Inactive Starburn problem

[KathiM]

I saw you helped someone else with this problem and firefox at this site:
https://www.techspot.com/community/topics/firefox-infected-with-starburn-software.185895/

...I downloaded the Combofix and ran it...do you need my logs too or can I just copy everything you did to help Wilson?

 

[KathiM]

Here is the attachment just in case

 

[KathiM]

The 3 other logs as requested on the sticky post

 

[Jay Pfoutz]

Hi there.

ComboFix should not be run without the guidance of a helper. It is a powerful tool and is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private or regular use. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

See this link to get more info on why it is dangerous.


ComboFix Script

• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• Open notepad and copy/paste the text in the codebox below into it:
  

  ClearJavaCache::

• Save this as CFScript.txt, in the same location as ComboFix.exe
  
  
• Referring to the picture above, drag CFScript into ComboFix.exe
• When finished, it shall produce a log for you at C:\ComboFix.txt
• Please post the contents of the log in your next reply.

OTL Quick Scan

Please download OTL by OldTimer to your Desktop.

• Close all windows and double click OTL.exe.
• Click Quick Scan button and let the program run uninterrupted.
• It will produce a log for you called OTL.txt, please post it in your next reply.
• You may need to use two posts to get it all.

 

[KathiM]

Here you go! Thank you for helping me!

 

[Jay Pfoutz]

Please don't attach logs anymore.

Adware Cleaning

Please download AdwCleaner by Xplode onto your Desktop.

• Double click on AdwCleaner.exe to run the tool.
• Click on Delete.
• A logfile will automatically open after the scan has finished.
• Please post the content of that logfile in your reply.
• You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.

Post new OTL log, please.

 

[KathiM]

OTL:

OTL logfile created on: 11/30/2012 5:21:13 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kathi\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.00 Gb Total Physical Memory | 3.45 Gb Available Physical Memory | 69.07% Memory free
10.00 Gb Paging File | 8.25 Gb Available in Paging File | 82.55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 584.01 Gb Total Space | 273.16 Gb Free Space | 46.77% Space Free | Partition Type: NTFS
Drive D: | 12.07 Gb Total Space | 1.48 Gb Free Space | 12.23% Space Free | Partition Type: NTFS
Drive G: | 1.84 Gb Total Space | 1.82 Gb Free Space | 98.74% Space Free | Partition Type: FAT

Computer Name: KATHI-HP | User Name: Kathi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/29 00:17:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kathi\Downloads\OTL.exe
PRC - [2012/11/20 23:25:21 | 001,807,800 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe
PRC - [2012/10/26 23:44:55 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/10/09 09:53:36 | 004,441,920 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Kathi\AppData\Local\Akamai\netsession_win.exe
PRC - [2012/09/27 17:41:02 | 001,434,112 | ---- | M] () -- C:\Program Files (x86)\A Youtube Downloader Free\A Youtube Downloader Free_Helper.exe
PRC - [2012/09/19 14:56:20 | 000,200,336 | ---- | M] (http://www.goforfiles.com/) -- C:\Program Files (x86)\GoforFiles\GFFUpdater.exe
PRC - [2012/07/27 12:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/03/07 14:40:34 | 000,913,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
PRC - [2011/02/18 10:47:12 | 000,079,192 | ---- | M] (Research In Motion Limited) -- C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2010/11/15 17:05:30 | 000,112,600 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
PRC - [2010/10/01 12:27:22 | 000,632,792 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
PRC - [2010/07/07 12:38:06 | 000,648,536 | ---- | M] (Research In Motion Limited) -- C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
PRC - [2010/06/12 17:06:08 | 000,400,368 | ---- | M] (CinemaNow, Inc.) -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
PRC - [2010/01/18 09:21:08 | 000,568,888 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
PRC - [2009/11/19 18:15:46 | 000,583,016 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe
PRC - [2009/10/14 14:53:20 | 000,635,416 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe
PRC - [2008/11/20 09:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
PRC - [2007/01/23 18:46:58 | 092,573,696 | ---- | M] (Individual Software Inc.) -- C:\Program Files (x86)\AnyTime Deluxe\Atw.exe


========== Modules (No Company Name) ==========

MOD - [2012/11/20 23:25:20 | 014,586,808 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll
MOD - [2012/11/19 17:34:39 | 000,037,280 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll
MOD - [2012/11/16 07:26:43 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\66694f9192bd0dddc2eaf90fbcbcd555\System.Management.ni.dll
MOD - [2012/11/16 07:02:54 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7c4de95aa433eb8d81a81caf805947a8\PresentationFramework.Aero.ni.dll
MOD - [2012/11/16 07:02:35 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll
MOD - [2012/11/16 07:02:33 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\3d4e9d4f6c945d6d3b7d423fdb6bd274\System.Data.ni.dll
MOD - [2012/11/16 07:02:21 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1ec80905a71750be50dfc7981ad5ae28\PresentationFramework.ni.dll
MOD - [2012/11/16 07:02:03 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll
MOD - [2012/11/16 07:01:55 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll
MOD - [2012/11/16 07:01:51 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\53d6d827964619285771ed72332d3659\PresentationCore.ni.dll
MOD - [2012/11/16 07:01:37 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll
MOD - [2012/11/16 07:01:26 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll
MOD - [2012/11/16 07:01:22 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll
MOD - [2012/11/16 07:01:19 | 007,988,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll
MOD - [2012/11/16 07:01:12 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll
MOD - [2012/10/26 23:44:54 | 002,295,264 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/09/27 17:41:02 | 001,434,112 | ---- | M] () -- C:\Program Files (x86)\A Youtube Downloader Free\A Youtube Downloader Free_Helper.exe
MOD - [2010/11/04 17:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/09/28 14:00:32 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
MOD - [2010/09/28 14:00:30 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
MOD - [2010/09/28 14:00:14 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
MOD - [2010/01/18 09:21:08 | 000,568,888 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
MOD - [1997/04/29 11:26:16 | 000,120,832 | ---- | M] () -- C:\Program Files (x86)\AnyTime Deluxe\Utdial32.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/03/07 14:40:34 | 000,913,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2011/03/08 20:53:04 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/01/26 17:01:28 | 000,354,304 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2010/06/17 04:23:36 | 000,194,496 | ---- | M] (Advanced Micro Devices) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe -- (AMD Reservation Manager)
SRV:64bit: - [2009/07/13 17:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/11/20 23:25:22 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/11/09 17:59:44 | 004,539,712 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll -- (Akamai)
SRV - [2012/10/26 23:44:54 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/09/27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2012/07/27 12:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/03/28 11:51:25 | 004,323,256 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2010/10/12 09:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/10/01 12:27:22 | 000,632,792 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2010/06/12 17:06:08 | 000,400,368 | ---- | M] (CinemaNow, Inc.) [Auto | Running] -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -- (CinemaNow Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/14 14:53:20 | 000,635,416 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV:64bit: - [2012/03/14 07:40:04 | 000,187,632 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfw.sys -- (epfw)
DRV:64bit: - [2012/03/14 07:40:04 | 000,062,496 | ---- | M] (ESET) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\epfwwfp.sys -- (epfwwfp)
DRV:64bit: - [2012/03/14 07:40:04 | 000,038,288 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\EpfwLWF.sys -- (EpfwLWF)
DRV:64bit: - [2012/03/14 07:40:02 | 000,209,768 | ---- | M] (ESET) [File_System | System | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2012/03/14 07:40:02 | 000,148,528 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2012/02/29 22:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/09 01:22:42 | 009,258,496 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/03/08 20:17:42 | 000,300,544 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/02/16 17:23:46 | 000,074,240 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2010/11/20 05:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 03:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/17 04:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010/11/16 12:18:27 | 000,046,112 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tbhsd.sys -- (tbhsd)
DRV:64bit: - [2010/03/10 07:33:52 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie)
DRV:64bit: - [2010/03/04 06:43:00 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/02/18 08:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2010/02/05 20:04:06 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/02/05 20:04:04 | 000,070,712 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/12/22 01:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/09/17 05:26:18 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SSPORT.sys -- (SSPORT)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 16:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/01/09 16:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005/01/02 13:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{150F51E5-89FD-4029-83A9-0706137DF8BE}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{1A4CF5B9-A2FD-464C-A311-FF2B6A3A9607}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
IE:64bit: - HKLM\..\SearchScopes\{4637FF3D-F284-4B7E-B76A-546A8EDCD4C6}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{DFFBC655-3F10-4FE2-8430-13CFE1FD498F}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://apype.com
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {b843a48a-b70f-45cd-a15a-6c2b30c2c11e} - C:\Program Files (x86)\Gamers Unite! Snag Bar\Helper.dll ()
IE - HKCU\..\SearchScopes,DefaultScope = {420efb88-346f-4cb5-bbb1-cfd5efad5439}
IE - HKCU\..\SearchScopes\{420efb88-346f-4cb5-bbb1-cfd5efad5439}: "URL" = http://apype.com/results.php?q={searchTerms}
IE - HKCU\..\SearchScopes\{62E7C7FA-5F68-4414-931F-93E8858EF758}: "URL" = http://www.google.com/search?q={sea...rce}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Custom search"
FF - prefs.js..browser.search.searchEnginesURL: "http://websearch.4shared.com/results?q="
FF - prefs.js..browser.search.selectedEngine: "Search the Web"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://apype.com"
FF - prefs.js..extensions.enabledAddons: {afe43e80-0abc-4df2-81a0-3fe44b74abe8}:1.300.433
FF - prefs.js..keyword.URL: "http://ws.infospace.com/gamers_tbar/ws/redir?_iceUrl=true&user_id=80050209&tool_id=62781&qkw="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_34: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5: C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\18\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll ()
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Kathi\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET SMART SECURITY\MOZILLA THUNDERBIRD [2012/07/20 21:00:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\quickprint@hp.com: C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2011/01/26 14:27:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/26 23:44:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2012/07/20 21:00:08 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\14xRm@skywebsearch.com: C:\PROGRA~2\AYOUTU~1\A Youtube Downloader Free.xpi [2012/09/27 17:40:26 | 000,046,060 | ---- | M] ()
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/26 23:44:55 | 000,000,000 | ---D | M]

[2011/12/10 22:24:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kathi\AppData\Roaming\Mozilla\Extensions
[2012/11/26 23:00:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kathi\AppData\Roaming\Mozilla\Firefox\Profiles\lad0jdno.default\extensions
[2012/11/26 23:00:30 | 000,554,789 | ---- | M] () (No name found) -- C:\Users\Kathi\AppData\Roaming\Mozilla\Firefox\Profiles\lad0jdno.default\extensions\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}.xpi
[2012/11/30 17:19:32 | 000,001,742 | ---- | M] () -- C:\Users\Kathi\AppData\Roaming\Mozilla\Firefox\Profiles\lad0jdno.default\searchplugins\search-the-web.xml
[2012/11/26 21:01:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/10/26 23:44:55 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/11/27 22:26:13 | 000,002,261 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Custom search.xml

========== Chrome ==========

CHR - homepage: http://www.google.com

O1 HOSTS File: ([2012/11/27 23:45:09 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (4sharedExt) - {95525BD9-6136-4A26-8263-9CEE295D442D} - C:\Program Files (x86)\4shared Toolbar\4sharedExt64.dll (New IT Solutions Ltd)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (A Youtube Downloader Free) - {c0415407-4ed2-48e1-900e-ee869abdd1f3} - C:\PROGRA~2\AYOUTU~1\A Youtube Downloader Free.dll File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (4shared Toolbar) - {95080B13-AA71-4EE8-B951-7E98221E1ED5} - C:\Program Files (x86)\4shared Toolbar\4sharedbar64.dll (New IT Solutions Ltd)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (A Youtube Downloader Free) - {c0415407-4ed2-48e1-900e-ee869abdd1f3} - C:\PROGRA~2\AYOUTU~1\A Youtube Downloader Free.dll File not found
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [A Youtube Downloader Free_Helper] C:\Program Files (x86)\A Youtube Downloader Free\A Youtube Downloader Free_Helper.exe ()
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [atr.exe] File not found
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [ContentTransferWMDetector.exe] C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe (Sony Corporation)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [4Sync] C:\Program Files (x86)\4Sync\4Sync.exe (New IT Solutions Ltd.)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Kathi\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe (Hewlett-Packard)
O4 - HKCU..\Run: [PlayNC Launcher] File not found
O4 - HKCU..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" File not found
O4 - Startup: C:\Users\Kathi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AnyTime.lnk = C:\Program Files (x86)\AnyTime Deluxe\Atw.exe (Individual Software Inc.)
O4 - Startup: C:\Users\Kathi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: &4shared Search - C:\Program Files (x86)\4shared Toolbar\4sharedbar64.dll (New IT Solutions Ltd)
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Kathi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: &4shared Search - C:\Program Files (x86)\4shared Toolbar\4sharedbar64.dll (New IT Solutions Ltd)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Kathi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: caldirectsecuredocs.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: caldirectsecuredocs.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: com ([pennwest-edocs] http in Trusted sites)
O15 - HKCU\..Trusted Domains: com ([pennwest-edocs] https in Trusted sites)
O15 - HKCU\..Trusted Domains: ditechsecuredocs.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: ditechsecuredocs.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: ditechsecuredocs.net ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: ditechsecuredocs.net ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: docmagic.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: docmagic.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: elynx.net ([ctest] http in Trusted sites)
O15 - HKCU\..Trusted Domains: elynx.net ([ctest] https in Trusted sites)
O15 - HKCU\..Trusted Domains: elynx.net ([forms] http in Trusted sites)
O15 - HKCU\..Trusted Domains: elynx.net ([forms] https in Trusted sites)
O15 - HKCU\..Trusted Domains: elynx.net ([gmacforms] http in Trusted sites)
O15 - HKCU\..Trusted Domains: elynx.net ([gmacforms] https in Trusted sites)
O15 - HKCU\..Trusted Domains: elynx.net ([pro] http in Trusted sites)
O15 - HKCU\..Trusted Domains: elynx.net ([pro] https in Trusted sites)
O15 - HKCU\..Trusted Domains: elynx.net ([secure] http in Trusted sites)
O15 - HKCU\..Trusted Domains: elynx.net ([secure] https in Trusted sites)
O15 - HKCU\..Trusted Domains: elynx.net ([usign] http in Trusted sites)
O15 - HKCU\..Trusted Domains: elynx.net ([usign] https in Trusted sites)
O15 - HKCU\..Trusted Domains: elynx.net ([webpost] http in Trusted sites)
O15 - HKCU\..Trusted Domains: elynx.net ([webpost] https in Trusted sites)
O15 - HKCU\..Trusted Domains: gmacmsecuredocs.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: gmacmsecuredocs.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: gmacmsecuredocs.net ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: gmacmsecuredocs.net ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: gmamcsecuredocs.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: gmamcsecuredocs.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: rhapsody.com ([rhap-app-4-0] https in Trusted sites)
O15 - HKCU\..Trusted Domains: rhapsody.com ([rhapreg] https in Trusted sites)
O15 - HKCU\..Trusted Domains: ss3.swiftsend.com ([loandocs] http in Trusted sites)
O15 - HKCU\..Trusted Domains: ss3.swiftsend.com ([loandocs] https in Trusted sites)
O15 - HKCU\..Trusted Domains: swiftsend.com ([docs] http in Trusted sites)
O15 - HKCU\..Trusted Domains: swiftsend.com ([docs] https in Trusted sites)
O15 - HKCU\..Trusted Domains: swiftsend.com ([loandocs] http in Trusted sites)
O15 - HKCU\..Trusted Domains: swiftsend.com ([loandocs] https in Trusted sites)
O15 - HKCU\..Trusted Domains: swiftsend2.com ([docs] http in Trusted sites)
O15 - HKCU\..Trusted Domains: swiftsend2.com ([docs] https in Trusted sites)
O15 - HKCU\..Trusted Domains: swiftsend2.com ([loandocs] http in Trusted sites)
O15 - HKCU\..Trusted Domains: swiftsend2.com ([loandocs] https in Trusted sites)
O15 - HKCU\..Trusted Domains: swiftview.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: swiftview.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: wamuloandocs.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: wamuloandocs.com ([www] https in Trusted sites)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Plugin Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab (Java Plug-in 1.6.0_34)
O16 - DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} http://panda-plugin.disney.go.com/plugin/win32/p3dactivex.cab (P3DActiveX Control)
O16 - DPF: {CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab (Java Plug-in 1.6.0_34)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab (Java Plug-in 1.6.0_34)
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx (CRLDownloadWrapper Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{57F4C65D-DE84-4C7F-A9A4-EFD6EA28E475}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/11/27 22:28:48 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/11/30 14:32:57 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{4608C5FA-37EF-4EE0-94CE-1F9378567A3D}
[2012/11/29 15:11:34 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/11/29 15:10:30 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{C9D3E595-166B-4108-8FBB-E38912055C17}
[2012/11/29 00:39:55 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/11/28 20:13:47 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{E8E58D15-3237-4464-8EF2-372578F51F11}
[2012/11/28 08:13:34 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{AB4B3DAA-4657-457A-915B-EF2D01D484EF}
[2012/11/28 00:24:33 | 000,000,000 | ---D | C] -- C:\Users\Kathi\Desktop\Virus removal
[2012/11/28 00:05:18 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Roaming\Malwarebytes
[2012/11/28 00:05:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/11/28 00:05:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/11/28 00:05:12 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/11/28 00:05:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/11/27 23:59:55 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012/11/27 23:19:15 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/11/27 23:19:15 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/11/27 23:19:15 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/11/27 23:18:45 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/11/27 23:18:14 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/11/27 22:28:13 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012/11/27 18:37:28 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{57E04207-89F6-446D-8DCB-B86398E7A2CA}
[2012/11/27 03:28:51 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{8293A4E9-4F86-458A-9056-38D94E7A1B2D}
[2012/11/26 21:01:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\A Youtube Downloader Free
[2012/11/26 15:28:25 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{F9A09894-87D9-4E4A-8A26-76C7F64C4A0A}
[2012/11/25 13:11:14 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{FE403889-A439-46EF-8F08-68DF75D25B1D}
[2012/11/25 01:10:50 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{A8A9512F-FF18-4BBC-A7AA-7B206248EFE4}
[2012/11/24 13:10:37 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{0EE3B6A2-DA5B-4E17-B2E4-2BD6A8A48774}
[2012/11/23 11:46:27 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{269F6611-3BD7-4DEB-93EC-AB388F35B96E}
[2012/11/22 23:46:01 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{CD6029AC-1401-46E8-8619-25569DF6764A}
[2012/11/20 13:14:29 | 000,000,000 | ---D | C] -- C:\LGMobileUpgrade
[2012/11/20 13:13:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LG Electronics
[2012/11/20 11:35:09 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{7FA3AFF0-1ED7-4C62-93F5-35427272AF4C}
[2012/11/19 23:34:58 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{58BA76CF-231E-4630-8C02-C9B31FF1370C}
[2012/11/19 17:34:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
[2012/11/19 17:32:55 | 000,000,000 | ---D | C] -- C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}
[2012/11/19 11:34:46 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{2E351E04-2111-4EF3-86CD-CBEE0261BAEE}
[2012/11/18 23:34:34 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{D5AD68FF-7C77-4356-AF80-3F7D56E66B3D}
[2012/11/18 11:34:21 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{58A551D9-F5D8-4FE3-8261-D691F564D20E}
[2012/11/17 15:16:26 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{0C525CDA-33F9-42CE-871D-5609DD015E6D}
[2012/11/16 12:24:56 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{CE75A2E1-E7E8-4ABB-BBFA-A27F2F78E1C6}
[2012/11/15 22:21:20 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{64AB8BEB-18FE-4617-AF21-FA7101805945}
[2012/11/15 10:21:07 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{C9846F85-A50F-4983-92B9-702A05BF0BF9}
[2012/11/14 19:28:41 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{18FD4BD7-2B9F-4398-83E9-31E721170F57}
[2012/11/14 07:16:34 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{51510BAA-1BE0-4B7C-8886-927FCEC36133}
[2012/11/13 19:16:08 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{54C4F440-4943-4448-9ACF-5DEFC4092209}
[2012/11/13 07:15:41 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{20B5B08A-66CD-430E-A6CD-B10DA63C609F}
[2012/11/12 11:30:06 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{C2C39778-7C87-47F4-9669-4DFF8CA42079}
[2012/11/11 11:37:20 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{58BCDDDC-A092-45F8-87D3-911B920AE96F}
[2012/11/10 18:40:23 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{25251B61-D02C-4B18-A26F-8E2B85185C71}
[2012/11/04 13:33:09 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{C30BD269-BA26-474B-98ED-15511090F90E}
[2012/11/03 10:34:38 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{85315673-2AC0-466B-A8A3-9EE173B70C56}
[2012/11/02 16:08:39 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{8C96C48F-532E-4B30-BC63-004CA12EDE15}
[2012/11/01 20:34:41 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{D9626CBA-8037-47E9-9461-1C62A5567B66}
[2011/02/25 18:07:35 | 021,882,800 | ---- | C] (Trion Worlds, Inc.) -- C:\Users\Kathi\Rift_LIVE_Patcher_setup.exe
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/11/30 17:26:36 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/30 17:26:36 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/30 17:17:54 | 000,001,916 | ---- | M] () -- C:\Users\Kathi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet 6700.lnk
[2012/11/30 17:17:33 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/30 17:15:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/30 17:15:24 | 4025,966,592 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/30 16:40:00 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Communicator.job
[2012/11/30 16:35:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/30 16:32:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/11/29 22:13:08 | 002,213,678 | ---- | M] () -- C:\Users\Kathi\Documents\Scan0144.pdf
[2012/11/29 20:59:10 | 003,800,587 | ---- | M] () -- C:\Users\Kathi\Documents\Scan0143.pdf
[2012/11/29 20:55:38 | 004,816,175 | ---- | M] () -- C:\Users\Kathi\Documents\Scan0142.pdf
[2012/11/29 20:00:13 | 000,000,266 | ---- | M] () -- C:\Windows\tasks\RMSchedule.job
[2012/11/28 00:05:14 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/11/27 23:45:09 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/11/27 23:44:01 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForKathi.job
[2012/11/27 22:28:48 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2012/11/27 22:26:13 | 000,000,034 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefoxoverride.ini
[2012/11/26 18:53:51 | 000,484,747 | ---- | M] () -- C:\Users\Kathi\Desktop\program_guide.pdf
[2012/11/26 18:53:41 | 001,104,397 | ---- | M] () -- C:\Users\Kathi\Desktop\guide_newmerchant.pdf
[2012/11/26 17:18:07 | 000,226,083 | ---- | M] () -- C:\Users\Kathi\Desktop\Auto Insurance.pdf
[2012/11/23 13:16:24 | 000,251,271 | ---- | M] () -- C:\Users\Kathi\Desktop\Matthew Xmas.pdf
[2012/11/23 13:15:59 | 000,246,731 | ---- | M] () -- C:\Users\Kathi\Documents\Scan0141.pdf
[2012/11/23 13:14:04 | 000,458,368 | ---- | M] () -- C:\Users\Kathi\Desktop\Alexis Xmas List.pdf
[2012/11/23 13:12:48 | 000,453,825 | ---- | M] () -- C:\Users\Kathi\Documents\Scan0140.pdf
[2012/11/23 13:11:07 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/11/23 13:11:07 | 000,624,162 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/11/23 13:11:07 | 000,106,538 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/11/19 17:34:57 | 000,002,147 | ---- | M] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2012/11/16 06:53:47 | 000,382,112 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/11/14 17:51:06 | 000,014,472 | ---- | M] () -- C:\Users\Kathi\Desktop\220px-Savanna_towards_the_south-east_from_the_south-west_of_Taita_Hills_Game_Lodge_within_the_Taita_Hills_Wildlife_Sanctuary_in_Kenya.jpg
[2012/11/08 17:12:51 | 000,254,100 | ---- | M] () -- C:\Users\Kathi\Desktop\alexis 2.pdf
[2012/11/08 17:12:35 | 000,249,560 | ---- | M] () -- C:\Users\Kathi\Documents\Scan0139.pdf
[2012/11/08 17:11:42 | 000,335,399 | ---- | M] () -- C:\Users\Kathi\Desktop\alexis 1.pdf
[2012/11/08 17:11:08 | 000,330,856 | ---- | M] () -- C:\Users\Kathi\Documents\Scan0138.pdf
[2012/11/02 04:58:35 | 000,227,943 | ---- | M] () -- C:\Users\Kathi\Documents\Scan0137.pdf
[2012/11/02 03:37:48 | 006,219,610 | ---- | M] () -- C:\Users\Kathi\Documents\Scan0136.pdf
[2012/11/02 03:32:30 | 007,601,529 | ---- | M] () -- C:\Users\Kathi\Documents\Scan0135.pdf
[2012/11/02 03:26:12 | 006,599,533 | ---- | M] () -- C:\Users\Kathi\Documents\Scan0134.pdf
[2012/11/02 00:52:15 | 001,190,201 | ---- | M] () -- C:\Users\Kathi\Documents\Scan0133.pdf
[2012/11/02 00:47:30 | 002,683,478 | ---- | M] () -- C:\Users\Kathi\Documents\Scan0132.pdf
[2012/11/02 00:41:21 | 003,425,430 | ---- | M] () -- C:\Users\Kathi\Documents\Scan0131.pdf
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 

[Jay Pfoutz]

OTL Fix

Please run OTL

• Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:
  
  

  :OTL
  IE:64bit: - HKLM\..\SearchScopes\{1A4CF5B9-A2FD-464C-A311-FF2B6A3A9607}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
  IE - HKCU\..\SearchScopes\{420efb88-346f-4cb5-bbb1-cfd5efad5439}: "URL" = http://apype.com/results.php?q={searchTerms}
  FF - prefs.js..browser.search.defaultenginename: "Custom search"
  FF - prefs.js..browser.search.selectedEngine: "Search the Web"
  FF - prefs.js..browser.startup.homepage: "http://apype.com"
  FF - prefs.js..extensions.enabledAddons: {afe43e80-0abc-4df2-81a0-3fe44b74abe8}:1.300.433
  FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\14xRm@skywebsearch.com: C:\PROGRA~2\AYOUTU~1\A Youtube Downloader Free.xpi [2012/09/27 17:40:26 | 000,046,060 | ---- | M] ()
  [2012/11/30 17:19:32 | 000,001,742 | ---- | M] () -- C:\Users\Kathi\AppData\Roaming\Mozilla\Firefox\Profiles\lad0jdno.default\searchplugins\search-the-web.xml
  [2012/11/27 22:26:13 | 000,002,261 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Custom search.xml
  [2012/11/26 23:00:30 | 000,554,789 | ---- | M] () (No name found) -- C:\Users\Kathi\AppData\Roaming\Mozilla\Firefox\Profiles\lad0jdno.default\extensions\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}.xpi
  O2:64bit: - BHO: (4sharedExt) - {95525BD9-6136-4A26-8263-9CEE295D442D} - C:\Program Files (x86)\4shared Toolbar\4sharedExt64.dll (New IT Solutions Ltd)
  O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
  O2 - BHO: (A Youtube Downloader Free) - {c0415407-4ed2-48e1-900e-ee869abdd1f3} - C:\PROGRA~2\AYOUTU~1\A Youtube Downloader Free.dll File not found
  O3:64bit: - HKLM\..\Toolbar: (no name) - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found.
  O3:64bit: - HKLM\..\Toolbar: (4shared Toolbar) - {95080B13-AA71-4EE8-B951-7E98221E1ED5} - C:\Program Files (x86)\4shared Toolbar\4sharedbar64.dll (New IT Solutions Ltd)
  O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
  O3 - HKLM\..\Toolbar: (A Youtube Downloader Free) - {c0415407-4ed2-48e1-900e-ee869abdd1f3} - C:\PROGRA~2\AYOUTU~1\A Youtube Downloader Free.dll File not found
  O4 - HKLM..\Run: [A Youtube Downloader Free_Helper] C:\Program Files (x86)\A Youtube Downloader Free\A Youtube Downloader Free_Helper.exe ()
  O4 - HKLM..\Run: [atr.exe] File not found
  O8:64bit: - Extra context menu item: &4shared Search - C:\Program Files (x86)\4shared Toolbar\4sharedbar64.dll (New IT Solutions Ltd)
  O8 - Extra context menu item: &4shared Search - C:\Program Files (x86)\4shared Toolbar\4sharedbar64.dll (New IT Solutions Ltd)
  O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab (Java Plug-in 1.6.0_34)
  O16 - DPF: {CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab (Java Plug-in 1.6.0_34)
  O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab (Java Plug-in 1.6.0_34)
  [2012/11/26 21:01:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\A Youtube Downloader Free
  
  :files
  ipconfig /flushdns /c
  
  :commands
  [emptytemp]
  [reboot]

• Then click the Run Fix button at the top.
• Note: The fix for OTL automatically hides your Desktop and Start menu so the fix can be completed. Do not be alerted, as this is normal.
• Please do not exit the program. It might take a while to fix, but allow it to run. If it asks to reboot the computer, allow it to reboot. If the program freezes, and the computer fails to reboot - let me know.
  Lastly, post the contents of the log. (Located at C:\_OTL\Moved Files)

Once that's done, please post a new OTL Quick Scan.

 

[KathiM]

All processes killed
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1A4CF5B9-A2FD-464C-A311-FF2B6A3A9607}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1A4CF5B9-A2FD-464C-A311-FF2B6A3A9607}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{420efb88-346f-4cb5-bbb1-cfd5efad5439}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{420efb88-346f-4cb5-bbb1-cfd5efad5439}\ not found.
Prefs.js: "Custom search" removed from browser.search.defaultenginename
Prefs.js: "Search the Web" removed from browser.search.selectedEngine
Prefs.js: "http://apype.com" removed from browser.startup.homepage
Prefs.js: {afe43e80-0abc-4df2-81a0-3fe44b74abe8}:1.300.433 removed from extensions.enabledAddons
Registry value HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\14xRm@skywebsearch.com deleted successfully.
File C:\PROGRA~2\AYOUTU~1\A Youtube Downloader Free.xpi [2012/09/27 17:40:26 | 000,046,060 | ---- | M] not found.
C:\Users\Kathi\AppData\Roaming\Mozilla\Firefox\Profiles\lad0jdno.default\searchplugins\search-the-web.xml moved successfully.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\Custom search.xml moved successfully.
C:\Users\Kathi\AppData\Roaming\Mozilla\Firefox\Profiles\lad0jdno.default\extensions\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}.xpi moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95525BD9-6136-4A26-8263-9CEE295D442D}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95525BD9-6136-4A26-8263-9CEE295D442D}\ deleted successfully.
C:\Program Files (x86)\4shared Toolbar\4sharedExt64.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c0415407-4ed2-48e1-900e-ee869abdd1f3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c0415407-4ed2-48e1-900e-ee869abdd1f3}\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\!{2318C2B1-4965-11d4-9B18-009027A5CD4F} deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{95080B13-AA71-4EE8-B951-7E98221E1ED5} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95080B13-AA71-4EE8-B951-7E98221E1ED5}\ deleted successfully.
C:\Program Files (x86)\4shared Toolbar\4sharedbar64.dll moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{c0415407-4ed2-48e1-900e-ee869abdd1f3} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c0415407-4ed2-48e1-900e-ee869abdd1f3}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\A Youtube Downloader Free_Helper deleted successfully.
C:\Program Files (x86)\A Youtube Downloader Free\A Youtube Downloader Free_Helper.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\atr.exe deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&4shared Search\ deleted successfully.
File C:\Program Files (x86)\4shared Toolbar\4sharedbar64.dll not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&4shared Search\ not found.
File C:\Program Files (x86)\4shared Toolbar\4sharedbar64.dll not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
C:\Program Files (x86)\A Youtube Downloader Free folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Kathi\Downloads\cmd.bat deleted successfully.
C:\Users\Kathi\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41620 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Kathi
->Temp folder emptied: 11896823 bytes
->Temporary Internet Files folder emptied: 154169686 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 177548854 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 43518 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1901014 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4263290 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67630 bytes
RecycleBin emptied: 5893196 bytes

Total Files Cleaned = 339.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 12012012_143310

Files\Folders moved on Reboot...
C:\Users\Kathi\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

 

[Jay Pfoutz]

Okay, post new OTL log, and we can verify.

 

[KathiM]

OTL logfile created on: 12/2/2012 11:38:58 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kathi\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.00 Gb Total Physical Memory | 3.18 Gb Available Physical Memory | 63.59% Memory free
10.00 Gb Paging File | 7.80 Gb Available in Paging File | 77.98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 584.01 Gb Total Space | 273.78 Gb Free Space | 46.88% Space Free | Partition Type: NTFS
Drive D: | 12.07 Gb Total Space | 1.48 Gb Free Space | 12.23% Space Free | Partition Type: NTFS

Computer Name: KATHI-HP | User Name: Kathi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/12/02 12:07:49 | 000,236,552 | ---- | M] (Trustwave) -- C:\Program Files (x86)\Trustwave\Agent\tkstatus.exe
PRC - [2012/12/02 12:07:48 | 000,131,592 | ---- | M] (Trustwave) -- C:\Program Files (x86)\Trustwave\Agent\tkagent.exe
PRC - [2012/11/29 00:17:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kathi\Downloads\OTL.exe
PRC - [2012/11/20 23:25:21 | 001,807,800 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe
PRC - [2012/10/26 23:44:55 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/10/09 09:53:36 | 004,441,920 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Kathi\AppData\Local\Akamai\netsession_win.exe
PRC - [2012/09/19 14:56:20 | 000,200,336 | ---- | M] (http://www.goforfiles.com/) -- C:\Program Files (x86)\GoforFiles\GFFUpdater.exe
PRC - [2012/07/27 12:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/03/07 14:40:34 | 000,913,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
PRC - [2012/01/18 14:02:04 | 000,508,136 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2011/02/18 10:47:12 | 000,079,192 | ---- | M] (Research In Motion Limited) -- C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2010/11/15 17:05:30 | 000,112,600 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
PRC - [2010/10/01 12:27:22 | 000,632,792 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
PRC - [2010/09/16 12:26:08 | 001,594,328 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Registry Mechanic\Upgrade.exe
PRC - [2010/07/07 12:38:06 | 000,648,536 | ---- | M] (Research In Motion Limited) -- C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
PRC - [2010/06/12 17:06:08 | 000,400,368 | ---- | M] (CinemaNow, Inc.) -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
PRC - [2010/01/18 09:21:08 | 000,568,888 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
PRC - [2009/11/19 18:15:46 | 000,583,016 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe
PRC - [2009/10/14 14:53:20 | 000,635,416 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe
PRC - [2008/11/20 09:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
PRC - [2007/01/23 18:46:58 | 092,573,696 | ---- | M] (Individual Software Inc.) -- C:\Program Files (x86)\AnyTime Deluxe\Atw.exe


========== Modules (No Company Name) ==========

MOD - [2012/11/20 23:25:20 | 014,586,808 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll
MOD - [2012/11/19 17:34:39 | 000,037,280 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll
MOD - [2012/11/16 07:26:43 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\66694f9192bd0dddc2eaf90fbcbcd555\System.Management.ni.dll
MOD - [2012/11/16 07:02:54 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7c4de95aa433eb8d81a81caf805947a8\PresentationFramework.Aero.ni.dll
MOD - [2012/11/16 07:02:35 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll
MOD - [2012/11/16 07:02:33 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\3d4e9d4f6c945d6d3b7d423fdb6bd274\System.Data.ni.dll
MOD - [2012/11/16 07:02:21 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1ec80905a71750be50dfc7981ad5ae28\PresentationFramework.ni.dll
MOD - [2012/11/16 07:02:03 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll
MOD - [2012/11/16 07:01:55 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll
MOD - [2012/11/16 07:01:52 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\70705382a499703e7a595fada80b04e6\Accessibility.ni.dll
MOD - [2012/11/16 07:01:51 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\53d6d827964619285771ed72332d3659\PresentationCore.ni.dll
MOD - [2012/11/16 07:01:37 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll
MOD - [2012/11/16 07:01:26 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll
MOD - [2012/11/16 07:01:22 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll
MOD - [2012/11/16 07:01:19 | 007,988,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll
MOD - [2012/11/16 07:01:12 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll
MOD - [2012/10/26 23:44:54 | 002,295,264 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/06/13 17:42:48 | 000,181,248 | ---- | M] () -- C:\Program Files (x86)\Trustwave\Agent\zlibwapi.dll
MOD - [2010/11/04 17:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/09/28 14:00:32 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
MOD - [2010/09/28 14:00:30 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
MOD - [2010/09/28 14:00:14 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
MOD - [2010/01/18 09:21:08 | 000,568,888 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
MOD - [1997/04/29 11:26:16 | 000,120,832 | ---- | M] () -- C:\Program Files (x86)\AnyTime Deluxe\Utdial32.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/03/07 14:40:34 | 000,913,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2011/03/08 20:53:04 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/01/26 17:01:28 | 000,354,304 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2010/06/17 04:23:36 | 000,194,496 | ---- | M] (Advanced Micro Devices) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe -- (AMD Reservation Manager)
SRV:64bit: - [2009/07/13 17:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/12/02 12:07:48 | 000,131,592 | ---- | M] (Trustwave) [Auto | Running] -- C:\Program Files (x86)\Trustwave\Agent\tkagent.exe -- (tkagent)
SRV - [2012/11/20 23:25:22 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/11/09 17:59:44 | 004,539,712 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll -- (Akamai)
SRV - [2012/10/26 23:44:54 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/09/27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2012/07/27 12:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/03/28 11:51:25 | 004,323,256 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2010/10/12 09:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/10/01 12:27:22 | 000,632,792 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2010/06/12 17:06:08 | 000,400,368 | ---- | M] (CinemaNow, Inc.) [Auto | Running] -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -- (CinemaNow Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/14 14:53:20 | 000,635,416 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV:64bit: - [2012/03/14 07:40:04 | 000,187,632 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfw.sys -- (epfw)
DRV:64bit: - [2012/03/14 07:40:04 | 000,062,496 | ---- | M] (ESET) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\epfwwfp.sys -- (epfwwfp)
DRV:64bit: - [2012/03/14 07:40:04 | 000,038,288 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\EpfwLWF.sys -- (EpfwLWF)
DRV:64bit: - [2012/03/14 07:40:02 | 000,209,768 | ---- | M] (ESET) [File_System | System | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2012/03/14 07:40:02 | 000,148,528 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2012/02/29 22:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/09 01:22:42 | 009,258,496 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/03/08 20:17:42 | 000,300,544 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/02/16 17:23:46 | 000,074,240 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2010/11/20 05:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 03:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/17 04:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010/11/16 12:18:27 | 000,046,112 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tbhsd.sys -- (tbhsd)
DRV:64bit: - [2010/03/10 07:33:52 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie)
DRV:64bit: - [2010/03/04 06:43:00 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/02/18 08:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2010/02/05 20:04:06 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/02/05 20:04:04 | 000,070,712 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/12/22 01:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/09/17 05:26:18 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SSPORT.sys -- (SSPORT)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 16:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/01/09 16:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005/01/02 13:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{150F51E5-89FD-4029-83A9-0706137DF8BE}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{4637FF3D-F284-4B7E-B76A-546A8EDCD4C6}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{DFFBC655-3F10-4FE2-8430-13CFE1FD498F}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://apype.com
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {b843a48a-b70f-45cd-a15a-6c2b30c2c11e} - C:\Program Files (x86)\Gamers Unite! Snag Bar\Helper.dll ()
IE - HKCU\..\SearchScopes,DefaultScope = {62E7C7FA-5F68-4414-931F-93E8858EF758}
IE - HKCU\..\SearchScopes\{62E7C7FA-5F68-4414-931F-93E8858EF758}: "URL" = http://www.google.com/search?q={sea...rce}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Custom search"
FF - prefs.js..browser.search.searchEnginesURL: "http://websearch.4shared.com/results?q="
FF - prefs.js..browser.search.selectedEngine: "Custom search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://apype.com"
FF - prefs.js..extensions.enabledAddons: {afe43e80-0abc-4df2-81a0-3fe44b74abe8}:1.300.433
FF - prefs.js..keyword.URL: "http://apype.com/results.php?q="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_34: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5: C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\18\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll ()
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Kathi\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET SMART SECURITY\MOZILLA THUNDERBIRD [2012/07/20 21:00:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\quickprint@hp.com: C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2011/01/26 14:27:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/26 23:44:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2012/07/20 21:00:08 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/26 23:44:55 | 000,000,000 | ---D | M]

[2011/12/10 22:24:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kathi\AppData\Roaming\Mozilla\Extensions
[2012/12/02 00:47:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kathi\AppData\Roaming\Mozilla\Firefox\Profiles\lad0jdno.default\extensions
[2012/12/02 00:47:11 | 000,580,191 | ---- | M] () (No name found) -- C:\Users\Kathi\AppData\Roaming\Mozilla\Firefox\Profiles\lad0jdno.default\extensions\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}.xpi
[2012/11/26 21:01:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/10/26 23:44:55 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

========== Chrome ==========

CHR - homepage: http://www.google.com

O1 HOSTS File: ([2012/11/27 23:45:09 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [ContentTransferWMDetector.exe] C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe (Sony Corporation)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [4Sync] C:\Program Files (x86)\4Sync\4Sync.exe (New IT Solutions Ltd.)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Kathi\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe (Hewlett-Packard)
O4 - HKCU..\Run: [PlayNC Launcher] File not found
O4 - Startup: C:\Users\Kathi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AnyTime.lnk = C:\Program Files (x86)\AnyTime Deluxe\Atw.exe (Individual Software Inc.)
O4 - Startup: C:\Users\Kathi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Kathi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Kathi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: caldirectsecuredocs.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: caldirectsecuredocs.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: com ([pennwest-edocs] http in Trusted sites)
O15 - HKCU\..Trusted Domains: com ([pennwest-edocs] https in Trusted sites)
O15 - HKCU\..Trusted Domains: ditechsecuredocs.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: ditechsecuredocs.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: ditechsecuredocs.net ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: ditechsecuredocs.net ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: docmagic.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: docmagic.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: elynx.net ([ctest] http in Trusted sites)
O15 - HKCU\..Trusted Domains: elynx.net ([ctest] https in Trusted sites)
O15 - HKCU\..Trusted Domains: elynx.net ([forms] http in Trusted sites)
O15 - HKCU\..Trusted Domains: elynx.net ([forms] https in Trusted sites)
O15 - HKCU\..Trusted Domains: elynx.net ([gmacforms] http in Trusted sites)
O15 - HKCU\..Trusted Domains: elynx.net ([gmacforms] https in Trusted sites)
O15 - HKCU\..Trusted Domains: elynx.net ([pro] http in Trusted sites)
O15 - HKCU\..Trusted Domains: elynx.net ([pro] https in Trusted sites)
O15 - HKCU\..Trusted Domains: elynx.net ([secure] http in Trusted sites)
O15 - HKCU\..Trusted Domains: elynx.net ([secure] https in Trusted sites)
O15 - HKCU\..Trusted Domains: elynx.net ([usign] http in Trusted sites)
O15 - HKCU\..Trusted Domains: elynx.net ([usign] https in Trusted sites)
O15 - HKCU\..Trusted Domains: elynx.net ([webpost] http in Trusted sites)
O15 - HKCU\..Trusted Domains: elynx.net ([webpost] https in Trusted sites)
O15 - HKCU\..Trusted Domains: gmacmsecuredocs.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: gmacmsecuredocs.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: gmacmsecuredocs.net ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: gmacmsecuredocs.net ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: gmamcsecuredocs.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: gmamcsecuredocs.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: rhapsody.com ([rhap-app-4-0] https in Trusted sites)
O15 - HKCU\..Trusted Domains: rhapsody.com ([rhapreg] https in Trusted sites)
O15 - HKCU\..Trusted Domains: ss3.swiftsend.com ([loandocs] http in Trusted sites)
O15 - HKCU\..Trusted Domains: ss3.swiftsend.com ([loandocs] https in Trusted sites)
O15 - HKCU\..Trusted Domains: swiftsend.com ([docs] http in Trusted sites)
O15 - HKCU\..Trusted Domains: swiftsend.com ([docs] https in Trusted sites)
O15 - HKCU\..Trusted Domains: swiftsend.com ([loandocs] http in Trusted sites)
O15 - HKCU\..Trusted Domains: swiftsend.com ([loandocs] https in Trusted sites)
O15 - HKCU\..Trusted Domains: swiftsend2.com ([docs] http in Trusted sites)
O15 - HKCU\..Trusted Domains: swiftsend2.com ([docs] https in Trusted sites)
O15 - HKCU\..Trusted Domains: swiftsend2.com ([loandocs] http in Trusted sites)
O15 - HKCU\..Trusted Domains: swiftsend2.com ([loandocs] https in Trusted sites)
O15 - HKCU\..Trusted Domains: swiftview.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: swiftview.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: wamuloandocs.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: wamuloandocs.com ([www] https in Trusted sites)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Plugin Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} http://panda-plugin.disney.go.com/plugin/win32/p3dactivex.cab (P3DActiveX Control)
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx (CRLDownloadWrapper Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{57F4C65D-DE84-4C7F-A9A4-EFD6EA28E475}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/11/27 22:28:48 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/12/02 12:08:23 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{B681B04F-8F72-4E67-86A2-4F8D97D143EE}
[2012/12/02 12:07:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trustwave
[2012/12/02 12:00:28 | 000,000,000 | ---D | C] -- C:\Users\Kathi\Desktop\Contractor Stuff
[2012/12/02 00:07:56 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{15F4C8B7-047F-4CC7-B9DD-19C43E557320}
[2012/12/01 14:33:10 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/12/01 12:07:26 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{61F9D008-5B6C-42B6-91B9-0D910B040E50}
[2012/11/30 14:32:57 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{4608C5FA-37EF-4EE0-94CE-1F9378567A3D}
[2012/11/29 15:11:34 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/11/29 15:10:30 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{C9D3E595-166B-4108-8FBB-E38912055C17}
[2012/11/29 00:39:55 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/11/28 20:13:47 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{E8E58D15-3237-4464-8EF2-372578F51F11}
[2012/11/28 08:13:34 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{AB4B3DAA-4657-457A-915B-EF2D01D484EF}
[2012/11/28 00:24:33 | 000,000,000 | ---D | C] -- C:\Users\Kathi\Desktop\Virus removal
[2012/11/28 00:05:18 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Roaming\Malwarebytes
[2012/11/28 00:05:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/11/28 00:05:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/11/28 00:05:12 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/11/28 00:05:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/11/27 23:19:15 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/11/27 23:19:15 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/11/27 23:19:15 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/11/27 23:18:45 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/11/27 23:18:14 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/11/27 22:28:13 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012/11/27 18:37:28 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{57E04207-89F6-446D-8DCB-B86398E7A2CA}
[2012/11/27 03:28:51 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{8293A4E9-4F86-458A-9056-38D94E7A1B2D}
[2012/11/26 15:28:25 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{F9A09894-87D9-4E4A-8A26-76C7F64C4A0A}
[2012/11/25 13:11:14 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{FE403889-A439-46EF-8F08-68DF75D25B1D}
[2012/11/25 01:10:50 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{A8A9512F-FF18-4BBC-A7AA-7B206248EFE4}
[2012/11/24 13:10:37 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{0EE3B6A2-DA5B-4E17-B2E4-2BD6A8A48774}
[2012/11/23 11:46:27 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{269F6611-3BD7-4DEB-93EC-AB388F35B96E}
[2012/11/22 23:46:01 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{CD6029AC-1401-46E8-8619-25569DF6764A}
[2012/11/20 13:14:29 | 000,000,000 | ---D | C] -- C:\LGMobileUpgrade
[2012/11/20 13:13:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LG Electronics
[2012/11/20 11:35:09 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{7FA3AFF0-1ED7-4C62-93F5-35427272AF4C}
[2012/11/19 23:34:58 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{58BA76CF-231E-4630-8C02-C9B31FF1370C}
[2012/11/19 17:34:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
[2012/11/19 17:32:55 | 000,000,000 | ---D | C] -- C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}
[2012/11/19 11:34:46 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{2E351E04-2111-4EF3-86CD-CBEE0261BAEE}
[2012/11/18 23:34:34 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{D5AD68FF-7C77-4356-AF80-3F7D56E66B3D}
[2012/11/18 11:34:21 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{58A551D9-F5D8-4FE3-8261-D691F564D20E}
[2012/11/17 15:16:26 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{0C525CDA-33F9-42CE-871D-5609DD015E6D}
[2012/11/16 12:24:56 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{CE75A2E1-E7E8-4ABB-BBFA-A27F2F78E1C6}
[2012/11/15 22:21:20 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{64AB8BEB-18FE-4617-AF21-FA7101805945}
[2012/11/15 10:21:07 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{C9846F85-A50F-4983-92B9-702A05BF0BF9}
[2012/11/14 19:28:41 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{18FD4BD7-2B9F-4398-83E9-31E721170F57}
[2012/11/14 07:16:34 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{51510BAA-1BE0-4B7C-8886-927FCEC36133}
[2012/11/13 19:16:08 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{54C4F440-4943-4448-9ACF-5DEFC4092209}
[2012/11/13 07:15:41 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{20B5B08A-66CD-430E-A6CD-B10DA63C609F}
[2012/11/12 11:30:06 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{C2C39778-7C87-47F4-9669-4DFF8CA42079}
[2012/11/11 11:37:20 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{58BCDDDC-A092-45F8-87D3-911B920AE96F}
[2012/11/10 18:40:23 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{25251B61-D02C-4B18-A26F-8E2B85185C71}
[2012/11/04 13:33:09 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{C30BD269-BA26-474B-98ED-15511090F90E}
[2012/11/03 10:34:38 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{85315673-2AC0-466B-A8A3-9EE173B70C56}
[2011/02/25 18:07:35 | 021,882,800 | ---- | C] (Trion Worlds, Inc.) -- C:\Users\Kathi\Rift_LIVE_Patcher_setup.exe

========== Files - Modified Within 30 Days ==========

[2012/12/02 23:40:00 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Communicator.job
[2012/12/02 23:35:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/12/02 23:32:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/12/02 21:07:10 | 000,000,266 | ---- | M] () -- C:\Windows\tasks\RMSchedule.job
[2012/12/02 18:35:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/12/02 17:20:32 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/12/02 17:20:32 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/12/02 12:07:13 | 000,001,958 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TrustKeeper Agent Status.lnk
[2012/12/02 11:39:14 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForKathi.job
[2012/12/01 14:37:52 | 000,001,916 | ---- | M] () -- C:\Users\Kathi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet 6700.lnk
[2012/12/01 14:35:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/12/01 14:35:10 | 4025,966,592 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/29 22:13:08 | 002,213,678 | ---- | M] () -- C:\Users\Kathi\Documents\Scan0144.pdf
[2012/11/29 20:59:10 | 003,800,587 | ---- | M] () -- C:\Users\Kathi\Documents\Scan0143.pdf
[2012/11/29 20:55:38 | 004,816,175 | ---- | M] () -- C:\Users\Kathi\Documents\Scan0142.pdf
[2012/11/28 00:05:14 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/11/27 23:45:09 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/11/27 22:28:48 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2012/11/27 22:26:13 | 000,000,034 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefoxoverride.ini
[2012/11/26 17:18:07 | 000,226,083 | ---- | M] () -- C:\Users\Kathi\Desktop\Auto Insurance.pdf
[2012/11/23 13:16:24 | 000,251,271 | ---- | M] () -- C:\Users\Kathi\Desktop\Matthew Xmas.pdf
[2012/11/23 13:15:59 | 000,246,731 | ---- | M] () -- C:\Users\Kathi\Documents\Scan0141.pdf
[2012/11/23 13:14:04 | 000,458,368 | ---- | M] () -- C:\Users\Kathi\Desktop\Alexis Xmas List.pdf
[2012/11/23 13:12:48 | 000,453,825 | ---- | M] () -- C:\Users\Kathi\Documents\Scan0140.pdf
[2012/11/23 13:11:07 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/11/23 13:11:07 | 000,624,162 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/11/23 13:11:07 | 000,106,538 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/11/19 17:34:57 | 000,002,147 | ---- | M] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2012/11/16 06:53:47 | 000,382,112 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/11/14 17:51:06 | 000,014,472 | ---- | M] () -- C:\Users\Kathi\Desktop\220px-Savanna_towards_the_south-east_from_the_south-west_of_Taita_Hills_Game_Lodge_within_the_Taita_Hills_Wildlife_Sanctuary_in_Kenya.jpg
[2012/11/08 17:12:51 | 000,254,100 | ---- | M] () -- C:\Users\Kathi\Desktop\alexis 2.pdf
[2012/11/08 17:12:35 | 000,249,560 | ---- | M] () -- C:\Users\Kathi\Documents\Scan0139.pdf
[2012/11/08 17:11:42 | 000,335,399 | ---- | M] () -- C:\Users\Kathi\Desktop\alexis 1.pdf
[2012/11/08 17:11:08 | 000,330,856 | ---- | M] () -- C:\Users\Kathi\Documents\Scan0138.pdf

========== Files Created - No Company Name ==========

[2012/12/02 12:07:13 | 000,001,958 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TrustKeeper Agent Status.lnk
[2012/11/29 22:13:01 | 002,213,678 | ---- | C] () -- C:\Users\Kathi\Documents\Scan0144.pdf
[2012/11/29 20:59:08 | 003,800,587 | ---- | C] () -- C:\Users\Kathi\Documents\Scan0143.pdf
[2012/11/29 20:55:35 | 004,816,175 | ---- | C] () -- C:\Users\Kathi\Documents\Scan0142.pdf
[2012/11/28 00:05:14 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/11/27 23:19:15 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/11/27 23:19:15 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/11/27 23:19:15 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/11/27 23:19:15 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/11/27 23:19:15 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/11/27 22:28:48 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2012/11/26 21:01:18 | 000,000,034 | ---- | C] () -- C:\Program Files (x86)\Mozilla Firefoxoverride.ini
[2012/11/26 17:18:05 | 000,226,083 | ---- | C] () -- C:\Users\Kathi\Desktop\Auto Insurance.pdf
[2012/11/23 13:16:24 | 000,251,271 | ---- | C] () -- C:\Users\Kathi\Desktop\Matthew Xmas.pdf
[2012/11/23 13:15:59 | 000,246,731 | ---- | C] () -- C:\Users\Kathi\Documents\Scan0141.pdf
[2012/11/23 13:14:04 | 000,458,368 | ---- | C] () -- C:\Users\Kathi\Desktop\Alexis Xmas List.pdf
[2012/11/23 13:12:48 | 000,453,825 | ---- | C] () -- C:\Users\Kathi\Documents\Scan0140.pdf
[2012/11/19 17:34:57 | 000,002,147 | ---- | C] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2012/11/16 01:55:39 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012/11/16 01:46:55 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012/11/14 17:47:29 | 000,014,472 | ---- | C] () -- C:\Users\Kathi\Desktop\220px-Savanna_towards_the_south-east_from_the_south-west_of_Taita_Hills_Game_Lodge_within_the_Taita_Hills_Wildlife_Sanctuary_in_Kenya.jpg
[2012/11/08 17:12:51 | 000,254,100 | ---- | C] () -- C:\Users\Kathi\Desktop\alexis 2.pdf
[2012/11/08 17:12:35 | 000,249,560 | ---- | C] () -- C:\Users\Kathi\Documents\Scan0139.pdf
[2012/11/08 17:11:42 | 000,335,399 | ---- | C] () -- C:\Users\Kathi\Desktop\alexis 1.pdf
[2012/11/08 17:11:08 | 000,330,856 | ---- | C] () -- C:\Users\Kathi\Documents\Scan0138.pdf
[2012/08/11 10:15:38 | 006,885,376 | ---- | C] () -- C:\Users\Kathi\s-1-5-21-2635634824-2115636220-2321885851-1000.rrr
[2012/07/04 21:55:42 | 000,870,128 | ---- | C] () -- C:\Users\Kathi\AppData\Roaming\mcs.rma
[2012/06/15 21:25:50 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2011/10/05 17:16:07 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2011/05/22 19:27:27 | 000,001,854 | ---- | C] () -- C:\Users\Kathi\AppData\Roaming\GhostObjGAFix.xml
[2011/03/21 18:56:22 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/01/12 19:03:18 | 000,003,155 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/12/28 16:35:54 | 000,000,114 | ---- | C] () -- C:\Users\Kathi\AppData\Roaming\sview.ini
[2010/12/28 16:35:51 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\srfvdo.dat
[2010/12/06 12:57:56 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/11/24 20:51:43 | 000,009,216 | ---- | C] () -- C:\Users\Kathi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 21:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 20:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 04:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

 

[KathiM]

PART 2 (It was over 50,000 characters)

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/04/18 03:47:18 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\4Sync
[2011/07/19 16:47:07 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\A Gypsy's Tale - The Tower of Secrets
[2011/07/31 09:13:06 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\Absolutist
[2012/08/12 13:09:25 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\AlawarEntertainment
[2012/10/28 20:33:49 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\Amaranth Games
[2012/06/06 18:43:55 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\Atari
[2011/08/10 09:31:47 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\Boomzap
[2011/06/30 09:02:04 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\Casual Mechanics
[2011/07/21 17:33:41 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\DarkParablesBriarRoseSE_BFG
[2010/11/23 18:00:54 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\DocMagic
[2011/06/04 12:44:43 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/10/24 18:32:26 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\ElementalsTheMagicKey
[2010/11/20 21:00:29 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\ESET
[2011/04/03 13:56:33 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\Fannie Mae
[2010/11/21 14:16:56 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\FOG Downloader
[2011/08/15 14:43:08 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\FrimaStudio
[2011/03/29 18:03:05 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\funkitron
[2012/09/02 16:22:19 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\Funlinker
[2012/06/25 20:23:18 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\Gamelab
[2012/05/18 14:27:47 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\GamesFaction
[2011/03/18 13:12:00 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\GetRightToGo
[2012/09/19 14:57:05 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\GoforFiles
[2012/05/10 15:25:55 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\Gogii
[2011/05/10 15:06:09 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\Happyville__
[2012/06/06 17:27:38 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\HipSoft
[2011/07/24 07:58:16 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\Immortal Lovers
[2010/11/20 21:21:18 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\Individual Software
[2011/10/30 09:42:46 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\JaiboGames
[2010/11/30 23:21:35 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\Leadertech
[2011/02/23 19:13:25 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\Ludia
[2011/10/26 06:56:50 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\MagicIndie
[2012/03/23 18:32:23 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\Mean Hamster
[2010/12/04 10:22:29 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\Nevosoft Games
[2010/11/21 20:51:43 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\OpenOffice.org
[2011/03/18 13:25:50 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\PhotoScape
[2010/11/20 19:42:50 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\PictureMover
[2012/02/11 10:40:10 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\PlayFirst
[2012/03/31 09:05:25 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\Playrix Entertainment
[2010/11/28 16:46:05 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\PoBros
[2011/07/23 15:35:39 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\Princess Isabella
[2011/12/06 19:25:58 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\Registry Mechanic
[2011/07/31 13:31:00 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\Research In Motion
[2011/10/01 19:05:00 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\RIFT
[2010/11/23 15:50:36 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\ScanSoft
[2011/03/27 08:28:26 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\Sky Bros
[2011/09/07 19:21:00 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\SoftGrid Client
[2011/09/07 19:11:09 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\TP
[2011/04/28 16:38:01 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\Turtle Odyssey II
[2012/03/05 19:01:24 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\Unity
[2011/05/20 15:11:27 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\UNOUndercover
[2012/11/27 23:42:34 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\uTorrent
[2011/05/10 16:04:21 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\Vasilek Games
[2012/06/23 10:44:44 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\Visan
[2011/12/17 08:51:08 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\wargaming.net
[2011/07/27 13:33:38 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\Wild Tangent
[2012/05/14 19:01:01 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\WildTangent
[2011/07/19 16:57:15 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\WildTangentv1002
[2010/11/28 14:16:01 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\WinBatch
[2010/12/05 11:15:38 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\Windows Live Writer
[2011/10/21 15:47:59 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\YoudaGames

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 157 bytes -> C:\ProgramData\Temp1B5B4F1

< End of report >

 

[Jay Pfoutz]

OTL special check

Please open OTL -- Click the None button, copy the following from the quotebox and paste this in the Custom Scans/Fixes box in OTL:

%PROGRAMFILES%\*.

Then click the Run Scan button (NOT Run Fix). It shall launch a log. Please post it in your next reply.

 

[KathiM]

OTL logfile created on: 12/3/2012 2:33:56 PM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kathi\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.00 Gb Total Physical Memory | 2.35 Gb Available Physical Memory | 46.99% Memory free
10.00 Gb Paging File | 7.44 Gb Available in Paging File | 74.43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 584.01 Gb Total Space | 273.79 Gb Free Space | 46.88% Space Free | Partition Type: NTFS
Drive D: | 12.07 Gb Total Space | 1.48 Gb Free Space | 12.23% Space Free | Partition Type: NTFS

Computer Name: KATHI-HP | User Name: Kathi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Custom Scans ==========

< %PROGRAMFILES%\*. >
[2012/12/01 14:33:12 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\4shared Toolbar
[2012/04/04 17:28:34 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\4Sync
[2011/06/27 07:00:10 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Adobe
[2011/04/09 20:56:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\AMD APP
[2010/11/20 20:39:49 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\AnyTime Deluxe
[2011/03/31 17:06:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ATI
[2011/03/31 17:06:08 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ATI Technologies
[2012/04/02 05:12:14 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\AVS4YOU
[2010/09/10 15:35:14 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\CinemaNow
[2012/11/29 00:32:17 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files
[2010/11/21 21:59:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Curse
[2010/09/10 15:33:31 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\CyberLink
[2011/08/27 07:23:57 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Disney
[2010/11/23 18:00:54 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\DocMagic
[2011/06/04 12:44:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\DVDVideoSoft
[2012/01/29 15:06:25 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Electronic Arts
[2011/12/10 19:44:24 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Gamers Unite! Snag Bar
[2012/09/19 14:56:20 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\GoforFiles
[2012/11/26 21:01:15 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Google
[2012/08/24 21:22:26 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Guild Wars 2
[2012/11/19 17:34:39 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Hewlett-Packard
[2012/06/15 21:27:57 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Hp
[2010/12/11 10:15:59 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\HP Games
[2012/06/23 10:44:02 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\HP Photo Creations
[2012/11/19 17:41:07 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\InstallShield Installation Information
[2012/11/16 06:51:09 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Internet Explorer
[2012/08/25 23:55:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Java
[2010/09/10 15:52:44 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Kobo
[2012/11/20 13:13:07 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\LG Electronics
[2012/11/28 00:05:15 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/01/21 23:06:03 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft
[2011/09/07 20:40:21 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Analysis Services
[2011/09/07 20:39:30 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Office
[2012/05/09 02:33:32 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Silverlight
[2010/11/20 19:36:11 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2010/09/10 15:35:09 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft WSE
[2011/09/07 20:42:48 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft.NET
[2010/12/18 11:39:54 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MountFocus
[2012/11/26 21:01:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox
[2012/10/28 22:29:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2009/07/13 21:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSBuild
[2011/09/07 18:34:09 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSECache
[2010/11/20 22:22:31 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSXML 4.0
[2012/07/29 16:08:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\NCSoft
[2010/09/10 15:52:22 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\NewspaperDirect
[2011/06/30 09:28:26 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\NVIDIA Corporation
[2010/11/20 19:37:00 | 000,000,000 | R--D | M] -- C:\Program Files (x86)\Online Services
[2011/11/18 17:32:57 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\OpenOffice.org 3
[2012/07/29 16:07:26 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Pando Networks
[2012/10/28 17:20:33 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\PASS
[2010/09/10 15:25:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\PDF Complete
[2011/03/18 13:19:11 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\PhotoScape
[2010/09/10 15:40:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\PictureMover
[2011/02/06 14:41:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\PixiePack Codec Pack
[2012/05/06 19:59:35 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\QuickTime
[2011/02/06 15:09:12 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\RapidSolution
[2011/12/17 09:25:32 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\RealArcade
[2010/09/10 15:26:01 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Realtek
[2009/07/13 21:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Reference Assemblies
[2012/08/11 10:06:11 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Registry Mechanic
[2011/01/26 19:42:14 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Research In Motion
[2012/07/04 21:55:28 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Rhapsody
[2011/11/12 00:05:15 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\RIFT Game
[2011/04/18 08:33:21 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Runes of Magic
[2010/11/23 15:49:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ScanSoft
[2011/01/02 14:03:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\SmileyCentral_1vEI
[2012/01/11 16:29:04 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Sony
[2010/12/28 16:35:54 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\SwiftView
[2010/09/10 15:26:13 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Temp
[2012/12/02 12:07:11 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Trustwave
[2009/07/13 20:57:06 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Uninstall Information
[2012/06/14 17:03:02 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\uTorrent
[2010/12/06 12:58:00 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Ventrilo
[2012/04/05 12:38:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\WildGames
[2012/10/28 17:19:06 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\WildTangent Games
[2009/07/13 21:37:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Defender
[2012/06/18 23:46:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Live
[2011/11/08 06:29:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Mail
[2011/11/08 06:29:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Media Player
[2009/07/13 21:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows NT
[2011/11/08 06:29:54 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Photo Viewer
[2011/11/08 06:29:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Portable Devices
[2011/11/08 06:29:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Sidebar
[2011/12/31 20:03:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\WinRAR
[2010/09/10 15:52:14 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Zinio Reader 4

< End of report >

 

[KathiM]

I uninstalled the program...but will the next step get rid of Starburn?

When I open either Firefox or IE...it automatically opens to http://www.search.starburnsoftware.com/

When I go to reset my home page...it says my current home page is http://apype.com I have reset my home page a zillion times...but it keeps reverting to the above....

Will your next step (Clean up System Restore etc) fix these problems?

 

[Jay Pfoutz]

Scratch that. I had no idea whether or not they were still present.

Moving along though...

• Please download Unhide by Grinler from here and save it to your desktop.
• Double click unhide.exe to run the tool.
• It will take some time to go through all your files, so please be patient.
• Post any log it may launch.

Please download and run RKill.

Download mirror 1 - Download mirror 2 - Download mirror 3

• Save it to your Desktop.
• Double click the RKill desktop icon.
• It will quickly run and launch a log. If it does not launch a log, try another download link until it does.
• Please post its log in your next reply.
• After it has run successfully, delete RKill.

Note: This tool only kills the active infection, the actual infection will not be gone. Once you reboot the infection will be active again! Please do not reboot until instructed further to do so.


Adware Cleaning

Please download AdwCleaner by Xplode onto your Desktop.

• Double click on AdwCleaner.exe to run the tool.
• Click on Delete.
• A logfile will automatically open after the scan has finished.
• Please post the content of that logfile in your reply.
• You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.

OTL Quick Scan

• Close all windows and double click OTL.exe.
• Click Quick Scan button and let the program run uninterrupted.
• It will produce a log for you called OTL.txt, please post it in your next reply.
• You may need to use two posts to get it all.

 

[KathiM]

OTL logfile created on: 12/6/2012 9:07:36 AM - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kathi\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.00 Gb Total Physical Memory | 3.15 Gb Available Physical Memory | 62.99% Memory free
10.00 Gb Paging File | 8.00 Gb Available in Paging File | 80.03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 584.01 Gb Total Space | 274.25 Gb Free Space | 46.96% Space Free | Partition Type: NTFS
Drive D: | 12.07 Gb Total Space | 1.48 Gb Free Space | 12.23% Space Free | Partition Type: NTFS

Computer Name: KATHI-HP | User Name: Kathi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/12/05 02:32:14 | 000,916,960 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/12/02 12:07:49 | 000,236,552 | ---- | M] (Trustwave) -- C:\Program Files (x86)\Trustwave\Agent\tkstatus.exe
PRC - [2012/12/02 12:07:48 | 000,131,592 | ---- | M] (Trustwave) -- C:\Program Files (x86)\Trustwave\Agent\tkagent.exe
PRC - [2012/11/29 00:17:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kathi\Downloads\OTL.exe
PRC - [2012/11/20 23:25:21 | 001,807,800 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe
PRC - [2012/10/09 09:53:36 | 004,441,920 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Kathi\AppData\Local\Akamai\netsession_win.exe
PRC - [2012/09/19 14:56:20 | 000,200,336 | ---- | M] (http://www.goforfiles.com/) -- C:\Program Files (x86)\GoforFiles\GFFUpdater.exe
PRC - [2012/08/25 23:55:54 | 000,157,680 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\javaws.exe
PRC - [2012/08/25 23:55:54 | 000,149,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\javaw.exe
PRC - [2012/07/27 12:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/03/07 14:40:34 | 000,913,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
PRC - [2011/02/18 10:47:12 | 000,079,192 | ---- | M] (Research In Motion Limited) -- C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2010/11/15 17:05:30 | 000,112,600 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
PRC - [2010/10/01 12:27:22 | 000,632,792 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
PRC - [2010/07/07 12:38:06 | 000,648,536 | ---- | M] (Research In Motion Limited) -- C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
PRC - [2010/06/12 17:06:08 | 000,400,368 | ---- | M] (CinemaNow, Inc.) -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
PRC - [2010/01/18 09:21:08 | 000,568,888 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
PRC - [2009/11/19 18:15:46 | 000,583,016 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe
PRC - [2009/11/19 18:15:44 | 001,545,576 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\Content Transfer\ContentTransfer.exe
PRC - [2009/10/14 14:53:20 | 000,635,416 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe
PRC - [2008/11/20 09:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
PRC - [2007/01/23 18:46:58 | 092,573,696 | ---- | M] (Individual Software Inc.) -- C:\Program Files (x86)\AnyTime Deluxe\Atw.exe


========== Modules (No Company Name) ==========

MOD - [2012/12/05 02:32:13 | 002,397,152 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/11/20 23:25:20 | 014,586,808 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll
MOD - [2012/11/19 17:34:39 | 000,037,280 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll
MOD - [2012/11/16 07:26:43 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\66694f9192bd0dddc2eaf90fbcbcd555\System.Management.ni.dll
MOD - [2012/11/16 07:02:54 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7c4de95aa433eb8d81a81caf805947a8\PresentationFramework.Aero.ni.dll
MOD - [2012/11/16 07:02:35 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll
MOD - [2012/11/16 07:02:33 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\3d4e9d4f6c945d6d3b7d423fdb6bd274\System.Data.ni.dll
MOD - [2012/11/16 07:02:21 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1ec80905a71750be50dfc7981ad5ae28\PresentationFramework.ni.dll
MOD - [2012/11/16 07:01:51 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\53d6d827964619285771ed72332d3659\PresentationCore.ni.dll
MOD - [2012/11/16 07:01:37 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll
MOD - [2012/11/16 07:01:26 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll
MOD - [2012/11/16 07:01:22 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll
MOD - [2012/11/16 07:01:19 | 007,988,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll
MOD - [2012/11/16 07:01:12 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll
MOD - [2012/06/13 17:42:48 | 000,181,248 | ---- | M] () -- C:\Program Files (x86)\Trustwave\Agent\zlibwapi.dll
MOD - [2010/11/04 17:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/09/28 14:00:32 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
MOD - [2010/09/28 14:00:30 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
MOD - [2010/09/28 14:00:14 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
MOD - [2010/01/18 09:21:08 | 000,568,888 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
MOD - [1997/04/29 11:26:16 | 000,120,832 | ---- | M] () -- C:\Program Files (x86)\AnyTime Deluxe\Utdial32.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/03/07 14:40:34 | 000,913,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2011/03/08 20:53:04 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/01/26 17:01:28 | 000,354,304 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2010/06/17 04:23:36 | 000,194,496 | ---- | M] (Advanced Micro Devices) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe -- (AMD Reservation Manager)
SRV:64bit: - [2009/07/13 17:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/12/05 02:32:14 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/12/02 12:07:48 | 000,131,592 | ---- | M] (Trustwave) [Auto | Running] -- C:\Program Files (x86)\Trustwave\Agent\tkagent.exe -- (tkagent)
SRV - [2012/11/20 23:25:22 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/11/09 17:59:44 | 004,539,712 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll -- (Akamai)
SRV - [2012/09/27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2012/07/27 12:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/03/28 11:51:25 | 004,323,256 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2010/10/12 09:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/10/01 12:27:22 | 000,632,792 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2010/06/12 17:06:08 | 000,400,368 | ---- | M] (CinemaNow, Inc.) [Auto | Running] -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -- (CinemaNow Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/14 14:53:20 | 000,635,416 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV:64bit: - [2012/03/14 07:40:04 | 000,187,632 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfw.sys -- (epfw)
DRV:64bit: - [2012/03/14 07:40:04 | 000,062,496 | ---- | M] (ESET) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\epfwwfp.sys -- (epfwwfp)
DRV:64bit: - [2012/03/14 07:40:04 | 000,038,288 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\EpfwLWF.sys -- (EpfwLWF)
DRV:64bit: - [2012/03/14 07:40:02 | 000,209,768 | ---- | M] (ESET) [File_System | System | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2012/03/14 07:40:02 | 000,148,528 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2012/02/29 22:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/09 01:22:42 | 009,258,496 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/03/08 20:17:42 | 000,300,544 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/02/16 17:23:46 | 000,074,240 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2010/11/20 05:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 03:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/17 04:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010/11/16 12:18:27 | 000,046,112 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tbhsd.sys -- (tbhsd)
DRV:64bit: - [2010/03/10 07:33:52 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie)
DRV:64bit: - [2010/03/04 06:43:00 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/02/18 08:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2010/02/05 20:04:06 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/02/05 20:04:04 | 000,070,712 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/12/22 01:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/09/17 05:26:18 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SSPORT.sys -- (SSPORT)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 16:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/01/09 16:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005/01/02 13:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{150F51E5-89FD-4029-83A9-0706137DF8BE}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{4637FF3D-F284-4B7E-B76A-546A8EDCD4C6}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{DFFBC655-3F10-4FE2-8430-13CFE1FD498F}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {b843a48a-b70f-45cd-a15a-6c2b30c2c11e} - C:\Program Files (x86)\Gamers Unite! Snag Bar\Helper.dll ()
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{62E7C7FA-5F68-4414-931F-93E8858EF758}: "URL" = http://www.google.com/search?q={sea...rce}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Custom search"
FF - prefs.js..browser.search.selectedEngine: "Search the Web"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://apype.com"
FF - prefs.js..extensions.enabledAddons: %7Bafe43e80-0abc-4df2-81a0-3fe44b74abe8%7D:1.300.433
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_34: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5: C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\18\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll ()
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Kathi\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET SMART SECURITY\MOZILLA THUNDERBIRD [2012/07/20 21:00:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\quickprint@hp.com: C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2011/01/26 14:27:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/12/05 02:32:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2012/07/20 21:00:08 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/12/05 02:32:15 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/12/10 22:24:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kathi\AppData\Roaming\Mozilla\Extensions
[2012/12/02 00:47:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kathi\AppData\Roaming\Mozilla\Firefox\Profiles\lad0jdno.default\extensions
[2012/12/02 00:47:11 | 000,580,191 | ---- | M] () (No name found) -- C:\Users\Kathi\AppData\Roaming\Mozilla\Firefox\Profiles\lad0jdno.default\extensions\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}.xpi
[2012/12/05 02:32:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/12/05 02:32:15 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

========== Chrome ==========

CHR - homepage: http://www.google.com

O1 HOSTS File: ([2012/11/27 23:45:09 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [ContentTransferWMDetector.exe] C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe (Sony Corporation)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [4Sync] C:\Program Files (x86)\4Sync\4Sync.exe (New IT Solutions Ltd.)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Kathi\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe (Hewlett-Packard)
O4 - HKCU..\Run: [PlayNC Launcher] File not found
O4 - Startup: C:\Users\Kathi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AnyTime.lnk = C:\Program Files (x86)\AnyTime Deluxe\Atw.exe (Individual Software Inc.)
O4 - Startup: C:\Users\Kathi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Kathi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Kathi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: caldirectsecuredocs.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: caldirectsecuredocs.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: com ([pennwest-edocs] http in Trusted sites)
O15 - HKCU\..Trusted Domains: com ([pennwest-edocs] https in Trusted sites)
O15 - HKCU\..Trusted Domains: ditechsecuredocs.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: ditechsecuredocs.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: ditechsecuredocs.net ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: ditechsecuredocs.net ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: docmagic.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: docmagic.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: elynx.net ([ctest] http in Trusted sites)
O15 - HKCU\..Trusted Domains: elynx.net ([ctest] https in Trusted sites)
O15 - HKCU\..Trusted Domains: elynx.net ([forms] http in Trusted sites)
O15 - HKCU\..Trusted Domains: elynx.net ([forms] https in Trusted sites)
O15 - HKCU\..Trusted Domains: elynx.net ([gmacforms] http in Trusted sites)
O15 - HKCU\..Trusted Domains: elynx.net ([gmacforms] https in Trusted sites)
O15 - HKCU\..Trusted Domains: elynx.net ([pro] http in Trusted sites)
O15 - HKCU\..Trusted Domains: elynx.net ([pro] https in Trusted sites)
O15 - HKCU\..Trusted Domains: elynx.net ([secure] http in Trusted sites)
O15 - HKCU\..Trusted Domains: elynx.net ([secure] https in Trusted sites)
O15 - HKCU\..Trusted Domains: elynx.net ([usign] http in Trusted sites)
O15 - HKCU\..Trusted Domains: elynx.net ([usign] https in Trusted sites)
O15 - HKCU\..Trusted Domains: elynx.net ([webpost] http in Trusted sites)
O15 - HKCU\..Trusted Domains: elynx.net ([webpost] https in Trusted sites)
O15 - HKCU\..Trusted Domains: gmacmsecuredocs.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: gmacmsecuredocs.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: gmacmsecuredocs.net ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: gmacmsecuredocs.net ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: gmamcsecuredocs.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: gmamcsecuredocs.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: rhapsody.com ([rhap-app-4-0] https in Trusted sites)
O15 - HKCU\..Trusted Domains: rhapsody.com ([rhapreg] https in Trusted sites)
O15 - HKCU\..Trusted Domains: ss3.swiftsend.com ([loandocs] http in Trusted sites)
O15 - HKCU\..Trusted Domains: ss3.swiftsend.com ([loandocs] https in Trusted sites)
O15 - HKCU\..Trusted Domains: swiftsend.com ([docs] http in Trusted sites)
O15 - HKCU\..Trusted Domains: swiftsend.com ([docs] https in Trusted sites)
O15 - HKCU\..Trusted Domains: swiftsend.com ([loandocs] http in Trusted sites)
O15 - HKCU\..Trusted Domains: swiftsend.com ([loandocs] https in Trusted sites)
O15 - HKCU\..Trusted Domains: swiftsend2.com ([docs] http in Trusted sites)
O15 - HKCU\..Trusted Domains: swiftsend2.com ([docs] https in Trusted sites)
O15 - HKCU\..Trusted Domains: swiftsend2.com ([loandocs] http in Trusted sites)
O15 - HKCU\..Trusted Domains: swiftsend2.com ([loandocs] https in Trusted sites)
O15 - HKCU\..Trusted Domains: swiftview.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: swiftview.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: wamuloandocs.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: wamuloandocs.com ([www] https in Trusted sites)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Plugin Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} http://panda-plugin.disney.go.com/plugin/win32/p3dactivex.cab (P3DActiveX Control)
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx (CRLDownloadWrapper Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{57F4C65D-DE84-4C7F-A9A4-EFD6EA28E475}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/11/27 22:28:48 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/12/06 09:08:34 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{4B2CE0AD-ECC4-41D6-8E2A-DE0ED913DCC7}
[2012/12/05 17:16:51 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{8CB98B19-057D-4B4E-A2B8-78105B9EF410}
[2012/12/05 05:16:40 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{05E9E7E9-8698-4847-8C3C-A3DEA214F888}
[2012/12/05 02:32:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/12/04 17:16:28 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{F32A04B1-CED7-4C9A-9110-88A299271614}
[2012/12/03 21:46:06 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{7EDE21F6-4DA8-4439-A5C9-66AA788C005D}
[2012/12/03 15:10:21 | 000,000,000 | ---D | C] -- C:\Users\Kathi\Desktop\PNA
[2012/12/03 08:25:51 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{FCD356BC-10A8-4E72-BE15-096DB2D11D19}
[2012/12/02 12:08:23 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{B681B04F-8F72-4E67-86A2-4F8D97D143EE}
[2012/12/02 12:07:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trustwave
[2012/12/02 12:00:28 | 000,000,000 | ---D | C] -- C:\Users\Kathi\Desktop\Contractor Stuff
[2012/12/02 00:07:56 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{15F4C8B7-047F-4CC7-B9DD-19C43E557320}
[2012/12/01 14:33:10 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/12/01 12:07:26 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{61F9D008-5B6C-42B6-91B9-0D910B040E50}
[2012/11/30 14:32:57 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{4608C5FA-37EF-4EE0-94CE-1F9378567A3D}
[2012/11/29 15:11:34 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/11/29 15:10:30 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{C9D3E595-166B-4108-8FBB-E38912055C17}
[2012/11/29 00:39:55 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/11/28 20:13:47 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{E8E58D15-3237-4464-8EF2-372578F51F11}
[2012/11/28 08:13:34 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{AB4B3DAA-4657-457A-915B-EF2D01D484EF}
[2012/11/28 00:24:33 | 000,000,000 | ---D | C] -- C:\Users\Kathi\Desktop\Virus removal
[2012/11/28 00:05:18 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Roaming\Malwarebytes
[2012/11/28 00:05:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/11/28 00:05:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/11/28 00:05:12 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/11/28 00:05:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/11/27 23:19:15 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/11/27 23:19:15 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/11/27 23:19:15 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/11/27 23:18:45 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/11/27 23:18:14 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/11/27 22:28:13 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012/11/27 18:37:28 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{57E04207-89F6-446D-8DCB-B86398E7A2CA}
[2012/11/27 03:28:51 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{8293A4E9-4F86-458A-9056-38D94E7A1B2D}
[2012/11/26 15:28:25 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{F9A09894-87D9-4E4A-8A26-76C7F64C4A0A}
[2012/11/25 13:11:14 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{FE403889-A439-46EF-8F08-68DF75D25B1D}
[2012/11/25 01:10:50 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{A8A9512F-FF18-4BBC-A7AA-7B206248EFE4}
[2012/11/24 13:10:37 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{0EE3B6A2-DA5B-4E17-B2E4-2BD6A8A48774}
[2012/11/23 11:46:27 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{269F6611-3BD7-4DEB-93EC-AB388F35B96E}
[2012/11/22 23:46:01 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{CD6029AC-1401-46E8-8619-25569DF6764A}
[2012/11/20 13:14:29 | 000,000,000 | ---D | C] -- C:\LGMobileUpgrade
[2012/11/20 13:13:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LG Electronics
[2012/11/20 11:35:09 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{7FA3AFF0-1ED7-4C62-93F5-35427272AF4C}
[2012/11/19 23:34:58 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{58BA76CF-231E-4630-8C02-C9B31FF1370C}
[2012/11/19 17:34:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
[2012/11/19 17:32:55 | 000,000,000 | ---D | C] -- C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}
[2012/11/19 11:34:46 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{2E351E04-2111-4EF3-86CD-CBEE0261BAEE}
[2012/11/18 23:34:34 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{D5AD68FF-7C77-4356-AF80-3F7D56E66B3D}
[2012/11/18 11:34:21 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{58A551D9-F5D8-4FE3-8261-D691F564D20E}
[2012/11/17 15:16:26 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{0C525CDA-33F9-42CE-871D-5609DD015E6D}
[2012/11/16 12:24:56 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{CE75A2E1-E7E8-4ABB-BBFA-A27F2F78E1C6}
[2012/11/15 22:21:20 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{64AB8BEB-18FE-4617-AF21-FA7101805945}
[2012/11/15 10:21:07 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{C9846F85-A50F-4983-92B9-702A05BF0BF9}
[2012/11/14 19:28:41 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{18FD4BD7-2B9F-4398-83E9-31E721170F57}
[2012/11/14 07:16:34 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{51510BAA-1BE0-4B7C-8886-927FCEC36133}
[2012/11/13 19:16:08 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{54C4F440-4943-4448-9ACF-5DEFC4092209}
[2012/11/13 07:15:41 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{20B5B08A-66CD-430E-A6CD-B10DA63C609F}
[2012/11/12 11:30:06 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{C2C39778-7C87-47F4-9669-4DFF8CA42079}
[2012/11/11 11:37:20 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{58BCDDDC-A092-45F8-87D3-911B920AE96F}
[2012/11/10 18:40:23 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{25251B61-D02C-4B18-A26F-8E2B85185C71}
[2011/02/25 18:07:35 | 021,882,800 | ---- | C] (Trion Worlds, Inc.) -- C:\Users\Kathi\Rift_LIVE_Patcher_setup.exe

========== Files - Modified Within 30 Days ==========

[2012/12/06 09:10:04 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/12/06 09:10:04 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/12/06 09:02:37 | 000,001,916 | ---- | M] () -- C:\Users\Kathi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet 6700.lnk
[2012/12/06 09:02:28 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/12/06 09:00:44 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForKathi.job
[2012/12/06 09:00:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/12/06 09:00:18 | 4025,966,592 | -HS- | M] () -- C:\hiberfil.sys
[2012/12/06 08:40:00 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Communicator.job
[2012/12/06 08:35:01 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/12/06 08:32:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/12/06 07:58:03 | 000,000,266 | ---- | M] () -- C:\Windows\tasks\RMSchedule.job
[2012/12/03 15:08:13 | 001,540,212 | ---- | M] () -- C:\Users\Kathi\Documents\Scan0145.pdf
[2012/12/02 12:07:13 | 000,001,958 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TrustKeeper Agent Status.lnk
[2012/11/29 22:13:08 | 002,213,678 | ---- | M] () -- C:\Users\Kathi\Documents\Scan0144.pdf
[2012/11/29 20:59:10 | 003,800,587 | ---- | M] () -- C:\Users\Kathi\Documents\Scan0143.pdf
[2012/11/29 20:55:38 | 004,816,175 | ---- | M] () -- C:\Users\Kathi\Documents\Scan0142.pdf
[2012/11/28 00:05:14 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/11/27 23:45:09 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/11/27 22:28:48 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2012/11/27 22:26:13 | 000,000,034 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefoxoverride.ini
[2012/11/26 17:18:07 | 000,226,083 | ---- | M] () -- C:\Users\Kathi\Desktop\Auto Insurance.pdf
[2012/11/23 13:16:24 | 000,251,271 | ---- | M] () -- C:\Users\Kathi\Desktop\Matthew Xmas.pdf
[2012/11/23 13:15:59 | 000,246,731 | ---- | M] () -- C:\Users\Kathi\Documents\Scan0141.pdf
[2012/11/23 13:14:04 | 000,458,368 | ---- | M] () -- C:\Users\Kathi\Desktop\Alexis Xmas List.pdf
[2012/11/23 13:12:48 | 000,453,825 | ---- | M] () -- C:\Users\Kathi\Documents\Scan0140.pdf
[2012/11/23 13:11:07 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/11/23 13:11:07 | 000,624,162 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/11/23 13:11:07 | 000,106,538 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/11/19 17:34:57 | 000,002,147 | ---- | M] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2012/11/16 06:53:47 | 000,382,112 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/11/14 17:51:06 | 000,014,472 | ---- | M] () -- C:\Users\Kathi\Desktop\220px-Savanna_towards_the_south-east_from_the_south-west_of_Taita_Hills_Game_Lodge_within_the_Taita_Hills_Wildlife_Sanctuary_in_Kenya.jpg
[2012/11/08 17:12:51 | 000,254,100 | ---- | M] () -- C:\Users\Kathi\Desktop\alexis 2.pdf
[2012/11/08 17:12:35 | 000,249,560 | ---- | M] () -- C:\Users\Kathi\Documents\Scan0139.pdf
[2012/11/08 17:11:42 | 000,335,399 | ---- | M] () -- C:\Users\Kathi\Desktop\alexis 1.pdf
[2012/11/08 17:11:08 | 000,330,856 | ---- | M] () -- C:\Users\Kathi\Documents\Scan0138.pdf

========== Files Created - No Company Name ==========

[2012/12/03 15:08:12 | 001,540,212 | ---- | C] () -- C:\Users\Kathi\Documents\Scan0145.pdf
[2012/12/02 12:07:13 | 000,001,958 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TrustKeeper Agent Status.lnk
[2012/11/29 22:13:01 | 002,213,678 | ---- | C] () -- C:\Users\Kathi\Documents\Scan0144.pdf
[2012/11/29 20:59:08 | 003,800,587 | ---- | C] () -- C:\Users\Kathi\Documents\Scan0143.pdf
[2012/11/29 20:55:35 | 004,816,175 | ---- | C] () -- C:\Users\Kathi\Documents\Scan0142.pdf
[2012/11/28 00:05:14 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/11/27 23:19:15 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/11/27 23:19:15 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/11/27 23:19:15 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/11/27 23:19:15 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/11/27 23:19:15 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/11/27 22:28:48 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2012/11/26 21:01:18 | 000,000,034 | ---- | C] () -- C:\Program Files (x86)\Mozilla Firefoxoverride.ini
[2012/11/26 17:18:05 | 000,226,083 | ---- | C] () -- C:\Users\Kathi\Desktop\Auto Insurance.pdf
[2012/11/23 13:16:24 | 000,251,271 | ---- | C] () -- C:\Users\Kathi\Desktop\Matthew Xmas.pdf
[2012/11/23 13:15:59 | 000,246,731 | ---- | C] () -- C:\Users\Kathi\Documents\Scan0141.pdf
[2012/11/23 13:14:04 | 000,458,368 | ---- | C] () -- C:\Users\Kathi\Desktop\Alexis Xmas List.pdf
[2012/11/23 13:12:48 | 000,453,825 | ---- | C] () -- C:\Users\Kathi\Documents\Scan0140.pdf
[2012/11/19 17:34:57 | 000,002,147 | ---- | C] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2012/11/16 01:55:39 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012/11/16 01:46:55 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012/11/14 17:47:29 | 000,014,472 | ---- | C] () -- C:\Users\Kathi\Desktop\220px-Savanna_towards_the_south-east_from_the_south-west_of_Taita_Hills_Game_Lodge_within_the_Taita_Hills_Wildlife_Sanctuary_in_Kenya.jpg
[2012/11/08 17:12:51 | 000,254,100 | ---- | C] () -- C:\Users\Kathi\Desktop\alexis 2.pdf
[2012/11/08 17:12:35 | 000,249,560 | ---- | C] () -- C:\Users\Kathi\Documents\Scan0139.pdf
[2012/11/08 17:11:42 | 000,335,399 | ---- | C] () -- C:\Users\Kathi\Desktop\alexis 1.pdf
[2012/11/08 17:11:08 | 000,330,856 | ---- | C] () -- C:\Users\Kathi\Documents\Scan0138.pdf
[2012/08/11 10:15:38 | 006,885,376 | ---- | C] () -- C:\Users\Kathi\s-1-5-21-2635634824-2115636220-2321885851-1000.rrr
[2012/07/04 21:55:42 | 000,870,128 | ---- | C] () -- C:\Users\Kathi\AppData\Roaming\mcs.rma
[2012/06/15 21:25:50 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2011/10/05 17:16:07 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2011/05/22 19:27:27 | 000,001,854 | ---- | C] () -- C:\Users\Kathi\AppData\Roaming\GhostObjGAFix.xml
[2011/03/21 18:56:22 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/01/12 19:03:18 | 000,003,155 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/12/28 16:35:54 | 000,000,114 | ---- | C] () -- C:\Users\Kathi\AppData\Roaming\sview.ini
[2010/12/28 16:35:51 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\srfvdo.dat
[2010/11/24 20:51:43 | 000,009,216 | ---- | C] () -- C:\Users\Kathi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

 

[KathiM]

PART 2 OTL (due to being oversized):

========== ZeroAccess Check ==========

[2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 21:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 20:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 04:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/04/18 03:47:18 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\4Sync
[2011/07/19 16:47:07 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\A Gypsy's Tale - The Tower of Secrets
[2011/07/31 09:13:06 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\Absolutist
[2012/08/12 13:09:25 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\AlawarEntertainment
[2012/10/28 20:33:49 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\Amaranth Games
[2012/06/06 18:43:55 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\Atari
[2011/08/10 09:31:47 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\Boomzap
[2011/06/30 09:02:04 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\Casual Mechanics
[2011/07/21 17:33:41 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\DarkParablesBriarRoseSE_BFG
[2010/11/23 18:00:54 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\DocMagic
[2011/06/04 12:44:43 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/10/24 18:32:26 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\ElementalsTheMagicKey
[2010/11/20 21:00:29 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\ESET
[2011/04/03 13:56:33 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\Fannie Mae
[2010/11/21 14:16:56 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\FOG Downloader
[2011/08/15 14:43:08 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\FrimaStudio
[2011/03/29 18:03:05 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\funkitron
[2012/09/02 16:22:19 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\Funlinker
[2012/06/25 20:23:18 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\Gamelab
[2012/05/18 14:27:47 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\GamesFaction
[2011/03/18 13:12:00 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\GetRightToGo
[2012/09/19 14:57:05 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\GoforFiles
[2012/05/10 15:25:55 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\Gogii
[2011/05/10 15:06:09 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\Happyville__
[2012/06/06 17:27:38 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\HipSoft
[2011/07/24 07:58:16 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\Immortal Lovers
[2010/11/20 21:21:18 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\Individual Software
[2011/10/30 09:42:46 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\JaiboGames
[2010/11/30 23:21:35 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\Leadertech
[2011/02/23 19:13:25 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\Ludia
[2011/10/26 06:56:50 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\MagicIndie
[2012/03/23 18:32:23 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\Mean Hamster
[2010/12/04 10:22:29 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\Nevosoft Games
[2010/11/21 20:51:43 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\OpenOffice.org
[2011/03/18 13:25:50 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\PhotoScape
[2010/11/20 19:42:50 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\PictureMover
[2012/02/11 10:40:10 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\PlayFirst
[2012/03/31 09:05:25 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\Playrix Entertainment
[2010/11/28 16:46:05 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\PoBros
[2011/07/23 15:35:39 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\Princess Isabella
[2011/12/06 19:25:58 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\Registry Mechanic
[2011/07/31 13:31:00 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\Research In Motion
[2011/10/01 19:05:00 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\RIFT
[2010/11/23 15:50:36 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\ScanSoft
[2011/03/27 08:28:26 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\Sky Bros
[2011/09/07 19:21:00 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\SoftGrid Client
[2011/09/07 19:11:09 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\TP
[2011/04/28 16:38:01 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\Turtle Odyssey II
[2012/03/05 19:01:24 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\Unity
[2011/05/20 15:11:27 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\UNOUndercover
[2012/11/27 23:42:34 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\uTorrent
[2011/05/10 16:04:21 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\Vasilek Games
[2012/06/23 10:44:44 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\Visan
[2011/12/17 08:51:08 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\wargaming.net
[2011/07/27 13:33:38 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\Wild Tangent
[2012/05/14 19:01:01 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\WildTangent
[2011/07/19 16:57:15 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\WildTangentv1002
[2010/11/28 14:16:01 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\WinBatch
[2010/12/05 11:15:38 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\Windows Live Writer
[2011/10/21 15:47:59 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\YoudaGames

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp1B5B4F1

< End of report >

 

[Jay Pfoutz]

OTL Fix

Please run OTL

• Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:
  
  

  :OTL
  IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>
  FF - prefs.js..browser.search.defaultenginename: "Custom search"
  FF - prefs.js..browser.search.selectedEngine: "Search the Web"
  FF - prefs.js..browser.search.useDBForOrder: true
  FF - prefs.js..browser.startup.homepage: "http://apype.com"
  FF - prefs.js..extensions.enabledAddons: %7Bafe43e80-0abc-4df2-81a0-3fe44b74abe8%7D:1.300.433
  @Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp1B5B4F1
  
  :files
  ipconfig /flushdns /c
  
  :commands
  [emptytemp]
  [reboot]

• Then click the Run Fix button at the top.
• Note: The fix for OTL automatically hides your Desktop and Start menu so the fix can be completed. Do not be alerted, as this is normal.
• Please do not exit the program. It might take a while to fix, but allow it to run. If it asks to reboot the computer, allow it to reboot. If the program freezes, and the computer fails to reboot - let me know.
  Lastly, post the contents of the log. (Located at C:\_OTL\Moved Files)

SystemLook x64 scan

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

• Double-click SystemLook.exe to run it.
• Copy the content of the following codebox into the main textfield:
  

  :filefind
  *apype*
  *youtube*
  
  :folderfind
  *apype*
  *youtube*
  
  :regfind
  apype
  youtube

• Click the Look button to start the scan.
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

 

[Jay Pfoutz]

How did these scans go?

 

[KathiM]

OTL:
All processes killed
========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: "Custom search" removed from browser.search.defaultenginename
Prefs.js: "Search the Web" removed from browser.search.selectedEngine
Prefs.js: true removed from browser.search.useDBForOrder
Prefs.js: "http://apype.com" removed from browser.startup.homepage
Prefs.js: %7Bafe43e80-0abc-4df2-81a0-3fe44b74abe8%7D:1.300.433 removed from extensions.enabledAddons
ADS C:\ProgramData\Temp1B5B4F1 deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Kathi\Downloads\cmd.bat deleted successfully.
C:\Users\Kathi\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Kathi
->Temp folder emptied: 29371756 bytes
->Temporary Internet Files folder emptied: 46928982 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 194184966 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 616 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5557158 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 4970270 bytes

Total Files Cleaned = 268.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 12102012_205502

Files\Folders moved on Reboot...
C:\Users\Kathi\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

 

[KathiM]

SystemLook 30.07.11 by jpshortstuff
Log created at 21:04 on 10/12/2012 by Kathi
Administrator - Elevation successful

========== filefind ==========

Searching for "*apype*"
No files found.

Searching for "*youtube*"
C:\Data Backup\Documents and Settings\All Users\Application Data\RapidSolution\Tunebite_2009\RadioRip\PlgYoutube.dll --a---- 143712 bytes [03:49 16/06/2010] [03:49 16/06/2010] D5152D7B7641F205CDDCCC8AA7FE4090
C:\Data Backup\Documents and Settings\HP_Administrator\Cookies\hp_administrator@s2.youtube[1].txt --a---- 135 bytes [22:07 27/10/2010] [22:07 27/10/2010] CEC01CF7C78727DE192A011FF1E59340
C:\Data Backup\Documents and Settings\HP_Administrator\Cookies\hp_administrator@youtube[2].txt --a---- 292 bytes [22:18 27/10/2010] [22:18 27/10/2010] FE05CA3A1ABC4F50AFBB0E801FDF651E
C:\Data Backup\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\OJQX8NS2\youtube_preview[1].kml --a---- 29812 bytes [19:26 10/04/2008] [19:26 10/04/2008] CA503DF664E88729444820F1553F7841
C:\Data Backup\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\OMJFHB1D\a-youtube-12x12[1].gif --a---- 567 bytes [17:57 15/11/2010] [17:57 15/11/2010] C0255D410CE8CC74758C76FE0292BB44
C:\Data Backup\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\US6HUO9H\youtube[1].kml --a---- 605 bytes [18:09 09/02/2008] [18:09 09/02/2008] F0C30039796CC015E8434B4AB52CAC5C
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Ara\YouTube.xml --a---- 952 bytes [22:21 07/01/2010] [22:21 07/01/2010] 559388D39DF28273BB74C1BEB0EF1A7D
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Ara\Profiles\YouTube_16_9 HD Quality.prx --a---- 6500 bytes [04:21 30/12/2009] [04:21 30/12/2009] CC0CA114CA2676C2048DA0B9E84BD25A
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Ara\Profiles\YouTube_16_9 High Quality.prx --a---- 6496 bytes [04:20 30/12/2009] [04:20 30/12/2009] 243658AAEA91E5D71A881CF25478650C
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Ara\Profiles\YouTube_16_9 Standard Quality.prx --a---- 5828 bytes [04:20 30/12/2009] [04:20 30/12/2009] 6E5C3B0704FC983072AE447C1D7B13B7
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Ara\Profiles\YouTube_4_3 HD Quality.prx --a---- 6492 bytes [04:21 30/12/2009] [04:21 30/12/2009] 550CBE44ACD7184427493337C936454D
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Ara\Profiles\YouTube_4_3 High Quality.prx --a---- 6496 bytes [04:21 30/12/2009] [04:21 30/12/2009] 1AB35EA3C60CA1129D6C0FFD6ED75EE8
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Ara\Profiles\YouTube_4_3 Standard Quality.prx --a---- 5828 bytes [04:20 30/12/2009] [04:20 30/12/2009] 03076C257158C3323AF6AEC8652EAE4B
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Chs\YouTube.xml --a---- 767 bytes [00:50 06/06/2009] [00:50 06/06/2009] F892D633A98299385D1A5B048D8DE5FC
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Chs\Profiles\YouTube_16_9 HD Quality.prx --a---- 6466 bytes [01:55 06/06/2009] [01:55 06/06/2009] 1138D87FF34A7BD9BA032CB5F40D9A7E
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Chs\Profiles\YouTube_16_9 High Quality.prx --a---- 6464 bytes [01:55 06/06/2009] [01:55 06/06/2009] 7081042E1096DD8806FCD80F16B672D5
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Chs\Profiles\YouTube_16_9 Standard Quality.prx --a---- 5812 bytes [01:56 06/06/2009] [01:56 06/06/2009] 2F776A20AEB4F9F711F9C9459E967F9E
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Chs\Profiles\YouTube_4_3 HD Quality.prx --a---- 6458 bytes [01:56 06/06/2009] [01:56 06/06/2009] 8C936826667FCFF033E4B69AE3437C04
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Chs\Profiles\YouTube_4_3 High Quality.prx --a---- 6464 bytes [01:56 06/06/2009] [01:56 06/06/2009] E045D155B9E1758BB3A54B970F567BDB
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Chs\Profiles\YouTube_4_3 Standard Quality.prx --a---- 5812 bytes [01:56 06/06/2009] [01:56 06/06/2009] 967ACA4F3630A365818F90533946945E
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Cht\YouTube.xml --a---- 764 bytes [00:50 06/06/2009] [00:50 06/06/2009] CE1CA6CB4D35D69619E823FFF2DCCA4C
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Cht\Profiles\YouTube_16_9 HD Quality.prx --a---- 6468 bytes [02:11 06/06/2009] [02:11 06/06/2009] A778B6D583641F7611BD1A5C5B95F7A3
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Cht\Profiles\YouTube_16_9 High Quality.prx --a---- 6464 bytes [01:58 06/06/2009] [01:58 06/06/2009] 1AF3F716F4D8E73D5E907821570E2239
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Cht\Profiles\YouTube_16_9 Standard Quality.prx --a---- 5812 bytes [01:58 06/06/2009] [01:58 06/06/2009] 326AD205648579E2F78525D00C0C6086
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Cht\Profiles\YouTube_4_3 HD Quality.prx --a---- 6460 bytes [02:10 06/06/2009] [02:10 06/06/2009] 91B9A82B01008C1E4D3E88B0F471D60C
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Cht\Profiles\YouTube_4_3 High Quality.prx --a---- 6464 bytes [01:58 06/06/2009] [01:58 06/06/2009] AB55355DF9E1337467A70BDB7359D0D1
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Cht\Profiles\YouTube_4_3 Standard Quality.prx --a---- 5812 bytes [01:58 06/06/2009] [01:58 06/06/2009] 11783981AFA72903428842E07386B41B
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Csy\YouTube.xml --a---- 846 bytes [22:24 07/01/2010] [22:24 07/01/2010] 1ABB2A685617DA4C648EA6EA30A6FE56
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Csy\Profiles\YouTube_16_9 HD Quality.prx --a---- 6482 bytes [04:25 30/12/2009] [04:25 30/12/2009] 18220CB5D4CE6885B0AFD4C46D21A163
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Csy\Profiles\YouTube_16_9 High Quality.prx --a---- 6490 bytes [04:24 30/12/2009] [04:24 30/12/2009] 1E67468171747ADAD6D82DE613B46E75
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Csy\Profiles\YouTube_16_9 Standard Quality.prx --a---- 5844 bytes [04:24 30/12/2009] [04:24 30/12/2009] 9AB2CCE8AF5415D4A0A7714FE57E07E9
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Csy\Profiles\YouTube_4_3 HD Quality.prx --a---- 6474 bytes [04:25 30/12/2009] [04:25 30/12/2009] 9CB9432B75466C3DB67AD9DADB542EBF
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Csy\Profiles\YouTube_4_3 High Quality.prx --a---- 6490 bytes [04:25 30/12/2009] [04:25 30/12/2009] BD974E3C2E8B812DF014632E03E6FCF5
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Csy\Profiles\YouTube_4_3 Standard Quality.prx --a---- 5844 bytes [04:24 30/12/2009] [04:24 30/12/2009] 7817E2F2A8E817899936B7E915AB192A
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Dan\YouTube.xml --a---- 815 bytes [22:38 07/01/2010] [22:38 07/01/2010] 81DB57DA25B5BB1730896E672C62C3E7
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Dan\Profiles\YouTube_16_9 HD Quality.prx --a---- 6484 bytes [04:27 30/12/2009] [04:27 30/12/2009] 70EB59E35B49E7CDEA893B049ABDA21A
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Dan\Profiles\YouTube_16_9 High Quality.prx --a---- 6486 bytes [04:26 30/12/2009] [04:26 30/12/2009] 53BB73D3FFA87BB1C5767A48B9EC657C
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Dan\Profiles\YouTube_16_9 Standard Quality.prx --a---- 5840 bytes [04:26 30/12/2009] [04:26 30/12/2009] 2A524D9A48DBD362003FA163DCA57D8F
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Dan\Profiles\YouTube_4_3 HD Quality.prx --a---- 6476 bytes [04:27 30/12/2009] [04:27 30/12/2009] AE4FD679872EF9316E8CBF37F3F8209C
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Dan\Profiles\YouTube_4_3 High Quality.prx --a---- 6486 bytes [04:26 30/12/2009] [04:26 30/12/2009] 4071A23E0CB9A556BA3691E8C058C70A
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Dan\Profiles\YouTube_4_3 Standard Quality.prx --a---- 5840 bytes [04:26 30/12/2009] [04:26 30/12/2009] A1234143E0B43E1319107B9BD04A01C4
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Deu\YouTube.xml --a---- 810 bytes [00:51 06/06/2009] [00:51 06/06/2009] 35FA1044A26F5F740551E1BB0F660382
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Deu\Profiles\YouTube_16_9 HD Quality.prx --a---- 6480 bytes [02:00 06/06/2009] [02:00 06/06/2009] 6681E626814EC454BD5110C6D13F3A1E
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Deu\Profiles\YouTube_16_9 High Quality.prx --a---- 6484 bytes [02:01 06/06/2009] [02:01 06/06/2009] D349343CFD7929F10B9B14859E960FF8
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Deu\Profiles\YouTube_16_9 Standard Quality.prx --a---- 5838 bytes [02:01 06/06/2009] [02:01 06/06/2009] D24E452CFA7B1C1BED11E339C3482A49
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Deu\Profiles\YouTube_4_3 HD Quality.prx --a---- 6472 bytes [02:00 06/06/2009] [02:00 06/06/2009] 8649749235494DB7860B05CC373E46BC
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Deu\Profiles\YouTube_4_3 High Quality.prx --a---- 6484 bytes [02:01 06/06/2009] [02:01 06/06/2009] 463B2AAA2D30ABD3F21A69E472A0DDB0
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Deu\Profiles\YouTube_4_3 Standard Quality.prx --a---- 5838 bytes [02:01 06/06/2009] [02:01 06/06/2009] AFF0494F6DAA899723A5C7A787FDF1D6
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Ell\YouTube.xml --a---- 1074 bytes [22:40 07/01/2010] [22:40 07/01/2010] 05414273600846294AFD66A42E3FF513
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Ell\Profiles\YouTube_16_9 HD Quality.prx --a---- 6484 bytes [04:30 30/12/2009] [04:30 30/12/2009] 4E7B4D22108C7D3F49FEA29134828D36
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Ell\Profiles\YouTube_16_9 High Quality.prx --a---- 6490 bytes [04:29 30/12/2009] [04:29 30/12/2009] 2B17D88854018FF3A87F7DA18F89F892
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Ell\Profiles\YouTube_16_9 Standard Quality.prx --a---- 5838 bytes [04:29 30/12/2009] [04:29 30/12/2009] 9377D7445D51A03BC3B5E10A08B79165
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Ell\Profiles\YouTube_4_3 HD Quality.prx --a---- 6476 bytes [04:30 30/12/2009] [04:30 30/12/2009] B52F2B1E0A56A200C6AA111FBBF155A7
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Ell\Profiles\YouTube_4_3 High Quality.prx --a---- 6490 bytes [04:29 30/12/2009] [04:29 30/12/2009] 9E711B89ECEA3F8ACACCF467EED97430
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Ell\Profiles\YouTube_4_3 Standard Quality.prx --a---- 5838 bytes [04:29 30/12/2009] [04:29 30/12/2009] 04BE76B05448B760FB74401E36D0AF43
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Eng\YouTube.xml --a---- 834 bytes [21:24 07/01/2010] [21:24 07/01/2010] 08B848EC19625E442DA75E7503509EA5
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Eng\Profiles\YouTube_16_9 HD Quality.prx --a---- 6480 bytes [02:11 21/02/2009] [02:11 21/02/2009] 7BBE66B1FA3D18CF66F9F06E12CEF08E
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Eng\Profiles\YouTube_16_9 High Quality.prx --a---- 6484 bytes [02:11 21/02/2009] [02:11 21/02/2009] 7B320934978451106923CB9FD9DE23DA
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Eng\Profiles\YouTube_16_9 Standard Quality.prx --a---- 5838 bytes [02:11 21/02/2009] [02:11 21/02/2009] 78E4DCCDC347EC05E1D771D7894F75A7
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Eng\Profiles\YouTube_4_3 HD Quality.prx --a---- 6472 bytes [02:11 21/02/2009] [02:11 21/02/2009] A06A7DD8E45869BC3BF594BA83B9B0A7
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Eng\Profiles\YouTube_4_3 High Quality.prx --a---- 6484 bytes [02:11 21/02/2009] [02:11 21/02/2009] 0C9F2E5079F7759FCC4D32F6821D3875
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Eng\Profiles\YouTube_4_3 Standard Quality.prx --a---- 5838 bytes [02:11 21/02/2009] [02:11 21/02/2009] 45FFC003345C9E2CE5B461E2CFBA1FDC
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Enu\YouTube.xml --a---- 804 bytes [20:34 12/02/2009] [20:34 12/02/2009] B735F22478509FBAE8692F71F0CC3C5A
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Enu\Profiles\YouTube_16_9 HD Quality.prx --a---- 6480 bytes [02:11 21/02/2009] [02:11 21/02/2009] 7BBE66B1FA3D18CF66F9F06E12CEF08E
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Enu\Profiles\YouTube_16_9 High Quality.prx --a---- 6484 bytes [02:11 21/02/2009] [02:11 21/02/2009] 7B320934978451106923CB9FD9DE23DA
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Enu\Profiles\YouTube_16_9 Standard Quality.prx --a---- 5838 bytes [02:11 21/02/2009] [02:11 21/02/2009] 78E4DCCDC347EC05E1D771D7894F75A7
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Enu\Profiles\YouTube_4_3 HD Quality.prx --a---- 6472 bytes [02:11 21/02/2009] [02:11 21/02/2009] A06A7DD8E45869BC3BF594BA83B9B0A7
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Enu\Profiles\YouTube_4_3 High Quality.prx --a---- 6484 bytes [02:11 21/02/2009] [02:11 21/02/2009] 0C9F2E5079F7759FCC4D32F6821D3875
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Enu\Profiles\YouTube_4_3 Standard Quality.prx --a---- 5838 bytes [02:11 21/02/2009] [02:11 21/02/2009] 45FFC003345C9E2CE5B461E2CFBA1FDC
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Esp\YouTube.xml --a---- 797 bytes [00:51 06/06/2009] [00:51 06/06/2009] 6B345D9005D17121334A3C3026F5C4C2
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Esp\Profiles\YouTube_16_9 HD Quality.prx --a---- 6478 bytes [02:03 06/06/2009] [02:03 06/06/2009] 6F20B223901C7CF2E976E6E9D10FB30C
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Esp\Profiles\YouTube_16_9 High Quality.prx --a---- 6482 bytes [02:03 06/06/2009] [02:03 06/06/2009] B7E07876841D579D194EC03B9C760E0C
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Esp\Profiles\YouTube_16_9 Standard Quality.prx --a---- 5836 bytes [02:04 06/06/2009] [02:04 06/06/2009] 5C5A19BF3C5EEC526E17E6648F8B7F9F
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Esp\Profiles\YouTube_4_3 HD Quality.prx --a---- 6470 bytes [02:03 06/06/2009] [02:03 06/06/2009] 04EE8F1CAE11A76AB1708088899547AF
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Esp\Profiles\YouTube_4_3 High Quality.prx --a---- 6482 bytes [02:03 06/06/2009] [02:03 06/06/2009] 4D2BD21E31F3F7243C240B001A343C3F
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Esp\Profiles\YouTube_4_3 Standard Quality.prx --a---- 5836 bytes [02:04 06/06/2009] [02:04 06/06/2009] 1461E74EBD8BBEF7AB844D335778F4B7
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Fin\YouTube.xml --a---- 836 bytes [01:15 15/01/2010] [01:15 15/01/2010] 40C676D07B98E52B8330B46AE0ED0377
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Fin\Profiles\YouTube_16_9 HD Quality.prx --a---- 6478 bytes [04:33 30/12/2009] [04:33 30/12/2009] C010B2CE3C109875653A7A4F9057DD5A
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Fin\Profiles\YouTube_16_9 High Quality.prx --a---- 6486 bytes [04:32 30/12/2009] [04:32 30/12/2009] D66F295D0C0F118886A2CB49F471523F
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Fin\Profiles\YouTube_16_9 Standard Quality.prx --a---- 5828 bytes [04:32 30/12/2009] [04:32 30/12/2009] F86C533781FF4A85A411A4D9B01BB58A
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Fin\Profiles\YouTube_4_3 HD Quality.prx --a---- 6470 bytes [04:33 30/12/2009] [04:33 30/12/2009] FD786535BB11622F91618D7EB0002D60
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Fin\Profiles\YouTube_4_3 High Quality.prx --a---- 6486 bytes [04:32 30/12/2009] [04:32 30/12/2009] 1B91E779F3B53A51C1A267592A793290
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Fin\Profiles\YouTube_4_3 Standard Quality.prx --a---- 5828 bytes [04:32 30/12/2009] [04:32 30/12/2009] F903C5970D1E7367052E00DFE950D513
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Fra\YouTube.xml --a---- 781 bytes [00:52 06/06/2009] [00:52 06/06/2009] 620A17EE5F7A27A674CECD7EEDBE7377
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Fra\Profiles\YouTube_16_9 HD Quality.prx --a---- 6478 bytes [02:05 06/06/2009] [02:05 06/06/2009] E909FEF5072E69DBDF66587EB4E59107
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Fra\Profiles\YouTube_16_9 High Quality.prx --a---- 6484 bytes [02:05 06/06/2009] [02:05 06/06/2009] C053093C5EA5D40BECF0275437D5BCCE
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Fra\Profiles\YouTube_16_9 Standard Quality.prx --a---- 5836 bytes [02:05 06/06/2009] [02:05 06/06/2009] 9383A57DA804E107FBBAEC1568575266
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Fra\Profiles\YouTube_4_3 HD Quality.prx --a---- 6470 bytes [02:05 06/06/2009] [02:05 06/06/2009] AB5171B50ABDFAB61FF32023AE2E2529
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Fra\Profiles\YouTube_4_3 High Quality.prx --a---- 6484 bytes [02:05 06/06/2009] [02:05 06/06/2009] 28A23CA06E5CC902A79AF8D04A6C7B93
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Fra\Profiles\YouTube_4_3 Standard Quality.prx --a---- 5836 bytes [02:05 06/06/2009] [02:05 06/06/2009] 7B9B8AFE2853D3739B90184A18DAD060
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Frc\YouTube.xml --a---- 813 bytes [01:51 08/01/2010] [01:51 08/01/2010] 0562A80A97F68EBA1DA3273DA9DDB2BB
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Frc\Profiles\YouTube_16_9 HD Quality.prx --a---- 6482 bytes [04:42 30/12/2009] [04:42 30/12/2009] 4CD0209606A8012910A2292C24057DDC
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Frc\Profiles\YouTube_16_9 High Quality.prx --a---- 6488 bytes [04:41 30/12/2009] [04:41 30/12/2009] 42677BEC289130B0857E05B795F98655
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Frc\Profiles\YouTube_16_9 Standard Quality.prx --a---- 5840 bytes [04:41 30/12/2009] [04:41 30/12/2009] 2815029B9EB25C48E962CDCA3DEA158A
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Frc\Profiles\YouTube_4_3 HD Quality.prx --a---- 6474 bytes [04:42 30/12/2009] [04:42 30/12/2009] 6FAB47390C36A1F8C3529C0F05E120C6
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Frc\Profiles\YouTube_4_3 High Quality.prx --a---- 6488 bytes [04:41 30/12/2009] [04:41 30/12/2009] 90D66489B61AF0E97289870A64B82681
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Frc\Profiles\YouTube_4_3 Standard Quality.prx --a---- 5840 bytes [04:41 30/12/2009] [04:41 30/12/2009] AD5CC3FA6BAB1AD18586B8625D6C962B
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Heb\YouTube.xml --a---- 912 bytes [01:11 15/01/2010] [01:11 15/01/2010] 2C5A48B5CF673E320739B3B89C67A99E
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Heb\Profiles\YouTube_16_9 HD Quality.prx --a---- 6476 bytes [04:46 30/12/2009] [04:46 30/12/2009] CD535C35F707D9227A928120303E67B5
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Heb\Profiles\YouTube_16_9 High Quality.prx --a---- 6482 bytes [04:45 30/12/2009] [04:45 30/12/2009] 722E07B4E6F3FF17A206E261974B26D3
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Heb\Profiles\YouTube_16_9 Standard Quality.prx --a---- 5828 bytes [04:45 30/12/2009] [04:45 30/12/2009] CC057E413F474B6DEEFD4D121C3DFDCF
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Heb\Profiles\YouTube_4_3 HD Quality.prx --a---- 6468 bytes [04:46 30/12/2009] [04:46 30/12/2009] 8D220C84EEF79C0771FAF667F5FD5FD7
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Heb\Profiles\YouTube_4_3 High Quality.prx --a---- 6482 bytes [04:45 30/12/2009] [04:45 30/12/2009] 7DEFEE272263ECF56A74E0AD102ED114
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Heb\Profiles\YouTube_4_3 Standard Quality.prx --a---- 5828 bytes [04:45 30/12/2009] [04:45 30/12/2009] 0004DC09B63E54B6A115E31F72654128
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Hun\YouTube.xml --a---- 855 bytes [22:47 07/01/2010] [22:47 07/01/2010] 0BBD37F859CEB210A98341EFCA13B51D
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Hun\Profiles\YouTube_16_9 HD Quality.prx --a---- 6482 bytes [04:57 30/12/2009] [04:57 30/12/2009] 304ACC8FB85945F589775A5C3AE56EA2
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Hun\Profiles\YouTube_16_9 High Quality.prx --a---- 6490 bytes [04:56 30/12/2009] [04:56 30/12/2009] 495643BA0B31907757D7B57CFA0D1888
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Hun\Profiles\YouTube_16_9 Standard Quality.prx --a---- 5836 bytes [04:56 30/12/2009] [04:56 30/12/2009] ED7003AC2A8E3DED2E5F2B4C34A66577
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Hun\Profiles\YouTube_4_3 HD Quality.prx --a---- 6474 bytes [04:57 30/12/2009] [04:57 30/12/2009] E67B0F9C00605133C0048E99096D78BA
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Hun\Profiles\YouTube_4_3 High Quality.prx --a---- 6490 bytes [04:56 30/12/2009] [04:56 30/12/2009] 25D8855F6963911E3E54F537D463A5DC
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Hun\Profiles\YouTube_4_3 Standard Quality.prx --a---- 5836 bytes [04:56 30/12/2009] [04:56 30/12/2009] 767F843995D020AE54512B0438236674
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Ita\YouTube.xml --a---- 781 bytes [00:52 06/06/2009] [00:52 06/06/2009] 298409224AD1473A003397B2202AA6B4
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Ita\Profiles\YouTube_16_9 HD Quality.prx --a---- 6478 bytes [02:06 06/06/2009] [02:06 06/06/2009] 14C17962AF641467DFB8F03AA55A6644
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Ita\Profiles\YouTube_16_9 High Quality.prx --a---- 6488 bytes [02:07 06/06/2009] [02:07 06/06/2009] CEEC7331D6E08A1A6388DAAFDEA1EA78
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Ita\Profiles\YouTube_16_9 Standard Quality.prx --a---- 5836 bytes [02:07 06/06/2009] [02:07 06/06/2009] 54DA136796EF0CA5137ADA17FA31E3DE
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Ita\Profiles\YouTube_4_3 HD Quality.prx --a---- 6470 bytes [02:06 06/06/2009] [02:06 06/06/2009] EBE8D5AD732D9374174909C158F3BE02
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Ita\Profiles\YouTube_4_3 High Quality.prx --a---- 6488 bytes [02:07 06/06/2009] [02:07 06/06/2009] DD926D6C4931EC389023B6F9A78AB9DD
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Ita\Profiles\YouTube_4_3 Standard Quality.prx --a---- 5836 bytes [02:07 06/06/2009] [02:07 06/06/2009] 845E6D000862CB7ED74480165CCE0825
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Jpn\YouTube.xml --a---- 838 bytes [03:03 09/05/2009] [03:03 09/05/2009] 2AE1C5CC9532C1C7B41D51A09D8E9A36
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Jpn\Profiles\YouTube_16_9 HD Quality.prx --a---- 6468 bytes [02:08 06/06/2009] [02:08 06/06/2009] 2627C08E7697298338BACF2DB4D800DE
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Jpn\Profiles\YouTube_16_9 High Quality.prx --a---- 6464 bytes [02:08 06/06/2009] [02:08 06/06/2009] E9D82EBB0749619B4FB1110B156DD2ED
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Jpn\Profiles\YouTube_16_9 Standard Quality.prx --a---- 5812 bytes [02:08 06/06/2009] [02:08 06/06/2009] 0E9A9175323D08D75024C0340F15A5AD
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Jpn\Profiles\YouTube_4_3 HD Quality.prx --a---- 6460 bytes [02:08 06/06/2009] [02:08 06/06/2009] DFF1B4D9EACCAD134F795DAEAB8C6F25
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Jpn\Profiles\YouTube_4_3 High Quality.prx --a---- 6464 bytes [02:08 06/06/2009] [02:08 06/06/2009] 8BFD15B21EEC7E00487658AB4A2F7E65
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Jpn\Profiles\YouTube_4_3 Standard Quality.prx --a---- 5812 bytes [02:08 06/06/2009] [02:08 06/06/2009] 9BA4A761F81C42952B6D96B2B552D8A9
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Kor\YouTube.xml --a---- 838 bytes [00:54 06/06/2009] [00:54 06/06/2009] C6C71BDE1A7C0CE7B872710C51BAFA4D
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Kor\Profiles\YouTube_16_9 HD Quality.prx --a---- 6468 bytes [02:09 06/06/2009] [02:09 06/06/2009] 0893399E9D8B9A420E370790D5368FE8
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Kor\Profiles\YouTube_16_9 High Quality.prx --a---- 6464 bytes [02:10 06/06/2009] [02:10 06/06/2009] F9DA073F736458B4CB6DC4DDAFDDDF1A
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Kor\Profiles\YouTube_16_9 Standard Quality.prx --a---- 5814 bytes [02:10 06/06/2009] [02:10 06/06/2009] E3C3A23709F02F032B99FD75D7905F4D
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Kor\Profiles\YouTube_4_3 HD Quality.prx --a---- 6460 bytes [02:10 06/06/2009] [02:10 06/06/2009] 76C850B4B0A5E49F641B82AFA0C33AF2
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Kor\Profiles\YouTube_4_3 High Quality.prx --a---- 6464 bytes [02:10 06/06/2009] [02:10 06/06/2009] 214E44B538379F566CF2B01BCF1F53FF
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Kor\Profiles\YouTube_4_3 Standard Quality.prx --a---- 5814 bytes [02:10 06/06/2009] [02:10 06/06/2009] A9673CBE7ADCA8228BC5CD72B4A19035
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Nld\YouTube.xml --a---- 847 bytes [23:24 12/01/2010] [23:24 12/01/2010] 81C587DCF1F3CAB9C8B3C4A1D774B0B9
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Nld\Profiles\YouTube_16_9 HD Quality.prx --a---- 6486 bytes [05:02 30/12/2009] [05:02 30/12/2009] 950B43B8C73CA92EE23DB2B80D8BA39D
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Nld\Profiles\YouTube_16_9 High Quality.prx --a---- 6490 bytes [05:01 30/12/2009] [05:01 30/12/2009] 0014EA35D0F09DE3D4C0833F5CED9A6D
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Nld\Profiles\YouTube_16_9 Standard Quality.prx --a---- 5846 bytes [05:03 30/12/2009] [05:03 30/12/2009] 5946D392227EEB4AE6C56CCF679FC68D
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Nld\Profiles\YouTube_4_3 HD Quality.prx --a---- 6478 bytes [05:02 30/12/2009] [05:02 30/12/2009] AFC8C87B96FC29522DBAC297C477C760
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Nld\Profiles\YouTube_4_3 High Quality.prx --a---- 6490 bytes [05:01 30/12/2009] [05:01 30/12/2009] 083D35B644F8FB96BE06EDEDB99DFF9F
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Nld\Profiles\YouTube_4_3 Standard Quality.prx --a---- 5846 bytes [05:03 30/12/2009] [05:03 30/12/2009] 0D12BF1F204AE19D64BA456495A5FE1E
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Nor\YouTube.xml --a---- 853 bytes [01:12 15/01/2010] [01:12 15/01/2010] F35D3528629EAD4947E2F8F452DD0EE0
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Nor\Profiles\YouTube_16_9 HD Quality.prx --a---- 6484 bytes [05:04 30/12/2009] [05:04 30/12/2009] 70EB59E35B49E7CDEA893B049ABDA21A
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Nor\Profiles\YouTube_16_9 High Quality.prx --a---- 6486 bytes [05:04 30/12/2009] [05:04 30/12/2009] E147A60AF8CF09A0BE317DDC7EC39F04
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Nor\Profiles\YouTube_16_9 Standard Quality.prx --a---- 5842 bytes [05:04 30/12/2009] [05:04 30/12/2009] 95CBA73BA50D15FD579704E3B4F35327
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Nor\Profiles\YouTube_4_3 HD Quality.prx --a---- 6476 bytes [05:05 30/12/2009] [05:05 30/12/2009] AE4FD679872EF9316E8CBF37F3F8209C
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Nor\Profiles\YouTube_4_3 High Quality.prx --a---- 6486 bytes [05:04 30/12/2009] [05:04 30/12/2009] 4817B2EAF625B62322C18E296C490951
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Nor\Profiles\YouTube_4_3 Standard Quality.prx --a---- 5842 bytes [05:04 30/12/2009] [05:04 30/12/2009] 2AA83717375EB8CA71DC687BE522E6D2
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Plk\YouTube.xml --a---- 820 bytes [22:07 07/01/2010] [22:07 07/01/2010] 1B50399A2E975D424130EA7EAF069187
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Plk\Profiles\YouTube_16_9 HD Quality.prx --a---- 6480 bytes [05:06 30/12/2009] [05:06 30/12/2009] 414BC8FF30D76B88622B88E167D76011
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Plk\Profiles\YouTube_16_9 High Quality.prx --a---- 6488 bytes [05:05 30/12/2009] [05:05 30/12/2009] CC6CF37841182D21DD8D01311007A390
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Plk\Profiles\YouTube_16_9 Standard Quality.prx --a---- 5844 bytes [05:05 30/12/2009] [05:05 30/12/2009] D70071E08991681AB41947BFCD18507B
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Plk\Profiles\YouTube_4_3 HD Quality.prx --a---- 6472 bytes [05:06 30/12/2009] [05:06 30/12/2009] 1E3646836A012AB31DC7DA1812D82EFD
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Plk\Profiles\YouTube_4_3 High Quality.prx --a---- 6488 bytes [05:05 30/12/2009] [05:05 30/12/2009] 76A9E59777B8FA5C5C95B38192888409
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Plk\Profiles\YouTube_4_3 Standard Quality.prx --a---- 5844 bytes [05:05 30/12/2009] [05:05 30/12/2009] 927D1BAA2E4D123BC7A9D05328274215
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Ptb\YouTube.xml --a---- 816 bytes [22:15 07/01/2010] [22:15 07/01/2010] D05CA10392C13C15DA864B67F7AA00E8
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Ptb\Profiles\YouTube_16_9 HD Quality.prx --a---- 6486 bytes [05:07 30/12/2009] [05:07 30/12/2009] 4AFBEEF4239879FF28A40C8FA2E65078
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Ptb\Profiles\YouTube_16_9 High Quality.prx --a---- 6490 bytes [05:07 30/12/2009] [05:07 30/12/2009] 2AF5DB7C0C0A0D7971A5CA0A1D88469A
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Ptb\Profiles\YouTube_16_9 Standard Quality.prx --a---- 5840 bytes [05:06 30/12/2009] [05:06 30/12/2009] BB935D6C82987F89F7A3AD4FCD6DF4F0
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Ptb\Profiles\YouTube_4_3 HD Quality.prx --a---- 6478 bytes [05:07 30/12/2009] [05:07 30/12/2009] 87B3E7DBB2333255010346DF18129646
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Ptb\Profiles\YouTube_4_3 High Quality.prx --a---- 6490 bytes [05:06 30/12/2009] [05:06 30/12/2009] 4C194CE6925095B99EFF837D10F0DCA4
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Ptb\Profiles\YouTube_4_3 Standard Quality.prx --a---- 5840 bytes [05:06 30/12/2009] [05:06 30/12/2009] F2C9B53325B3E4F9F7043FCEAF7A67D4
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Ptg\YouTube.xml --a---- 853 bytes [22:01 07/01/2010] [22:01 07/01/2010] C8DB6C2E41292DF56AC051D68213AE08
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Ptg\Profiles\YouTube_16_9 HD Quality.prx --a---- 6486 bytes [05:08 30/12/2009] [05:08 30/12/2009] 4AFBEEF4239879FF28A40C8FA2E65078
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Ptg\Profiles\YouTube_16_9 High Quality.prx --a---- 6490 bytes [05:08 30/12/2009] [05:08 30/12/2009] 2AF5DB7C0C0A0D7971A5CA0A1D88469A
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Ptg\Profiles\YouTube_16_9 Standard Quality.prx --a---- 5840 bytes [05:07 30/12/2009] [05:07 30/12/2009] 6FA161605E7CC10BC206A59A0FFB5082
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Ptg\Profiles\YouTube_4_3 HD Quality.prx --a---- 6478 bytes [05:08 30/12/2009] [05:08 30/12/2009] 87B3E7DBB2333255010346DF18129646
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Ptg\Profiles\YouTube_4_3 High Quality.prx --a---- 6490 bytes [05:08 30/12/2009] [05:08 30/12/2009] 4C194CE6925095B99EFF837D10F0DCA4
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Ptg\Profiles\YouTube_4_3 Standard Quality.prx --a---- 5840 bytes [05:07 30/12/2009] [05:07 30/12/2009] 3F72BC47E2EE67552CAB99211353841E
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Rus\YouTube.xml --a---- 964 bytes [22:11 07/01/2010] [22:11 07/01/2010] D90CCA8D305B1D90E4F618D3444436D8
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Rus\Profiles\YouTube_16_9 HD Quality.prx --a---- 6484 bytes [05:10 30/12/2009] [05:10 30/12/2009] 0DA5F5C00BB2E307326FEFBEB20BA94F
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Rus\Profiles\YouTube_16_9 High Quality.prx --a---- 6494 bytes [05:10 30/12/2009] [05:10 30/12/2009] 207D6C5A5072C1FB8A1721C0FDBDE7CB
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Rus\Profiles\YouTube_16_9 Standard Quality.prx --a---- 5848 bytes [05:10 30/12/2009] [05:10 30/12/2009] A66D0CF6C42CEC5A9C5C2D89662DAF90
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Rus\Profiles\YouTube_4_3 HD Quality.prx --a---- 6476 bytes [05:10 30/12/2009] [05:10 30/12/2009] 0A54B1C369FECE86F428EEAA516ED89A
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Rus\Profiles\YouTube_4_3 High Quality.prx --a---- 6494 bytes [05:10 30/12/2009] [05:10 30/12/2009] E926F96F11B4E11A75F43123988AF077
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Rus\Profiles\YouTube_4_3 Standard Quality.prx --a---- 5848 bytes [05:10 30/12/2009] [05:10 30/12/2009] 9E4CEB8051616B6BD6E28B3E1110FD24
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Sky\YouTube.xml --a---- 865 bytes [23:29 12/01/2010] [23:29 12/01/2010] 733C7D937E598E300F3FD837F29A1C86
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Sky\Profiles\YouTube_16_9 HD Quality.prx --a---- 6482 bytes [05:12 30/12/2009] [05:12 30/12/2009] B3A6CEE83E0A10BC11E6122269CB2933
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Sky\Profiles\YouTube_16_9 High Quality.prx --a---- 6490 bytes [05:11 30/12/2009] [05:11 30/12/2009] 1E67468171747ADAD6D82DE613B46E75
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Sky\Profiles\YouTube_16_9 Standard Quality.prx --a---- 5844 bytes [05:11 30/12/2009] [05:11 30/12/2009] B2FDBB6E200C4DCA0B23ECB1D1D9A621
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Sky\Profiles\YouTube_4_3 HD Quality.prx --a---- 6474 bytes [05:12 30/12/2009] [05:12 30/12/2009] 63A39920C1C91EF1360B26B932917D9A
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Sky\Profiles\YouTube_4_3 High Quality.prx --a---- 6490 bytes [05:11 30/12/2009] [05:11 30/12/2009] BD974E3C2E8B812DF014632E03E6FCF5
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Sky\Profiles\YouTube_4_3 Standard Quality.prx --a---- 5844 bytes [05:11 30/12/2009] [05:11 30/12/2009] CA9A56A05C32788F8324CF0E0D477635
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Sve\YouTube.xml --a---- 846 bytes [23:32 12/01/2010] [23:32 12/01/2010] F5329ADFE84EA9787A4E16C41531F125
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Sve\Profiles\YouTube_16_9 HD Quality.prx --a---- 6484 bytes [05:17 30/12/2009] [05:17 30/12/2009] 70EB59E35B49E7CDEA893B049ABDA21A
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Sve\Profiles\YouTube_16_9 High Quality.prx --a---- 6486 bytes [05:16 30/12/2009] [05:16 30/12/2009] 73F35CB96D1DCE311C1E513C1BCD94AE
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Sve\Profiles\YouTube_16_9 Standard Quality.prx --a---- 5840 bytes [05:15 30/12/2009] [05:15 30/12/2009] 2A524D9A48DBD362003FA163DCA57D8F
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Sve\Profiles\YouTube_4_3 HD Quality.prx --a---- 6476 bytes [05:17 30/12/2009] [05:17 30/12/2009] AE4FD679872EF9316E8CBF37F3F8209C
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Sve\Profiles\YouTube_4_3 High Quality.prx --a---- 6486 bytes [05:16 30/12/2009] [05:16 30/12/2009] F3D3A24F889D5927354DDADD872855A7
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Sve\Profiles\YouTube_4_3 Standard Quality.prx --a---- 5840 bytes [05:15 30/12/2009] [05:15 30/12/2009] A1234143E0B43E1319107B9BD04A01C4
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Trk\YouTube.xml --a---- 873 bytes [22:58 07/01/2010] [22:58 07/01/2010] 5D48B3D04E92C9827EF496383C5E9047
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Trk\Profiles\YouTube_16_9 HD Quality.prx --a---- 6480 bytes [05:19 30/12/2009] [05:19 30/12/2009] EDBF81FA7C147A7F306FD6425745129D
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Trk\Profiles\YouTube_16_9 High Quality.prx --a---- 6488 bytes [05:18 30/12/2009] [05:18 30/12/2009] 4B6018A48D6AC73A032FCE33E69E1471
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Trk\Profiles\YouTube_16_9 Standard Quality.prx --a---- 5838 bytes [05:18 30/12/2009] [05:18 30/12/2009] 7342E1982362D0EE04A87C7B80520885
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Trk\Profiles\YouTube_4_3 HD Quality.prx --a---- 6472 bytes [05:19 30/12/2009] [05:19 30/12/2009] 084D3F59AA009A98B440127CB07CA2D3
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Trk\Profiles\YouTube_4_3 High Quality.prx --a---- 6488 bytes [05:18 30/12/2009] [05:18 30/12/2009] 5138B13EEA23A1EAF42106995A5E299F
C:\Program Files (x86)\CyberLink\PowerDirector\Language\Trk\Profiles\YouTube_4_3 Standard Quality.prx --a---- 5838 bytes [05:18 30/12/2009] [05:18 30/12/2009] 9F2FEC4315EDCD1565342E03A58EF89A
C:\Program Files (x86)\CyberLink\PowerDirector\runtime\YouTube\YouTubeMgr.dll --a---- 73000 bytes [18:42 27/11/2009] [18:42 27/11/2009] DD24D7C3EB0FB7ACDEA005D504525361
C:\Program Files (x86)\CyberLink\PowerDirector\skin\skin_Produce_YouTubeAgreementDlg.xml --a---- 1299 bytes [21:08 19/03/2009] [21:08 19/03/2009] D3855F701708D547E86AF326B598B736
C:\Program Files (x86)\CyberLink\PowerDirector\skin\skin_Produce_YouTube_page.xml --a---- 4947 bytes [21:27 15/10/2009] [21:27 15/10/2009] 771AACBEDB8384A5F5C46F3E0D35AB16
C:\Program Files (x86)\CyberLink\PowerDirector\skin\skin_Produce_YouTube_Progress_page.xml --a---- 3529 bytes [21:44 11/06/2009] [21:44 11/06/2009] 9332A44CEBD647F88A6957C12AAAF60A
C:\Program Files (x86)\CyberLink\PowerDirector\skin\skin_Produce_YouTube_setting_page.xml --a---- 436 bytes [21:27 15/10/2009] [21:27 15/10/2009] E0AA164C3BEBE8E406A50032A896C8B9
C:\Program Files (x86)\CyberLink\PowerDirector\skin\skin_Produce_YouTube_setting_scrollwnd.xml --a---- 3072 bytes [21:27 15/10/2009] [21:27 15/10/2009] BC25FBF7EB0780A7A66F1CBF8F7F1DE1
C:\Program Files (x86)\CyberLink\PowerDirector\skin\1024x768\Produce\left_bg_youtube_1.png --a---- 6027 bytes [18:29 21/04/2009] [18:29 21/04/2009] D086384CF88EDD220825525C48392A78
C:\Program Files (x86)\CyberLink\PowerDirector\skin\1024x768\Produce\left_bg_youtube_3.png --a---- 4939 bytes [00:18 15/01/2009] [00:18 15/01/2009] 83E783EFE4B76E707C81893B36FA9EA1
C:\Program Files (x86)\CyberLink\PowerDirector\skin\1024x768\Produce\producing_youtubeupload.PNG --a---- 1013366 bytes [00:00 07/03/2009] [00:00 07/03/2009] 2F10F583F488D2EC125791A6254F9A47
C:\Program Files (x86)\CyberLink\PowerDirector\skin\1024x768\Produce\producing_youtubeupload_16V9.PNG --a---- 914326 bytes [21:54 10/03/2009] [21:54 10/03/2009] 96B94D5F53BB63BE3C95DB3B39B7E1BC
C:\Program Files (x86)\CyberLink\PowerDirector\skin\1024x768\Produce\tab_produce_youtube.png --a---- 8773 bytes [01:21 26/03/2009] [01:21 26/03/2009] 19119ECD9FE0EE9706FA5ED68E8D680C
C:\Program Files (x86)\CyberLink\PowerDirector\skin\1024x768\Produce\YouTubeAgreemnt bg.png --a---- 7104 bytes [04:46 13/02/2009] [04:46 13/02/2009] 040905A4846176E6C79E4C1CB9E258FC
C:\Program Files (x86)\DVDVideoSoft\Free YouTube to MP3 Converter\FreeYouTubeToMP3Converter.exe --a---- 2095744 bytes [20:44 04/06/2011] [00:56 04/06/2011] 8F5B31194CD24D2A49ADDF223BC87775
C:\Program Files (x86)\DVDVideoSoft\Free YouTube to MP3 Converter\YouTubeToMP3.sib --a---- 75572 bytes [20:44 04/06/2011] [00:54 04/06/2011] B87350D381C389633E263926AF798EC4
C:\Program Files (x86)\DVDVideoSoft\Free YouTube to MP3 Converter\YouTubeToMP3Converter.xml --a---- 241469 bytes [20:44 04/06/2011] [19:20 23/03/2011] 941E59CED178940FBA8B952B10F3252F
C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Photo\Custom\Skin\Standard\Photo\Media\menubar\Share\logo_youtube.png ------- 4904 bytes [17:05 31/05/2010] [17:05 31/05/2010] C5429F3153F829CC0FB2D85B61ED8015
C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Photo\Custom\Skin\Standard\Photo\Media\menubar\Share\youtube.png ------- 4893 bytes [17:05 31/05/2010] [17:05 31/05/2010] 526595D39834A9D21C7F40D715061A61
C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Photo\Custom\Skin\Standard\Photo\Media\menubar\SlideEdit\icon_youtube_g.png ------- 876 bytes [17:05 31/05/2010] [17:05 31/05/2010] A5198B01BDDBE9AB3398B19C6FA18E91
C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Photo\Custom\Skin\Standard\Photo\Media\menubar\SlideEdit\icon_youtube_h.png ------- 1115 bytes [17:05 31/05/2010] [17:05 31/05/2010] F003CFE775948A5DE0957EAF49FAE3AC
C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Photo\Custom\Skin\Standard\Photo\Media\menubar\SlideEdit\icon_youtube_n.png ------- 902 bytes [17:05 31/05/2010] [17:05 31/05/2010] 9B9896B408C71001CB88F5B88067B482
C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Photo\Custom\Skin\Standard\Photo\Media\menubar\SlideEdit\icon_youtube_p.png ------- 1258 bytes [17:05 31/05/2010] [17:05 31/05/2010] 4B0976F3264C20969DEECAE2482F53FD
C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Photo\Custom\Skin\Standard\Photo\Media\transcode\openingNoYoutube.wmv ------- 1733636 bytes [17:05 31/05/2010] [17:05 31/05/2010] DF1B5D68C65CF142317B696F6066EC8F
C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Photo\Custom\Skin\Standard\Photo\Media\transcode\youtube.png ------- 3915 bytes [17:05 31/05/2010] [17:05 31/05/2010] 6DE7347A9E93A8C3F35E04AC70A3682A
C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Photo\Custom\Skin\Standard\Photo\Media\transcode\menubar\youtube_s.png ------- 1688 bytes [17:05 31/05/2010] [17:05 31/05/2010] DD2F35764A572326C5709DFFE65E1554
C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Photo\Custom\Skin\Standard\Photo\Media\transcode\saveAsDlg\youtube_s.png ------- 3444 bytes [17:05 31/05/2010] [17:05 31/05/2010] 2490B071ECE2748B96F8588D3DC7B398
C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Photo\subsys\Share\youtube.kc ------- 14526 bytes [00:00 12/06/2010] [00:00 12/06/2010] 4454FA7B31E371703713948CBAD898E9
C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Photo\Transcode\esShareYouTube.kc ------- 22588 bytes [00:00 12/06/2010] [00:00 12/06/2010] F1AE2D9086C81CBD93390F7EEBF925DE
C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Video\Custom\Skin\Standard\Photo\Media\menubar\Share\logo_youtube.png ------- 4904 bytes [19:15 14/06/2010] [19:15 14/06/2010] C5429F3153F829CC0FB2D85B61ED8015
C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Video\Custom\Skin\Standard\Photo\Media\menubar\Share\youtube.png ------- 1258 bytes [19:15 14/06/2010] [19:15 14/06/2010] 4B0976F3264C20969DEECAE2482F53FD
C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Video\Custom\Skin\Standard\Photo\Media\transcode\openingNoYoutube.wmv ------- 1733636 bytes [19:16 14/06/2010] [19:16 14/06/2010] DF1B5D68C65CF142317B696F6066EC8F
C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Video\Custom\Skin\Standard\Photo\Media\transcode\youtube.png ------- 3915 bytes [19:16 14/06/2010] [19:16 14/06/2010] 6DE7347A9E93A8C3F35E04AC70A3682A
C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Video\Custom\Skin\Standard\Photo\Media\transcode\menubar\youtube_s.png ------- 1688 bytes [19:16 14/06/2010] [19:16 14/06/2010] DD2F35764A572326C5709DFFE65E1554
C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Video\Custom\Skin\Standard\Photo\Media\transcode\saveAsDlg\youtube_s.png ------- 3444 bytes [19:16 14/06/2010] [19:16 14/06/2010] 2490B071ECE2748B96F8588D3DC7B398
C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Video\subsys\Share\youtube.kc ------- 14526 bytes [19:39 14/06/2010] [19:39 14/06/2010] 4454FA7B31E371703713948CBAD898E9
C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Video\subsys\Share\YouTubeMgr.dll ------- 278624 bytes [19:43 14/06/2010] [19:43 14/06/2010] EFD797EA28D5131132C1C47BE6E2D726
C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Video\Transcode\esShareYouTube.kc ------- 22588 bytes [19:39 14/06/2010] [19:39 14/06/2010] F1AE2D9086C81CBD93390F7EEBF925DE
C:\Program Files (x86)\Windows Live\Photo Gallery\WLYouTubePlugin.dll --a---- 137072 bytes [01:40 09/03/2012] [01:40 09/03/2012] A0FD454BC321C50B8615E7C1F6738AB6
C:\Program Files (x86)\Windows Live\Photo Gallery\en\WLYouTubePlugin.resources.dll --a---- 51056 bytes [01:50 09/03/2012] [01:50 09/03/2012] 630B222E22A07E7924768B878ADB370A
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft\Programs\Free YouTube to MP3 Converter.lnk --a---- 1388 bytes [20:44 04/06/2011] [20:44 04/06/2011] 8551AECF8BC3C24644B76431437CA452
C:\ProgramData\RapidSolution\Audials_2011\RadioRip\PlgYoutube.dll --a---- 137056 bytes [23:09 06/02/2011] [23:09 06/02/2011] B850634A1D848A585F2E8B7695537424
C:\Qoobox\Quarantine\C\PROGRA~2\AYOUTU~1\A YOutube downloader free.dll.vir --a---- 447488 bytes [01:40 28/09/2012] [01:40 28/09/2012] C70BED8E44AE2ED90D2FAE6F46950470
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft\Programs\Free YouTube to MP3 Converter.lnk --a---- 1388 bytes [20:44 04/06/2011] [20:44 04/06/2011] 8551AECF8BC3C24644B76431437CA452
C:\Users\All Users\RapidSolution\Audials_2011\RadioRip\PlgYoutube.dll --a---- 137056 bytes [23:09 06/02/2011] [23:09 06/02/2011] B850634A1D848A585F2E8B7695537424
C:\Users\Kathi\AppData\Local\RapidSolution\Audials_2011\Log\PluginsManager\Plugins\YouTubeDisco_20110206_151020_1.txt --a---- 97 bytes [23:10 06/02/2011] [23:52 06/02/2011] 3A2F4FF763CC9306764C7F12B4BAC20F
C:\Users\Kathi\AppData\Local\RapidSolution\Audials_2011\Log\PluginsManager\Plugins\YouTubeDisco_20110206_163327_1.txt --a---- 97 bytes [00:33 07/02/2011] [00:34 07/02/2011] 81EAD32B30C17A92497A206289940D68
C:\Users\Kathi\AppData\Local\RapidSolution\Audials_2011\Log\PluginsManager\Plugins\YouTube_20110206_151020_1.txt --a---- 97 bytes [23:10 06/02/2011] [23:52 06/02/2011] 0CFCA29CE6C32F38AA02E041B5955FB4
C:\Users\Kathi\AppData\Local\RapidSolution\Audials_2011\Log\PluginsManager\Plugins\YouTube_20110206_163327_1.txt --a---- 97 bytes [00:33 07/02/2011] [00:34 07/02/2011] 48E4EBCCD07B5487F5A0F765EEC8134D
C:\Users\Kathi\AppData\Local\RapidSolution\Audials_2011\PluginsManager\DLLs\YouTube.dll --a---- 310784 bytes [23:10 06/02/2011] [23:10 06/02/2011] 7B7E8B7A68C6699C876115B02781CAA5
C:\Users\Kathi\AppData\Local\RapidSolution\Audials_2011\PluginsManager\DLLs\YouTubeDisco.dll --a---- 291840 bytes [23:10 06/02/2011] [23:10 06/02/2011] 1DA718FE3618C9AA2611FFD705EAE57B
C:\Users\Kathi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm --a---- 273 bytes [20:44 04/06/2011] [20:44 04/06/2011] 1626F757ADF9CDEB61B63EFBB31A86ED
C:\Users\Kathi\Desktop\Unused programs\Free YouTube to MP3 Converter.lnk --a---- 1364 bytes [20:44 04/06/2011] [20:44 04/06/2011] BCFDE008489413B397DCF2229C5EAB54
C:\Users\Kathi\Documents\DVDVideoSoft\FreeYouTubeToMP3Converter_log.txt --a---- 196485 bytes [20:44 04/06/2011] [15:30 13/02/2012] B24E8E6A6B469C204A8511D72DBDBFF1
C:\Users\Kathi\Documents\DVDVideoSoft\FreeYouTubeToMP3Converter_setup.txt --a---- 55004 bytes [20:44 04/06/2011] [20:44 04/06/2011] 01A452185EF1BC92F86FD440811140EC
C:\Users\Kathi\Downloads\FreeYouTubeToMP3Converter.exe --a---- 15853448 bytes [20:42 04/06/2011] [20:43 04/06/2011] F889CBBC80262A79AF4BFC63157F095B
C:\Users\Kathi\Favorites\YouTube to mp3 Converter.url --a---- 508 bytes [03:22 18/09/2011] [03:22 18/09/2011] 74B6EA44409BC0F7DD95AE07C8F81849
C:\Windows\Installer\$PatchCache$\Managed\775F634D5961F2D4B844CA679CE90020\15.4.3502\WLYouTubePluginResFile -ra---- 51056 bytes [08:46 23/09/2010] [08:46 23/09/2010] 35545D21983A12F768C94C7AA96F5608
C:\Windows\Installer\$PatchCache$\Managed\B6ACDB9A3563B764CA384963D73AFB3E\15.4.3502\WLYouTubePluginDLL -ra---- 137072 bytes [08:37 23/09/2010] [08:37 23/09/2010] 9049B70999A2D105F96E899CEA9CD214
C:\_OTL\MovedFiles\12012012_143310\C_Program Files (x86)\A Youtube Downloader Free\A Youtube Downloader Free.xpi --a---- 46060 bytes [01:40 28/09/2012] [01:40 28/09/2012] 078718722F19488B23A24BB26D2BE6CA
C:\_OTL\MovedFiles\12012012_143310\C_Program Files (x86)\A Youtube Downloader Free\A Youtube Downloader Free_Helper.exe --a---- 1434112 bytes [05:01 27/11/2012] [01:41 28/09/2012] DC676CE9655A422128F656117130055A

========== folderfind ==========

 

[KathiM]

(Part 2)

Searching for "*apype*"
No folders found.

Searching for "*youtube*"
C:\Data Backup\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\MW9PH7DR\www.youtube.com d------ [00:03 22/11/2010]
C:\Data Backup\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.youtube.com d------ [00:03 22/11/2010]
C:\Program Files (x86)\CyberLink\PowerDirector\runtime\YouTube d------ [23:31 10/09/2010]
C:\Program Files (x86)\DVDVideoSoft\Free YouTube to MP3 Converter d------ [20:44 04/06/2011]
C:\Users\Kathi\Desktop\Youtube Mp3 d------ [21:00 04/06/2011]
C:\Users\Kathi\Documents\DVDVideoSoft\FreeYouTubeToMP3Converter d------ [20:44 04/06/2011]
C:\_OTL\MovedFiles\12012012_143310\C_Program Files (x86)\A Youtube Downloader Free d------ [05:01 27/11/2012]

========== regfind ==========

Searching for "apype"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes]
"DoNotAskAgain"="apype.com 4shared.com conduit.com yahoo.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="http://apype.com"
[HKEY_USERS\S-1-5-21-2635634824-2115636220-2321885851-1000\Software\Microsoft\Internet Explorer\SearchScopes]
"DoNotAskAgain"="apype.com 4shared.com conduit.com yahoo.com"

Searching for "youtube"
[HKEY_CURRENT_USER\Software\DVDVideoSoft\FreeVideoToFlashConverter\Links]
"Keys"="youtube download youtube to mp3 converter youtube video downloader"
[HKEY_CURRENT_USER\Software\DVDVideoSoft\FreeVideoToFlashConverter\Links]
"Links"="http://www.dvdvideosoft.com/products/dvd/Free-YouTube-Download.htm http://www.dvdvideosoft.com/products/dvd/Free-YouTube-to-MP3-Converter.htm http://www.dvdvideosoft.com/products/dvd/Free-YouTube-Download.htm"
[HKEY_CURRENT_USER\Software\DVDVideoSoft\FreeYouTubeToMP3Converter]
[HKEY_CURRENT_USER\Software\DVDVideoSoft\FreeYouTubeToMP3Converter]
"LastOutputFolder"="C:\Users\Kathi\Desktop\Youtube Mp3"
[HKEY_CURRENT_USER\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.youtube]
[HKEY_CURRENT_USER\Software\Google\Google Toolbar\4.0\Toolbar Sync\6LKJILET0J12UK1I86G6\Options\Custom Buttons\google.youtube]
[HKEY_CURRENT_USER\Software\HotSummerWind Software\A Youtube Downloader Free]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\51c542ea_0]
@="{0.0.0.00000000}.{9aaad6f4-87ff-4b67-bd8f-2844310870d1}|\Device\HarddiskVolume2\Program Files (x86)\DVDVideoSoft\Free YouTube to MP3 Converter\FreeYouTubeToMP3Converter.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Free YouTube to MP3 Converter]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Free YouTube to MP3 Converter]
@="C:\Users\Kathi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs]
"url11"="http://www.youtube.com/"
[HKEY_CURRENT_USER\Software\RapidSolution\Audials_2011\PM_Settings]
"SerializedPlgSettings"="<?xml version="1.0" encoding="UTF-8" ?><plg_cfgs><plugin name="AOL"><sel_for_search value="1" /><upload_rule /><path_on_dev /></plugin><plugin name="ClipFish"><sel_for_search value="1" /><upload_rule /><path_on_dev /></plugin><plugin name="Esnips.com"><sel_for_search value="1" /><upload_rule /><path_on_dev /></plugin><plugin name="MP3.com"><sel_for_search value="1" /><upload_rule /><path_on_dev /></plugin><plugin name="Mp3Tunes Plugin"><sel_for_search value="1" /><upload_rule /><path_on_dev /></plugin><plugin name="Tangle"><sel_for_search value="1" /><upload_rule /><path_on_dev /></plugin><plugin name="TunesBag Plugin"><sel_for_search value="1" /><upload_rule /><path_on_dev /></plugin><plugin name="Veoh"><sel_for_search value="1" /><upload_rule /><path_on_dev /></plugin><plugin name="Vimeo"><sel_for_search value="1" /><upload_rule /><path_on_dev /></plugin><plugin name="VMP3"><sel_for_search value="1" /><upload_rule
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\HttpVideoDownloader.YoutubePlayList]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\HttpVideoDownloader.YoutubePlayList]
@="CYoutubePlayList Object"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\HttpVideoDownloader.YoutubePlayList\CurVer]
@="HttpVideoDownloader.YoutubePlayList.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\HttpVideoDownloader.YoutubePlayList.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\HttpVideoDownloader.YoutubePlayList.1]
@="CYoutubePlayList Object"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{60838D67-CE0A-4E57-AA61-0B525DF905B4}]
@="_IYoutubePlayListEvents"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{97676785-A817-45D7-BD3F-8D1D05DC4CBD}]
@="IYoutubePlayList"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C8343D44-05AA-4B28-B1B4-4B4A194F8AB4}]
@="CYoutubePlayList Object"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C8343D44-05AA-4B28-B1B4-4B4A194F8AB4}\ProgID]
@="HttpVideoDownloader.YoutubePlayList.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C8343D44-05AA-4B28-B1B4-4B4A194F8AB4}\VersionIndependentProgID]
@="HttpVideoDownloader.YoutubePlayList"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{60838D67-CE0A-4E57-AA61-0B525DF905B4}]
@="_IYoutubePlayListEvents"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{97676785-A817-45D7-BD3F-8D1D05DC4CBD}]
@="IYoutubePlayList"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E3ECF3D7B49D95D43BE0B2D5D366B591]
"B6ACDB9A3563B764CA384963D73AFB3E"="C:\Program Files (x86)\Windows Live\Photo Gallery\WLYouTubePlugin.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E3ECF3D7B49D95D43BE0B2D5D366B591\B6ACDB9A3563B764CA384963D73AFB3E]
"File"="WLYouTubePluginDLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\AVS4YOU\Navigator]
"AVS YouTube Uploader"="http://www.avs4you.com/Downloads/AV...urce=Navigator&utm_content=AVSYouTubeUploader"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\DVDVideoSoft\AppPaths]
"FreeYouTubeToMP3Converter"="C:\Program Files (x86)\DVDVideoSoft\Free YouTube to MP3 Converter\FreeYouTubeToMP3Converter.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\DVDVideoSoft\UninstallPaths]
"Free Audio CD Burner"="C:\Program Files (x86)\DVDVideoSoft\Free YouTube to MP3 Converter\unins000.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\DVDVideoSoft\UninstallPaths]
"Free YouTube to MP3 Converter"="C:\Program Files (x86)\DVDVideoSoft\Free YouTube to MP3 Converter\unins000.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Hewlett-Packard\TouchSmart\Music]
"Feature_YouTubeSupportCountryList"="USA,DEU,AUS,CAN,GBR,IRL,NZL,ESP,MEX,FRA,ITA,JPN,KOR,NLD,POL,BRA,RUS,HKG,TWN,CZE,SWE,ISR,IND"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\A Youtube Downloader Free_Helper_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\A Youtube Downloader Free_Helper_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\FreeYouTubeToMP3Converter_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\FreeYouTubeToMP3Converter_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Free YouTube to MP3 Converter_is1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Free YouTube to MP3 Converter_is1]
"Inno Setup: App Path"="C:\Program Files (x86)\DVDVideoSoft\Free YouTube to MP3 Converter"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Free YouTube to MP3 Converter_is1]
"InstallLocation"="C:\Program Files (x86)\DVDVideoSoft\Free YouTube to MP3 Converter\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Free YouTube to MP3 Converter_is1]
"DisplayName"="Free YouTube to MP3 Converter version 3.9.40.602"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Free YouTube to MP3 Converter_is1]
"DisplayIcon"="C:\Program Files (x86)\DVDVideoSoft\Free YouTube to MP3 Converter\FreeYouTubeToMP3Converter.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Free YouTube to MP3 Converter_is1]
"QuietUninstallString"=""C:\Program Files (x86)\DVDVideoSoft\Free YouTube to MP3 Converter\unins000.exe" /SILENT"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{C8343D44-05AA-4B28-B1B4-4B4A194F8AB4}]
@="CYoutubePlayList Object"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{C8343D44-05AA-4B28-B1B4-4B4A194F8AB4}\ProgID]
@="HttpVideoDownloader.YoutubePlayList.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{C8343D44-05AA-4B28-B1B4-4B4A194F8AB4}\VersionIndependentProgID]
@="HttpVideoDownloader.YoutubePlayList"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{60838D67-CE0A-4E57-AA61-0B525DF905B4}]
@="_IYoutubePlayListEvents"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{97676785-A817-45D7-BD3F-8D1D05DC4CBD}]
@="IYoutubePlayList"
[HKEY_USERS\S-1-5-21-2635634824-2115636220-2321885851-1000\Software\DVDVideoSoft\FreeVideoToFlashConverter\Links]
"Keys"="youtube download youtube to mp3 converter youtube video downloader"
[HKEY_USERS\S-1-5-21-2635634824-2115636220-2321885851-1000\Software\DVDVideoSoft\FreeVideoToFlashConverter\Links]
"Links"="http://www.dvdvideosoft.com/products/dvd/Free-YouTube-Download.htm http://www.dvdvideosoft.com/products/dvd/Free-YouTube-to-MP3-Converter.htm http://www.dvdvideosoft.com/products/dvd/Free-YouTube-Download.htm"
[HKEY_USERS\S-1-5-21-2635634824-2115636220-2321885851-1000\Software\DVDVideoSoft\FreeYouTubeToMP3Converter]
[HKEY_USERS\S-1-5-21-2635634824-2115636220-2321885851-1000\Software\DVDVideoSoft\FreeYouTubeToMP3Converter]
"LastOutputFolder"="C:\Users\Kathi\Desktop\Youtube Mp3"
[HKEY_USERS\S-1-5-21-2635634824-2115636220-2321885851-1000\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.youtube]
[HKEY_USERS\S-1-5-21-2635634824-2115636220-2321885851-1000\Software\Google\Google Toolbar\4.0\Toolbar Sync\6LKJILET0J12UK1I86G6\Options\Custom Buttons\google.youtube]
[HKEY_USERS\S-1-5-21-2635634824-2115636220-2321885851-1000\Software\HotSummerWind Software\A Youtube Downloader Free]
[HKEY_USERS\S-1-5-21-2635634824-2115636220-2321885851-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\51c542ea_0]
@="{0.0.0.00000000}.{9aaad6f4-87ff-4b67-bd8f-2844310870d1}|\Device\HarddiskVolume2\Program Files (x86)\DVDVideoSoft\Free YouTube to MP3 Converter\FreeYouTubeToMP3Converter.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_USERS\S-1-5-21-2635634824-2115636220-2321885851-1000\Software\Microsoft\Internet Explorer\MenuExt\Free YouTube to MP3 Converter]
[HKEY_USERS\S-1-5-21-2635634824-2115636220-2321885851-1000\Software\Microsoft\Internet Explorer\MenuExt\Free YouTube to MP3 Converter]
@="C:\Users\Kathi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm"
[HKEY_USERS\S-1-5-21-2635634824-2115636220-2321885851-1000\Software\Microsoft\Internet Explorer\TypedURLs]
"url11"="http://www.youtube.com/"
[HKEY_USERS\S-1-5-21-2635634824-2115636220-2321885851-1000\Software\RapidSolution\Audials_2011\PM_Settings]
"SerializedPlgSettings"="<?xml version="1.0" encoding="UTF-8" ?><plg_cfgs><plugin name="AOL"><sel_for_search value="1" /><upload_rule /><path_on_dev /></plugin><plugin name="ClipFish"><sel_for_search value="1" /><upload_rule /><path_on_dev /></plugin><plugin name="Esnips.com"><sel_for_search value="1" /><upload_rule /><path_on_dev /></plugin><plugin name="MP3.com"><sel_for_search value="1" /><upload_rule /><path_on_dev /></plugin><plugin name="Mp3Tunes Plugin"><sel_for_search value="1" /><upload_rule /><path_on_dev /></plugin><plugin name="Tangle"><sel_for_search value="1" /><upload_rule /><path_on_dev /></plugin><plugin name="TunesBag Plugin"><sel_for_search value="1" /><upload_rule /><path_on_dev /></plugin><plugin name="Veoh"><sel_for_search value="1" /><upload_rule /><path_on_dev /></plugin><plugin name="Vimeo"><sel_for_search value="1" /><upload_rule /><path_on_dev /></plugin><plugin name="VMP3"><

-= EOF =-

 

[Jay Pfoutz]

And again...

OTL Fix

Please run OTL

• Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:
  
  

  :reg
  [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes]
  "DoNotAskAgain"=-
  [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
  "Tabs"=-
  [HKEY_USERS\S-1-5-21-2635634824-2115636220-2321885851-1000\Software\Microsoft\Internet Explorer\SearchScopes]
  "DoNotAskAgain"=-
  [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\A Youtube Downloader Free_Helper_RASAPI32]
  [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\A Youtube Downloader Free_Helper_RASMANCS]
  
  :commands
  [emptytemp]
  [reboot]

• Then click the Run Fix button at the top.
• Note: The fix for OTL automatically hides your Desktop and Start menu so the fix can be completed. Do not be alerted, as this is normal.
• Please do not exit the program. It might take a while to fix, but allow it to run. If it asks to reboot the computer, allow it to reboot. If the program freezes, and the computer fails to reboot - let me know.
  Lastly, post the contents of the log. (Located at C:\_OTL\Moved Files)

 

[Jay Pfoutz]

How did this go?