0D493F3A-6005-448A-BE49-EBA99106C5F4}
[2011/11/29 16:30:53 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{97F18D61-C555-470B-AE84-6BB8C398989E}
[2011/11/29 16:17:46 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{29F04B1E-8496-425C-9EBE-8D84E089FAF1}
[2011/11/29 16:17:35 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{2667CEE5-0E80-4CAA-B26F-0169603894B2}
[2011/11/29 14:32:11 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{4D7BC681-70C0-411F-A8B2-EE446A299779}
[2011/11/29 14:31:59 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{83A3583C-E945-4BDD-BF3E-D241F4AB9F46}
[2011/11/29 10:23:40 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{E64DFD34-4E16-443B-8CE3-9AC7CFB4B83C}
[2011/11/29 10:23:28 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{8748B5F1-D5B5-4E6F-98BB-56E2378D705B}
[2011/11/29 10:12:23 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{D4FA95E1-4BF6-44E5-B7D9-7647DDC4C1E1}
[2011/11/29 10:12:13 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{0D82E1D6-87B1-4557-9C2E-05919AED84C7}
[2011/11/29 08:49:37 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{C4B15C21-93D2-456A-BAEA-B8045F56A71B}
[2011/11/29 08:49:21 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{A59132D4-9150-4304-A957-C38D1B795253}
[2011/11/29 00:43:04 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{CDAA8332-E852-4E80-B79D-4D505C5219C0}
[2011/11/29 00:42:53 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{7C2C1311-E590-443B-AF1A-9D00EB4453E2}
[2011/11/28 16:26:31 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{BB6160D4-FF4C-4915-853C-17E7AE3F6B3A}
[2011/11/28 16:26:20 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{6C30E465-6630-44B4-930F-EA05FB80D420}
[2011/11/28 08:46:25 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{ACE3D8D5-5D47-4152-AECC-052A5AE99C4F}
[2011/11/28 08:46:10 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{7C211AF9-2B5C-451D-A324-1CDD30BE133D}
[2011/11/27 20:10:41 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{D1B425AC-0120-4913-86B3-698A360874F0}
[2011/11/27 20:10:26 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{1586DBE7-FC4F-4FB9-9629-AA24997D4D64}
[2011/11/27 00:35:34 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{AB2D1940-919E-45B1-9B2E-CB8E401270C3}
[2011/11/27 00:35:19 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{32A3B90A-D68A-46DA-BCCB-732D7B6698EA}
[2011/11/26 21:00:36 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{BAC94C35-0EEB-4D53-A26C-9E0539220604}
[2011/11/26 21:00:22 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{F8515D2D-1B04-4A6B-AA18-F004997E0E82}
[2011/11/25 08:01:12 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{6FC6454B-DF86-4855-87DA-0746D498AD97}
[2011/11/25 08:00:58 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{8FA3B695-3E9E-4001-ACE7-88E68BA05E9B}
[2011/11/24 11:44:27 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{A205CCBD-F221-48EA-BBDE-441D5E29769B}
[2011/11/24 11:44:14 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{7E2CF4C6-F4BB-488A-96D1-F463619121DF}
[2011/11/24 11:33:30 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{1680A03A-A475-4961-8E74-B1E363D28C99}
[2011/11/24 11:33:17 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{EBAD4862-9430-40DE-9E66-C91187BDF460}
[2011/11/23 22:18:58 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{E361426D-3954-41DC-B187-56A31611C1D6}
[2011/11/23 22:18:47 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{E36EF0C2-B2D6-474E-BD8D-0A9AC09CC888}
[2011/11/23 19:58:45 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{4E5033B0-D24E-422B-A80B-AC9D66E044E8}
[2011/11/23 19:58:31 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{F0A3A42D-5910-4415-BAD8-C3A5E789B4A2}
[2011/11/22 17:11:51 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{4DE0A5A2-638F-4918-AAA8-BF5293EDE3EE}
[2011/11/22 17:11:34 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{659E6BB9-1988-4EB0-978E-4D704B82DD94}
[2011/11/22 10:42:21 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{C17495F7-EA00-48FA-B6A3-4D3BD014940E}
[2011/11/22 10:42:07 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{8F1664D1-7BF8-4B19-92BD-E810EC8CA16E}
[2011/11/22 00:38:58 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{61F07B05-6C76-4216-8028-4D910C8BB3CF}
[2011/11/22 00:38:46 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{C4F3DBCB-562C-490C-9098-2421B907E566}
[2011/11/22 00:17:36 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{10D43195-D23B-4F8B-84EE-732BFBACE811}
[2011/11/22 00:17:22 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{C703102B-317B-4F2C-AAC7-4E0FF17BD348}
[2011/11/21 23:53:23 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{1BA28B04-A150-41B6-98A7-9E6D2F5AA36D}
[2011/11/21 23:53:11 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{61270267-2512-4AE1-AEB4-E3912A27AF8A}
[2011/11/21 18:00:35 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{A733A1C0-CD46-40BF-8DDA-C2977EF48577}
[2011/11/21 18:00:17 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{34008902-6161-4C78-A3F0-74AB081FC5C6}
[2011/11/21 15:05:08 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{79E80520-AA8E-467C-99A4-9794FE39F557}
[2011/11/21 15:04:51 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{469FE05B-CF71-4DC6-98D2-4256C1AA8DBD}
[2011/11/20 22:22:21 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{D03A5F24-E7E7-41D5-9B58-AAB4F0E64B40}
[2011/11/20 22:22:05 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{2F26DFD1-E836-4128-B4BB-BFFB30053A84}
[2011/11/20 21:06:41 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{D369BFEA-1C49-47FA-BC13-213D2AC06B27}
[2011/11/20 21:06:30 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{031F9EAD-12D5-49F7-96B0-A71A527175A8}
[2011/11/20 17:24:24 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{22CAECAB-10DF-48BD-AEB7-90629E91CD3A}
[2011/11/20 17:24:12 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{0FB5A3D0-C123-4577-94FD-CB17CB4FE47E}
[2011/11/19 14:30:48 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{0B63D4DF-B7B9-4F62-9A3C-59848411DF71}
[2011/11/19 14:30:36 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{C4C24ECB-8EDE-43BF-9A17-ABB3662FC7E6}
[2011/11/19 10:07:58 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{DAE88209-60F4-4D45-9C68-B4AC6655C7C3}
[2011/11/19 10:07:41 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{33D6A28D-3EB1-4466-82EB-C2DB5A19F15E}
[2011/11/19 00:20:41 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{E1B9FD9F-9DBD-405E-A44F-FA1E8932FD6F}
[2011/11/19 00:20:30 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{3AAE152F-A442-4A0B-BAA4-4B49FD58DA4A}
[2011/11/18 16:37:18 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{8DF097E0-615B-4F74-A999-F072A9CD1ED3}
[2011/11/18 16:37:07 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{8521FCAC-2943-4D9F-B259-1D939CF30A5B}
[2011/11/18 13:15:55 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{DCD77134-DE6A-4F8A-A6EA-DF87E88E46D9}
[2011/11/18 13:15:41 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{0203BE57-D700-408F-8AF1-7D877A49E5CE}
[2011/11/18 10:56:51 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{3D5D86A1-F16E-480E-912D-92378BF2B81A}
[2011/11/18 10:56:37 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{22F7677D-4106-40E7-B1AA-B1FFB5FA7D2B}
[2011/11/18 09:13:07 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{4AE1DF2E-4D95-49C0-BEF8-762179BFD880}
[2011/11/18 09:12:55 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{E5A78A5C-FC4A-4EF9-88B7-FCF8509A3481}
[2011/11/17 23:00:39 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{A7F83F1A-D976-4024-BB73-18F47F42A96C}
[2011/11/17 23:00:26 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{73232BED-B6DD-4CD8-8258-5BACB023C443}
[2011/11/17 20:08:37 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{718E36AA-4FF8-4CC5-8B89-0BA8A452CA34}
[2011/11/17 20:08:15 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{47B063F3-AAF5-4DA2-8404-77C0C7392605}
[2011/11/17 15:38:13 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{84024590-539F-4ABB-92C7-9D42E2AA8B93}
[2011/11/17 15:38:00 | 000,000,000 | ---D | C] -- C:\Users\Kathie\AppData\Local\{A2073432-6C08-453D-9C7D-B36F71B1AA3F}

========== Files - Modified Within 30 Days ==========

[2011/12/16 20:14:15 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Kathie\Desktop\OTL.exe
[2011/12/16 20:13:12 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/16 20:13:12 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/16 20:05:50 | 000,000,290 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2011/12/16 20:04:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/16 20:04:01 | 3145,089,024 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/16 17:34:48 | 140,621,544 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2011/12/16 17:09:47 | 000,347,384 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/12/16 00:02:08 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/12/15 23:44:16 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/12/10 19:39:27 | 000,001,258 | ---- | M] () -- C:\Users\Kathie\Desktop\Spybot - Search & Destroy.lnk
[2011/12/10 19:36:07 | 000,001,138 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/12/09 10:35:13 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForKathie.job
[2011/12/06 00:10:58 | 000,001,854 | ---- | M] () -- C:\Users\Kathie\AppData\Roaming\GhostObjGAFix.xml
[2011/12/05 15:24:30 | 000,000,953 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2011/11/19 14:33:58 | 000,732,510 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/11/19 14:33:58 | 000,632,602 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/11/19 14:33:58 | 000,112,556 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

========== Files Created - No Company Name ==========

[2011/12/15 23:51:52 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/12/15 23:51:52 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/12/15 23:51:52 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/12/15 23:51:52 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/12/15 23:51:52 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/12/10 19:39:27 | 000,001,258 | ---- | C] () -- C:\Users\Kathie\Desktop\Spybot - Search & Destroy.lnk
[2011/12/10 19:36:07 | 000,001,150 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/12/10 19:36:07 | 000,001,138 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/11/20 21:17:56 | 000,000,336 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForKathie.job
[2011/04/19 12:47:48 | 000,000,838 | ---- | C] () -- C:\Users\Kathie\AppData\Roaming\wklnhst.dat
[2011/03/27 21:38:55 | 000,001,854 | ---- | C] () -- C:\Users\Kathie\AppData\Roaming\GhostObjGAFix.xml
[2010/08/25 19:34:30 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2010/08/25 19:34:30 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2010/08/25 19:34:30 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2010/08/25 18:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/08/25 18:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2009/11/17 23:25:36 | 000,000,290 | ---- | C] () -- C:\ProgramData\hpqp.ini
[2009/07/15 19:50:42 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:59:36 | 001,498,564 | ---- | C] () -- C:\Windows\SysWow64\igkrng400.bin
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/06/03 14:14:52 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin

========== LOP Check ==========

[2010/11/23 17:06:31 | 000,000,000 | ---D | M] -- C:\Users\Kathie\AppData\Roaming\AVG
[2010/11/22 22:31:53 | 000,000,000 | ---D | M] -- C:\Users\Kathie\AppData\Roaming\AVG10
[2011/04/19 12:47:50 | 000,000,000 | ---D | M] -- C:\Users\Kathie\AppData\Roaming\Template
[2010/01/22 10:02:32 | 000,000,000 | ---D | M] -- C:\Users\Kathie\AppData\Roaming\WildTangent
[2011/04/11 22:10:04 | 000,000,000 | ---D | M] -- C:\Users\Kathie\AppData\Roaming\Windows Live Writer
[2011/12/05 15:46:02 | 000,032,630 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:0B4227B4

< End of report >