OTL logfile created on: 12/2/2012 11:38:58 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kathi\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
5.00 Gb Total Physical Memory | 3.18 Gb Available Physical Memory | 63.59% Memory free
10.00 Gb Paging File | 7.80 Gb Available in Paging File | 77.98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 584.01 Gb Total Space | 273.78 Gb Free Space | 46.88% Space Free | Partition Type: NTFS
Drive D: | 12.07 Gb Total Space | 1.48 Gb Free Space | 12.23% Space Free | Partition Type: NTFS
Computer Name: KATHI-HP | User Name: Kathi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/12/02 12:07:49 | 000,236,552 | ---- | M] (Trustwave) -- C:\Program Files (x86)\Trustwave\Agent\tkstatus.exe
PRC - [2012/12/02 12:07:48 | 000,131,592 | ---- | M] (Trustwave) -- C:\Program Files (x86)\Trustwave\Agent\tkagent.exe
PRC - [2012/11/29 00:17:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kathi\Downloads\OTL.exe
PRC - [2012/11/20 23:25:21 | 001,807,800 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe
PRC - [2012/10/26 23:44:55 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/10/09 09:53:36 | 004,441,920 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Kathi\AppData\Local\Akamai\netsession_win.exe
PRC - [2012/09/19 14:56:20 | 000,200,336 | ---- | M] (
http://www.goforfiles.com/) -- C:\Program Files (x86)\GoforFiles\GFFUpdater.exe
PRC - [2012/07/27 12:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/03/07 14:40:34 | 000,913,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
PRC - [2012/01/18 14:02:04 | 000,508,136 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2011/02/18 10:47:12 | 000,079,192 | ---- | M] (Research In Motion Limited) -- C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2010/11/15 17:05:30 | 000,112,600 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
PRC - [2010/10/01 12:27:22 | 000,632,792 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
PRC - [2010/09/16 12:26:08 | 001,594,328 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Registry Mechanic\Upgrade.exe
PRC - [2010/07/07 12:38:06 | 000,648,536 | ---- | M] (Research In Motion Limited) -- C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
PRC - [2010/06/12 17:06:08 | 000,400,368 | ---- | M] (CinemaNow, Inc.) -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
PRC - [2010/01/18 09:21:08 | 000,568,888 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
PRC - [2009/11/19 18:15:46 | 000,583,016 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe
PRC - [2009/10/14 14:53:20 | 000,635,416 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe
PRC - [2008/11/20 09:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
PRC - [2007/01/23 18:46:58 | 092,573,696 | ---- | M] (Individual Software Inc.) -- C:\Program Files (x86)\AnyTime Deluxe\Atw.exe
========== Modules (No Company Name) ==========
MOD - [2012/11/20 23:25:20 | 014,586,808 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll
MOD - [2012/11/19 17:34:39 | 000,037,280 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll
MOD - [2012/11/16 07:26:43 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\66694f9192bd0dddc2eaf90fbcbcd555\System.Management.ni.dll
MOD - [2012/11/16 07:02:54 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7c4de95aa433eb8d81a81caf805947a8\PresentationFramework.Aero.ni.dll
MOD - [2012/11/16 07:02:35 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll
MOD - [2012/11/16 07:02:33 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\3d4e9d4f6c945d6d3b7d423fdb6bd274\System.Data.ni.dll
MOD - [2012/11/16 07:02:21 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1ec80905a71750be50dfc7981ad5ae28\PresentationFramework.ni.dll
MOD - [2012/11/16 07:02:03 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll
MOD - [2012/11/16 07:01:55 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll
MOD - [2012/11/16 07:01:52 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\70705382a499703e7a595fada80b04e6\Accessibility.ni.dll
MOD - [2012/11/16 07:01:51 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\53d6d827964619285771ed72332d3659\PresentationCore.ni.dll
MOD - [2012/11/16 07:01:37 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll
MOD - [2012/11/16 07:01:26 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll
MOD - [2012/11/16 07:01:22 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll
MOD - [2012/11/16 07:01:19 | 007,988,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll
MOD - [2012/11/16 07:01:12 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll
MOD - [2012/10/26 23:44:54 | 002,295,264 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/06/13 17:42:48 | 000,181,248 | ---- | M] () -- C:\Program Files (x86)\Trustwave\Agent\zlibwapi.dll
MOD - [2010/11/04 17:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/09/28 14:00:32 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
MOD - [2010/09/28 14:00:30 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
MOD - [2010/09/28 14:00:14 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
MOD - [2010/01/18 09:21:08 | 000,568,888 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
MOD - [1997/04/29 11:26:16 | 000,120,832 | ---- | M] () -- C:\Program Files (x86)\AnyTime Deluxe\Utdial32.dll
========== Services (SafeList) ==========
SRV:
64bit: - [2012/03/07 14:40:34 | 000,913,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn)
SRV:
64bit: - [2011/03/08 20:53:04 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:
64bit: - [2011/01/26 17:01:28 | 000,354,304 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:
64bit: - [2010/06/17 04:23:36 | 000,194,496 | ---- | M] (Advanced Micro Devices) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe -- (AMD Reservation Manager)
SRV:
64bit: - [2009/07/13 17:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/12/02 12:07:48 | 000,131,592 | ---- | M] (Trustwave) [Auto | Running] -- C:\Program Files (x86)\Trustwave\Agent\tkagent.exe -- (tkagent)
SRV - [2012/11/20 23:25:22 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/11/09 17:59:44 | 004,539,712 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll -- (Akamai)
SRV - [2012/10/26 23:44:54 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/09/27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2012/07/27 12:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/03/28 11:51:25 | 004,323,256 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2010/10/12 09:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/10/01 12:27:22 | 000,632,792 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2010/06/12 17:06:08 | 000,400,368 | ---- | M] (CinemaNow, Inc.) [Auto | Running] -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -- (CinemaNow Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/14 14:53:20 | 000,635,416 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:
64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV:
64bit: - [2012/03/14 07:40:04 | 000,187,632 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfw.sys -- (epfw)
DRV:
64bit: - [2012/03/14 07:40:04 | 000,062,496 | ---- | M] (ESET) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\epfwwfp.sys -- (epfwwfp)
DRV:
64bit: - [2012/03/14 07:40:04 | 000,038,288 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\EpfwLWF.sys -- (EpfwLWF)
DRV:
64bit: - [2012/03/14 07:40:02 | 000,209,768 | ---- | M] (ESET) [File_System | System | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:
64bit: - [2012/03/14 07:40:02 | 000,148,528 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:
64bit: - [2012/02/29 22:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:
64bit: - [2011/03/09 01:22:42 | 009,258,496 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:
64bit: - [2011/03/08 20:17:42 | 000,300,544 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:
64bit: - [2011/02/16 17:23:46 | 000,074,240 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:
64bit: - [2010/11/20 05:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:
64bit: - [2010/11/20 03:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:
64bit: - [2010/11/17 04:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:
64bit: - [2010/11/16 12:18:27 | 000,046,112 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tbhsd.sys -- (tbhsd)
DRV:
64bit: - [2010/03/10 07:33:52 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie)
DRV:
64bit: - [2010/03/04 06:43:00 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:
64bit: - [2010/02/18 08:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:
64bit: - [2010/02/05 20:04:06 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:
64bit: - [2010/02/05 20:04:04 | 000,070,712 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:
64bit: - [2009/12/22 01:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:
64bit: - [2009/09/17 05:26:18 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SSPORT.sys -- (SSPORT)
DRV:
64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:
64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:
64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:
64bit: - [2009/07/13 16:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:
64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:
64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:
64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:
64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:
64bit: - [2009/01/09 16:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005/01/02 13:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:
64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://g.msn.com/HPDSK/1
IE:
64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:
64bit: - HKLM\..\SearchScopes\{150F51E5-89FD-4029-83A9-0706137DF8BE}: "URL" =
http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
IE:
64bit: - HKLM\..\SearchScopes\{4637FF3D-F284-4B7E-B76A-546A8EDCD4C6}: "URL" =
http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE:
64bit: - HKLM\..\SearchScopes\{DFFBC655-3F10-4FE2-8430-13CFE1FD498F}: "URL" =
http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://g.msn.com/HPDSK/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache =
http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://apype.com
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {b843a48a-b70f-45cd-a15a-6c2b30c2c11e} - C:\Program Files (x86)\Gamers Unite! Snag Bar\Helper.dll ()
IE - HKCU\..\SearchScopes,DefaultScope = {62E7C7FA-5F68-4414-931F-93E8858EF758}
IE - HKCU\..\SearchScopes\{62E7C7FA-5F68-4414-931F-93E8858EF758}: "URL" =
http://www.google.com/search?q={sea...rce}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Custom search"
FF - prefs.js..browser.search.searchEnginesURL: "
http://websearch.4shared.com/results?q="
FF - prefs.js..browser.search.selectedEngine: "Custom search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "
http://apype.com"
FF - prefs.js..extensions.enabledAddons: {afe43e80-0abc-4df2-81a0-3fe44b74abe8}:1.300.433
FF - prefs.js..keyword.URL: "
http://apype.com/results.php?q="
FF - user.js - File not found
FF:
64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found
FF:
64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:
64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\
google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_34: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5: C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\18\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll ()
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Kathi\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\
eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET SMART SECURITY\MOZILLA THUNDERBIRD [2012/07/20 21:00:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\
quickprint@hp.com: C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2011/01/26 14:27:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/26 23:44:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\
eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2012/07/20 21:00:08 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/26 23:44:55 | 000,000,000 | ---D | M]
[2011/12/10 22:24:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kathi\AppData\Roaming\Mozilla\Extensions
[2012/12/02 00:47:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kathi\AppData\Roaming\Mozilla\Firefox\Profiles\lad0jdno.default\extensions
[2012/12/02 00:47:11 | 000,580,191 | ---- | M] () (No name found) -- C:\Users\Kathi\AppData\Roaming\Mozilla\Firefox\Profiles\lad0jdno.default\extensions\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}.xpi
[2012/11/26 21:01:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/10/26 23:44:55 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
========== Chrome ==========
CHR - homepage:
http://www.google.com
O1 HOSTS File: ([2012/11/27 23:45:09 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:
64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:
64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:
64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4:
64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4:
64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [ContentTransferWMDetector.exe] C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe (Sony Corporation)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [4Sync] C:\Program Files (x86)\4Sync\4Sync.exe (New IT Solutions Ltd.)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Kathi\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe (Hewlett-Packard)
O4 - HKCU..\Run: [PlayNC Launcher] File not found
O4 - Startup: C:\Users\Kathi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AnyTime.lnk = C:\Program Files (x86)\AnyTime Deluxe\Atw.exe (Individual Software Inc.)
O4 - Startup: C:\Users\Kathi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:
64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Kathi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Kathi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: caldirectsecuredocs.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: caldirectsecuredocs.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: com ([pennwest-edocs] http in Trusted sites)
O15 - HKCU\..Trusted Domains: com ([pennwest-edocs] https in Trusted sites)
O15 - HKCU\..Trusted Domains: ditechsecuredocs.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: ditechsecuredocs.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: ditechsecuredocs.net ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: ditechsecuredocs.net ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: docmagic.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: docmagic.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: elynx.net ([ctest] http in Trusted sites)
O15 - HKCU\..Trusted Domains: elynx.net ([ctest] https in Trusted sites)
O15 - HKCU\..Trusted Domains: elynx.net ([forms] http in Trusted sites)
O15 - HKCU\..Trusted Domains: elynx.net ([forms] https in Trusted sites)
O15 - HKCU\..Trusted Domains: elynx.net ([gmacforms] http in Trusted sites)
O15 - HKCU\..Trusted Domains: elynx.net ([gmacforms] https in Trusted sites)
O15 - HKCU\..Trusted Domains: elynx.net ([pro] http in Trusted sites)
O15 - HKCU\..Trusted Domains: elynx.net ([pro] https in Trusted sites)
O15 - HKCU\..Trusted Domains: elynx.net ([secure] http in Trusted sites)
O15 - HKCU\..Trusted Domains: elynx.net ([secure] https in Trusted sites)
O15 - HKCU\..Trusted Domains: elynx.net ([usign] http in Trusted sites)
O15 - HKCU\..Trusted Domains: elynx.net ([usign] https in Trusted sites)
O15 - HKCU\..Trusted Domains: elynx.net ([webpost] http in Trusted sites)
O15 - HKCU\..Trusted Domains: elynx.net ([webpost] https in Trusted sites)
O15 - HKCU\..Trusted Domains: gmacmsecuredocs.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: gmacmsecuredocs.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: gmacmsecuredocs.net ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: gmacmsecuredocs.net ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: gmamcsecuredocs.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: gmamcsecuredocs.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: rhapsody.com ([rhap-app-4-0] https in Trusted sites)
O15 - HKCU\..Trusted Domains: rhapsody.com ([rhapreg] https in Trusted sites)
O15 - HKCU\..Trusted Domains: ss3.swiftsend.com ([loandocs] http in Trusted sites)
O15 - HKCU\..Trusted Domains: ss3.swiftsend.com ([loandocs] https in Trusted sites)
O15 - HKCU\..Trusted Domains: swiftsend.com ([docs] http in Trusted sites)
O15 - HKCU\..Trusted Domains: swiftsend.com ([docs] https in Trusted sites)
O15 - HKCU\..Trusted Domains: swiftsend.com ([loandocs] http in Trusted sites)
O15 - HKCU\..Trusted Domains: swiftsend.com ([loandocs] https in Trusted sites)
O15 - HKCU\..Trusted Domains: swiftsend2.com ([docs] http in Trusted sites)
O15 - HKCU\..Trusted Domains: swiftsend2.com ([docs] https in Trusted sites)
O15 - HKCU\..Trusted Domains: swiftsend2.com ([loandocs] http in Trusted sites)
O15 - HKCU\..Trusted Domains: swiftsend2.com ([loandocs] https in Trusted sites)
O15 - HKCU\..Trusted Domains: swiftview.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: swiftview.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: wamuloandocs.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: wamuloandocs.com ([www] https in Trusted sites)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}
http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Plugin Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000}
http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC}
http://panda-plugin.disney.go.com/plugin/win32/p3dactivex.cab (P3DActiveX Control)
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679}
http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx (CRLDownloadWrapper Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{57F4C65D-DE84-4C7F-A9A4-EFD6EA28E475}: DhcpNameServer = 192.168.1.1
O18:
64bit: - Protocol\Handler\livecall - No CLSID value found
O18:
64bit: - Protocol\Handler\msnim - No CLSID value found
O18:
64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:
64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O20:
64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:
64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:
64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/11/27 22:28:48 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:
64bit: - HKLM\..comfile [open] -- "%1" %*
O35:
64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:
64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:
64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012/12/02 12:08:23 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{B681B04F-8F72-4E67-86A2-4F8D97D143EE}
[2012/12/02 12:07:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trustwave
[2012/12/02 12:00:28 | 000,000,000 | ---D | C] -- C:\Users\Kathi\Desktop\Contractor Stuff
[2012/12/02 00:07:56 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{15F4C8B7-047F-4CC7-B9DD-19C43E557320}
[2012/12/01 14:33:10 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/12/01 12:07:26 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{61F9D008-5B6C-42B6-91B9-0D910B040E50}
[2012/11/30 14:32:57 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{4608C5FA-37EF-4EE0-94CE-1F9378567A3D}
[2012/11/29 15:11:34 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/11/29 15:10:30 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{C9D3E595-166B-4108-8FBB-E38912055C17}
[2012/11/29 00:39:55 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/11/28 20:13:47 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{E8E58D15-3237-4464-8EF2-372578F51F11}
[2012/11/28 08:13:34 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{AB4B3DAA-4657-457A-915B-EF2D01D484EF}
[2012/11/28 00:24:33 | 000,000,000 | ---D | C] -- C:\Users\Kathi\Desktop\Virus removal
[2012/11/28 00:05:18 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Roaming\Malwarebytes
[2012/11/28 00:05:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/11/28 00:05:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/11/28 00:05:12 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/11/28 00:05:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/11/27 23:19:15 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/11/27 23:19:15 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/11/27 23:19:15 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/11/27 23:18:45 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/11/27 23:18:14 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/11/27 22:28:13 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012/11/27 18:37:28 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{57E04207-89F6-446D-8DCB-B86398E7A2CA}
[2012/11/27 03:28:51 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{8293A4E9-4F86-458A-9056-38D94E7A1B2D}
[2012/11/26 15:28:25 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{F9A09894-87D9-4E4A-8A26-76C7F64C4A0A}
[2012/11/25 13:11:14 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{FE403889-A439-46EF-8F08-68DF75D25B1D}
[2012/11/25 01:10:50 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{A8A9512F-FF18-4BBC-A7AA-7B206248EFE4}
[2012/11/24 13:10:37 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{0EE3B6A2-DA5B-4E17-B2E4-2BD6A8A48774}
[2012/11/23 11:46:27 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{269F6611-3BD7-4DEB-93EC-AB388F35B96E}
[2012/11/22 23:46:01 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{CD6029AC-1401-46E8-8619-25569DF6764A}
[2012/11/20 13:14:29 | 000,000,000 | ---D | C] -- C:\LGMobileUpgrade
[2012/11/20 13:13:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LG Electronics
[2012/11/20 11:35:09 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{7FA3AFF0-1ED7-4C62-93F5-35427272AF4C}
[2012/11/19 23:34:58 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{58BA76CF-231E-4630-8C02-C9B31FF1370C}
[2012/11/19 17:34:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
[2012/11/19 17:32:55 | 000,000,000 | ---D | C] -- C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}
[2012/11/19 11:34:46 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{2E351E04-2111-4EF3-86CD-CBEE0261BAEE}
[2012/11/18 23:34:34 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{D5AD68FF-7C77-4356-AF80-3F7D56E66B3D}
[2012/11/18 11:34:21 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{58A551D9-F5D8-4FE3-8261-D691F564D20E}
[2012/11/17 15:16:26 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{0C525CDA-33F9-42CE-871D-5609DD015E6D}
[2012/11/16 12:24:56 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{CE75A2E1-E7E8-4ABB-BBFA-A27F2F78E1C6}
[2012/11/15 22:21:20 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{64AB8BEB-18FE-4617-AF21-FA7101805945}
[2012/11/15 10:21:07 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{C9846F85-A50F-4983-92B9-702A05BF0BF9}
[2012/11/14 19:28:41 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{18FD4BD7-2B9F-4398-83E9-31E721170F57}
[2012/11/14 07:16:34 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{51510BAA-1BE0-4B7C-8886-927FCEC36133}
[2012/11/13 19:16:08 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{54C4F440-4943-4448-9ACF-5DEFC4092209}
[2012/11/13 07:15:41 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{20B5B08A-66CD-430E-A6CD-B10DA63C609F}
[2012/11/12 11:30:06 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{C2C39778-7C87-47F4-9669-4DFF8CA42079}
[2012/11/11 11:37:20 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{58BCDDDC-A092-45F8-87D3-911B920AE96F}
[2012/11/10 18:40:23 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{25251B61-D02C-4B18-A26F-8E2B85185C71}
[2012/11/04 13:33:09 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{C30BD269-BA26-474B-98ED-15511090F90E}
[2012/11/03 10:34:38 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{85315673-2AC0-466B-A8A3-9EE173B70C56}
[2011/02/25 18:07:35 | 021,882,800 | ---- | C] (Trion Worlds, Inc.) -- C:\Users\Kathi\Rift_LIVE_Patcher_setup.exe
========== Files - Modified Within 30 Days ==========
[2012/12/02 23:40:00 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Communicator.job
[2012/12/02 23:35:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/12/02 23:32:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/12/02 21:07:10 | 000,000,266 | ---- | M] () -- C:\Windows\tasks\RMSchedule.job
[2012/12/02 18:35:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/12/02 17:20:32 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/12/02 17:20:32 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/12/02 12:07:13 | 000,001,958 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TrustKeeper Agent Status.lnk
[2012/12/02 11:39:14 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForKathi.job
[2012/12/01 14:37:52 | 000,001,916 | ---- | M] () -- C:\Users\Kathi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet 6700.lnk
[2012/12/01 14:35:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/12/01 14:35:10 | 4025,966,592 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/29 22:13:08 | 002,213,678 | ---- | M] () -- C:\Users\Kathi\Documents\Scan0144.pdf
[2012/11/29 20:59:10 | 003,800,587 | ---- | M] () -- C:\Users\Kathi\Documents\Scan0143.pdf
[2012/11/29 20:55:38 | 004,816,175 | ---- | M] () -- C:\Users\Kathi\Documents\Scan0142.pdf
[2012/11/28 00:05:14 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/11/27 23:45:09 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/11/27 22:28:48 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2012/11/27 22:26:13 | 000,000,034 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefoxoverride.ini
[2012/11/26 17:18:07 | 000,226,083 | ---- | M] () -- C:\Users\Kathi\Desktop\Auto Insurance.pdf
[2012/11/23 13:16:24 | 000,251,271 | ---- | M] () -- C:\Users\Kathi\Desktop\Matthew Xmas.pdf
[2012/11/23 13:15:59 | 000,246,731 | ---- | M] () -- C:\Users\Kathi\Documents\Scan0141.pdf
[2012/11/23 13:14:04 | 000,458,368 | ---- | M] () -- C:\Users\Kathi\Desktop\Alexis Xmas List.pdf
[2012/11/23 13:12:48 | 000,453,825 | ---- | M] () -- C:\Users\Kathi\Documents\Scan0140.pdf
[2012/11/23 13:11:07 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/11/23 13:11:07 | 000,624,162 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/11/23 13:11:07 | 000,106,538 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/11/19 17:34:57 | 000,002,147 | ---- | M] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2012/11/16 06:53:47 | 000,382,112 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/11/14 17:51:06 | 000,014,472 | ---- | M] () -- C:\Users\Kathi\Desktop\220px-Savanna_towards_the_south-east_from_the_south-west_of_Taita_Hills_Game_Lodge_within_the_Taita_Hills_Wildlife_Sanctuary_in_Kenya.jpg
[2012/11/08 17:12:51 | 000,254,100 | ---- | M] () -- C:\Users\Kathi\Desktop\alexis 2.pdf
[2012/11/08 17:12:35 | 000,249,560 | ---- | M] () -- C:\Users\Kathi\Documents\Scan0139.pdf
[2012/11/08 17:11:42 | 000,335,399 | ---- | M] () -- C:\Users\Kathi\Desktop\alexis 1.pdf
[2012/11/08 17:11:08 | 000,330,856 | ---- | M] () -- C:\Users\Kathi\Documents\Scan0138.pdf
========== Files Created - No Company Name ==========
[2012/12/02 12:07:13 | 000,001,958 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TrustKeeper Agent Status.lnk
[2012/11/29 22:13:01 | 002,213,678 | ---- | C] () -- C:\Users\Kathi\Documents\Scan0144.pdf
[2012/11/29 20:59:08 | 003,800,587 | ---- | C] () -- C:\Users\Kathi\Documents\Scan0143.pdf
[2012/11/29 20:55:35 | 004,816,175 | ---- | C] () -- C:\Users\Kathi\Documents\Scan0142.pdf
[2012/11/28 00:05:14 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/11/27 23:19:15 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/11/27 23:19:15 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/11/27 23:19:15 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/11/27 23:19:15 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/11/27 23:19:15 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/11/27 22:28:48 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2012/11/26 21:01:18 | 000,000,034 | ---- | C] () -- C:\Program Files (x86)\Mozilla Firefoxoverride.ini
[2012/11/26 17:18:05 | 000,226,083 | ---- | C] () -- C:\Users\Kathi\Desktop\Auto Insurance.pdf
[2012/11/23 13:16:24 | 000,251,271 | ---- | C] () -- C:\Users\Kathi\Desktop\Matthew Xmas.pdf
[2012/11/23 13:15:59 | 000,246,731 | ---- | C] () -- C:\Users\Kathi\Documents\Scan0141.pdf
[2012/11/23 13:14:04 | 000,458,368 | ---- | C] () -- C:\Users\Kathi\Desktop\Alexis Xmas List.pdf
[2012/11/23 13:12:48 | 000,453,825 | ---- | C] () -- C:\Users\Kathi\Documents\Scan0140.pdf
[2012/11/19 17:34:57 | 000,002,147 | ---- | C] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2012/11/16 01:55:39 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012/11/16 01:46:55 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012/11/14 17:47:29 | 000,014,472 | ---- | C] () -- C:\Users\Kathi\Desktop\220px-Savanna_towards_the_south-east_from_the_south-west_of_Taita_Hills_Game_Lodge_within_the_Taita_Hills_Wildlife_Sanctuary_in_Kenya.jpg
[2012/11/08 17:12:51 | 000,254,100 | ---- | C] () -- C:\Users\Kathi\Desktop\alexis 2.pdf
[2012/11/08 17:12:35 | 000,249,560 | ---- | C] () -- C:\Users\Kathi\Documents\Scan0139.pdf
[2012/11/08 17:11:42 | 000,335,399 | ---- | C] () -- C:\Users\Kathi\Desktop\alexis 1.pdf
[2012/11/08 17:11:08 | 000,330,856 | ---- | C] () -- C:\Users\Kathi\Documents\Scan0138.pdf
[2012/08/11 10:15:38 | 006,885,376 | ---- | C] () -- C:\Users\Kathi\s-1-5-21-2635634824-2115636220-2321885851-1000.rrr
[2012/07/04 21:55:42 | 000,870,128 | ---- | C] () -- C:\Users\Kathi\AppData\Roaming\mcs.rma
[2012/06/15 21:25:50 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2011/10/05 17:16:07 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2011/05/22 19:27:27 | 000,001,854 | ---- | C] () -- C:\Users\Kathi\AppData\Roaming\GhostObjGAFix.xml
[2011/03/21 18:56:22 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/01/12 19:03:18 | 000,003,155 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/12/28 16:35:54 | 000,000,114 | ---- | C] () -- C:\Users\Kathi\AppData\Roaming\sview.ini
[2010/12/28 16:35:51 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\srfvdo.dat
[2010/12/06 12:57:56 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/11/24 20:51:43 | 000,009,216 | ---- | C] () -- C:\Users\Kathi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
========== ZeroAccess Check ==========
[2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 21:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 20:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 04:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both