TechSpot

Starburn problem

Inactive
By KathiM
Nov 28, 2012
  1. KathiM

    KathiM TS Member Topic Starter Posts: 30

    Here is the attachment just in case :)
     

    Attached Files:

  2. KathiM

    KathiM TS Member Topic Starter Posts: 30

    The 3 other logs as requested on the sticky post
     

    Attached Files:

  3. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hi there.

    ComboFix should not be run without the guidance of a helper. It is a powerful tool and is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private or regular use. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

    See this link to get more info on why it is dangerous.


    ComboFix Script

    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Open notepad and copy/paste the text in the codebox below into it:
    • Save this as CFScript.txt, in the same location as ComboFix.exe
      [​IMG]
    • Referring to the picture above, drag CFScript into ComboFix.exe
    • When finished, it shall produce a log for you at C:\ComboFix.txt
    • Please post the contents of the log in your next reply.


    OTL Quick Scan

    Please download OTL by OldTimer to your Desktop.
    • Close all windows and double click OTL.exe.
    • Click Quick Scan button and let the program run uninterrupted.
    • It will produce a log for you called OTL.txt, please post it in your next reply.
    • You may need to use two posts to get it all.
     
  4. KathiM

    KathiM TS Member Topic Starter Posts: 30

    Here you go! Thank you for helping me!
     

    Attached Files:

  5. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Please don't attach logs anymore. :)

    Adware Cleaning

    Please download AdwCleaner by Xplode onto your Desktop.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Delete.
    • A logfile will automatically open after the scan has finished.
    • Please post the content of that logfile in your reply.
    • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.


    Post new OTL log, please. :)
     
  6. KathiM

    KathiM TS Member Topic Starter Posts: 30

    # AdwCleaner v2.010 - Logfile created 11/30/2012 at 17:14:15
    # Updated 29/11/2012 by Xplode
    # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
    # User : Kathi - KATHI-HP
    # Boot Mode : Normal
    # Running from : C:\Users\Kathi\Downloads\adwcleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****

    File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
    Folder Deleted : C:\Program Files (x86)\Ask.com
    Folder Deleted : C:\Program Files (x86)\Babylon
    Folder Deleted : C:\Program Files (x86)\Conduit
    Folder Deleted : C:\Program Files (x86)\Free Offers from Freeze.com
    Folder Deleted : C:\Program Files (x86)\IMinent toolbar
    Folder Deleted : C:\Program Files (x86)\vShare
    Folder Deleted : C:\Program Files (x86)\Zynga
    Folder Deleted : C:\ProgramData\Babylon
    Folder Deleted : C:\Users\Kathi\AppData\Local\Conduit
    Folder Deleted : C:\Users\Kathi\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
    Folder Deleted : C:\Users\Kathi\AppData\Local\Ilivid Player
    Folder Deleted : C:\Users\Kathi\AppData\Local\Zynga
    Folder Deleted : C:\Users\Kathi\AppData\LocalLow\AskToolbar
    Folder Deleted : C:\Users\Kathi\AppData\LocalLow\BabylonToolbar
    Folder Deleted : C:\Users\Kathi\AppData\LocalLow\Conduit
    Folder Deleted : C:\Users\Kathi\AppData\LocalLow\IncrediMail_MediaBar_2
    Folder Deleted : C:\Users\Kathi\AppData\LocalLow\searchquband
    Folder Deleted : C:\Users\Kathi\AppData\LocalLow\vShare
    Folder Deleted : C:\Users\Kathi\AppData\LocalLow\Zynga
    Folder Deleted : C:\Users\Kathi\AppData\Roaming\Babylon
    Folder Deleted : C:\Users\Kathi\AppData\Roaming\iWin
    Folder Deleted : C:\Users\Kathi\AppData\Roaming\Mozilla\Firefox\Profiles\lad0jdno.default\FCTB
    Folder Deleted : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

    ***** [Registry] *****

    Key Deleted : HKCU\Software\APN
    Key Deleted : HKCU\Software\AppDataLow\AskToolbarInfo
    Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
    Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
    Key Deleted : HKCU\Software\AppDataLow\Software\IncrediMail_MediaBar_2
    Key Deleted : HKCU\Software\AppDataLow\Software\searchqutoolbar
    Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
    Key Deleted : HKCU\Software\AppDataLow\Software\Toolbar
    Key Deleted : HKCU\Software\AppDataLow\Software\Zynga
    Key Deleted : HKCU\Software\AppDataLow\Toolbar
    Key Deleted : HKCU\Software\Ask.com
    Key Deleted : HKCU\Software\AskToolbar
    Key Deleted : HKCU\Software\Conduit
    Key Deleted : HKCU\Software\IM
    Key Deleted : HKCU\Software\ImInstaller
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{58124A0B-DC32-4180-9BFF-E0E21AE34026}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7B13EC3E-999A-4B70-B9CB-2617B8323822}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{58124A0B-DC32-4180-9BFF-E0E21AE34026}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{636E19A4-E9F1-4F72-8D81-85E5A2D3DB18}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7B13EC3E-999A-4B70-B9CB-2617B8323822}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
    Key Deleted : HKCU\Software\Softonic
    Key Deleted : HKCU\Software\Surf Canyon
    Key Deleted : HKCU\Software\vShare
    Key Deleted : HKCU\Software\Zynga
    Key Deleted : HKCU\Toolbar
    Key Deleted : HKLM\Software\APN
    Key Deleted : HKLM\Software\AskToolbar
    Key Deleted : HKLM\Software\Babylon
    Key Deleted : HKLM\Software\BabylonToolbar
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
    Key Deleted : HKLM\SOFTWARE\Classes\FCTB000062781.FCTB000062781Pos
    Key Deleted : HKLM\SOFTWARE\Classes\FCTB000062781.FCTB000062781Pos.1
    Key Deleted : HKLM\SOFTWARE\Classes\FCTB000062781.IEToolbar
    Key Deleted : HKLM\SOFTWARE\Classes\FCTB000062781.IEToolbar.1
    Key Deleted : HKLM\SOFTWARE\Classes\FCTB000062781.JSOptionsImpl
    Key Deleted : HKLM\SOFTWARE\Classes\FCTB000062781.JSOptionsImpl.1
    Key Deleted : HKLM\SOFTWARE\Classes\FreeCauseURLSearchHook.FCToolbarURLSearchHook
    Key Deleted : HKLM\SOFTWARE\Classes\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1
    Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
    Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
    Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\482AA67AD25E6E74E9F48BD5FBE8533C
    Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
    Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\482AA67AD25E6E74E9F48BD5FBE8533C
    Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
    Key Deleted : HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
    Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
    Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\vsharechrome
    Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
    Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
    Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
    Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
    Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
    Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
    Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
    Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
    Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask
    Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
    Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
    Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2438727
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2724386
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2856425
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}
    Key Deleted : HKLM\SOFTWARE\Classes\vShare.ScriptHelpers
    Key Deleted : HKLM\SOFTWARE\Classes\vShare.ScriptHelpers.1
    Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
    Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
    Key Deleted : HKLM\Software\Conduit
    Key Deleted : HKLM\SOFTWARE\FCTB000062781
    Key Deleted : HKLM\Software\Freeze.com
    Key Deleted : HKLM\Software\Iminent
    Key Deleted : HKLM\Software\ImInstaller
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{636E19A4-E9F1-4F72-8D81-85E5A2D3DB18}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{043C5167-00BB-4324-AF7E-62013FAEDACF}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{58124A0B-DC32-4180-9BFF-E0E21AE34026}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{636E19A4-E9F1-4F72-8D81-85E5A2D3DB18}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7B13EC3E-999A-4B70-B9CB-2617B8323822}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{20ED5AF7-D9C4-409E-9EB3-D2A44A77FB6D}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{95B92D92-8B7D-4A19-A3F1-43113B4DBCAF}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jplinpmadfkdgipabgcdchbdikologlh
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AE25A0F5-1266-4DE3-8393-08D3ACA70A8F}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CE8CEB53-F8A4-429E-B9A0-7F43AB9B5056}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A76AA284-E52D-47E6-9E4F-B85DBF8E35C3}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\vShare
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Zynga Toolbar
    Key Deleted : HKLM\Software\Zynga
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{20ED5AF7-D9C4-409E-9EB3-D2A44A77FB6D}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B92D92-8B7D-4A19-A3F1-43113B4DBCAF}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4BD8E034-E0F4-4509-A753-467A8E854CD8}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A76AA284-E52D-47E6-9E4F-B85DBF8E35C3}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{7B13EC3E-999A-4B70-B9CB-2617B8323822}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16421

    Replaced : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.startsearcher.com --> hxxp://www.google.com
    Replaced : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page Redirect Cache] = hxxp://www.startsearcher.com --> hxxp://www.google.com

    -\\ Mozilla Firefox v16.0.2 (en-US)

    Profile name : default
    File : C:\Users\Kathi\AppData\Roaming\Mozilla\Firefox\Profiles\lad0jdno.default\prefs.js

    Deleted : user_pref("extensions.5073a57ee4bb6.scode", "(function(){try{if('aol.com,mail.google.com,mystart.inc[...]
    Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "");
    Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.2808538.KeywordHistory", "donotcall.gov%7C");
    Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.AutoSearchEventData", "auto%20search");
    Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.ClearCacheDate", 30);
    Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.DisplayEULA", false);
    Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.DnsCatchEventData", "dns%20catch");
    Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.FirstLaunchShown", true);
    Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.LoadLayoutDate.62781", 30);
    Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.NewTabSearchEventData", "tab%20search");
    Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.ShowRecommendedOptions", true);
    Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.StateReportDate", "1354236178216");
    Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.TopRightSearchEventData", "top%20right%20search[...]
    Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.beforeInstallSaved", true);
    Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.beforeinstall.homepage", "hxxp%3A//www.google.c[...]
    Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.beforeinstall.search", "Google");
    Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.customNewTab", true);
    Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.helpUsImprove", true);
    Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.hideOthers", false);
    Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.processAddrBar", true);
    Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.restoreSearch", false);
    Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.revision", "37");
    Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.searchHistory", true);
    Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.session", "E9196E46ECEEF50CD24334C68BF1B6CC6F49[...]
    Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.showFirstLaunchOptions", false);
    Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.tb_lang", "en");
    Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.tool_id", "62781");
    Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.user_id", "80050209");
    Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.user_key", "2d36f974c7e1cbd1082a75709986cc94e3c[...]
    Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.user_layouts", "62781");
    Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.user_lnames", "Gamers%20Unite%21%20Snag%20Bar")[...]
    Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.xml_service_url", "64e3a27980eeceb34248bc3e680b[...]
    Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.yahooSearch", true);

    -\\ Google Chrome v [Unable to get version]

    File : C:\Users\Kathi\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[S1].txt - [31237 octets] - [30/11/2012 17:14:15]

    ########## EOF - C:\AdwCleaner[S1].txt - [31298 octets] ##########
     
  7. KathiM

    KathiM TS Member Topic Starter Posts: 30

    OTL:

    OTL logfile created on: 11/30/2012 5:21:13 PM - Run 2
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kathi\Downloads
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    5.00 Gb Total Physical Memory | 3.45 Gb Available Physical Memory | 69.07% Memory free
    10.00 Gb Paging File | 8.25 Gb Available in Paging File | 82.55% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 584.01 Gb Total Space | 273.16 Gb Free Space | 46.77% Space Free | Partition Type: NTFS
    Drive D: | 12.07 Gb Total Space | 1.48 Gb Free Space | 12.23% Space Free | Partition Type: NTFS
    Drive G: | 1.84 Gb Total Space | 1.82 Gb Free Space | 98.74% Space Free | Partition Type: FAT

    Computer Name: KATHI-HP | User Name: Kathi | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/11/29 00:17:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kathi\Downloads\OTL.exe
    PRC - [2012/11/20 23:25:21 | 001,807,800 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe
    PRC - [2012/10/26 23:44:55 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    PRC - [2012/10/09 09:53:36 | 004,441,920 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Kathi\AppData\Local\Akamai\netsession_win.exe
    PRC - [2012/09/27 17:41:02 | 001,434,112 | ---- | M] () -- C:\Program Files (x86)\A Youtube Downloader Free\A Youtube Downloader Free_Helper.exe
    PRC - [2012/09/19 14:56:20 | 000,200,336 | ---- | M] (http://www.goforfiles.com/) -- C:\Program Files (x86)\GoforFiles\GFFUpdater.exe
    PRC - [2012/07/27 12:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2012/03/07 14:40:34 | 000,913,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
    PRC - [2011/02/18 10:47:12 | 000,079,192 | ---- | M] (Research In Motion Limited) -- C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
    PRC - [2010/11/15 17:05:30 | 000,112,600 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
    PRC - [2010/10/01 12:27:22 | 000,632,792 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
    PRC - [2010/07/07 12:38:06 | 000,648,536 | ---- | M] (Research In Motion Limited) -- C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
    PRC - [2010/06/12 17:06:08 | 000,400,368 | ---- | M] (CinemaNow, Inc.) -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
    PRC - [2010/01/18 09:21:08 | 000,568,888 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
    PRC - [2009/11/19 18:15:46 | 000,583,016 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe
    PRC - [2009/10/14 14:53:20 | 000,635,416 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe
    PRC - [2008/11/20 09:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
    PRC - [2007/01/23 18:46:58 | 092,573,696 | ---- | M] (Individual Software Inc.) -- C:\Program Files (x86)\AnyTime Deluxe\Atw.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/11/20 23:25:20 | 014,586,808 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll
    MOD - [2012/11/19 17:34:39 | 000,037,280 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll
    MOD - [2012/11/16 07:26:43 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\66694f9192bd0dddc2eaf90fbcbcd555\System.Management.ni.dll
    MOD - [2012/11/16 07:02:54 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7c4de95aa433eb8d81a81caf805947a8\PresentationFramework.Aero.ni.dll
    MOD - [2012/11/16 07:02:35 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll
    MOD - [2012/11/16 07:02:33 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\3d4e9d4f6c945d6d3b7d423fdb6bd274\System.Data.ni.dll
    MOD - [2012/11/16 07:02:21 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1ec80905a71750be50dfc7981ad5ae28\PresentationFramework.ni.dll
    MOD - [2012/11/16 07:02:03 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll
    MOD - [2012/11/16 07:01:55 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll
    MOD - [2012/11/16 07:01:51 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\53d6d827964619285771ed72332d3659\PresentationCore.ni.dll
    MOD - [2012/11/16 07:01:37 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll
    MOD - [2012/11/16 07:01:26 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll
    MOD - [2012/11/16 07:01:22 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll
    MOD - [2012/11/16 07:01:19 | 007,988,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll
    MOD - [2012/11/16 07:01:12 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll
    MOD - [2012/10/26 23:44:54 | 002,295,264 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
    MOD - [2012/09/27 17:41:02 | 001,434,112 | ---- | M] () -- C:\Program Files (x86)\A Youtube Downloader Free\A Youtube Downloader Free_Helper.exe
    MOD - [2010/11/04 17:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
    MOD - [2010/09/28 14:00:32 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
    MOD - [2010/09/28 14:00:30 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
    MOD - [2010/09/28 14:00:14 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
    MOD - [2010/01/18 09:21:08 | 000,568,888 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
    MOD - [1997/04/29 11:26:16 | 000,120,832 | ---- | M] () -- C:\Program Files (x86)\AnyTime Deluxe\Utdial32.dll


    ========== Services (SafeList) ==========

    SRV:64bit: - [2012/03/07 14:40:34 | 000,913,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn)
    SRV:64bit: - [2011/03/08 20:53:04 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV:64bit: - [2011/01/26 17:01:28 | 000,354,304 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
    SRV:64bit: - [2010/06/17 04:23:36 | 000,194,496 | ---- | M] (Advanced Micro Devices) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe -- (AMD Reservation Manager)
    SRV:64bit: - [2009/07/13 17:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2012/11/20 23:25:22 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/11/09 17:59:44 | 004,539,712 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll -- (Akamai)
    SRV - [2012/10/26 23:44:54 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/09/27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
    SRV - [2012/07/27 12:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2011/03/28 11:51:25 | 004,323,256 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
    SRV - [2010/10/12 09:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
    SRV - [2010/10/01 12:27:22 | 000,632,792 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
    SRV - [2010/06/12 17:06:08 | 000,400,368 | ---- | M] (CinemaNow, Inc.) [Auto | Running] -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -- (CinemaNow Service)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/10/14 14:53:20 | 000,635,416 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
    SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
    DRV:64bit: - [2012/03/14 07:40:04 | 000,187,632 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfw.sys -- (epfw)
    DRV:64bit: - [2012/03/14 07:40:04 | 000,062,496 | ---- | M] (ESET) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\epfwwfp.sys -- (epfwwfp)
    DRV:64bit: - [2012/03/14 07:40:04 | 000,038,288 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\EpfwLWF.sys -- (EpfwLWF)
    DRV:64bit: - [2012/03/14 07:40:02 | 000,209,768 | ---- | M] (ESET) [File_System | System | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
    DRV:64bit: - [2012/03/14 07:40:02 | 000,148,528 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
    DRV:64bit: - [2012/02/29 22:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2011/03/09 01:22:42 | 009,258,496 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
    DRV:64bit: - [2011/03/08 20:17:42 | 000,300,544 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
    DRV:64bit: - [2011/02/16 17:23:46 | 000,074,240 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
    DRV:64bit: - [2010/11/20 05:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 03:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/17 04:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
    DRV:64bit: - [2010/11/16 12:18:27 | 000,046,112 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tbhsd.sys -- (tbhsd)
    DRV:64bit: - [2010/03/10 07:33:52 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie)
    DRV:64bit: - [2010/03/04 06:43:00 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2010/02/18 08:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
    DRV:64bit: - [2010/02/05 20:04:06 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/02/05 20:04:04 | 000,070,712 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2009/12/22 01:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
    DRV:64bit: - [2009/09/17 05:26:18 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SSPORT.sys -- (SSPORT)
    DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/13 16:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
    DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/01/09 16:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
    DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
    DRV - [2005/01/02 13:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
    IE:64bit: - HKLM\..\SearchScopes\{150F51E5-89FD-4029-83A9-0706137DF8BE}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
    IE:64bit: - HKLM\..\SearchScopes\{1A4CF5B9-A2FD-464C-A311-FF2B6A3A9607}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
    IE:64bit: - HKLM\..\SearchScopes\{4637FF3D-F284-4B7E-B76A-546A8EDCD4C6}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
    IE:64bit: - HKLM\..\SearchScopes\{DFFBC655-3F10-4FE2-8430-13CFE1FD498F}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.google.com
    IE - HKLM\..\SearchScopes,DefaultScope =

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://apype.com
    IE - HKCU\..\URLSearchHook: - No CLSID value found
    IE - HKCU\..\URLSearchHook: {b843a48a-b70f-45cd-a15a-6c2b30c2c11e} - C:\Program Files (x86)\Gamers Unite! Snag Bar\Helper.dll ()
    IE - HKCU\..\SearchScopes,DefaultScope = {420efb88-346f-4cb5-bbb1-cfd5efad5439}
    IE - HKCU\..\SearchScopes\{420efb88-346f-4cb5-bbb1-cfd5efad5439}: "URL" = http://apype.com/results.php?q={searchTerms}
    IE - HKCU\..\SearchScopes\{62E7C7FA-5F68-4414-931F-93E8858EF758}: "URL" = http://www.google.com/search?q={sea...rce}&ie={inputEncoding?}&oe={outputEncoding?}
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Custom search"
    FF - prefs.js..browser.search.searchEnginesURL: "http://websearch.4shared.com/results?q="
    FF - prefs.js..browser.search.selectedEngine: "Search the Web"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://apype.com"
    FF - prefs.js..extensions.enabledAddons: {afe43e80-0abc-4df2-81a0-3fe44b74abe8}:1.300.433
    FF - prefs.js..keyword.URL: "http://ws.infospace.com/gamers_tbar/ws/redir?_iceUrl=true&user_id=80050209&tool_id=62781&qkw="
    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_34: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
    FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
    FF - HKLM\Software\MozillaPlugins\@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5: C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\18\NP_wtapp.dll ()
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll ()
    FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Kathi\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
    FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

    64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET SMART SECURITY\MOZILLA THUNDERBIRD [2012/07/20 21:00:08 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\quickprint@hp.com: C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2011/01/26 14:27:28 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/26 23:44:55 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2012/07/20 21:00:08 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\14xRm@skywebsearch.com: C:\PROGRA~2\AYOUTU~1\A Youtube Downloader Free.xpi [2012/09/27 17:40:26 | 000,046,060 | ---- | M] ()
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/26 23:44:55 | 000,000,000 | ---D | M]

    [2011/12/10 22:24:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kathi\AppData\Roaming\Mozilla\Extensions
    [2012/11/26 23:00:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kathi\AppData\Roaming\Mozilla\Firefox\Profiles\lad0jdno.default\extensions
    [2012/11/26 23:00:30 | 000,554,789 | ---- | M] () (No name found) -- C:\Users\Kathi\AppData\Roaming\Mozilla\Firefox\Profiles\lad0jdno.default\extensions\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}.xpi
    [2012/11/30 17:19:32 | 000,001,742 | ---- | M] () -- C:\Users\Kathi\AppData\Roaming\Mozilla\Firefox\Profiles\lad0jdno.default\searchplugins\search-the-web.xml
    [2012/11/26 21:01:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2012/10/26 23:44:55 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2012/11/27 22:26:13 | 000,002,261 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Custom search.xml

    ========== Chrome ==========

    CHR - homepage: http://www.google.com

    O1 HOSTS File: ([2012/11/27 23:45:09 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (4sharedExt) - {95525BD9-6136-4A26-8263-9CEE295D442D} - C:\Program Files (x86)\4shared Toolbar\4sharedExt64.dll (New IT Solutions Ltd)
    O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (A Youtube Downloader Free) - {c0415407-4ed2-48e1-900e-ee869abdd1f3} - C:\PROGRA~2\AYOUTU~1\A Youtube Downloader Free.dll File not found
    O3:64bit: - HKLM\..\Toolbar: (no name) - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found.
    O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3:64bit: - HKLM\..\Toolbar: (4shared Toolbar) - {95080B13-AA71-4EE8-B951-7E98221E1ED5} - C:\Program Files (x86)\4shared Toolbar\4sharedbar64.dll (New IT Solutions Ltd)
    O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O3 - HKLM\..\Toolbar: (A Youtube Downloader Free) - {c0415407-4ed2-48e1-900e-ee869abdd1f3} - C:\PROGRA~2\AYOUTU~1\A Youtube Downloader Free.dll File not found
    O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
    O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
    O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [A Youtube Downloader Free_Helper] C:\Program Files (x86)\A Youtube Downloader Free\A Youtube Downloader Free_Helper.exe ()
    O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
    O4 - HKLM..\Run: [atr.exe] File not found
    O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
    O4 - HKLM..\Run: [ContentTransferWMDetector.exe] C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe (Sony Corporation)
    O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
    O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
    O4 - HKLM..\Run: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKCU..\Run: [4Sync] C:\Program Files (x86)\4Sync\4Sync.exe (New IT Solutions Ltd.)
    O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Kathi\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
    O4 - HKCU..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe (Hewlett-Packard)
    O4 - HKCU..\Run: [PlayNC Launcher] File not found
    O4 - HKCU..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" File not found
    O4 - Startup: C:\Users\Kathi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AnyTime.lnk = C:\Program Files (x86)\AnyTime Deluxe\Atw.exe (Individual Software Inc.)
    O4 - Startup: C:\Users\Kathi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8:64bit: - Extra context menu item: &4shared Search - C:\Program Files (x86)\4shared Toolbar\4sharedbar64.dll (New IT Solutions Ltd)
    O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Kathi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
    O8 - Extra context menu item: &4shared Search - C:\Program Files (x86)\4shared Toolbar\4sharedbar64.dll (New IT Solutions Ltd)
    O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Kathi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
    O13 - gopher Prefix: missing
    O15 - HKCU\..Trusted Domains: caldirectsecuredocs.com ([www] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: caldirectsecuredocs.com ([www] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: com ([pennwest-edocs] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: com ([pennwest-edocs] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: ditechsecuredocs.com ([www] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: ditechsecuredocs.com ([www] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: ditechsecuredocs.net ([www] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: ditechsecuredocs.net ([www] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: docmagic.com ([www] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: docmagic.com ([www] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: elynx.net ([ctest] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: elynx.net ([ctest] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: elynx.net ([forms] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: elynx.net ([forms] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: elynx.net ([gmacforms] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: elynx.net ([gmacforms] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: elynx.net ([pro] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: elynx.net ([pro] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: elynx.net ([secure] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: elynx.net ([secure] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: elynx.net ([usign] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: elynx.net ([usign] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: elynx.net ([webpost] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: elynx.net ([webpost] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: gmacmsecuredocs.com ([www] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: gmacmsecuredocs.com ([www] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: gmacmsecuredocs.net ([www] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: gmacmsecuredocs.net ([www] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: gmamcsecuredocs.com ([www] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: gmamcsecuredocs.com ([www] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: rhapsody.com ([rhap-app-4-0] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: rhapsody.com ([rhapreg] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: ss3.swiftsend.com ([loandocs] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: ss3.swiftsend.com ([loandocs] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: swiftsend.com ([docs] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: swiftsend.com ([docs] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: swiftsend.com ([loandocs] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: swiftsend.com ([loandocs] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: swiftsend2.com ([docs] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: swiftsend2.com ([docs] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: swiftsend2.com ([loandocs] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: swiftsend2.com ([loandocs] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: swiftview.com ([www] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: swiftview.com ([www] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: wamuloandocs.com ([www] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: wamuloandocs.com ([www] https in Trusted sites)
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Plugin Control)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab (Java Plug-in 1.6.0_34)
    O16 - DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} http://panda-plugin.disney.go.com/plugin/win32/p3dactivex.cab (P3DActiveX Control)
    O16 - DPF: {CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab (Java Plug-in 1.6.0_34)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab (Java Plug-in 1.6.0_34)
    O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx (CRLDownloadWrapper Class)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{57F4C65D-DE84-4C7F-A9A4-EFD6EA28E475}: DhcpNameServer = 192.168.1.1
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\ms-help - No CLSID value found
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2012/11/27 22:28:48 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/11/30 14:32:57 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{4608C5FA-37EF-4EE0-94CE-1F9378567A3D}
    [2012/11/29 15:11:34 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/11/29 15:10:30 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{C9D3E595-166B-4108-8FBB-E38912055C17}
    [2012/11/29 00:39:55 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/11/28 20:13:47 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{E8E58D15-3237-4464-8EF2-372578F51F11}
    [2012/11/28 08:13:34 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{AB4B3DAA-4657-457A-915B-EF2D01D484EF}
    [2012/11/28 00:24:33 | 000,000,000 | ---D | C] -- C:\Users\Kathi\Desktop\Virus removal
    [2012/11/28 00:05:18 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Roaming\Malwarebytes
    [2012/11/28 00:05:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/11/28 00:05:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/11/28 00:05:12 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/11/28 00:05:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2012/11/27 23:59:55 | 000,000,000 | ---D | C] -- C:\Config.Msi
    [2012/11/27 23:19:15 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/11/27 23:19:15 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/11/27 23:19:15 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/11/27 23:18:45 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/11/27 23:18:14 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/11/27 22:28:13 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
    [2012/11/27 18:37:28 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{57E04207-89F6-446D-8DCB-B86398E7A2CA}
    [2012/11/27 03:28:51 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{8293A4E9-4F86-458A-9056-38D94E7A1B2D}
    [2012/11/26 21:01:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\A Youtube Downloader Free
    [2012/11/26 15:28:25 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{F9A09894-87D9-4E4A-8A26-76C7F64C4A0A}
    [2012/11/25 13:11:14 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{FE403889-A439-46EF-8F08-68DF75D25B1D}
    [2012/11/25 01:10:50 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{A8A9512F-FF18-4BBC-A7AA-7B206248EFE4}
    [2012/11/24 13:10:37 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{0EE3B6A2-DA5B-4E17-B2E4-2BD6A8A48774}
    [2012/11/23 11:46:27 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{269F6611-3BD7-4DEB-93EC-AB388F35B96E}
    [2012/11/22 23:46:01 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{CD6029AC-1401-46E8-8619-25569DF6764A}
    [2012/11/20 13:14:29 | 000,000,000 | ---D | C] -- C:\LGMobileUpgrade
    [2012/11/20 13:13:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LG Electronics
    [2012/11/20 11:35:09 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{7FA3AFF0-1ED7-4C62-93F5-35427272AF4C}
    [2012/11/19 23:34:58 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{58BA76CF-231E-4630-8C02-C9B31FF1370C}
    [2012/11/19 17:34:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
    [2012/11/19 17:32:55 | 000,000,000 | ---D | C] -- C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}
    [2012/11/19 11:34:46 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{2E351E04-2111-4EF3-86CD-CBEE0261BAEE}
    [2012/11/18 23:34:34 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{D5AD68FF-7C77-4356-AF80-3F7D56E66B3D}
    [2012/11/18 11:34:21 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{58A551D9-F5D8-4FE3-8261-D691F564D20E}
    [2012/11/17 15:16:26 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{0C525CDA-33F9-42CE-871D-5609DD015E6D}
    [2012/11/16 12:24:56 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{CE75A2E1-E7E8-4ABB-BBFA-A27F2F78E1C6}
    [2012/11/15 22:21:20 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{64AB8BEB-18FE-4617-AF21-FA7101805945}
    [2012/11/15 10:21:07 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{C9846F85-A50F-4983-92B9-702A05BF0BF9}
    [2012/11/14 19:28:41 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{18FD4BD7-2B9F-4398-83E9-31E721170F57}
    [2012/11/14 07:16:34 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{51510BAA-1BE0-4B7C-8886-927FCEC36133}
    [2012/11/13 19:16:08 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{54C4F440-4943-4448-9ACF-5DEFC4092209}
    [2012/11/13 07:15:41 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{20B5B08A-66CD-430E-A6CD-B10DA63C609F}
    [2012/11/12 11:30:06 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{C2C39778-7C87-47F4-9669-4DFF8CA42079}
    [2012/11/11 11:37:20 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{58BCDDDC-A092-45F8-87D3-911B920AE96F}
    [2012/11/10 18:40:23 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{25251B61-D02C-4B18-A26F-8E2B85185C71}
    [2012/11/04 13:33:09 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{C30BD269-BA26-474B-98ED-15511090F90E}
    [2012/11/03 10:34:38 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{85315673-2AC0-466B-A8A3-9EE173B70C56}
    [2012/11/02 16:08:39 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{8C96C48F-532E-4B30-BC63-004CA12EDE15}
    [2012/11/01 20:34:41 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{D9626CBA-8037-47E9-9461-1C62A5567B66}
    [2011/02/25 18:07:35 | 021,882,800 | ---- | C] (Trion Worlds, Inc.) -- C:\Users\Kathi\Rift_LIVE_Patcher_setup.exe
    [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/11/30 17:26:36 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/11/30 17:26:36 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/11/30 17:17:54 | 000,001,916 | ---- | M] () -- C:\Users\Kathi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet 6700.lnk
    [2012/11/30 17:17:33 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/11/30 17:15:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/11/30 17:15:24 | 4025,966,592 | -HS- | M] () -- C:\hiberfil.sys
    [2012/11/30 16:40:00 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Communicator.job
    [2012/11/30 16:35:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/11/30 16:32:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/11/29 22:13:08 | 002,213,678 | ---- | M] () -- C:\Users\Kathi\Documents\Scan0144.pdf
    [2012/11/29 20:59:10 | 003,800,587 | ---- | M] () -- C:\Users\Kathi\Documents\Scan0143.pdf
    [2012/11/29 20:55:38 | 004,816,175 | ---- | M] () -- C:\Users\Kathi\Documents\Scan0142.pdf
    [2012/11/29 20:00:13 | 000,000,266 | ---- | M] () -- C:\Windows\tasks\RMSchedule.job
    [2012/11/28 00:05:14 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/11/27 23:45:09 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/11/27 23:44:01 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForKathi.job
    [2012/11/27 22:28:48 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
    [2012/11/27 22:26:13 | 000,000,034 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefoxoverride.ini
    [2012/11/26 18:53:51 | 000,484,747 | ---- | M] () -- C:\Users\Kathi\Desktop\program_guide.pdf
    [2012/11/26 18:53:41 | 001,104,397 | ---- | M] () -- C:\Users\Kathi\Desktop\guide_newmerchant.pdf
    [2012/11/26 17:18:07 | 000,226,083 | ---- | M] () -- C:\Users\Kathi\Desktop\Auto Insurance.pdf
    [2012/11/23 13:16:24 | 000,251,271 | ---- | M] () -- C:\Users\Kathi\Desktop\Matthew Xmas.pdf
    [2012/11/23 13:15:59 | 000,246,731 | ---- | M] () -- C:\Users\Kathi\Documents\Scan0141.pdf
    [2012/11/23 13:14:04 | 000,458,368 | ---- | M] () -- C:\Users\Kathi\Desktop\Alexis Xmas List.pdf
    [2012/11/23 13:12:48 | 000,453,825 | ---- | M] () -- C:\Users\Kathi\Documents\Scan0140.pdf
    [2012/11/23 13:11:07 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/11/23 13:11:07 | 000,624,162 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/11/23 13:11:07 | 000,106,538 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/11/19 17:34:57 | 000,002,147 | ---- | M] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
    [2012/11/16 06:53:47 | 000,382,112 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2012/11/14 17:51:06 | 000,014,472 | ---- | M] () -- C:\Users\Kathi\Desktop\220px-Savanna_towards_the_south-east_from_the_south-west_of_Taita_Hills_Game_Lodge_within_the_Taita_Hills_Wildlife_Sanctuary_in_Kenya.jpg
    [2012/11/08 17:12:51 | 000,254,100 | ---- | M] () -- C:\Users\Kathi\Desktop\alexis 2.pdf
    [2012/11/08 17:12:35 | 000,249,560 | ---- | M] () -- C:\Users\Kathi\Documents\Scan0139.pdf
    [2012/11/08 17:11:42 | 000,335,399 | ---- | M] () -- C:\Users\Kathi\Desktop\alexis 1.pdf
    [2012/11/08 17:11:08 | 000,330,856 | ---- | M] () -- C:\Users\Kathi\Documents\Scan0138.pdf
    [2012/11/02 04:58:35 | 000,227,943 | ---- | M] () -- C:\Users\Kathi\Documents\Scan0137.pdf
    [2012/11/02 03:37:48 | 006,219,610 | ---- | M] () -- C:\Users\Kathi\Documents\Scan0136.pdf
    [2012/11/02 03:32:30 | 007,601,529 | ---- | M] () -- C:\Users\Kathi\Documents\Scan0135.pdf
    [2012/11/02 03:26:12 | 006,599,533 | ---- | M] () -- C:\Users\Kathi\Documents\Scan0134.pdf
    [2012/11/02 00:52:15 | 001,190,201 | ---- | M] () -- C:\Users\Kathi\Documents\Scan0133.pdf
    [2012/11/02 00:47:30 | 002,683,478 | ---- | M] () -- C:\Users\Kathi\Documents\Scan0132.pdf
    [2012/11/02 00:41:21 | 003,425,430 | ---- | M] () -- C:\Users\Kathi\Documents\Scan0131.pdf
    [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
     
  8. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    OTL Fix

    Please run OTL
    • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

    • Then click the Run Fix button at the top.
    • Note: The fix for OTL automatically hides your Desktop and Start menu so the fix can be completed. Do not be alerted, as this is normal.
    • Please do not exit the program. It might take a while to fix, but allow it to run. If it asks to reboot the computer, allow it to reboot. If the program freezes, and the computer fails to reboot - let me know.
      Lastly, post the contents of the log. (Located at C:\_OTL\Moved Files)


    Once that's done, please post a new OTL Quick Scan.
     
  9. KathiM

    KathiM TS Member Topic Starter Posts: 30

    All processes killed
    ========== OTL ==========
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1A4CF5B9-A2FD-464C-A311-FF2B6A3A9607}\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1A4CF5B9-A2FD-464C-A311-FF2B6A3A9607}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{420efb88-346f-4cb5-bbb1-cfd5efad5439}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{420efb88-346f-4cb5-bbb1-cfd5efad5439}\ not found.
    Prefs.js: "Custom search" removed from browser.search.defaultenginename
    Prefs.js: "Search the Web" removed from browser.search.selectedEngine
    Prefs.js: "http://apype.com" removed from browser.startup.homepage
    Prefs.js: {afe43e80-0abc-4df2-81a0-3fe44b74abe8}:1.300.433 removed from extensions.enabledAddons
    Registry value HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\14xRm@skywebsearch.com deleted successfully.
    File C:\PROGRA~2\AYOUTU~1\A Youtube Downloader Free.xpi [2012/09/27 17:40:26 | 000,046,060 | ---- | M] not found.
    C:\Users\Kathi\AppData\Roaming\Mozilla\Firefox\Profiles\lad0jdno.default\searchplugins\search-the-web.xml moved successfully.
    C:\Program Files (x86)\Mozilla Firefox\searchplugins\Custom search.xml moved successfully.
    C:\Users\Kathi\AppData\Roaming\Mozilla\Firefox\Profiles\lad0jdno.default\extensions\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}.xpi moved successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95525BD9-6136-4A26-8263-9CEE295D442D}\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95525BD9-6136-4A26-8263-9CEE295D442D}\ deleted successfully.
    C:\Program Files (x86)\4shared Toolbar\4sharedExt64.dll moved successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c0415407-4ed2-48e1-900e-ee869abdd1f3}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c0415407-4ed2-48e1-900e-ee869abdd1f3}\ deleted successfully.
    64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\!{2318C2B1-4965-11d4-9B18-009027A5CD4F} deleted successfully.
    64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{95080B13-AA71-4EE8-B951-7E98221E1ED5} deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95080B13-AA71-4EE8-B951-7E98221E1ED5}\ deleted successfully.
    C:\Program Files (x86)\4shared Toolbar\4sharedbar64.dll moved successfully.
    64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{c0415407-4ed2-48e1-900e-ee869abdd1f3} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c0415407-4ed2-48e1-900e-ee869abdd1f3}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\A Youtube Downloader Free_Helper deleted successfully.
    C:\Program Files (x86)\A Youtube Downloader Free\A Youtube Downloader Free_Helper.exe moved successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\atr.exe deleted successfully.
    64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&4shared Search\ deleted successfully.
    File C:\Program Files (x86)\4shared Toolbar\4sharedbar64.dll not found.
    Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&4shared Search\ not found.
    File C:\Program Files (x86)\4shared Toolbar\4sharedbar64.dll not found.
    Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    C:\Program Files (x86)\A Youtube Downloader Free folder moved successfully.
    ========== FILES ==========
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\Users\Kathi\Downloads\cmd.bat deleted successfully.
    C:\Users\Kathi\Downloads\cmd.txt deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Flash cache emptied: 41620 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Kathi
    ->Temp folder emptied: 11896823 bytes
    ->Temporary Internet Files folder emptied: 154169686 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 177548854 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 43518 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 1901014 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 4263290 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67630 bytes
    RecycleBin emptied: 5893196 bytes

    Total Files Cleaned = 339.00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 12012012_143310

    Files\Folders moved on Reboot...
    C:\Users\Kathi\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...
     
  10. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Okay, post new OTL log, and we can verify. :)
     
     
  11. KathiM

    KathiM TS Member Topic Starter Posts: 30

    OTL logfile created on: 12/2/2012 11:38:58 PM - Run 3
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kathi\Downloads
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    5.00 Gb Total Physical Memory | 3.18 Gb Available Physical Memory | 63.59% Memory free
    10.00 Gb Paging File | 7.80 Gb Available in Paging File | 77.98% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 584.01 Gb Total Space | 273.78 Gb Free Space | 46.88% Space Free | Partition Type: NTFS
    Drive D: | 12.07 Gb Total Space | 1.48 Gb Free Space | 12.23% Space Free | Partition Type: NTFS

    Computer Name: KATHI-HP | User Name: Kathi | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/12/02 12:07:49 | 000,236,552 | ---- | M] (Trustwave) -- C:\Program Files (x86)\Trustwave\Agent\tkstatus.exe
    PRC - [2012/12/02 12:07:48 | 000,131,592 | ---- | M] (Trustwave) -- C:\Program Files (x86)\Trustwave\Agent\tkagent.exe
    PRC - [2012/11/29 00:17:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kathi\Downloads\OTL.exe
    PRC - [2012/11/20 23:25:21 | 001,807,800 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe
    PRC - [2012/10/26 23:44:55 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    PRC - [2012/10/09 09:53:36 | 004,441,920 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Kathi\AppData\Local\Akamai\netsession_win.exe
    PRC - [2012/09/19 14:56:20 | 000,200,336 | ---- | M] (http://www.goforfiles.com/) -- C:\Program Files (x86)\GoforFiles\GFFUpdater.exe
    PRC - [2012/07/27 12:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2012/03/07 14:40:34 | 000,913,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
    PRC - [2012/01/18 14:02:04 | 000,508,136 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
    PRC - [2011/02/18 10:47:12 | 000,079,192 | ---- | M] (Research In Motion Limited) -- C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
    PRC - [2010/11/15 17:05:30 | 000,112,600 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
    PRC - [2010/10/01 12:27:22 | 000,632,792 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
    PRC - [2010/09/16 12:26:08 | 001,594,328 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Registry Mechanic\Upgrade.exe
    PRC - [2010/07/07 12:38:06 | 000,648,536 | ---- | M] (Research In Motion Limited) -- C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
    PRC - [2010/06/12 17:06:08 | 000,400,368 | ---- | M] (CinemaNow, Inc.) -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
    PRC - [2010/01/18 09:21:08 | 000,568,888 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
    PRC - [2009/11/19 18:15:46 | 000,583,016 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe
    PRC - [2009/10/14 14:53:20 | 000,635,416 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe
    PRC - [2008/11/20 09:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
    PRC - [2007/01/23 18:46:58 | 092,573,696 | ---- | M] (Individual Software Inc.) -- C:\Program Files (x86)\AnyTime Deluxe\Atw.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/11/20 23:25:20 | 014,586,808 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll
    MOD - [2012/11/19 17:34:39 | 000,037,280 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll
    MOD - [2012/11/16 07:26:43 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\66694f9192bd0dddc2eaf90fbcbcd555\System.Management.ni.dll
    MOD - [2012/11/16 07:02:54 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7c4de95aa433eb8d81a81caf805947a8\PresentationFramework.Aero.ni.dll
    MOD - [2012/11/16 07:02:35 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll
    MOD - [2012/11/16 07:02:33 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\3d4e9d4f6c945d6d3b7d423fdb6bd274\System.Data.ni.dll
    MOD - [2012/11/16 07:02:21 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1ec80905a71750be50dfc7981ad5ae28\PresentationFramework.ni.dll
    MOD - [2012/11/16 07:02:03 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll
    MOD - [2012/11/16 07:01:55 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll
    MOD - [2012/11/16 07:01:52 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\70705382a499703e7a595fada80b04e6\Accessibility.ni.dll
    MOD - [2012/11/16 07:01:51 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\53d6d827964619285771ed72332d3659\PresentationCore.ni.dll
    MOD - [2012/11/16 07:01:37 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll
    MOD - [2012/11/16 07:01:26 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll
    MOD - [2012/11/16 07:01:22 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll
    MOD - [2012/11/16 07:01:19 | 007,988,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll
    MOD - [2012/11/16 07:01:12 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll
    MOD - [2012/10/26 23:44:54 | 002,295,264 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
    MOD - [2012/06/13 17:42:48 | 000,181,248 | ---- | M] () -- C:\Program Files (x86)\Trustwave\Agent\zlibwapi.dll
    MOD - [2010/11/04 17:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
    MOD - [2010/09/28 14:00:32 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
    MOD - [2010/09/28 14:00:30 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
    MOD - [2010/09/28 14:00:14 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
    MOD - [2010/01/18 09:21:08 | 000,568,888 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
    MOD - [1997/04/29 11:26:16 | 000,120,832 | ---- | M] () -- C:\Program Files (x86)\AnyTime Deluxe\Utdial32.dll


    ========== Services (SafeList) ==========

    SRV:64bit: - [2012/03/07 14:40:34 | 000,913,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn)
    SRV:64bit: - [2011/03/08 20:53:04 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV:64bit: - [2011/01/26 17:01:28 | 000,354,304 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
    SRV:64bit: - [2010/06/17 04:23:36 | 000,194,496 | ---- | M] (Advanced Micro Devices) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe -- (AMD Reservation Manager)
    SRV:64bit: - [2009/07/13 17:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2012/12/02 12:07:48 | 000,131,592 | ---- | M] (Trustwave) [Auto | Running] -- C:\Program Files (x86)\Trustwave\Agent\tkagent.exe -- (tkagent)
    SRV - [2012/11/20 23:25:22 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/11/09 17:59:44 | 004,539,712 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll -- (Akamai)
    SRV - [2012/10/26 23:44:54 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/09/27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
    SRV - [2012/07/27 12:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2011/03/28 11:51:25 | 004,323,256 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
    SRV - [2010/10/12 09:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
    SRV - [2010/10/01 12:27:22 | 000,632,792 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
    SRV - [2010/06/12 17:06:08 | 000,400,368 | ---- | M] (CinemaNow, Inc.) [Auto | Running] -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -- (CinemaNow Service)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/10/14 14:53:20 | 000,635,416 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
    SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
    DRV:64bit: - [2012/03/14 07:40:04 | 000,187,632 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfw.sys -- (epfw)
    DRV:64bit: - [2012/03/14 07:40:04 | 000,062,496 | ---- | M] (ESET) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\epfwwfp.sys -- (epfwwfp)
    DRV:64bit: - [2012/03/14 07:40:04 | 000,038,288 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\EpfwLWF.sys -- (EpfwLWF)
    DRV:64bit: - [2012/03/14 07:40:02 | 000,209,768 | ---- | M] (ESET) [File_System | System | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
    DRV:64bit: - [2012/03/14 07:40:02 | 000,148,528 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
    DRV:64bit: - [2012/02/29 22:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2011/03/09 01:22:42 | 009,258,496 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
    DRV:64bit: - [2011/03/08 20:17:42 | 000,300,544 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
    DRV:64bit: - [2011/02/16 17:23:46 | 000,074,240 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
    DRV:64bit: - [2010/11/20 05:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 03:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/17 04:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
    DRV:64bit: - [2010/11/16 12:18:27 | 000,046,112 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tbhsd.sys -- (tbhsd)
    DRV:64bit: - [2010/03/10 07:33:52 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie)
    DRV:64bit: - [2010/03/04 06:43:00 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2010/02/18 08:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
    DRV:64bit: - [2010/02/05 20:04:06 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/02/05 20:04:04 | 000,070,712 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2009/12/22 01:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
    DRV:64bit: - [2009/09/17 05:26:18 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SSPORT.sys -- (SSPORT)
    DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/13 16:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
    DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/01/09 16:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
    DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
    DRV - [2005/01/02 13:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
    IE:64bit: - HKLM\..\SearchScopes\{150F51E5-89FD-4029-83A9-0706137DF8BE}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
    IE:64bit: - HKLM\..\SearchScopes\{4637FF3D-F284-4B7E-B76A-546A8EDCD4C6}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
    IE:64bit: - HKLM\..\SearchScopes\{DFFBC655-3F10-4FE2-8430-13CFE1FD498F}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.google.com
    IE - HKLM\..\SearchScopes,DefaultScope =

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://apype.com
    IE - HKCU\..\URLSearchHook: - No CLSID value found
    IE - HKCU\..\URLSearchHook: {b843a48a-b70f-45cd-a15a-6c2b30c2c11e} - C:\Program Files (x86)\Gamers Unite! Snag Bar\Helper.dll ()
    IE - HKCU\..\SearchScopes,DefaultScope = {62E7C7FA-5F68-4414-931F-93E8858EF758}
    IE - HKCU\..\SearchScopes\{62E7C7FA-5F68-4414-931F-93E8858EF758}: "URL" = http://www.google.com/search?q={sea...rce}&ie={inputEncoding?}&oe={outputEncoding?}
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Custom search"
    FF - prefs.js..browser.search.searchEnginesURL: "http://websearch.4shared.com/results?q="
    FF - prefs.js..browser.search.selectedEngine: "Custom search"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://apype.com"
    FF - prefs.js..extensions.enabledAddons: {afe43e80-0abc-4df2-81a0-3fe44b74abe8}:1.300.433
    FF - prefs.js..keyword.URL: "http://apype.com/results.php?q="
    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_34: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
    FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
    FF - HKLM\Software\MozillaPlugins\@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5: C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\18\NP_wtapp.dll ()
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll ()
    FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Kathi\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
    FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

    64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET SMART SECURITY\MOZILLA THUNDERBIRD [2012/07/20 21:00:08 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\quickprint@hp.com: C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2011/01/26 14:27:28 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/26 23:44:55 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2012/07/20 21:00:08 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/26 23:44:55 | 000,000,000 | ---D | M]

    [2011/12/10 22:24:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kathi\AppData\Roaming\Mozilla\Extensions
    [2012/12/02 00:47:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kathi\AppData\Roaming\Mozilla\Firefox\Profiles\lad0jdno.default\extensions
    [2012/12/02 00:47:11 | 000,580,191 | ---- | M] () (No name found) -- C:\Users\Kathi\AppData\Roaming\Mozilla\Firefox\Profiles\lad0jdno.default\extensions\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}.xpi
    [2012/11/26 21:01:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2012/10/26 23:44:55 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

    ========== Chrome ==========

    CHR - homepage: http://www.google.com

    O1 HOSTS File: ([2012/11/27 23:45:09 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
    O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
    O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
    O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
    O4 - HKLM..\Run: [ContentTransferWMDetector.exe] C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe (Sony Corporation)
    O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
    O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
    O4 - HKLM..\Run: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKCU..\Run: [4Sync] C:\Program Files (x86)\4Sync\4Sync.exe (New IT Solutions Ltd.)
    O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Kathi\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
    O4 - HKCU..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe (Hewlett-Packard)
    O4 - HKCU..\Run: [PlayNC Launcher] File not found
    O4 - Startup: C:\Users\Kathi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AnyTime.lnk = C:\Program Files (x86)\AnyTime Deluxe\Atw.exe (Individual Software Inc.)
    O4 - Startup: C:\Users\Kathi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Kathi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
    O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Kathi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
    O13 - gopher Prefix: missing
    O15 - HKCU\..Trusted Domains: caldirectsecuredocs.com ([www] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: caldirectsecuredocs.com ([www] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: com ([pennwest-edocs] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: com ([pennwest-edocs] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: ditechsecuredocs.com ([www] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: ditechsecuredocs.com ([www] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: ditechsecuredocs.net ([www] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: ditechsecuredocs.net ([www] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: docmagic.com ([www] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: docmagic.com ([www] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: elynx.net ([ctest] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: elynx.net ([ctest] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: elynx.net ([forms] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: elynx.net ([forms] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: elynx.net ([gmacforms] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: elynx.net ([gmacforms] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: elynx.net ([pro] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: elynx.net ([pro] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: elynx.net ([secure] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: elynx.net ([secure] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: elynx.net ([usign] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: elynx.net ([usign] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: elynx.net ([webpost] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: elynx.net ([webpost] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: gmacmsecuredocs.com ([www] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: gmacmsecuredocs.com ([www] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: gmacmsecuredocs.net ([www] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: gmacmsecuredocs.net ([www] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: gmamcsecuredocs.com ([www] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: gmamcsecuredocs.com ([www] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: rhapsody.com ([rhap-app-4-0] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: rhapsody.com ([rhapreg] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: ss3.swiftsend.com ([loandocs] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: ss3.swiftsend.com ([loandocs] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: swiftsend.com ([docs] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: swiftsend.com ([docs] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: swiftsend.com ([loandocs] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: swiftsend.com ([loandocs] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: swiftsend2.com ([docs] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: swiftsend2.com ([docs] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: swiftsend2.com ([loandocs] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: swiftsend2.com ([loandocs] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: swiftview.com ([www] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: swiftview.com ([www] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: wamuloandocs.com ([www] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: wamuloandocs.com ([www] https in Trusted sites)
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Plugin Control)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} http://panda-plugin.disney.go.com/plugin/win32/p3dactivex.cab (P3DActiveX Control)
    O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx (CRLDownloadWrapper Class)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{57F4C65D-DE84-4C7F-A9A4-EFD6EA28E475}: DhcpNameServer = 192.168.1.1
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\ms-help - No CLSID value found
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2012/11/27 22:28:48 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/12/02 12:08:23 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{B681B04F-8F72-4E67-86A2-4F8D97D143EE}
    [2012/12/02 12:07:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trustwave
    [2012/12/02 12:00:28 | 000,000,000 | ---D | C] -- C:\Users\Kathi\Desktop\Contractor Stuff
    [2012/12/02 00:07:56 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{15F4C8B7-047F-4CC7-B9DD-19C43E557320}
    [2012/12/01 14:33:10 | 000,000,000 | ---D | C] -- C:\_OTL
    [2012/12/01 12:07:26 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{61F9D008-5B6C-42B6-91B9-0D910B040E50}
    [2012/11/30 14:32:57 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{4608C5FA-37EF-4EE0-94CE-1F9378567A3D}
    [2012/11/29 15:11:34 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/11/29 15:10:30 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{C9D3E595-166B-4108-8FBB-E38912055C17}
    [2012/11/29 00:39:55 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/11/28 20:13:47 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{E8E58D15-3237-4464-8EF2-372578F51F11}
    [2012/11/28 08:13:34 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{AB4B3DAA-4657-457A-915B-EF2D01D484EF}
    [2012/11/28 00:24:33 | 000,000,000 | ---D | C] -- C:\Users\Kathi\Desktop\Virus removal
    [2012/11/28 00:05:18 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Roaming\Malwarebytes
    [2012/11/28 00:05:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/11/28 00:05:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/11/28 00:05:12 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/11/28 00:05:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2012/11/27 23:19:15 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/11/27 23:19:15 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/11/27 23:19:15 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/11/27 23:18:45 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/11/27 23:18:14 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/11/27 22:28:13 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
    [2012/11/27 18:37:28 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{57E04207-89F6-446D-8DCB-B86398E7A2CA}
    [2012/11/27 03:28:51 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{8293A4E9-4F86-458A-9056-38D94E7A1B2D}
    [2012/11/26 15:28:25 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{F9A09894-87D9-4E4A-8A26-76C7F64C4A0A}
    [2012/11/25 13:11:14 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{FE403889-A439-46EF-8F08-68DF75D25B1D}
    [2012/11/25 01:10:50 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{A8A9512F-FF18-4BBC-A7AA-7B206248EFE4}
    [2012/11/24 13:10:37 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{0EE3B6A2-DA5B-4E17-B2E4-2BD6A8A48774}
    [2012/11/23 11:46:27 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{269F6611-3BD7-4DEB-93EC-AB388F35B96E}
    [2012/11/22 23:46:01 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{CD6029AC-1401-46E8-8619-25569DF6764A}
    [2012/11/20 13:14:29 | 000,000,000 | ---D | C] -- C:\LGMobileUpgrade
    [2012/11/20 13:13:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LG Electronics
    [2012/11/20 11:35:09 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{7FA3AFF0-1ED7-4C62-93F5-35427272AF4C}
    [2012/11/19 23:34:58 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{58BA76CF-231E-4630-8C02-C9B31FF1370C}
    [2012/11/19 17:34:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
    [2012/11/19 17:32:55 | 000,000,000 | ---D | C] -- C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}
    [2012/11/19 11:34:46 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{2E351E04-2111-4EF3-86CD-CBEE0261BAEE}
    [2012/11/18 23:34:34 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{D5AD68FF-7C77-4356-AF80-3F7D56E66B3D}
    [2012/11/18 11:34:21 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{58A551D9-F5D8-4FE3-8261-D691F564D20E}
    [2012/11/17 15:16:26 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{0C525CDA-33F9-42CE-871D-5609DD015E6D}
    [2012/11/16 12:24:56 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{CE75A2E1-E7E8-4ABB-BBFA-A27F2F78E1C6}
    [2012/11/15 22:21:20 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{64AB8BEB-18FE-4617-AF21-FA7101805945}
    [2012/11/15 10:21:07 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{C9846F85-A50F-4983-92B9-702A05BF0BF9}
    [2012/11/14 19:28:41 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{18FD4BD7-2B9F-4398-83E9-31E721170F57}
    [2012/11/14 07:16:34 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{51510BAA-1BE0-4B7C-8886-927FCEC36133}
    [2012/11/13 19:16:08 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{54C4F440-4943-4448-9ACF-5DEFC4092209}
    [2012/11/13 07:15:41 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{20B5B08A-66CD-430E-A6CD-B10DA63C609F}
    [2012/11/12 11:30:06 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{C2C39778-7C87-47F4-9669-4DFF8CA42079}
    [2012/11/11 11:37:20 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{58BCDDDC-A092-45F8-87D3-911B920AE96F}
    [2012/11/10 18:40:23 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{25251B61-D02C-4B18-A26F-8E2B85185C71}
    [2012/11/04 13:33:09 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{C30BD269-BA26-474B-98ED-15511090F90E}
    [2012/11/03 10:34:38 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{85315673-2AC0-466B-A8A3-9EE173B70C56}
    [2011/02/25 18:07:35 | 021,882,800 | ---- | C] (Trion Worlds, Inc.) -- C:\Users\Kathi\Rift_LIVE_Patcher_setup.exe

    ========== Files - Modified Within 30 Days ==========

    [2012/12/02 23:40:00 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Communicator.job
    [2012/12/02 23:35:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/12/02 23:32:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/12/02 21:07:10 | 000,000,266 | ---- | M] () -- C:\Windows\tasks\RMSchedule.job
    [2012/12/02 18:35:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/12/02 17:20:32 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/12/02 17:20:32 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/12/02 12:07:13 | 000,001,958 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TrustKeeper Agent Status.lnk
    [2012/12/02 11:39:14 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForKathi.job
    [2012/12/01 14:37:52 | 000,001,916 | ---- | M] () -- C:\Users\Kathi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet 6700.lnk
    [2012/12/01 14:35:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/12/01 14:35:10 | 4025,966,592 | -HS- | M] () -- C:\hiberfil.sys
    [2012/11/29 22:13:08 | 002,213,678 | ---- | M] () -- C:\Users\Kathi\Documents\Scan0144.pdf
    [2012/11/29 20:59:10 | 003,800,587 | ---- | M] () -- C:\Users\Kathi\Documents\Scan0143.pdf
    [2012/11/29 20:55:38 | 004,816,175 | ---- | M] () -- C:\Users\Kathi\Documents\Scan0142.pdf
    [2012/11/28 00:05:14 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/11/27 23:45:09 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/11/27 22:28:48 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
    [2012/11/27 22:26:13 | 000,000,034 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefoxoverride.ini
    [2012/11/26 17:18:07 | 000,226,083 | ---- | M] () -- C:\Users\Kathi\Desktop\Auto Insurance.pdf
    [2012/11/23 13:16:24 | 000,251,271 | ---- | M] () -- C:\Users\Kathi\Desktop\Matthew Xmas.pdf
    [2012/11/23 13:15:59 | 000,246,731 | ---- | M] () -- C:\Users\Kathi\Documents\Scan0141.pdf
    [2012/11/23 13:14:04 | 000,458,368 | ---- | M] () -- C:\Users\Kathi\Desktop\Alexis Xmas List.pdf
    [2012/11/23 13:12:48 | 000,453,825 | ---- | M] () -- C:\Users\Kathi\Documents\Scan0140.pdf
    [2012/11/23 13:11:07 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/11/23 13:11:07 | 000,624,162 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/11/23 13:11:07 | 000,106,538 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/11/19 17:34:57 | 000,002,147 | ---- | M] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
    [2012/11/16 06:53:47 | 000,382,112 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2012/11/14 17:51:06 | 000,014,472 | ---- | M] () -- C:\Users\Kathi\Desktop\220px-Savanna_towards_the_south-east_from_the_south-west_of_Taita_Hills_Game_Lodge_within_the_Taita_Hills_Wildlife_Sanctuary_in_Kenya.jpg
    [2012/11/08 17:12:51 | 000,254,100 | ---- | M] () -- C:\Users\Kathi\Desktop\alexis 2.pdf
    [2012/11/08 17:12:35 | 000,249,560 | ---- | M] () -- C:\Users\Kathi\Documents\Scan0139.pdf
    [2012/11/08 17:11:42 | 000,335,399 | ---- | M] () -- C:\Users\Kathi\Desktop\alexis 1.pdf
    [2012/11/08 17:11:08 | 000,330,856 | ---- | M] () -- C:\Users\Kathi\Documents\Scan0138.pdf

    ========== Files Created - No Company Name ==========

    [2012/12/02 12:07:13 | 000,001,958 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TrustKeeper Agent Status.lnk
    [2012/11/29 22:13:01 | 002,213,678 | ---- | C] () -- C:\Users\Kathi\Documents\Scan0144.pdf
    [2012/11/29 20:59:08 | 003,800,587 | ---- | C] () -- C:\Users\Kathi\Documents\Scan0143.pdf
    [2012/11/29 20:55:35 | 004,816,175 | ---- | C] () -- C:\Users\Kathi\Documents\Scan0142.pdf
    [2012/11/28 00:05:14 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/11/27 23:19:15 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/11/27 23:19:15 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/11/27 23:19:15 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/11/27 23:19:15 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/11/27 23:19:15 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/11/27 22:28:48 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
    [2012/11/26 21:01:18 | 000,000,034 | ---- | C] () -- C:\Program Files (x86)\Mozilla Firefoxoverride.ini
    [2012/11/26 17:18:05 | 000,226,083 | ---- | C] () -- C:\Users\Kathi\Desktop\Auto Insurance.pdf
    [2012/11/23 13:16:24 | 000,251,271 | ---- | C] () -- C:\Users\Kathi\Desktop\Matthew Xmas.pdf
    [2012/11/23 13:15:59 | 000,246,731 | ---- | C] () -- C:\Users\Kathi\Documents\Scan0141.pdf
    [2012/11/23 13:14:04 | 000,458,368 | ---- | C] () -- C:\Users\Kathi\Desktop\Alexis Xmas List.pdf
    [2012/11/23 13:12:48 | 000,453,825 | ---- | C] () -- C:\Users\Kathi\Documents\Scan0140.pdf
    [2012/11/19 17:34:57 | 000,002,147 | ---- | C] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
    [2012/11/16 01:55:39 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
    [2012/11/16 01:46:55 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
    [2012/11/14 17:47:29 | 000,014,472 | ---- | C] () -- C:\Users\Kathi\Desktop\220px-Savanna_towards_the_south-east_from_the_south-west_of_Taita_Hills_Game_Lodge_within_the_Taita_Hills_Wildlife_Sanctuary_in_Kenya.jpg
    [2012/11/08 17:12:51 | 000,254,100 | ---- | C] () -- C:\Users\Kathi\Desktop\alexis 2.pdf
    [2012/11/08 17:12:35 | 000,249,560 | ---- | C] () -- C:\Users\Kathi\Documents\Scan0139.pdf
    [2012/11/08 17:11:42 | 000,335,399 | ---- | C] () -- C:\Users\Kathi\Desktop\alexis 1.pdf
    [2012/11/08 17:11:08 | 000,330,856 | ---- | C] () -- C:\Users\Kathi\Documents\Scan0138.pdf
    [2012/08/11 10:15:38 | 006,885,376 | ---- | C] () -- C:\Users\Kathi\s-1-5-21-2635634824-2115636220-2321885851-1000.rrr
    [2012/07/04 21:55:42 | 000,870,128 | ---- | C] () -- C:\Users\Kathi\AppData\Roaming\mcs.rma
    [2012/06/15 21:25:50 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
    [2011/10/05 17:16:07 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
    [2011/05/22 19:27:27 | 000,001,854 | ---- | C] () -- C:\Users\Kathi\AppData\Roaming\GhostObjGAFix.xml
    [2011/03/21 18:56:22 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
    [2011/01/12 19:03:18 | 000,003,155 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
    [2010/12/28 16:35:54 | 000,000,114 | ---- | C] () -- C:\Users\Kathi\AppData\Roaming\sview.ini
    [2010/12/28 16:35:51 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\srfvdo.dat
    [2010/12/06 12:57:56 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
    [2010/11/24 20:51:43 | 000,009,216 | ---- | C] () -- C:\Users\Kathi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    ========== ZeroAccess Check ==========

    [2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 21:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 20:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 04:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both
     
  12. KathiM

    KathiM TS Member Topic Starter Posts: 30

    PART 2 (It was over 50,000 characters)

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2012/04/18 03:47:18 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\4Sync
    [2011/07/19 16:47:07 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\A Gypsy's Tale - The Tower of Secrets
    [2011/07/31 09:13:06 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\Absolutist
    [2012/08/12 13:09:25 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\AlawarEntertainment
    [2012/10/28 20:33:49 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\Amaranth Games
    [2012/06/06 18:43:55 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\Atari
    [2011/08/10 09:31:47 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\Boomzap
    [2011/06/30 09:02:04 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\Casual Mechanics
    [2011/07/21 17:33:41 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\DarkParablesBriarRoseSE_BFG
    [2010/11/23 18:00:54 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\DocMagic
    [2011/06/04 12:44:43 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\DVDVideoSoftIEHelpers
    [2011/10/24 18:32:26 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\ElementalsTheMagicKey
    [2010/11/20 21:00:29 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\ESET
    [2011/04/03 13:56:33 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\Fannie Mae
    [2010/11/21 14:16:56 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\FOG Downloader
    [2011/08/15 14:43:08 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\FrimaStudio
    [2011/03/29 18:03:05 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\funkitron
    [2012/09/02 16:22:19 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\Funlinker
    [2012/06/25 20:23:18 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\Gamelab
    [2012/05/18 14:27:47 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\GamesFaction
    [2011/03/18 13:12:00 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\GetRightToGo
    [2012/09/19 14:57:05 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\GoforFiles
    [2012/05/10 15:25:55 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\Gogii
    [2011/05/10 15:06:09 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\Happyville__
    [2012/06/06 17:27:38 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\HipSoft
    [2011/07/24 07:58:16 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\Immortal Lovers
    [2010/11/20 21:21:18 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\Individual Software
    [2011/10/30 09:42:46 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\JaiboGames
    [2010/11/30 23:21:35 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\Leadertech
    [2011/02/23 19:13:25 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\Ludia
    [2011/10/26 06:56:50 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\MagicIndie
    [2012/03/23 18:32:23 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\Mean Hamster
    [2010/12/04 10:22:29 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\Nevosoft Games
    [2010/11/21 20:51:43 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\OpenOffice.org
    [2011/03/18 13:25:50 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\PhotoScape
    [2010/11/20 19:42:50 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\PictureMover
    [2012/02/11 10:40:10 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\PlayFirst
    [2012/03/31 09:05:25 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\Playrix Entertainment
    [2010/11/28 16:46:05 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\PoBros
    [2011/07/23 15:35:39 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\Princess Isabella
    [2011/12/06 19:25:58 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\Registry Mechanic
    [2011/07/31 13:31:00 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\Research In Motion
    [2011/10/01 19:05:00 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\RIFT
    [2010/11/23 15:50:36 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\ScanSoft
    [2011/03/27 08:28:26 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\Sky Bros
    [2011/09/07 19:21:00 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\SoftGrid Client
    [2011/09/07 19:11:09 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\TP
    [2011/04/28 16:38:01 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\Turtle Odyssey II
    [2012/03/05 19:01:24 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\Unity
    [2011/05/20 15:11:27 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\UNOUndercover
    [2012/11/27 23:42:34 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\uTorrent
    [2011/05/10 16:04:21 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\Vasilek Games
    [2012/06/23 10:44:44 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\Visan
    [2011/12/17 08:51:08 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\wargaming.net
    [2011/07/27 13:33:38 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\Wild Tangent
    [2012/05/14 19:01:01 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\WildTangent
    [2011/07/19 16:57:15 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\WildTangentv1002
    [2010/11/28 14:16:01 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\WinBatch
    [2010/12/05 11:15:38 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\Windows Live Writer
    [2011/10/21 15:47:59 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\YoudaGames

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 157 bytes -> C:\ProgramData\Temp:D1B5B4F1

    < End of report >
     
  13. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    OTL special check

    Please open OTL -- Click the None button, copy the following from the quotebox and paste this in the Custom Scans/Fixes box in OTL:

    Then click the Run Scan button (NOT Run Fix). It shall launch a log. Please post it in your next reply.
     
  14. KathiM

    KathiM TS Member Topic Starter Posts: 30

    OTL logfile created on: 12/3/2012 2:33:56 PM - Run 4
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kathi\Downloads
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    5.00 Gb Total Physical Memory | 2.35 Gb Available Physical Memory | 46.99% Memory free
    10.00 Gb Paging File | 7.44 Gb Available in Paging File | 74.43% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 584.01 Gb Total Space | 273.79 Gb Free Space | 46.88% Space Free | Partition Type: NTFS
    Drive D: | 12.07 Gb Total Space | 1.48 Gb Free Space | 12.23% Space Free | Partition Type: NTFS

    Computer Name: KATHI-HP | User Name: Kathi | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

    ========== Custom Scans ==========

    < %PROGRAMFILES%\*. >
    [2012/12/01 14:33:12 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\4shared Toolbar
    [2012/04/04 17:28:34 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\4Sync
    [2011/06/27 07:00:10 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Adobe
    [2011/04/09 20:56:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\AMD APP
    [2010/11/20 20:39:49 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\AnyTime Deluxe
    [2011/03/31 17:06:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ATI
    [2011/03/31 17:06:08 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ATI Technologies
    [2012/04/02 05:12:14 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\AVS4YOU
    [2010/09/10 15:35:14 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\CinemaNow
    [2012/11/29 00:32:17 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files
    [2010/11/21 21:59:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Curse
    [2010/09/10 15:33:31 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\CyberLink
    [2011/08/27 07:23:57 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Disney
    [2010/11/23 18:00:54 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\DocMagic
    [2011/06/04 12:44:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\DVDVideoSoft
    [2012/01/29 15:06:25 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Electronic Arts
    [2011/12/10 19:44:24 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Gamers Unite! Snag Bar
    [2012/09/19 14:56:20 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\GoforFiles
    [2012/11/26 21:01:15 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Google
    [2012/08/24 21:22:26 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Guild Wars 2
    [2012/11/19 17:34:39 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Hewlett-Packard
    [2012/06/15 21:27:57 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Hp
    [2010/12/11 10:15:59 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\HP Games
    [2012/06/23 10:44:02 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\HP Photo Creations
    [2012/11/19 17:41:07 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\InstallShield Installation Information
    [2012/11/16 06:51:09 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Internet Explorer
    [2012/08/25 23:55:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Java
    [2010/09/10 15:52:44 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Kobo
    [2012/11/20 13:13:07 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\LG Electronics
    [2012/11/28 00:05:15 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2011/01/21 23:06:03 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft
    [2011/09/07 20:40:21 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Analysis Services
    [2011/09/07 20:39:30 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Office
    [2012/05/09 02:33:32 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Silverlight
    [2010/11/20 19:36:11 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
    [2010/09/10 15:35:09 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft WSE
    [2011/09/07 20:42:48 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft.NET
    [2010/12/18 11:39:54 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MountFocus
    [2012/11/26 21:01:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox
    [2012/10/28 22:29:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Maintenance Service
    [2009/07/13 21:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSBuild
    [2011/09/07 18:34:09 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSECache
    [2010/11/20 22:22:31 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSXML 4.0
    [2012/07/29 16:08:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\NCSoft
    [2010/09/10 15:52:22 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\NewspaperDirect
    [2011/06/30 09:28:26 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\NVIDIA Corporation
    [2010/11/20 19:37:00 | 000,000,000 | R--D | M] -- C:\Program Files (x86)\Online Services
    [2011/11/18 17:32:57 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\OpenOffice.org 3
    [2012/07/29 16:07:26 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Pando Networks
    [2012/10/28 17:20:33 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\PASS
    [2010/09/10 15:25:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\PDF Complete
    [2011/03/18 13:19:11 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\PhotoScape
    [2010/09/10 15:40:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\PictureMover
    [2011/02/06 14:41:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\PixiePack Codec Pack
    [2012/05/06 19:59:35 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\QuickTime
    [2011/02/06 15:09:12 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\RapidSolution
    [2011/12/17 09:25:32 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\RealArcade
    [2010/09/10 15:26:01 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Realtek
    [2009/07/13 21:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Reference Assemblies
    [2012/08/11 10:06:11 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Registry Mechanic
    [2011/01/26 19:42:14 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Research In Motion
    [2012/07/04 21:55:28 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Rhapsody
    [2011/11/12 00:05:15 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\RIFT Game
    [2011/04/18 08:33:21 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Runes of Magic
    [2010/11/23 15:49:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ScanSoft
    [2011/01/02 14:03:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\SmileyCentral_1vEI
    [2012/01/11 16:29:04 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Sony
    [2010/12/28 16:35:54 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\SwiftView
    [2010/09/10 15:26:13 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Temp
    [2012/12/02 12:07:11 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Trustwave
    [2009/07/13 20:57:06 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Uninstall Information
    [2012/06/14 17:03:02 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\uTorrent
    [2010/12/06 12:58:00 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Ventrilo
    [2012/04/05 12:38:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\WildGames
    [2012/10/28 17:19:06 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\WildTangent Games
    [2009/07/13 21:37:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Defender
    [2012/06/18 23:46:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Live
    [2011/11/08 06:29:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Mail
    [2011/11/08 06:29:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Media Player
    [2009/07/13 21:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows NT
    [2011/11/08 06:29:54 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Photo Viewer
    [2011/11/08 06:29:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Portable Devices
    [2011/11/08 06:29:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Sidebar
    [2011/12/31 20:03:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\WinRAR
    [2010/09/10 15:52:14 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Zinio Reader 4

    < End of report >
     
  15. KathiM

    KathiM TS Member Topic Starter Posts: 30

    I uninstalled the program...but will the next step get rid of Starburn?

    When I open either Firefox or IE...it automatically opens to http://www.search.starburnsoftware.com/

    When I go to reset my home page...it says my current home page is http://apype.com I have reset my home page a zillion times...but it keeps reverting to the above....

    Will your next step (Clean up System Restore etc) fix these problems?
     
  16. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Scratch that. I had no idea whether or not they were still present.

    Moving along though...

    • Please download Unhide by Grinler from here and save it to your desktop.
    • Double click unhide.exe to run the tool.
    • It will take some time to go through all your files, so please be patient.
    • Post any log it may launch.

    Please download and run RKill.

    Download mirror 1 - Download mirror 2 - Download mirror 3

    • Save it to your Desktop.
    • Double click the RKill desktop icon.
    • It will quickly run and launch a log. If it does not launch a log, try another download link until it does.
    • Please post its log in your next reply.
    • After it has run successfully, delete RKill.
    Note: This tool only kills the active infection, the actual infection will not be gone. Once you reboot the infection will be active again! Please do not reboot until instructed further to do so.


    Adware Cleaning

    Please download AdwCleaner by Xplode onto your Desktop.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Delete.
    • A logfile will automatically open after the scan has finished.
    • Please post the content of that logfile in your reply.
    • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.


    OTL Quick Scan

    • Close all windows and double click OTL.exe.
    • Click Quick Scan button and let the program run uninterrupted.
    • It will produce a log for you called OTL.txt, please post it in your next reply.
    • You may need to use two posts to get it all.
     
  17. KathiM

    KathiM TS Member Topic Starter Posts: 30

    Rkill 2.4.5 by Lawrence Abrams (Grinler)
    http://www.bleepingcomputer.com/
    Copyright 2008-2012 BleepingComputer.com
    More Information about Rkill can be found at this link:
    http://www.bleepingcomputer.com/forums/topic308364.html

    Program started at: 12/06/2012 08:57:08 AM in x64 mode.
    Windows Version: Windows 7 Home Premium Service Pack 1

    Checking for Windows services to stop:

    * No malware services found to stop.

    Checking for processes to terminate:

    * No malware processes found to kill.

    Checking Registry for malware related settings:

    * No issues found in the Registry.

    Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

    Performing miscellaneous checks:

    * Windows Firewall Disabled

    [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = dword:00000000

    Checking Windows Service Integrity:

    * No issues found.

    Searching for Missing Digital Signatures:

    * No issues found.

    Checking HOSTS File:

    * HOSTS file entries found:

    127.0.0.1 localhost

    Program finished at: 12/06/2012 08:57:24 AM
    Execution time: 0 hours(s), 0 minute(s), and 16 seconds(s)

    # AdwCleaner v2.011 - Logfile created 12/06/2012 at 08:59:13
    # Updated 02/12/2012 by Xplode
    # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
    # User : Kathi - KATHI-HP
    # Boot Mode : Normal
    # Running from : C:\Users\Kathi\Downloads\adwcleaner(1).exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****

    Folder Deleted : C:\Users\Kathi\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
    Folder Deleted : C:\Users\Kathi\AppData\Roaming\Mozilla\Firefox\Profiles\lad0jdno.default\FCTB

    ***** [Registry] *****


    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16455

    [OK] Registry is clean.

    -\\ Mozilla Firefox v17.0.1 (en-US)

    Profile name : default
    File : C:\Users\Kathi\AppData\Roaming\Mozilla\Firefox\Profiles\lad0jdno.default\prefs.js

    Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.AutoSearchEventData", "auto%20search");
    Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.ClearCacheDate", 6);
    Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.DNSCatch", false);
    Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.DisplayEULA", false);
    Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.DnsCatchEventData", "dns%20catch");
    Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.FirstLaunchShown", true);
    Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.LoadLayoutDate.62781", 6);
    Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.NewTabSearchEventData", "tab%20search");
    Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.ShowRecommendedOptions", true);
    Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.StateReportDate", "1354808798735");
    Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.TopRightSearchEventData", "top%20right%20search[...]
    Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.beforeInstallSaved", true);
    Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.beforeinstall.homepage", "hxxp%3A//apype.com");
    Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.beforeinstall.search", "Google");
    Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.comp.affiliate.2810218.disabled", false);
    Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.customNewTab", false);
    Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.helpUsImprove", true);
    Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.hideOthers", false);
    Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.processAddrBar", false);
    Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.restoreSearch", false);
    Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.searchHistory", false);
    Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.session", "E9196E46ECEEF50CD24334C68BF1B6CC6F49[...]
    Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.showFirstLaunchOptions", false);
    Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.tb_lang", "en");
    Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.tool_id", "62781");
    Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.user_id", "82124616");
    Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.user_key", "fe147bdc04f3744df03b11f6fa13ec65507[...]
    Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.user_layouts", "62781");
    Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.user_lnames", "Gamers%20Unite%21%20Snag%20Bar")[...]
    Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.xml_service_url", "64e3a27980eeceb34248bc3e680b[...]
    Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.yahooSearch", false);

    -\\ Google Chrome v [Unable to get version]

    File : C:\Users\Kathi\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[S1].txt - [31224 octets] - [30/11/2012 17:14:15]
    AdwCleaner[S2].txt - [4092 octets] - [06/12/2012 08:59:13]

    ########## EOF - C:\AdwCleaner[S2].txt - [4152 octets] ##########
     
  18. KathiM

    KathiM TS Member Topic Starter Posts: 30

    OTL logfile created on: 12/6/2012 9:07:36 AM - Run 5
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kathi\Downloads
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    5.00 Gb Total Physical Memory | 3.15 Gb Available Physical Memory | 62.99% Memory free
    10.00 Gb Paging File | 8.00 Gb Available in Paging File | 80.03% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 584.01 Gb Total Space | 274.25 Gb Free Space | 46.96% Space Free | Partition Type: NTFS
    Drive D: | 12.07 Gb Total Space | 1.48 Gb Free Space | 12.23% Space Free | Partition Type: NTFS

    Computer Name: KATHI-HP | User Name: Kathi | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/12/05 02:32:14 | 000,916,960 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    PRC - [2012/12/02 12:07:49 | 000,236,552 | ---- | M] (Trustwave) -- C:\Program Files (x86)\Trustwave\Agent\tkstatus.exe
    PRC - [2012/12/02 12:07:48 | 000,131,592 | ---- | M] (Trustwave) -- C:\Program Files (x86)\Trustwave\Agent\tkagent.exe
    PRC - [2012/11/29 00:17:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kathi\Downloads\OTL.exe
    PRC - [2012/11/20 23:25:21 | 001,807,800 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe
    PRC - [2012/10/09 09:53:36 | 004,441,920 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Kathi\AppData\Local\Akamai\netsession_win.exe
    PRC - [2012/09/19 14:56:20 | 000,200,336 | ---- | M] (http://www.goforfiles.com/) -- C:\Program Files (x86)\GoforFiles\GFFUpdater.exe
    PRC - [2012/08/25 23:55:54 | 000,157,680 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\javaws.exe
    PRC - [2012/08/25 23:55:54 | 000,149,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\javaw.exe
    PRC - [2012/07/27 12:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2012/03/07 14:40:34 | 000,913,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
    PRC - [2011/02/18 10:47:12 | 000,079,192 | ---- | M] (Research In Motion Limited) -- C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
    PRC - [2010/11/15 17:05:30 | 000,112,600 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
    PRC - [2010/10/01 12:27:22 | 000,632,792 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
    PRC - [2010/07/07 12:38:06 | 000,648,536 | ---- | M] (Research In Motion Limited) -- C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
    PRC - [2010/06/12 17:06:08 | 000,400,368 | ---- | M] (CinemaNow, Inc.) -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
    PRC - [2010/01/18 09:21:08 | 000,568,888 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
    PRC - [2009/11/19 18:15:46 | 000,583,016 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe
    PRC - [2009/11/19 18:15:44 | 001,545,576 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\Content Transfer\ContentTransfer.exe
    PRC - [2009/10/14 14:53:20 | 000,635,416 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe
    PRC - [2008/11/20 09:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
    PRC - [2007/01/23 18:46:58 | 092,573,696 | ---- | M] (Individual Software Inc.) -- C:\Program Files (x86)\AnyTime Deluxe\Atw.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/12/05 02:32:13 | 002,397,152 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
    MOD - [2012/11/20 23:25:20 | 014,586,808 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll
    MOD - [2012/11/19 17:34:39 | 000,037,280 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll
    MOD - [2012/11/16 07:26:43 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\66694f9192bd0dddc2eaf90fbcbcd555\System.Management.ni.dll
    MOD - [2012/11/16 07:02:54 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7c4de95aa433eb8d81a81caf805947a8\PresentationFramework.Aero.ni.dll
    MOD - [2012/11/16 07:02:35 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll
    MOD - [2012/11/16 07:02:33 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\3d4e9d4f6c945d6d3b7d423fdb6bd274\System.Data.ni.dll
    MOD - [2012/11/16 07:02:21 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1ec80905a71750be50dfc7981ad5ae28\PresentationFramework.ni.dll
    MOD - [2012/11/16 07:01:51 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\53d6d827964619285771ed72332d3659\PresentationCore.ni.dll
    MOD - [2012/11/16 07:01:37 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll
    MOD - [2012/11/16 07:01:26 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll
    MOD - [2012/11/16 07:01:22 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll
    MOD - [2012/11/16 07:01:19 | 007,988,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll
    MOD - [2012/11/16 07:01:12 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll
    MOD - [2012/06/13 17:42:48 | 000,181,248 | ---- | M] () -- C:\Program Files (x86)\Trustwave\Agent\zlibwapi.dll
    MOD - [2010/11/04 17:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
    MOD - [2010/09/28 14:00:32 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
    MOD - [2010/09/28 14:00:30 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
    MOD - [2010/09/28 14:00:14 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
    MOD - [2010/01/18 09:21:08 | 000,568,888 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
    MOD - [1997/04/29 11:26:16 | 000,120,832 | ---- | M] () -- C:\Program Files (x86)\AnyTime Deluxe\Utdial32.dll


    ========== Services (SafeList) ==========

    SRV:64bit: - [2012/03/07 14:40:34 | 000,913,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn)
    SRV:64bit: - [2011/03/08 20:53:04 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV:64bit: - [2011/01/26 17:01:28 | 000,354,304 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
    SRV:64bit: - [2010/06/17 04:23:36 | 000,194,496 | ---- | M] (Advanced Micro Devices) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe -- (AMD Reservation Manager)
    SRV:64bit: - [2009/07/13 17:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2012/12/05 02:32:14 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/12/02 12:07:48 | 000,131,592 | ---- | M] (Trustwave) [Auto | Running] -- C:\Program Files (x86)\Trustwave\Agent\tkagent.exe -- (tkagent)
    SRV - [2012/11/20 23:25:22 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/11/09 17:59:44 | 004,539,712 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll -- (Akamai)
    SRV - [2012/09/27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
    SRV - [2012/07/27 12:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2011/03/28 11:51:25 | 004,323,256 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
    SRV - [2010/10/12 09:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
    SRV - [2010/10/01 12:27:22 | 000,632,792 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
    SRV - [2010/06/12 17:06:08 | 000,400,368 | ---- | M] (CinemaNow, Inc.) [Auto | Running] -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -- (CinemaNow Service)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/10/14 14:53:20 | 000,635,416 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
    SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
    DRV:64bit: - [2012/03/14 07:40:04 | 000,187,632 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfw.sys -- (epfw)
    DRV:64bit: - [2012/03/14 07:40:04 | 000,062,496 | ---- | M] (ESET) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\epfwwfp.sys -- (epfwwfp)
    DRV:64bit: - [2012/03/14 07:40:04 | 000,038,288 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\EpfwLWF.sys -- (EpfwLWF)
    DRV:64bit: - [2012/03/14 07:40:02 | 000,209,768 | ---- | M] (ESET) [File_System | System | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
    DRV:64bit: - [2012/03/14 07:40:02 | 000,148,528 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
    DRV:64bit: - [2012/02/29 22:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2011/03/09 01:22:42 | 009,258,496 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
    DRV:64bit: - [2011/03/08 20:17:42 | 000,300,544 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
    DRV:64bit: - [2011/02/16 17:23:46 | 000,074,240 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
    DRV:64bit: - [2010/11/20 05:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 03:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/17 04:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
    DRV:64bit: - [2010/11/16 12:18:27 | 000,046,112 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tbhsd.sys -- (tbhsd)
    DRV:64bit: - [2010/03/10 07:33:52 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie)
    DRV:64bit: - [2010/03/04 06:43:00 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2010/02/18 08:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
    DRV:64bit: - [2010/02/05 20:04:06 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/02/05 20:04:04 | 000,070,712 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2009/12/22 01:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
    DRV:64bit: - [2009/09/17 05:26:18 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SSPORT.sys -- (SSPORT)
    DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/13 16:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
    DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/01/09 16:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
    DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
    DRV - [2005/01/02 13:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
    IE:64bit: - HKLM\..\SearchScopes\{150F51E5-89FD-4029-83A9-0706137DF8BE}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
    IE:64bit: - HKLM\..\SearchScopes\{4637FF3D-F284-4B7E-B76A-546A8EDCD4C6}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
    IE:64bit: - HKLM\..\SearchScopes\{DFFBC655-3F10-4FE2-8430-13CFE1FD498F}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.google.com
    IE - HKLM\..\SearchScopes,DefaultScope =

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKCU\..\URLSearchHook: - No CLSID value found
    IE - HKCU\..\URLSearchHook: {b843a48a-b70f-45cd-a15a-6c2b30c2c11e} - C:\Program Files (x86)\Gamers Unite! Snag Bar\Helper.dll ()
    IE - HKCU\..\SearchScopes,DefaultScope =
    IE - HKCU\..\SearchScopes\{62E7C7FA-5F68-4414-931F-93E8858EF758}: "URL" = http://www.google.com/search?q={sea...rce}&ie={inputEncoding?}&oe={outputEncoding?}
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Custom search"
    FF - prefs.js..browser.search.selectedEngine: "Search the Web"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://apype.com"
    FF - prefs.js..extensions.enabledAddons: %7Bafe43e80-0abc-4df2-81a0-3fe44b74abe8%7D:1.300.433
    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_34: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
    FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
    FF - HKLM\Software\MozillaPlugins\@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5: C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\18\NP_wtapp.dll ()
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll ()
    FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Kathi\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
    FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

    64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET SMART SECURITY\MOZILLA THUNDERBIRD [2012/07/20 21:00:08 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\quickprint@hp.com: C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2011/01/26 14:27:28 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/12/05 02:32:15 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2012/07/20 21:00:08 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/12/05 02:32:15 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

    [2011/12/10 22:24:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kathi\AppData\Roaming\Mozilla\Extensions
    [2012/12/02 00:47:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kathi\AppData\Roaming\Mozilla\Firefox\Profiles\lad0jdno.default\extensions
    [2012/12/02 00:47:11 | 000,580,191 | ---- | M] () (No name found) -- C:\Users\Kathi\AppData\Roaming\Mozilla\Firefox\Profiles\lad0jdno.default\extensions\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}.xpi
    [2012/12/05 02:32:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2012/12/05 02:32:15 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

    ========== Chrome ==========

    CHR - homepage: http://www.google.com

    O1 HOSTS File: ([2012/11/27 23:45:09 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
    O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
    O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
    O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
    O4 - HKLM..\Run: [ContentTransferWMDetector.exe] C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe (Sony Corporation)
    O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
    O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
    O4 - HKLM..\Run: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKCU..\Run: [4Sync] C:\Program Files (x86)\4Sync\4Sync.exe (New IT Solutions Ltd.)
    O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Kathi\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
    O4 - HKCU..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe (Hewlett-Packard)
    O4 - HKCU..\Run: [PlayNC Launcher] File not found
    O4 - Startup: C:\Users\Kathi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AnyTime.lnk = C:\Program Files (x86)\AnyTime Deluxe\Atw.exe (Individual Software Inc.)
    O4 - Startup: C:\Users\Kathi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Kathi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
    O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Kathi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
    O13 - gopher Prefix: missing
    O15 - HKCU\..Trusted Domains: caldirectsecuredocs.com ([www] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: caldirectsecuredocs.com ([www] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: com ([pennwest-edocs] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: com ([pennwest-edocs] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: ditechsecuredocs.com ([www] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: ditechsecuredocs.com ([www] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: ditechsecuredocs.net ([www] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: ditechsecuredocs.net ([www] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: docmagic.com ([www] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: docmagic.com ([www] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: elynx.net ([ctest] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: elynx.net ([ctest] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: elynx.net ([forms] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: elynx.net ([forms] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: elynx.net ([gmacforms] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: elynx.net ([gmacforms] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: elynx.net ([pro] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: elynx.net ([pro] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: elynx.net ([secure] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: elynx.net ([secure] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: elynx.net ([usign] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: elynx.net ([usign] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: elynx.net ([webpost] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: elynx.net ([webpost] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: gmacmsecuredocs.com ([www] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: gmacmsecuredocs.com ([www] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: gmacmsecuredocs.net ([www] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: gmacmsecuredocs.net ([www] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: gmamcsecuredocs.com ([www] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: gmamcsecuredocs.com ([www] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: rhapsody.com ([rhap-app-4-0] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: rhapsody.com ([rhapreg] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: ss3.swiftsend.com ([loandocs] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: ss3.swiftsend.com ([loandocs] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: swiftsend.com ([docs] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: swiftsend.com ([docs] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: swiftsend.com ([loandocs] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: swiftsend.com ([loandocs] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: swiftsend2.com ([docs] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: swiftsend2.com ([docs] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: swiftsend2.com ([loandocs] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: swiftsend2.com ([loandocs] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: swiftview.com ([www] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: swiftview.com ([www] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: wamuloandocs.com ([www] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: wamuloandocs.com ([www] https in Trusted sites)
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Plugin Control)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} http://panda-plugin.disney.go.com/plugin/win32/p3dactivex.cab (P3DActiveX Control)
    O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx (CRLDownloadWrapper Class)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{57F4C65D-DE84-4C7F-A9A4-EFD6EA28E475}: DhcpNameServer = 192.168.1.1
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\ms-help - No CLSID value found
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2012/11/27 22:28:48 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/12/06 09:08:34 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{4B2CE0AD-ECC4-41D6-8E2A-DE0ED913DCC7}
    [2012/12/05 17:16:51 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{8CB98B19-057D-4B4E-A2B8-78105B9EF410}
    [2012/12/05 05:16:40 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{05E9E7E9-8698-4847-8C3C-A3DEA214F888}
    [2012/12/05 02:32:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
    [2012/12/04 17:16:28 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{F32A04B1-CED7-4C9A-9110-88A299271614}
    [2012/12/03 21:46:06 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{7EDE21F6-4DA8-4439-A5C9-66AA788C005D}
    [2012/12/03 15:10:21 | 000,000,000 | ---D | C] -- C:\Users\Kathi\Desktop\PNA
    [2012/12/03 08:25:51 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{FCD356BC-10A8-4E72-BE15-096DB2D11D19}
    [2012/12/02 12:08:23 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{B681B04F-8F72-4E67-86A2-4F8D97D143EE}
    [2012/12/02 12:07:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trustwave
    [2012/12/02 12:00:28 | 000,000,000 | ---D | C] -- C:\Users\Kathi\Desktop\Contractor Stuff
    [2012/12/02 00:07:56 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{15F4C8B7-047F-4CC7-B9DD-19C43E557320}
    [2012/12/01 14:33:10 | 000,000,000 | ---D | C] -- C:\_OTL
    [2012/12/01 12:07:26 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{61F9D008-5B6C-42B6-91B9-0D910B040E50}
    [2012/11/30 14:32:57 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{4608C5FA-37EF-4EE0-94CE-1F9378567A3D}
    [2012/11/29 15:11:34 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/11/29 15:10:30 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{C9D3E595-166B-4108-8FBB-E38912055C17}
    [2012/11/29 00:39:55 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/11/28 20:13:47 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{E8E58D15-3237-4464-8EF2-372578F51F11}
    [2012/11/28 08:13:34 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{AB4B3DAA-4657-457A-915B-EF2D01D484EF}
    [2012/11/28 00:24:33 | 000,000,000 | ---D | C] -- C:\Users\Kathi\Desktop\Virus removal
    [2012/11/28 00:05:18 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Roaming\Malwarebytes
    [2012/11/28 00:05:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/11/28 00:05:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/11/28 00:05:12 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/11/28 00:05:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2012/11/27 23:19:15 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/11/27 23:19:15 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/11/27 23:19:15 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/11/27 23:18:45 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/11/27 23:18:14 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/11/27 22:28:13 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
    [2012/11/27 18:37:28 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{57E04207-89F6-446D-8DCB-B86398E7A2CA}
    [2012/11/27 03:28:51 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{8293A4E9-4F86-458A-9056-38D94E7A1B2D}
    [2012/11/26 15:28:25 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{F9A09894-87D9-4E4A-8A26-76C7F64C4A0A}
    [2012/11/25 13:11:14 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{FE403889-A439-46EF-8F08-68DF75D25B1D}
    [2012/11/25 01:10:50 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{A8A9512F-FF18-4BBC-A7AA-7B206248EFE4}
    [2012/11/24 13:10:37 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{0EE3B6A2-DA5B-4E17-B2E4-2BD6A8A48774}
    [2012/11/23 11:46:27 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{269F6611-3BD7-4DEB-93EC-AB388F35B96E}
    [2012/11/22 23:46:01 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{CD6029AC-1401-46E8-8619-25569DF6764A}
    [2012/11/20 13:14:29 | 000,000,000 | ---D | C] -- C:\LGMobileUpgrade
    [2012/11/20 13:13:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LG Electronics
    [2012/11/20 11:35:09 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{7FA3AFF0-1ED7-4C62-93F5-35427272AF4C}
    [2012/11/19 23:34:58 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{58BA76CF-231E-4630-8C02-C9B31FF1370C}
    [2012/11/19 17:34:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
    [2012/11/19 17:32:55 | 000,000,000 | ---D | C] -- C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}
    [2012/11/19 11:34:46 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{2E351E04-2111-4EF3-86CD-CBEE0261BAEE}
    [2012/11/18 23:34:34 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{D5AD68FF-7C77-4356-AF80-3F7D56E66B3D}
    [2012/11/18 11:34:21 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{58A551D9-F5D8-4FE3-8261-D691F564D20E}
    [2012/11/17 15:16:26 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{0C525CDA-33F9-42CE-871D-5609DD015E6D}
    [2012/11/16 12:24:56 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{CE75A2E1-E7E8-4ABB-BBFA-A27F2F78E1C6}
    [2012/11/15 22:21:20 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{64AB8BEB-18FE-4617-AF21-FA7101805945}
    [2012/11/15 10:21:07 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{C9846F85-A50F-4983-92B9-702A05BF0BF9}
    [2012/11/14 19:28:41 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{18FD4BD7-2B9F-4398-83E9-31E721170F57}
    [2012/11/14 07:16:34 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{51510BAA-1BE0-4B7C-8886-927FCEC36133}
    [2012/11/13 19:16:08 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{54C4F440-4943-4448-9ACF-5DEFC4092209}
    [2012/11/13 07:15:41 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{20B5B08A-66CD-430E-A6CD-B10DA63C609F}
    [2012/11/12 11:30:06 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{C2C39778-7C87-47F4-9669-4DFF8CA42079}
    [2012/11/11 11:37:20 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{58BCDDDC-A092-45F8-87D3-911B920AE96F}
    [2012/11/10 18:40:23 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{25251B61-D02C-4B18-A26F-8E2B85185C71}
    [2011/02/25 18:07:35 | 021,882,800 | ---- | C] (Trion Worlds, Inc.) -- C:\Users\Kathi\Rift_LIVE_Patcher_setup.exe

    ========== Files - Modified Within 30 Days ==========

    [2012/12/06 09:10:04 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/12/06 09:10:04 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/12/06 09:02:37 | 000,001,916 | ---- | M] () -- C:\Users\Kathi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet 6700.lnk
    [2012/12/06 09:02:28 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/12/06 09:00:44 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForKathi.job
    [2012/12/06 09:00:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/12/06 09:00:18 | 4025,966,592 | -HS- | M] () -- C:\hiberfil.sys
    [2012/12/06 08:40:00 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Communicator.job
    [2012/12/06 08:35:01 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/12/06 08:32:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/12/06 07:58:03 | 000,000,266 | ---- | M] () -- C:\Windows\tasks\RMSchedule.job
    [2012/12/03 15:08:13 | 001,540,212 | ---- | M] () -- C:\Users\Kathi\Documents\Scan0145.pdf
    [2012/12/02 12:07:13 | 000,001,958 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TrustKeeper Agent Status.lnk
    [2012/11/29 22:13:08 | 002,213,678 | ---- | M] () -- C:\Users\Kathi\Documents\Scan0144.pdf
    [2012/11/29 20:59:10 | 003,800,587 | ---- | M] () -- C:\Users\Kathi\Documents\Scan0143.pdf
    [2012/11/29 20:55:38 | 004,816,175 | ---- | M] () -- C:\Users\Kathi\Documents\Scan0142.pdf
    [2012/11/28 00:05:14 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/11/27 23:45:09 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/11/27 22:28:48 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
    [2012/11/27 22:26:13 | 000,000,034 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefoxoverride.ini
    [2012/11/26 17:18:07 | 000,226,083 | ---- | M] () -- C:\Users\Kathi\Desktop\Auto Insurance.pdf
    [2012/11/23 13:16:24 | 000,251,271 | ---- | M] () -- C:\Users\Kathi\Desktop\Matthew Xmas.pdf
    [2012/11/23 13:15:59 | 000,246,731 | ---- | M] () -- C:\Users\Kathi\Documents\Scan0141.pdf
    [2012/11/23 13:14:04 | 000,458,368 | ---- | M] () -- C:\Users\Kathi\Desktop\Alexis Xmas List.pdf
    [2012/11/23 13:12:48 | 000,453,825 | ---- | M] () -- C:\Users\Kathi\Documents\Scan0140.pdf
    [2012/11/23 13:11:07 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/11/23 13:11:07 | 000,624,162 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/11/23 13:11:07 | 000,106,538 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/11/19 17:34:57 | 000,002,147 | ---- | M] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
    [2012/11/16 06:53:47 | 000,382,112 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2012/11/14 17:51:06 | 000,014,472 | ---- | M] () -- C:\Users\Kathi\Desktop\220px-Savanna_towards_the_south-east_from_the_south-west_of_Taita_Hills_Game_Lodge_within_the_Taita_Hills_Wildlife_Sanctuary_in_Kenya.jpg
    [2012/11/08 17:12:51 | 000,254,100 | ---- | M] () -- C:\Users\Kathi\Desktop\alexis 2.pdf
    [2012/11/08 17:12:35 | 000,249,560 | ---- | M] () -- C:\Users\Kathi\Documents\Scan0139.pdf
    [2012/11/08 17:11:42 | 000,335,399 | ---- | M] () -- C:\Users\Kathi\Desktop\alexis 1.pdf
    [2012/11/08 17:11:08 | 000,330,856 | ---- | M] () -- C:\Users\Kathi\Documents\Scan0138.pdf

    ========== Files Created - No Company Name ==========

    [2012/12/03 15:08:12 | 001,540,212 | ---- | C] () -- C:\Users\Kathi\Documents\Scan0145.pdf
    [2012/12/02 12:07:13 | 000,001,958 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TrustKeeper Agent Status.lnk
    [2012/11/29 22:13:01 | 002,213,678 | ---- | C] () -- C:\Users\Kathi\Documents\Scan0144.pdf
    [2012/11/29 20:59:08 | 003,800,587 | ---- | C] () -- C:\Users\Kathi\Documents\Scan0143.pdf
    [2012/11/29 20:55:35 | 004,816,175 | ---- | C] () -- C:\Users\Kathi\Documents\Scan0142.pdf
    [2012/11/28 00:05:14 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/11/27 23:19:15 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/11/27 23:19:15 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/11/27 23:19:15 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/11/27 23:19:15 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/11/27 23:19:15 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/11/27 22:28:48 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
    [2012/11/26 21:01:18 | 000,000,034 | ---- | C] () -- C:\Program Files (x86)\Mozilla Firefoxoverride.ini
    [2012/11/26 17:18:05 | 000,226,083 | ---- | C] () -- C:\Users\Kathi\Desktop\Auto Insurance.pdf
    [2012/11/23 13:16:24 | 000,251,271 | ---- | C] () -- C:\Users\Kathi\Desktop\Matthew Xmas.pdf
    [2012/11/23 13:15:59 | 000,246,731 | ---- | C] () -- C:\Users\Kathi\Documents\Scan0141.pdf
    [2012/11/23 13:14:04 | 000,458,368 | ---- | C] () -- C:\Users\Kathi\Desktop\Alexis Xmas List.pdf
    [2012/11/23 13:12:48 | 000,453,825 | ---- | C] () -- C:\Users\Kathi\Documents\Scan0140.pdf
    [2012/11/19 17:34:57 | 000,002,147 | ---- | C] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
    [2012/11/16 01:55:39 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
    [2012/11/16 01:46:55 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
    [2012/11/14 17:47:29 | 000,014,472 | ---- | C] () -- C:\Users\Kathi\Desktop\220px-Savanna_towards_the_south-east_from_the_south-west_of_Taita_Hills_Game_Lodge_within_the_Taita_Hills_Wildlife_Sanctuary_in_Kenya.jpg
    [2012/11/08 17:12:51 | 000,254,100 | ---- | C] () -- C:\Users\Kathi\Desktop\alexis 2.pdf
    [2012/11/08 17:12:35 | 000,249,560 | ---- | C] () -- C:\Users\Kathi\Documents\Scan0139.pdf
    [2012/11/08 17:11:42 | 000,335,399 | ---- | C] () -- C:\Users\Kathi\Desktop\alexis 1.pdf
    [2012/11/08 17:11:08 | 000,330,856 | ---- | C] () -- C:\Users\Kathi\Documents\Scan0138.pdf
    [2012/08/11 10:15:38 | 006,885,376 | ---- | C] () -- C:\Users\Kathi\s-1-5-21-2635634824-2115636220-2321885851-1000.rrr
    [2012/07/04 21:55:42 | 000,870,128 | ---- | C] () -- C:\Users\Kathi\AppData\Roaming\mcs.rma
    [2012/06/15 21:25:50 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
    [2011/10/05 17:16:07 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
    [2011/05/22 19:27:27 | 000,001,854 | ---- | C] () -- C:\Users\Kathi\AppData\Roaming\GhostObjGAFix.xml
    [2011/03/21 18:56:22 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
    [2011/01/12 19:03:18 | 000,003,155 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
    [2010/12/28 16:35:54 | 000,000,114 | ---- | C] () -- C:\Users\Kathi\AppData\Roaming\sview.ini
    [2010/12/28 16:35:51 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\srfvdo.dat
    [2010/11/24 20:51:43 | 000,009,216 | ---- | C] () -- C:\Users\Kathi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
     
  19. KathiM

    KathiM TS Member Topic Starter Posts: 30

    PART 2 OTL (due to being oversized):

    ========== ZeroAccess Check ==========

    [2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 21:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 20:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 04:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2012/04/18 03:47:18 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\4Sync
    [2011/07/19 16:47:07 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\A Gypsy's Tale - The Tower of Secrets
    [2011/07/31 09:13:06 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\Absolutist
    [2012/08/12 13:09:25 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\AlawarEntertainment
    [2012/10/28 20:33:49 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\Amaranth Games
    [2012/06/06 18:43:55 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\Atari
    [2011/08/10 09:31:47 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\Boomzap
    [2011/06/30 09:02:04 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\Casual Mechanics
    [2011/07/21 17:33:41 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\DarkParablesBriarRoseSE_BFG
    [2010/11/23 18:00:54 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\DocMagic
    [2011/06/04 12:44:43 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\DVDVideoSoftIEHelpers
    [2011/10/24 18:32:26 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\ElementalsTheMagicKey
    [2010/11/20 21:00:29 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\ESET
    [2011/04/03 13:56:33 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\Fannie Mae
    [2010/11/21 14:16:56 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\FOG Downloader
    [2011/08/15 14:43:08 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\FrimaStudio
    [2011/03/29 18:03:05 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\funkitron
    [2012/09/02 16:22:19 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\Funlinker
    [2012/06/25 20:23:18 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\Gamelab
    [2012/05/18 14:27:47 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\GamesFaction
    [2011/03/18 13:12:00 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\GetRightToGo
    [2012/09/19 14:57:05 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\GoforFiles
    [2012/05/10 15:25:55 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\Gogii
    [2011/05/10 15:06:09 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\Happyville__
    [2012/06/06 17:27:38 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\HipSoft
    [2011/07/24 07:58:16 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\Immortal Lovers
    [2010/11/20 21:21:18 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\Individual Software
    [2011/10/30 09:42:46 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\JaiboGames
    [2010/11/30 23:21:35 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\Leadertech
    [2011/02/23 19:13:25 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\Ludia
    [2011/10/26 06:56:50 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\MagicIndie
    [2012/03/23 18:32:23 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\Mean Hamster
    [2010/12/04 10:22:29 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\Nevosoft Games
    [2010/11/21 20:51:43 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\OpenOffice.org
    [2011/03/18 13:25:50 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\PhotoScape
    [2010/11/20 19:42:50 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\PictureMover
    [2012/02/11 10:40:10 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\PlayFirst
    [2012/03/31 09:05:25 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\Playrix Entertainment
    [2010/11/28 16:46:05 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\PoBros
    [2011/07/23 15:35:39 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\Princess Isabella
    [2011/12/06 19:25:58 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\Registry Mechanic
    [2011/07/31 13:31:00 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\Research In Motion
    [2011/10/01 19:05:00 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\RIFT
    [2010/11/23 15:50:36 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\ScanSoft
    [2011/03/27 08:28:26 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\Sky Bros
    [2011/09/07 19:21:00 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\SoftGrid Client
    [2011/09/07 19:11:09 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\TP
    [2011/04/28 16:38:01 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\Turtle Odyssey II
    [2012/03/05 19:01:24 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\Unity
    [2011/05/20 15:11:27 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\UNOUndercover
    [2012/11/27 23:42:34 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\uTorrent
    [2011/05/10 16:04:21 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\Vasilek Games
    [2012/06/23 10:44:44 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\Visan
    [2011/12/17 08:51:08 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\wargaming.net
    [2011/07/27 13:33:38 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\Wild Tangent
    [2012/05/14 19:01:01 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\WildTangent
    [2011/07/19 16:57:15 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\WildTangentv1002
    [2010/11/28 14:16:01 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\WinBatch
    [2010/12/05 11:15:38 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\Windows Live Writer
    [2011/10/21 15:47:59 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\YoudaGames

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:D1B5B4F1

    < End of report >
     
  20. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    OTL Fix

    Please run OTL
    • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

    • Then click the Run Fix button at the top.
    • Note: The fix for OTL automatically hides your Desktop and Start menu so the fix can be completed. Do not be alerted, as this is normal.
    • Please do not exit the program. It might take a while to fix, but allow it to run. If it asks to reboot the computer, allow it to reboot. If the program freezes, and the computer fails to reboot - let me know.
      Lastly, post the contents of the log. (Located at C:\_OTL\Moved Files)


    SystemLook x64 scan

    Please download SystemLook from one of the links below and save it to your Desktop.
    Download Mirror #1
    Download Mirror #2
    • Double-click SystemLook.exe to run it.
    • Copy the content of the following codebox into the main textfield:
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found on your Desktop entitled SystemLook.txt
     
  21. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    How did these scans go?
     
  22. KathiM

    KathiM TS Member Topic Starter Posts: 30

    OTL:
    All processes killed
    ========== OTL ==========
    HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
    Prefs.js: "Custom search" removed from browser.search.defaultenginename
    Prefs.js: "Search the Web" removed from browser.search.selectedEngine
    Prefs.js: true removed from browser.search.useDBForOrder
    Prefs.js: "http://apype.com" removed from browser.startup.homepage
    Prefs.js: %7Bafe43e80-0abc-4df2-81a0-3fe44b74abe8%7D:1.300.433 removed from extensions.enabledAddons
    ADS C:\ProgramData\Temp:D1B5B4F1 deleted successfully.
    ========== FILES ==========
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\Users\Kathi\Downloads\cmd.bat deleted successfully.
    C:\Users\Kathi\Downloads\cmd.txt deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Kathi
    ->Temp folder emptied: 29371756 bytes
    ->Temporary Internet Files folder emptied: 46928982 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 194184966 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 616 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 5557158 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 4970270 bytes

    Total Files Cleaned = 268.00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 12102012_205502

    Files\Folders moved on Reboot...
    C:\Users\Kathi\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...
     
  23. KathiM

    KathiM TS Member Topic Starter Posts: 30

    SystemLook 30.07.11 by jpshortstuff
    Log created at 21:04 on 10/12/2012 by Kathi
    Administrator - Elevation successful

    ========== filefind ==========

    Searching for "*apype*"
    No files found.

    Searching for "*youtube*"
    C:\Data Backup\Documents and Settings\All Users\Application Data\RapidSolution\Tunebite_2009\RadioRip\PlgYoutube.dll --a---- 143712 bytes [03:49 16/06/2010] [03:49 16/06/2010] D5152D7B7641F205CDDCCC8AA7FE4090
    C:\Data Backup\Documents and Settings\HP_Administrator\Cookies\hp_administrator@s2.youtube[1].txt --a---- 135 bytes [22:07 27/10/2010] [22:07 27/10/2010] CEC01CF7C78727DE192A011FF1E59340
    C:\Data Backup\Documents and Settings\HP_Administrator\Cookies\hp_administrator@youtube[2].txt --a---- 292 bytes [22:18 27/10/2010] [22:18 27/10/2010] FE05CA3A1ABC4F50AFBB0E801FDF651E
    C:\Data Backup\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\OJQX8NS2\youtube_preview[1].kml --a---- 29812 bytes [19:26 10/04/2008] [19:26 10/04/2008] CA503DF664E88729444820F1553F7841
    C:\Data Backup\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\OMJFHB1D\a-youtube-12x12[1].gif --a---- 567 bytes [17:57 15/11/2010] [17:57 15/11/2010] C0255D410CE8CC74758C76FE0292BB44
    C:\Data Backup\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\US6HUO9H\youtube[1].kml --a---- 605 bytes [18:09 09/02/2008] [18:09 09/02/2008] F0C30039796CC015E8434B4AB52CAC5C
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Ara\YouTube.xml --a---- 952 bytes [22:21 07/01/2010] [22:21 07/01/2010] 559388D39DF28273BB74C1BEB0EF1A7D
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Ara\Profiles\YouTube_16_9 HD Quality.prx --a---- 6500 bytes [04:21 30/12/2009] [04:21 30/12/2009] CC0CA114CA2676C2048DA0B9E84BD25A
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Ara\Profiles\YouTube_16_9 High Quality.prx --a---- 6496 bytes [04:20 30/12/2009] [04:20 30/12/2009] 243658AAEA91E5D71A881CF25478650C
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Ara\Profiles\YouTube_16_9 Standard Quality.prx --a---- 5828 bytes [04:20 30/12/2009] [04:20 30/12/2009] 6E5C3B0704FC983072AE447C1D7B13B7
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Ara\Profiles\YouTube_4_3 HD Quality.prx --a---- 6492 bytes [04:21 30/12/2009] [04:21 30/12/2009] 550CBE44ACD7184427493337C936454D
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Ara\Profiles\YouTube_4_3 High Quality.prx --a---- 6496 bytes [04:21 30/12/2009] [04:21 30/12/2009] 1AB35EA3C60CA1129D6C0FFD6ED75EE8
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Ara\Profiles\YouTube_4_3 Standard Quality.prx --a---- 5828 bytes [04:20 30/12/2009] [04:20 30/12/2009] 03076C257158C3323AF6AEC8652EAE4B
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Chs\YouTube.xml --a---- 767 bytes [00:50 06/06/2009] [00:50 06/06/2009] F892D633A98299385D1A5B048D8DE5FC
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Chs\Profiles\YouTube_16_9 HD Quality.prx --a---- 6466 bytes [01:55 06/06/2009] [01:55 06/06/2009] 1138D87FF34A7BD9BA032CB5F40D9A7E
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Chs\Profiles\YouTube_16_9 High Quality.prx --a---- 6464 bytes [01:55 06/06/2009] [01:55 06/06/2009] 7081042E1096DD8806FCD80F16B672D5
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Chs\Profiles\YouTube_16_9 Standard Quality.prx --a---- 5812 bytes [01:56 06/06/2009] [01:56 06/06/2009] 2F776A20AEB4F9F711F9C9459E967F9E
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Chs\Profiles\YouTube_4_3 HD Quality.prx --a---- 6458 bytes [01:56 06/06/2009] [01:56 06/06/2009] 8C936826667FCFF033E4B69AE3437C04
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Chs\Profiles\YouTube_4_3 High Quality.prx --a---- 6464 bytes [01:56 06/06/2009] [01:56 06/06/2009] E045D155B9E1758BB3A54B970F567BDB
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Chs\Profiles\YouTube_4_3 Standard Quality.prx --a---- 5812 bytes [01:56 06/06/2009] [01:56 06/06/2009] 967ACA4F3630A365818F90533946945E
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Cht\YouTube.xml --a---- 764 bytes [00:50 06/06/2009] [00:50 06/06/2009] CE1CA6CB4D35D69619E823FFF2DCCA4C
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Cht\Profiles\YouTube_16_9 HD Quality.prx --a---- 6468 bytes [02:11 06/06/2009] [02:11 06/06/2009] A778B6D583641F7611BD1A5C5B95F7A3
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Cht\Profiles\YouTube_16_9 High Quality.prx --a---- 6464 bytes [01:58 06/06/2009] [01:58 06/06/2009] 1AF3F716F4D8E73D5E907821570E2239
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Cht\Profiles\YouTube_16_9 Standard Quality.prx --a---- 5812 bytes [01:58 06/06/2009] [01:58 06/06/2009] 326AD205648579E2F78525D00C0C6086
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Cht\Profiles\YouTube_4_3 HD Quality.prx --a---- 6460 bytes [02:10 06/06/2009] [02:10 06/06/2009] 91B9A82B01008C1E4D3E88B0F471D60C
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Cht\Profiles\YouTube_4_3 High Quality.prx --a---- 6464 bytes [01:58 06/06/2009] [01:58 06/06/2009] AB55355DF9E1337467A70BDB7359D0D1
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Cht\Profiles\YouTube_4_3 Standard Quality.prx --a---- 5812 bytes [01:58 06/06/2009] [01:58 06/06/2009] 11783981AFA72903428842E07386B41B
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Csy\YouTube.xml --a---- 846 bytes [22:24 07/01/2010] [22:24 07/01/2010] 1ABB2A685617DA4C648EA6EA30A6FE56
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Csy\Profiles\YouTube_16_9 HD Quality.prx --a---- 6482 bytes [04:25 30/12/2009] [04:25 30/12/2009] 18220CB5D4CE6885B0AFD4C46D21A163
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Csy\Profiles\YouTube_16_9 High Quality.prx --a---- 6490 bytes [04:24 30/12/2009] [04:24 30/12/2009] 1E67468171747ADAD6D82DE613B46E75
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Csy\Profiles\YouTube_16_9 Standard Quality.prx --a---- 5844 bytes [04:24 30/12/2009] [04:24 30/12/2009] 9AB2CCE8AF5415D4A0A7714FE57E07E9
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Csy\Profiles\YouTube_4_3 HD Quality.prx --a---- 6474 bytes [04:25 30/12/2009] [04:25 30/12/2009] 9CB9432B75466C3DB67AD9DADB542EBF
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Csy\Profiles\YouTube_4_3 High Quality.prx --a---- 6490 bytes [04:25 30/12/2009] [04:25 30/12/2009] BD974E3C2E8B812DF014632E03E6FCF5
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Csy\Profiles\YouTube_4_3 Standard Quality.prx --a---- 5844 bytes [04:24 30/12/2009] [04:24 30/12/2009] 7817E2F2A8E817899936B7E915AB192A
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Dan\YouTube.xml --a---- 815 bytes [22:38 07/01/2010] [22:38 07/01/2010] 81DB57DA25B5BB1730896E672C62C3E7
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Dan\Profiles\YouTube_16_9 HD Quality.prx --a---- 6484 bytes [04:27 30/12/2009] [04:27 30/12/2009] 70EB59E35B49E7CDEA893B049ABDA21A
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Dan\Profiles\YouTube_16_9 High Quality.prx --a---- 6486 bytes [04:26 30/12/2009] [04:26 30/12/2009] 53BB73D3FFA87BB1C5767A48B9EC657C
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Dan\Profiles\YouTube_16_9 Standard Quality.prx --a---- 5840 bytes [04:26 30/12/2009] [04:26 30/12/2009] 2A524D9A48DBD362003FA163DCA57D8F
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Dan\Profiles\YouTube_4_3 HD Quality.prx --a---- 6476 bytes [04:27 30/12/2009] [04:27 30/12/2009] AE4FD679872EF9316E8CBF37F3F8209C
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Dan\Profiles\YouTube_4_3 High Quality.prx --a---- 6486 bytes [04:26 30/12/2009] [04:26 30/12/2009] 4071A23E0CB9A556BA3691E8C058C70A
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Dan\Profiles\YouTube_4_3 Standard Quality.prx --a---- 5840 bytes [04:26 30/12/2009] [04:26 30/12/2009] A1234143E0B43E1319107B9BD04A01C4
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Deu\YouTube.xml --a---- 810 bytes [00:51 06/06/2009] [00:51 06/06/2009] 35FA1044A26F5F740551E1BB0F660382
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Deu\Profiles\YouTube_16_9 HD Quality.prx --a---- 6480 bytes [02:00 06/06/2009] [02:00 06/06/2009] 6681E626814EC454BD5110C6D13F3A1E
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Deu\Profiles\YouTube_16_9 High Quality.prx --a---- 6484 bytes [02:01 06/06/2009] [02:01 06/06/2009] D349343CFD7929F10B9B14859E960FF8
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Deu\Profiles\YouTube_16_9 Standard Quality.prx --a---- 5838 bytes [02:01 06/06/2009] [02:01 06/06/2009] D24E452CFA7B1C1BED11E339C3482A49
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Deu\Profiles\YouTube_4_3 HD Quality.prx --a---- 6472 bytes [02:00 06/06/2009] [02:00 06/06/2009] 8649749235494DB7860B05CC373E46BC
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Deu\Profiles\YouTube_4_3 High Quality.prx --a---- 6484 bytes [02:01 06/06/2009] [02:01 06/06/2009] 463B2AAA2D30ABD3F21A69E472A0DDB0
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Deu\Profiles\YouTube_4_3 Standard Quality.prx --a---- 5838 bytes [02:01 06/06/2009] [02:01 06/06/2009] AFF0494F6DAA899723A5C7A787FDF1D6
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Ell\YouTube.xml --a---- 1074 bytes [22:40 07/01/2010] [22:40 07/01/2010] 05414273600846294AFD66A42E3FF513
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Ell\Profiles\YouTube_16_9 HD Quality.prx --a---- 6484 bytes [04:30 30/12/2009] [04:30 30/12/2009] 4E7B4D22108C7D3F49FEA29134828D36
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Ell\Profiles\YouTube_16_9 High Quality.prx --a---- 6490 bytes [04:29 30/12/2009] [04:29 30/12/2009] 2B17D88854018FF3A87F7DA18F89F892
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Ell\Profiles\YouTube_16_9 Standard Quality.prx --a---- 5838 bytes [04:29 30/12/2009] [04:29 30/12/2009] 9377D7445D51A03BC3B5E10A08B79165
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Ell\Profiles\YouTube_4_3 HD Quality.prx --a---- 6476 bytes [04:30 30/12/2009] [04:30 30/12/2009] B52F2B1E0A56A200C6AA111FBBF155A7
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Ell\Profiles\YouTube_4_3 High Quality.prx --a---- 6490 bytes [04:29 30/12/2009] [04:29 30/12/2009] 9E711B89ECEA3F8ACACCF467EED97430
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Ell\Profiles\YouTube_4_3 Standard Quality.prx --a---- 5838 bytes [04:29 30/12/2009] [04:29 30/12/2009] 04BE76B05448B760FB74401E36D0AF43
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Eng\YouTube.xml --a---- 834 bytes [21:24 07/01/2010] [21:24 07/01/2010] 08B848EC19625E442DA75E7503509EA5
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Eng\Profiles\YouTube_16_9 HD Quality.prx --a---- 6480 bytes [02:11 21/02/2009] [02:11 21/02/2009] 7BBE66B1FA3D18CF66F9F06E12CEF08E
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Eng\Profiles\YouTube_16_9 High Quality.prx --a---- 6484 bytes [02:11 21/02/2009] [02:11 21/02/2009] 7B320934978451106923CB9FD9DE23DA
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Eng\Profiles\YouTube_16_9 Standard Quality.prx --a---- 5838 bytes [02:11 21/02/2009] [02:11 21/02/2009] 78E4DCCDC347EC05E1D771D7894F75A7
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Eng\Profiles\YouTube_4_3 HD Quality.prx --a---- 6472 bytes [02:11 21/02/2009] [02:11 21/02/2009] A06A7DD8E45869BC3BF594BA83B9B0A7
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Eng\Profiles\YouTube_4_3 High Quality.prx --a---- 6484 bytes [02:11 21/02/2009] [02:11 21/02/2009] 0C9F2E5079F7759FCC4D32F6821D3875
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Eng\Profiles\YouTube_4_3 Standard Quality.prx --a---- 5838 bytes [02:11 21/02/2009] [02:11 21/02/2009] 45FFC003345C9E2CE5B461E2CFBA1FDC
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Enu\YouTube.xml --a---- 804 bytes [20:34 12/02/2009] [20:34 12/02/2009] B735F22478509FBAE8692F71F0CC3C5A
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Enu\Profiles\YouTube_16_9 HD Quality.prx --a---- 6480 bytes [02:11 21/02/2009] [02:11 21/02/2009] 7BBE66B1FA3D18CF66F9F06E12CEF08E
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Enu\Profiles\YouTube_16_9 High Quality.prx --a---- 6484 bytes [02:11 21/02/2009] [02:11 21/02/2009] 7B320934978451106923CB9FD9DE23DA
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Enu\Profiles\YouTube_16_9 Standard Quality.prx --a---- 5838 bytes [02:11 21/02/2009] [02:11 21/02/2009] 78E4DCCDC347EC05E1D771D7894F75A7
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Enu\Profiles\YouTube_4_3 HD Quality.prx --a---- 6472 bytes [02:11 21/02/2009] [02:11 21/02/2009] A06A7DD8E45869BC3BF594BA83B9B0A7
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Enu\Profiles\YouTube_4_3 High Quality.prx --a---- 6484 bytes [02:11 21/02/2009] [02:11 21/02/2009] 0C9F2E5079F7759FCC4D32F6821D3875
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Enu\Profiles\YouTube_4_3 Standard Quality.prx --a---- 5838 bytes [02:11 21/02/2009] [02:11 21/02/2009] 45FFC003345C9E2CE5B461E2CFBA1FDC
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Esp\YouTube.xml --a---- 797 bytes [00:51 06/06/2009] [00:51 06/06/2009] 6B345D9005D17121334A3C3026F5C4C2
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Esp\Profiles\YouTube_16_9 HD Quality.prx --a---- 6478 bytes [02:03 06/06/2009] [02:03 06/06/2009] 6F20B223901C7CF2E976E6E9D10FB30C
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Esp\Profiles\YouTube_16_9 High Quality.prx --a---- 6482 bytes [02:03 06/06/2009] [02:03 06/06/2009] B7E07876841D579D194EC03B9C760E0C
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Esp\Profiles\YouTube_16_9 Standard Quality.prx --a---- 5836 bytes [02:04 06/06/2009] [02:04 06/06/2009] 5C5A19BF3C5EEC526E17E6648F8B7F9F
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Esp\Profiles\YouTube_4_3 HD Quality.prx --a---- 6470 bytes [02:03 06/06/2009] [02:03 06/06/2009] 04EE8F1CAE11A76AB1708088899547AF
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Esp\Profiles\YouTube_4_3 High Quality.prx --a---- 6482 bytes [02:03 06/06/2009] [02:03 06/06/2009] 4D2BD21E31F3F7243C240B001A343C3F
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Esp\Profiles\YouTube_4_3 Standard Quality.prx --a---- 5836 bytes [02:04 06/06/2009] [02:04 06/06/2009] 1461E74EBD8BBEF7AB844D335778F4B7
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Fin\YouTube.xml --a---- 836 bytes [01:15 15/01/2010] [01:15 15/01/2010] 40C676D07B98E52B8330B46AE0ED0377
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Fin\Profiles\YouTube_16_9 HD Quality.prx --a---- 6478 bytes [04:33 30/12/2009] [04:33 30/12/2009] C010B2CE3C109875653A7A4F9057DD5A
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Fin\Profiles\YouTube_16_9 High Quality.prx --a---- 6486 bytes [04:32 30/12/2009] [04:32 30/12/2009] D66F295D0C0F118886A2CB49F471523F
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Fin\Profiles\YouTube_16_9 Standard Quality.prx --a---- 5828 bytes [04:32 30/12/2009] [04:32 30/12/2009] F86C533781FF4A85A411A4D9B01BB58A
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Fin\Profiles\YouTube_4_3 HD Quality.prx --a---- 6470 bytes [04:33 30/12/2009] [04:33 30/12/2009] FD786535BB11622F91618D7EB0002D60
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Fin\Profiles\YouTube_4_3 High Quality.prx --a---- 6486 bytes [04:32 30/12/2009] [04:32 30/12/2009] 1B91E779F3B53A51C1A267592A793290
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Fin\Profiles\YouTube_4_3 Standard Quality.prx --a---- 5828 bytes [04:32 30/12/2009] [04:32 30/12/2009] F903C5970D1E7367052E00DFE950D513
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Fra\YouTube.xml --a---- 781 bytes [00:52 06/06/2009] [00:52 06/06/2009] 620A17EE5F7A27A674CECD7EEDBE7377
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Fra\Profiles\YouTube_16_9 HD Quality.prx --a---- 6478 bytes [02:05 06/06/2009] [02:05 06/06/2009] E909FEF5072E69DBDF66587EB4E59107
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Fra\Profiles\YouTube_16_9 High Quality.prx --a---- 6484 bytes [02:05 06/06/2009] [02:05 06/06/2009] C053093C5EA5D40BECF0275437D5BCCE
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Fra\Profiles\YouTube_16_9 Standard Quality.prx --a---- 5836 bytes [02:05 06/06/2009] [02:05 06/06/2009] 9383A57DA804E107FBBAEC1568575266
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Fra\Profiles\YouTube_4_3 HD Quality.prx --a---- 6470 bytes [02:05 06/06/2009] [02:05 06/06/2009] AB5171B50ABDFAB61FF32023AE2E2529
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Fra\Profiles\YouTube_4_3 High Quality.prx --a---- 6484 bytes [02:05 06/06/2009] [02:05 06/06/2009] 28A23CA06E5CC902A79AF8D04A6C7B93
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Fra\Profiles\YouTube_4_3 Standard Quality.prx --a---- 5836 bytes [02:05 06/06/2009] [02:05 06/06/2009] 7B9B8AFE2853D3739B90184A18DAD060
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Frc\YouTube.xml --a---- 813 bytes [01:51 08/01/2010] [01:51 08/01/2010] 0562A80A97F68EBA1DA3273DA9DDB2BB
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Frc\Profiles\YouTube_16_9 HD Quality.prx --a---- 6482 bytes [04:42 30/12/2009] [04:42 30/12/2009] 4CD0209606A8012910A2292C24057DDC
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Frc\Profiles\YouTube_16_9 High Quality.prx --a---- 6488 bytes [04:41 30/12/2009] [04:41 30/12/2009] 42677BEC289130B0857E05B795F98655
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Frc\Profiles\YouTube_16_9 Standard Quality.prx --a---- 5840 bytes [04:41 30/12/2009] [04:41 30/12/2009] 2815029B9EB25C48E962CDCA3DEA158A
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Frc\Profiles\YouTube_4_3 HD Quality.prx --a---- 6474 bytes [04:42 30/12/2009] [04:42 30/12/2009] 6FAB47390C36A1F8C3529C0F05E120C6
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Frc\Profiles\YouTube_4_3 High Quality.prx --a---- 6488 bytes [04:41 30/12/2009] [04:41 30/12/2009] 90D66489B61AF0E97289870A64B82681
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Frc\Profiles\YouTube_4_3 Standard Quality.prx --a---- 5840 bytes [04:41 30/12/2009] [04:41 30/12/2009] AD5CC3FA6BAB1AD18586B8625D6C962B
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Heb\YouTube.xml --a---- 912 bytes [01:11 15/01/2010] [01:11 15/01/2010] 2C5A48B5CF673E320739B3B89C67A99E
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Heb\Profiles\YouTube_16_9 HD Quality.prx --a---- 6476 bytes [04:46 30/12/2009] [04:46 30/12/2009] CD535C35F707D9227A928120303E67B5
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Heb\Profiles\YouTube_16_9 High Quality.prx --a---- 6482 bytes [04:45 30/12/2009] [04:45 30/12/2009] 722E07B4E6F3FF17A206E261974B26D3
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Heb\Profiles\YouTube_16_9 Standard Quality.prx --a---- 5828 bytes [04:45 30/12/2009] [04:45 30/12/2009] CC057E413F474B6DEEFD4D121C3DFDCF
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Heb\Profiles\YouTube_4_3 HD Quality.prx --a---- 6468 bytes [04:46 30/12/2009] [04:46 30/12/2009] 8D220C84EEF79C0771FAF667F5FD5FD7
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Heb\Profiles\YouTube_4_3 High Quality.prx --a---- 6482 bytes [04:45 30/12/2009] [04:45 30/12/2009] 7DEFEE272263ECF56A74E0AD102ED114
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Heb\Profiles\YouTube_4_3 Standard Quality.prx --a---- 5828 bytes [04:45 30/12/2009] [04:45 30/12/2009] 0004DC09B63E54B6A115E31F72654128
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Hun\YouTube.xml --a---- 855 bytes [22:47 07/01/2010] [22:47 07/01/2010] 0BBD37F859CEB210A98341EFCA13B51D
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Hun\Profiles\YouTube_16_9 HD Quality.prx --a---- 6482 bytes [04:57 30/12/2009] [04:57 30/12/2009] 304ACC8FB85945F589775A5C3AE56EA2
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Hun\Profiles\YouTube_16_9 High Quality.prx --a---- 6490 bytes [04:56 30/12/2009] [04:56 30/12/2009] 495643BA0B31907757D7B57CFA0D1888
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Hun\Profiles\YouTube_16_9 Standard Quality.prx --a---- 5836 bytes [04:56 30/12/2009] [04:56 30/12/2009] ED7003AC2A8E3DED2E5F2B4C34A66577
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Hun\Profiles\YouTube_4_3 HD Quality.prx --a---- 6474 bytes [04:57 30/12/2009] [04:57 30/12/2009] E67B0F9C00605133C0048E99096D78BA
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Hun\Profiles\YouTube_4_3 High Quality.prx --a---- 6490 bytes [04:56 30/12/2009] [04:56 30/12/2009] 25D8855F6963911E3E54F537D463A5DC
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Hun\Profiles\YouTube_4_3 Standard Quality.prx --a---- 5836 bytes [04:56 30/12/2009] [04:56 30/12/2009] 767F843995D020AE54512B0438236674
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Ita\YouTube.xml --a---- 781 bytes [00:52 06/06/2009] [00:52 06/06/2009] 298409224AD1473A003397B2202AA6B4
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Ita\Profiles\YouTube_16_9 HD Quality.prx --a---- 6478 bytes [02:06 06/06/2009] [02:06 06/06/2009] 14C17962AF641467DFB8F03AA55A6644
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Ita\Profiles\YouTube_16_9 High Quality.prx --a---- 6488 bytes [02:07 06/06/2009] [02:07 06/06/2009] CEEC7331D6E08A1A6388DAAFDEA1EA78
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Ita\Profiles\YouTube_16_9 Standard Quality.prx --a---- 5836 bytes [02:07 06/06/2009] [02:07 06/06/2009] 54DA136796EF0CA5137ADA17FA31E3DE
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Ita\Profiles\YouTube_4_3 HD Quality.prx --a---- 6470 bytes [02:06 06/06/2009] [02:06 06/06/2009] EBE8D5AD732D9374174909C158F3BE02
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Ita\Profiles\YouTube_4_3 High Quality.prx --a---- 6488 bytes [02:07 06/06/2009] [02:07 06/06/2009] DD926D6C4931EC389023B6F9A78AB9DD
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Ita\Profiles\YouTube_4_3 Standard Quality.prx --a---- 5836 bytes [02:07 06/06/2009] [02:07 06/06/2009] 845E6D000862CB7ED74480165CCE0825
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Jpn\YouTube.xml --a---- 838 bytes [03:03 09/05/2009] [03:03 09/05/2009] 2AE1C5CC9532C1C7B41D51A09D8E9A36
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Jpn\Profiles\YouTube_16_9 HD Quality.prx --a---- 6468 bytes [02:08 06/06/2009] [02:08 06/06/2009] 2627C08E7697298338BACF2DB4D800DE
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Jpn\Profiles\YouTube_16_9 High Quality.prx --a---- 6464 bytes [02:08 06/06/2009] [02:08 06/06/2009] E9D82EBB0749619B4FB1110B156DD2ED
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Jpn\Profiles\YouTube_16_9 Standard Quality.prx --a---- 5812 bytes [02:08 06/06/2009] [02:08 06/06/2009] 0E9A9175323D08D75024C0340F15A5AD
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Jpn\Profiles\YouTube_4_3 HD Quality.prx --a---- 6460 bytes [02:08 06/06/2009] [02:08 06/06/2009] DFF1B4D9EACCAD134F795DAEAB8C6F25
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Jpn\Profiles\YouTube_4_3 High Quality.prx --a---- 6464 bytes [02:08 06/06/2009] [02:08 06/06/2009] 8BFD15B21EEC7E00487658AB4A2F7E65
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Jpn\Profiles\YouTube_4_3 Standard Quality.prx --a---- 5812 bytes [02:08 06/06/2009] [02:08 06/06/2009] 9BA4A761F81C42952B6D96B2B552D8A9
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Kor\YouTube.xml --a---- 838 bytes [00:54 06/06/2009] [00:54 06/06/2009] C6C71BDE1A7C0CE7B872710C51BAFA4D
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Kor\Profiles\YouTube_16_9 HD Quality.prx --a---- 6468 bytes [02:09 06/06/2009] [02:09 06/06/2009] 0893399E9D8B9A420E370790D5368FE8
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Kor\Profiles\YouTube_16_9 High Quality.prx --a---- 6464 bytes [02:10 06/06/2009] [02:10 06/06/2009] F9DA073F736458B4CB6DC4DDAFDDDF1A
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Kor\Profiles\YouTube_16_9 Standard Quality.prx --a---- 5814 bytes [02:10 06/06/2009] [02:10 06/06/2009] E3C3A23709F02F032B99FD75D7905F4D
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Kor\Profiles\YouTube_4_3 HD Quality.prx --a---- 6460 bytes [02:10 06/06/2009] [02:10 06/06/2009] 76C850B4B0A5E49F641B82AFA0C33AF2
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Kor\Profiles\YouTube_4_3 High Quality.prx --a---- 6464 bytes [02:10 06/06/2009] [02:10 06/06/2009] 214E44B538379F566CF2B01BCF1F53FF
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Kor\Profiles\YouTube_4_3 Standard Quality.prx --a---- 5814 bytes [02:10 06/06/2009] [02:10 06/06/2009] A9673CBE7ADCA8228BC5CD72B4A19035
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Nld\YouTube.xml --a---- 847 bytes [23:24 12/01/2010] [23:24 12/01/2010] 81C587DCF1F3CAB9C8B3C4A1D774B0B9
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Nld\Profiles\YouTube_16_9 HD Quality.prx --a---- 6486 bytes [05:02 30/12/2009] [05:02 30/12/2009] 950B43B8C73CA92EE23DB2B80D8BA39D
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Nld\Profiles\YouTube_16_9 High Quality.prx --a---- 6490 bytes [05:01 30/12/2009] [05:01 30/12/2009] 0014EA35D0F09DE3D4C0833F5CED9A6D
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Nld\Profiles\YouTube_16_9 Standard Quality.prx --a---- 5846 bytes [05:03 30/12/2009] [05:03 30/12/2009] 5946D392227EEB4AE6C56CCF679FC68D
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Nld\Profiles\YouTube_4_3 HD Quality.prx --a---- 6478 bytes [05:02 30/12/2009] [05:02 30/12/2009] AFC8C87B96FC29522DBAC297C477C760
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Nld\Profiles\YouTube_4_3 High Quality.prx --a---- 6490 bytes [05:01 30/12/2009] [05:01 30/12/2009] 083D35B644F8FB96BE06EDEDB99DFF9F
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Nld\Profiles\YouTube_4_3 Standard Quality.prx --a---- 5846 bytes [05:03 30/12/2009] [05:03 30/12/2009] 0D12BF1F204AE19D64BA456495A5FE1E
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Nor\YouTube.xml --a---- 853 bytes [01:12 15/01/2010] [01:12 15/01/2010] F35D3528629EAD4947E2F8F452DD0EE0
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Nor\Profiles\YouTube_16_9 HD Quality.prx --a---- 6484 bytes [05:04 30/12/2009] [05:04 30/12/2009] 70EB59E35B49E7CDEA893B049ABDA21A
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Nor\Profiles\YouTube_16_9 High Quality.prx --a---- 6486 bytes [05:04 30/12/2009] [05:04 30/12/2009] E147A60AF8CF09A0BE317DDC7EC39F04
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Nor\Profiles\YouTube_16_9 Standard Quality.prx --a---- 5842 bytes [05:04 30/12/2009] [05:04 30/12/2009] 95CBA73BA50D15FD579704E3B4F35327
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Nor\Profiles\YouTube_4_3 HD Quality.prx --a---- 6476 bytes [05:05 30/12/2009] [05:05 30/12/2009] AE4FD679872EF9316E8CBF37F3F8209C
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Nor\Profiles\YouTube_4_3 High Quality.prx --a---- 6486 bytes [05:04 30/12/2009] [05:04 30/12/2009] 4817B2EAF625B62322C18E296C490951
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Nor\Profiles\YouTube_4_3 Standard Quality.prx --a---- 5842 bytes [05:04 30/12/2009] [05:04 30/12/2009] 2AA83717375EB8CA71DC687BE522E6D2
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Plk\YouTube.xml --a---- 820 bytes [22:07 07/01/2010] [22:07 07/01/2010] 1B50399A2E975D424130EA7EAF069187
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Plk\Profiles\YouTube_16_9 HD Quality.prx --a---- 6480 bytes [05:06 30/12/2009] [05:06 30/12/2009] 414BC8FF30D76B88622B88E167D76011
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Plk\Profiles\YouTube_16_9 High Quality.prx --a---- 6488 bytes [05:05 30/12/2009] [05:05 30/12/2009] CC6CF37841182D21DD8D01311007A390
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Plk\Profiles\YouTube_16_9 Standard Quality.prx --a---- 5844 bytes [05:05 30/12/2009] [05:05 30/12/2009] D70071E08991681AB41947BFCD18507B
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Plk\Profiles\YouTube_4_3 HD Quality.prx --a---- 6472 bytes [05:06 30/12/2009] [05:06 30/12/2009] 1E3646836A012AB31DC7DA1812D82EFD
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Plk\Profiles\YouTube_4_3 High Quality.prx --a---- 6488 bytes [05:05 30/12/2009] [05:05 30/12/2009] 76A9E59777B8FA5C5C95B38192888409
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Plk\Profiles\YouTube_4_3 Standard Quality.prx --a---- 5844 bytes [05:05 30/12/2009] [05:05 30/12/2009] 927D1BAA2E4D123BC7A9D05328274215
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Ptb\YouTube.xml --a---- 816 bytes [22:15 07/01/2010] [22:15 07/01/2010] D05CA10392C13C15DA864B67F7AA00E8
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Ptb\Profiles\YouTube_16_9 HD Quality.prx --a---- 6486 bytes [05:07 30/12/2009] [05:07 30/12/2009] 4AFBEEF4239879FF28A40C8FA2E65078
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Ptb\Profiles\YouTube_16_9 High Quality.prx --a---- 6490 bytes [05:07 30/12/2009] [05:07 30/12/2009] 2AF5DB7C0C0A0D7971A5CA0A1D88469A
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Ptb\Profiles\YouTube_16_9 Standard Quality.prx --a---- 5840 bytes [05:06 30/12/2009] [05:06 30/12/2009] BB935D6C82987F89F7A3AD4FCD6DF4F0
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Ptb\Profiles\YouTube_4_3 HD Quality.prx --a---- 6478 bytes [05:07 30/12/2009] [05:07 30/12/2009] 87B3E7DBB2333255010346DF18129646
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Ptb\Profiles\YouTube_4_3 High Quality.prx --a---- 6490 bytes [05:06 30/12/2009] [05:06 30/12/2009] 4C194CE6925095B99EFF837D10F0DCA4
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Ptb\Profiles\YouTube_4_3 Standard Quality.prx --a---- 5840 bytes [05:06 30/12/2009] [05:06 30/12/2009] F2C9B53325B3E4F9F7043FCEAF7A67D4
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Ptg\YouTube.xml --a---- 853 bytes [22:01 07/01/2010] [22:01 07/01/2010] C8DB6C2E41292DF56AC051D68213AE08
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Ptg\Profiles\YouTube_16_9 HD Quality.prx --a---- 6486 bytes [05:08 30/12/2009] [05:08 30/12/2009] 4AFBEEF4239879FF28A40C8FA2E65078
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Ptg\Profiles\YouTube_16_9 High Quality.prx --a---- 6490 bytes [05:08 30/12/2009] [05:08 30/12/2009] 2AF5DB7C0C0A0D7971A5CA0A1D88469A
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Ptg\Profiles\YouTube_16_9 Standard Quality.prx --a---- 5840 bytes [05:07 30/12/2009] [05:07 30/12/2009] 6FA161605E7CC10BC206A59A0FFB5082
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Ptg\Profiles\YouTube_4_3 HD Quality.prx --a---- 6478 bytes [05:08 30/12/2009] [05:08 30/12/2009] 87B3E7DBB2333255010346DF18129646
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Ptg\Profiles\YouTube_4_3 High Quality.prx --a---- 6490 bytes [05:08 30/12/2009] [05:08 30/12/2009] 4C194CE6925095B99EFF837D10F0DCA4
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Ptg\Profiles\YouTube_4_3 Standard Quality.prx --a---- 5840 bytes [05:07 30/12/2009] [05:07 30/12/2009] 3F72BC47E2EE67552CAB99211353841E
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Rus\YouTube.xml --a---- 964 bytes [22:11 07/01/2010] [22:11 07/01/2010] D90CCA8D305B1D90E4F618D3444436D8
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Rus\Profiles\YouTube_16_9 HD Quality.prx --a---- 6484 bytes [05:10 30/12/2009] [05:10 30/12/2009] 0DA5F5C00BB2E307326FEFBEB20BA94F
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Rus\Profiles\YouTube_16_9 High Quality.prx --a---- 6494 bytes [05:10 30/12/2009] [05:10 30/12/2009] 207D6C5A5072C1FB8A1721C0FDBDE7CB
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Rus\Profiles\YouTube_16_9 Standard Quality.prx --a---- 5848 bytes [05:10 30/12/2009] [05:10 30/12/2009] A66D0CF6C42CEC5A9C5C2D89662DAF90
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Rus\Profiles\YouTube_4_3 HD Quality.prx --a---- 6476 bytes [05:10 30/12/2009] [05:10 30/12/2009] 0A54B1C369FECE86F428EEAA516ED89A
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Rus\Profiles\YouTube_4_3 High Quality.prx --a---- 6494 bytes [05:10 30/12/2009] [05:10 30/12/2009] E926F96F11B4E11A75F43123988AF077
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Rus\Profiles\YouTube_4_3 Standard Quality.prx --a---- 5848 bytes [05:10 30/12/2009] [05:10 30/12/2009] 9E4CEB8051616B6BD6E28B3E1110FD24
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Sky\YouTube.xml --a---- 865 bytes [23:29 12/01/2010] [23:29 12/01/2010] 733C7D937E598E300F3FD837F29A1C86
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Sky\Profiles\YouTube_16_9 HD Quality.prx --a---- 6482 bytes [05:12 30/12/2009] [05:12 30/12/2009] B3A6CEE83E0A10BC11E6122269CB2933
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Sky\Profiles\YouTube_16_9 High Quality.prx --a---- 6490 bytes [05:11 30/12/2009] [05:11 30/12/2009] 1E67468171747ADAD6D82DE613B46E75
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Sky\Profiles\YouTube_16_9 Standard Quality.prx --a---- 5844 bytes [05:11 30/12/2009] [05:11 30/12/2009] B2FDBB6E200C4DCA0B23ECB1D1D9A621
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Sky\Profiles\YouTube_4_3 HD Quality.prx --a---- 6474 bytes [05:12 30/12/2009] [05:12 30/12/2009] 63A39920C1C91EF1360B26B932917D9A
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Sky\Profiles\YouTube_4_3 High Quality.prx --a---- 6490 bytes [05:11 30/12/2009] [05:11 30/12/2009] BD974E3C2E8B812DF014632E03E6FCF5
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Sky\Profiles\YouTube_4_3 Standard Quality.prx --a---- 5844 bytes [05:11 30/12/2009] [05:11 30/12/2009] CA9A56A05C32788F8324CF0E0D477635
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Sve\YouTube.xml --a---- 846 bytes [23:32 12/01/2010] [23:32 12/01/2010] F5329ADFE84EA9787A4E16C41531F125
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Sve\Profiles\YouTube_16_9 HD Quality.prx --a---- 6484 bytes [05:17 30/12/2009] [05:17 30/12/2009] 70EB59E35B49E7CDEA893B049ABDA21A
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Sve\Profiles\YouTube_16_9 High Quality.prx --a---- 6486 bytes [05:16 30/12/2009] [05:16 30/12/2009] 73F35CB96D1DCE311C1E513C1BCD94AE
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Sve\Profiles\YouTube_16_9 Standard Quality.prx --a---- 5840 bytes [05:15 30/12/2009] [05:15 30/12/2009] 2A524D9A48DBD362003FA163DCA57D8F
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Sve\Profiles\YouTube_4_3 HD Quality.prx --a---- 6476 bytes [05:17 30/12/2009] [05:17 30/12/2009] AE4FD679872EF9316E8CBF37F3F8209C
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Sve\Profiles\YouTube_4_3 High Quality.prx --a---- 6486 bytes [05:16 30/12/2009] [05:16 30/12/2009] F3D3A24F889D5927354DDADD872855A7
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Sve\Profiles\YouTube_4_3 Standard Quality.prx --a---- 5840 bytes [05:15 30/12/2009] [05:15 30/12/2009] A1234143E0B43E1319107B9BD04A01C4
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Trk\YouTube.xml --a---- 873 bytes [22:58 07/01/2010] [22:58 07/01/2010] 5D48B3D04E92C9827EF496383C5E9047
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Trk\Profiles\YouTube_16_9 HD Quality.prx --a---- 6480 bytes [05:19 30/12/2009] [05:19 30/12/2009] EDBF81FA7C147A7F306FD6425745129D
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Trk\Profiles\YouTube_16_9 High Quality.prx --a---- 6488 bytes [05:18 30/12/2009] [05:18 30/12/2009] 4B6018A48D6AC73A032FCE33E69E1471
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Trk\Profiles\YouTube_16_9 Standard Quality.prx --a---- 5838 bytes [05:18 30/12/2009] [05:18 30/12/2009] 7342E1982362D0EE04A87C7B80520885
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Trk\Profiles\YouTube_4_3 HD Quality.prx --a---- 6472 bytes [05:19 30/12/2009] [05:19 30/12/2009] 084D3F59AA009A98B440127CB07CA2D3
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Trk\Profiles\YouTube_4_3 High Quality.prx --a---- 6488 bytes [05:18 30/12/2009] [05:18 30/12/2009] 5138B13EEA23A1EAF42106995A5E299F
    C:\Program Files (x86)\CyberLink\PowerDirector\Language\Trk\Profiles\YouTube_4_3 Standard Quality.prx --a---- 5838 bytes [05:18 30/12/2009] [05:18 30/12/2009] 9F2FEC4315EDCD1565342E03A58EF89A
    C:\Program Files (x86)\CyberLink\PowerDirector\runtime\YouTube\YouTubeMgr.dll --a---- 73000 bytes [18:42 27/11/2009] [18:42 27/11/2009] DD24D7C3EB0FB7ACDEA005D504525361
    C:\Program Files (x86)\CyberLink\PowerDirector\skin\skin_Produce_YouTubeAgreementDlg.xml --a---- 1299 bytes [21:08 19/03/2009] [21:08 19/03/2009] D3855F701708D547E86AF326B598B736
    C:\Program Files (x86)\CyberLink\PowerDirector\skin\skin_Produce_YouTube_page.xml --a---- 4947 bytes [21:27 15/10/2009] [21:27 15/10/2009] 771AACBEDB8384A5F5C46F3E0D35AB16
    C:\Program Files (x86)\CyberLink\PowerDirector\skin\skin_Produce_YouTube_Progress_page.xml --a---- 3529 bytes [21:44 11/06/2009] [21:44 11/06/2009] 9332A44CEBD647F88A6957C12AAAF60A
    C:\Program Files (x86)\CyberLink\PowerDirector\skin\skin_Produce_YouTube_setting_page.xml --a---- 436 bytes [21:27 15/10/2009] [21:27 15/10/2009] E0AA164C3BEBE8E406A50032A896C8B9
    C:\Program Files (x86)\CyberLink\PowerDirector\skin\skin_Produce_YouTube_setting_scrollwnd.xml --a---- 3072 bytes [21:27 15/10/2009] [21:27 15/10/2009] BC25FBF7EB0780A7A66F1CBF8F7F1DE1
    C:\Program Files (x86)\CyberLink\PowerDirector\skin\1024x768\Produce\left_bg_youtube_1.png --a---- 6027 bytes [18:29 21/04/2009] [18:29 21/04/2009] D086384CF88EDD220825525C48392A78
    C:\Program Files (x86)\CyberLink\PowerDirector\skin\1024x768\Produce\left_bg_youtube_3.png --a---- 4939 bytes [00:18 15/01/2009] [00:18 15/01/2009] 83E783EFE4B76E707C81893B36FA9EA1
    C:\Program Files (x86)\CyberLink\PowerDirector\skin\1024x768\Produce\producing_youtubeupload.PNG --a---- 1013366 bytes [00:00 07/03/2009] [00:00 07/03/2009] 2F10F583F488D2EC125791A6254F9A47
    C:\Program Files (x86)\CyberLink\PowerDirector\skin\1024x768\Produce\producing_youtubeupload_16V9.PNG --a---- 914326 bytes [21:54 10/03/2009] [21:54 10/03/2009] 96B94D5F53BB63BE3C95DB3B39B7E1BC
    C:\Program Files (x86)\CyberLink\PowerDirector\skin\1024x768\Produce\tab_produce_youtube.png --a---- 8773 bytes [01:21 26/03/2009] [01:21 26/03/2009] 19119ECD9FE0EE9706FA5ED68E8D680C
    C:\Program Files (x86)\CyberLink\PowerDirector\skin\1024x768\Produce\YouTubeAgreemnt bg.png --a---- 7104 bytes [04:46 13/02/2009] [04:46 13/02/2009] 040905A4846176E6C79E4C1CB9E258FC
    C:\Program Files (x86)\DVDVideoSoft\Free YouTube to MP3 Converter\FreeYouTubeToMP3Converter.exe --a---- 2095744 bytes [20:44 04/06/2011] [00:56 04/06/2011] 8F5B31194CD24D2A49ADDF223BC87775
    C:\Program Files (x86)\DVDVideoSoft\Free YouTube to MP3 Converter\YouTubeToMP3.sib --a---- 75572 bytes [20:44 04/06/2011] [00:54 04/06/2011] B87350D381C389633E263926AF798EC4
    C:\Program Files (x86)\DVDVideoSoft\Free YouTube to MP3 Converter\YouTubeToMP3Converter.xml --a---- 241469 bytes [20:44 04/06/2011] [19:20 23/03/2011] 941E59CED178940FBA8B952B10F3252F
    C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Photo\Custom\Skin\Standard\Photo\Media\menubar\Share\logo_youtube.png ------- 4904 bytes [17:05 31/05/2010] [17:05 31/05/2010] C5429F3153F829CC0FB2D85B61ED8015
    C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Photo\Custom\Skin\Standard\Photo\Media\menubar\Share\youtube.png ------- 4893 bytes [17:05 31/05/2010] [17:05 31/05/2010] 526595D39834A9D21C7F40D715061A61
    C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Photo\Custom\Skin\Standard\Photo\Media\menubar\SlideEdit\icon_youtube_g.png ------- 876 bytes [17:05 31/05/2010] [17:05 31/05/2010] A5198B01BDDBE9AB3398B19C6FA18E91
    C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Photo\Custom\Skin\Standard\Photo\Media\menubar\SlideEdit\icon_youtube_h.png ------- 1115 bytes [17:05 31/05/2010] [17:05 31/05/2010] F003CFE775948A5DE0957EAF49FAE3AC
    C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Photo\Custom\Skin\Standard\Photo\Media\menubar\SlideEdit\icon_youtube_n.png ------- 902 bytes [17:05 31/05/2010] [17:05 31/05/2010] 9B9896B408C71001CB88F5B88067B482
    C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Photo\Custom\Skin\Standard\Photo\Media\menubar\SlideEdit\icon_youtube_p.png ------- 1258 bytes [17:05 31/05/2010] [17:05 31/05/2010] 4B0976F3264C20969DEECAE2482F53FD
    C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Photo\Custom\Skin\Standard\Photo\Media\transcode\openingNoYoutube.wmv ------- 1733636 bytes [17:05 31/05/2010] [17:05 31/05/2010] DF1B5D68C65CF142317B696F6066EC8F
    C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Photo\Custom\Skin\Standard\Photo\Media\transcode\youtube.png ------- 3915 bytes [17:05 31/05/2010] [17:05 31/05/2010] 6DE7347A9E93A8C3F35E04AC70A3682A
    C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Photo\Custom\Skin\Standard\Photo\Media\transcode\menubar\youtube_s.png ------- 1688 bytes [17:05 31/05/2010] [17:05 31/05/2010] DD2F35764A572326C5709DFFE65E1554
    C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Photo\Custom\Skin\Standard\Photo\Media\transcode\saveAsDlg\youtube_s.png ------- 3444 bytes [17:05 31/05/2010] [17:05 31/05/2010] 2490B071ECE2748B96F8588D3DC7B398
    C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Photo\subsys\Share\youtube.kc ------- 14526 bytes [00:00 12/06/2010] [00:00 12/06/2010] 4454FA7B31E371703713948CBAD898E9
    C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Photo\Transcode\esShareYouTube.kc ------- 22588 bytes [00:00 12/06/2010] [00:00 12/06/2010] F1AE2D9086C81CBD93390F7EEBF925DE
    C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Video\Custom\Skin\Standard\Photo\Media\menubar\Share\logo_youtube.png ------- 4904 bytes [19:15 14/06/2010] [19:15 14/06/2010] C5429F3153F829CC0FB2D85B61ED8015
    C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Video\Custom\Skin\Standard\Photo\Media\menubar\Share\youtube.png ------- 1258 bytes [19:15 14/06/2010] [19:15 14/06/2010] 4B0976F3264C20969DEECAE2482F53FD
    C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Video\Custom\Skin\Standard\Photo\Media\transcode\openingNoYoutube.wmv ------- 1733636 bytes [19:16 14/06/2010] [19:16 14/06/2010] DF1B5D68C65CF142317B696F6066EC8F
    C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Video\Custom\Skin\Standard\Photo\Media\transcode\youtube.png ------- 3915 bytes [19:16 14/06/2010] [19:16 14/06/2010] 6DE7347A9E93A8C3F35E04AC70A3682A
    C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Video\Custom\Skin\Standard\Photo\Media\transcode\menubar\youtube_s.png ------- 1688 bytes [19:16 14/06/2010] [19:16 14/06/2010] DD2F35764A572326C5709DFFE65E1554
    C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Video\Custom\Skin\Standard\Photo\Media\transcode\saveAsDlg\youtube_s.png ------- 3444 bytes [19:16 14/06/2010] [19:16 14/06/2010] 2490B071ECE2748B96F8588D3DC7B398
    C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Video\subsys\Share\youtube.kc ------- 14526 bytes [19:39 14/06/2010] [19:39 14/06/2010] 4454FA7B31E371703713948CBAD898E9
    C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Video\subsys\Share\YouTubeMgr.dll ------- 278624 bytes [19:43 14/06/2010] [19:43 14/06/2010] EFD797EA28D5131132C1C47BE6E2D726
    C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Video\Transcode\esShareYouTube.kc ------- 22588 bytes [19:39 14/06/2010] [19:39 14/06/2010] F1AE2D9086C81CBD93390F7EEBF925DE
    C:\Program Files (x86)\Windows Live\Photo Gallery\WLYouTubePlugin.dll --a---- 137072 bytes [01:40 09/03/2012] [01:40 09/03/2012] A0FD454BC321C50B8615E7C1F6738AB6
    C:\Program Files (x86)\Windows Live\Photo Gallery\en\WLYouTubePlugin.resources.dll --a---- 51056 bytes [01:50 09/03/2012] [01:50 09/03/2012] 630B222E22A07E7924768B878ADB370A
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft\Programs\Free YouTube to MP3 Converter.lnk --a---- 1388 bytes [20:44 04/06/2011] [20:44 04/06/2011] 8551AECF8BC3C24644B76431437CA452
    C:\ProgramData\RapidSolution\Audials_2011\RadioRip\PlgYoutube.dll --a---- 137056 bytes [23:09 06/02/2011] [23:09 06/02/2011] B850634A1D848A585F2E8B7695537424
    C:\Qoobox\Quarantine\C\PROGRA~2\AYOUTU~1\A YOutube downloader free.dll.vir --a---- 447488 bytes [01:40 28/09/2012] [01:40 28/09/2012] C70BED8E44AE2ED90D2FAE6F46950470
    C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft\Programs\Free YouTube to MP3 Converter.lnk --a---- 1388 bytes [20:44 04/06/2011] [20:44 04/06/2011] 8551AECF8BC3C24644B76431437CA452
    C:\Users\All Users\RapidSolution\Audials_2011\RadioRip\PlgYoutube.dll --a---- 137056 bytes [23:09 06/02/2011] [23:09 06/02/2011] B850634A1D848A585F2E8B7695537424
    C:\Users\Kathi\AppData\Local\RapidSolution\Audials_2011\Log\PluginsManager\Plugins\YouTubeDisco_20110206_151020_1.txt --a---- 97 bytes [23:10 06/02/2011] [23:52 06/02/2011] 3A2F4FF763CC9306764C7F12B4BAC20F
    C:\Users\Kathi\AppData\Local\RapidSolution\Audials_2011\Log\PluginsManager\Plugins\YouTubeDisco_20110206_163327_1.txt --a---- 97 bytes [00:33 07/02/2011] [00:34 07/02/2011] 81EAD32B30C17A92497A206289940D68
    C:\Users\Kathi\AppData\Local\RapidSolution\Audials_2011\Log\PluginsManager\Plugins\YouTube_20110206_151020_1.txt --a---- 97 bytes [23:10 06/02/2011] [23:52 06/02/2011] 0CFCA29CE6C32F38AA02E041B5955FB4
    C:\Users\Kathi\AppData\Local\RapidSolution\Audials_2011\Log\PluginsManager\Plugins\YouTube_20110206_163327_1.txt --a---- 97 bytes [00:33 07/02/2011] [00:34 07/02/2011] 48E4EBCCD07B5487F5A0F765EEC8134D
    C:\Users\Kathi\AppData\Local\RapidSolution\Audials_2011\PluginsManager\DLLs\YouTube.dll --a---- 310784 bytes [23:10 06/02/2011] [23:10 06/02/2011] 7B7E8B7A68C6699C876115B02781CAA5
    C:\Users\Kathi\AppData\Local\RapidSolution\Audials_2011\PluginsManager\DLLs\YouTubeDisco.dll --a---- 291840 bytes [23:10 06/02/2011] [23:10 06/02/2011] 1DA718FE3618C9AA2611FFD705EAE57B
    C:\Users\Kathi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm --a---- 273 bytes [20:44 04/06/2011] [20:44 04/06/2011] 1626F757ADF9CDEB61B63EFBB31A86ED
    C:\Users\Kathi\Desktop\Unused programs\Free YouTube to MP3 Converter.lnk --a---- 1364 bytes [20:44 04/06/2011] [20:44 04/06/2011] BCFDE008489413B397DCF2229C5EAB54
    C:\Users\Kathi\Documents\DVDVideoSoft\FreeYouTubeToMP3Converter_log.txt --a---- 196485 bytes [20:44 04/06/2011] [15:30 13/02/2012] B24E8E6A6B469C204A8511D72DBDBFF1
    C:\Users\Kathi\Documents\DVDVideoSoft\FreeYouTubeToMP3Converter_setup.txt --a---- 55004 bytes [20:44 04/06/2011] [20:44 04/06/2011] 01A452185EF1BC92F86FD440811140EC
    C:\Users\Kathi\Downloads\FreeYouTubeToMP3Converter.exe --a---- 15853448 bytes [20:42 04/06/2011] [20:43 04/06/2011] F889CBBC80262A79AF4BFC63157F095B
    C:\Users\Kathi\Favorites\YouTube to mp3 Converter.url --a---- 508 bytes [03:22 18/09/2011] [03:22 18/09/2011] 74B6EA44409BC0F7DD95AE07C8F81849
    C:\Windows\Installer\$PatchCache$\Managed\775F634D5961F2D4B844CA679CE90020\15.4.3502\WLYouTubePluginResFile -ra---- 51056 bytes [08:46 23/09/2010] [08:46 23/09/2010] 35545D21983A12F768C94C7AA96F5608
    C:\Windows\Installer\$PatchCache$\Managed\B6ACDB9A3563B764CA384963D73AFB3E\15.4.3502\WLYouTubePluginDLL -ra---- 137072 bytes [08:37 23/09/2010] [08:37 23/09/2010] 9049B70999A2D105F96E899CEA9CD214
    C:\_OTL\MovedFiles\12012012_143310\C_Program Files (x86)\A Youtube Downloader Free\A Youtube Downloader Free.xpi --a---- 46060 bytes [01:40 28/09/2012] [01:40 28/09/2012] 078718722F19488B23A24BB26D2BE6CA
    C:\_OTL\MovedFiles\12012012_143310\C_Program Files (x86)\A Youtube Downloader Free\A Youtube Downloader Free_Helper.exe --a---- 1434112 bytes [05:01 27/11/2012] [01:41 28/09/2012] DC676CE9655A422128F656117130055A

    ========== folderfind ==========
     
  24. KathiM

    KathiM TS Member Topic Starter Posts: 30

    (Part 2)

    Searching for "*apype*"
    No folders found.

    Searching for "*youtube*"
    C:\Data Backup\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\MW9PH7DR\www.youtube.com d------ [00:03 22/11/2010]
    C:\Data Backup\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.youtube.com d------ [00:03 22/11/2010]
    C:\Program Files (x86)\CyberLink\PowerDirector\runtime\YouTube d------ [23:31 10/09/2010]
    C:\Program Files (x86)\DVDVideoSoft\Free YouTube to MP3 Converter d------ [20:44 04/06/2011]
    C:\Users\Kathi\Desktop\Youtube Mp3 d------ [21:00 04/06/2011]
    C:\Users\Kathi\Documents\DVDVideoSoft\FreeYouTubeToMP3Converter d------ [20:44 04/06/2011]
    C:\_OTL\MovedFiles\12012012_143310\C_Program Files (x86)\A Youtube Downloader Free d------ [05:01 27/11/2012]

    ========== regfind ==========

    Searching for "apype"
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes]
    "DoNotAskAgain"="apype.com 4shared.com conduit.com yahoo.com"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
    "Tabs"="http://apype.com"
    [HKEY_USERS\S-1-5-21-2635634824-2115636220-2321885851-1000\Software\Microsoft\Internet Explorer\SearchScopes]
    "DoNotAskAgain"="apype.com 4shared.com conduit.com yahoo.com"

    Searching for "youtube"
    [HKEY_CURRENT_USER\Software\DVDVideoSoft\FreeVideoToFlashConverter\Links]
    "Keys"="youtube download youtube to mp3 converter youtube video downloader"
    [HKEY_CURRENT_USER\Software\DVDVideoSoft\FreeVideoToFlashConverter\Links]
    "Links"="http://www.dvdvideosoft.com/products/dvd/Free-YouTube-Download.htm http://www.dvdvideosoft.com/products/dvd/Free-YouTube-to-MP3-Converter.htm http://www.dvdvideosoft.com/products/dvd/Free-YouTube-Download.htm"
    [HKEY_CURRENT_USER\Software\DVDVideoSoft\FreeYouTubeToMP3Converter]
    [HKEY_CURRENT_USER\Software\DVDVideoSoft\FreeYouTubeToMP3Converter]
    "LastOutputFolder"="C:\Users\Kathi\Desktop\Youtube Mp3"
    [HKEY_CURRENT_USER\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.youtube]
    [HKEY_CURRENT_USER\Software\Google\Google Toolbar\4.0\Toolbar Sync\6LKJILET0J12UK1I86G6\Options\Custom Buttons\google.youtube]
    [HKEY_CURRENT_USER\Software\HotSummerWind Software\A Youtube Downloader Free]
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\51c542ea_0]
    @="{0.0.0.00000000}.{9aaad6f4-87ff-4b67-bd8f-2844310870d1}|\Device\HarddiskVolume2\Program Files (x86)\DVDVideoSoft\Free YouTube to MP3 Converter\FreeYouTubeToMP3Converter.exe%b{00000000-0000-0000-0000-000000000000}"
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Free YouTube to MP3 Converter]
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Free YouTube to MP3 Converter]
    @="C:\Users\Kathi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm"
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs]
    "url11"="http://www.youtube.com/"
    [HKEY_CURRENT_USER\Software\RapidSolution\Audials_2011\PM_Settings]
    "SerializedPlgSettings"="<?xml version="1.0" encoding="UTF-8" ?><plg_cfgs><plugin name="AOL"><sel_for_search value="1" /><upload_rule /><path_on_dev /></plugin><plugin name="ClipFish"><sel_for_search value="1" /><upload_rule /><path_on_dev /></plugin><plugin name="Esnips.com"><sel_for_search value="1" /><upload_rule /><path_on_dev /></plugin><plugin name="MP3.com"><sel_for_search value="1" /><upload_rule /><path_on_dev /></plugin><plugin name="Mp3Tunes Plugin"><sel_for_search value="1" /><upload_rule /><path_on_dev /></plugin><plugin name="Tangle"><sel_for_search value="1" /><upload_rule /><path_on_dev /></plugin><plugin name="TunesBag Plugin"><sel_for_search value="1" /><upload_rule /><path_on_dev /></plugin><plugin name="Veoh"><sel_for_search value="1" /><upload_rule /><path_on_dev /></plugin><plugin name="Vimeo"><sel_for_search value="1" /><upload_rule /><path_on_dev /></plugin><plugin name="VMP3"><sel_for_search value="1" /><upload_rule
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\HttpVideoDownloader.YoutubePlayList]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\HttpVideoDownloader.YoutubePlayList]
    @="CYoutubePlayList Object"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\HttpVideoDownloader.YoutubePlayList\CurVer]
    @="HttpVideoDownloader.YoutubePlayList.1"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\HttpVideoDownloader.YoutubePlayList.1]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\HttpVideoDownloader.YoutubePlayList.1]
    @="CYoutubePlayList Object"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{60838D67-CE0A-4E57-AA61-0B525DF905B4}]
    @="_IYoutubePlayListEvents"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{97676785-A817-45D7-BD3F-8D1D05DC4CBD}]
    @="IYoutubePlayList"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C8343D44-05AA-4B28-B1B4-4B4A194F8AB4}]
    @="CYoutubePlayList Object"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C8343D44-05AA-4B28-B1B4-4B4A194F8AB4}\ProgID]
    @="HttpVideoDownloader.YoutubePlayList.1"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C8343D44-05AA-4B28-B1B4-4B4A194F8AB4}\VersionIndependentProgID]
    @="HttpVideoDownloader.YoutubePlayList"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{60838D67-CE0A-4E57-AA61-0B525DF905B4}]
    @="_IYoutubePlayListEvents"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{97676785-A817-45D7-BD3F-8D1D05DC4CBD}]
    @="IYoutubePlayList"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E3ECF3D7B49D95D43BE0B2D5D366B591]
    "B6ACDB9A3563B764CA384963D73AFB3E"="C:\Program Files (x86)\Windows Live\Photo Gallery\WLYouTubePlugin.dll"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E3ECF3D7B49D95D43BE0B2D5D366B591\B6ACDB9A3563B764CA384963D73AFB3E]
    "File"="WLYouTubePluginDLL"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\AVS4YOU\Navigator]
    "AVS YouTube Uploader"="http://www.avs4you.com/Downloads/AV...urce=Navigator&utm_content=AVSYouTubeUploader"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\DVDVideoSoft\AppPaths]
    "FreeYouTubeToMP3Converter"="C:\Program Files (x86)\DVDVideoSoft\Free YouTube to MP3 Converter\FreeYouTubeToMP3Converter.exe"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\DVDVideoSoft\UninstallPaths]
    "Free Audio CD Burner"="C:\Program Files (x86)\DVDVideoSoft\Free YouTube to MP3 Converter\unins000.exe"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\DVDVideoSoft\UninstallPaths]
    "Free YouTube to MP3 Converter"="C:\Program Files (x86)\DVDVideoSoft\Free YouTube to MP3 Converter\unins000.exe"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Hewlett-Packard\TouchSmart\Music]
    "Feature_YouTubeSupportCountryList"="USA,DEU,AUS,CAN,GBR,IRL,NZL,ESP,MEX,FRA,ITA,JPN,KOR,NLD,POL,BRA,RUS,HKG,TWN,CZE,SWE,ISR,IND"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\A Youtube Downloader Free_Helper_RASAPI32]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\A Youtube Downloader Free_Helper_RASMANCS]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\FreeYouTubeToMP3Converter_RASAPI32]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\FreeYouTubeToMP3Converter_RASMANCS]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Free YouTube to MP3 Converter_is1]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Free YouTube to MP3 Converter_is1]
    "Inno Setup: App Path"="C:\Program Files (x86)\DVDVideoSoft\Free YouTube to MP3 Converter"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Free YouTube to MP3 Converter_is1]
    "InstallLocation"="C:\Program Files (x86)\DVDVideoSoft\Free YouTube to MP3 Converter\"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Free YouTube to MP3 Converter_is1]
    "DisplayName"="Free YouTube to MP3 Converter version 3.9.40.602"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Free YouTube to MP3 Converter_is1]
    "DisplayIcon"="C:\Program Files (x86)\DVDVideoSoft\Free YouTube to MP3 Converter\FreeYouTubeToMP3Converter.exe"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Free YouTube to MP3 Converter_is1]
    "QuietUninstallString"=""C:\Program Files (x86)\DVDVideoSoft\Free YouTube to MP3 Converter\unins000.exe" /SILENT"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{C8343D44-05AA-4B28-B1B4-4B4A194F8AB4}]
    @="CYoutubePlayList Object"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{C8343D44-05AA-4B28-B1B4-4B4A194F8AB4}\ProgID]
    @="HttpVideoDownloader.YoutubePlayList.1"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{C8343D44-05AA-4B28-B1B4-4B4A194F8AB4}\VersionIndependentProgID]
    @="HttpVideoDownloader.YoutubePlayList"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{60838D67-CE0A-4E57-AA61-0B525DF905B4}]
    @="_IYoutubePlayListEvents"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{97676785-A817-45D7-BD3F-8D1D05DC4CBD}]
    @="IYoutubePlayList"
    [HKEY_USERS\S-1-5-21-2635634824-2115636220-2321885851-1000\Software\DVDVideoSoft\FreeVideoToFlashConverter\Links]
    "Keys"="youtube download youtube to mp3 converter youtube video downloader"
    [HKEY_USERS\S-1-5-21-2635634824-2115636220-2321885851-1000\Software\DVDVideoSoft\FreeVideoToFlashConverter\Links]
    "Links"="http://www.dvdvideosoft.com/products/dvd/Free-YouTube-Download.htm http://www.dvdvideosoft.com/products/dvd/Free-YouTube-to-MP3-Converter.htm http://www.dvdvideosoft.com/products/dvd/Free-YouTube-Download.htm"
    [HKEY_USERS\S-1-5-21-2635634824-2115636220-2321885851-1000\Software\DVDVideoSoft\FreeYouTubeToMP3Converter]
    [HKEY_USERS\S-1-5-21-2635634824-2115636220-2321885851-1000\Software\DVDVideoSoft\FreeYouTubeToMP3Converter]
    "LastOutputFolder"="C:\Users\Kathi\Desktop\Youtube Mp3"
    [HKEY_USERS\S-1-5-21-2635634824-2115636220-2321885851-1000\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.youtube]
    [HKEY_USERS\S-1-5-21-2635634824-2115636220-2321885851-1000\Software\Google\Google Toolbar\4.0\Toolbar Sync\6LKJILET0J12UK1I86G6\Options\Custom Buttons\google.youtube]
    [HKEY_USERS\S-1-5-21-2635634824-2115636220-2321885851-1000\Software\HotSummerWind Software\A Youtube Downloader Free]
    [HKEY_USERS\S-1-5-21-2635634824-2115636220-2321885851-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\51c542ea_0]
    @="{0.0.0.00000000}.{9aaad6f4-87ff-4b67-bd8f-2844310870d1}|\Device\HarddiskVolume2\Program Files (x86)\DVDVideoSoft\Free YouTube to MP3 Converter\FreeYouTubeToMP3Converter.exe%b{00000000-0000-0000-0000-000000000000}"
    [HKEY_USERS\S-1-5-21-2635634824-2115636220-2321885851-1000\Software\Microsoft\Internet Explorer\MenuExt\Free YouTube to MP3 Converter]
    [HKEY_USERS\S-1-5-21-2635634824-2115636220-2321885851-1000\Software\Microsoft\Internet Explorer\MenuExt\Free YouTube to MP3 Converter]
    @="C:\Users\Kathi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm"
    [HKEY_USERS\S-1-5-21-2635634824-2115636220-2321885851-1000\Software\Microsoft\Internet Explorer\TypedURLs]
    "url11"="http://www.youtube.com/"
    [HKEY_USERS\S-1-5-21-2635634824-2115636220-2321885851-1000\Software\RapidSolution\Audials_2011\PM_Settings]
    "SerializedPlgSettings"="<?xml version="1.0" encoding="UTF-8" ?><plg_cfgs><plugin name="AOL"><sel_for_search value="1" /><upload_rule /><path_on_dev /></plugin><plugin name="ClipFish"><sel_for_search value="1" /><upload_rule /><path_on_dev /></plugin><plugin name="Esnips.com"><sel_for_search value="1" /><upload_rule /><path_on_dev /></plugin><plugin name="MP3.com"><sel_for_search value="1" /><upload_rule /><path_on_dev /></plugin><plugin name="Mp3Tunes Plugin"><sel_for_search value="1" /><upload_rule /><path_on_dev /></plugin><plugin name="Tangle"><sel_for_search value="1" /><upload_rule /><path_on_dev /></plugin><plugin name="TunesBag Plugin"><sel_for_search value="1" /><upload_rule /><path_on_dev /></plugin><plugin name="Veoh"><sel_for_search value="1" /><upload_rule /><path_on_dev /></plugin><plugin name="Vimeo"><sel_for_search value="1" /><upload_rule /><path_on_dev /></plugin><plugin name="VMP3"><

    -= EOF =-
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.