Page 1 of 4 123 ... LastLast
Results 1 to 10 of 39

Thread: Spyware?

  1. #1
    Member
    Join Date
    Mar 2010
    Posts
    61
    Points
    0

    Default Spyware?

    Hello and thanks in advance for your help. I am having problems surfing the web on both Exporer and Firefox. I can get onto a page or two, then the next page will not load. If I go back and try to reload the page, then it works some of the time. Half the time the pages that do load are loading very slowly. I ran the required scans and they are listed below. Any help you can provide will be greatly appreciated.

    SUPERAntiSpyware Scan Log
    SUPERAntiSpyware | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

    Generated 02/11/2014 at 08:48 PM

    Application Version : 5.7.1018

    Core Rules Database Version : 11034
    Trace Rules Database Version: 8846

    Scan type : Complete Scan
    Total Scan Time : 00:52:09

    Operating System Information
    Windows Vista Home Premium 64-bit, Service Pack 2 (Build 6.00.6002)
    UAC On - Limited User

    Memory items scanned : 475
    Memory threats detected : 0
    Registry items scanned : 84315
    Registry threats detected : 0
    File items scanned : 53891
    File threats detected : 180

    Adware.Tracking Cookie
    C:\Users\Kathy\AppData\Roaming\Microsoft\Windows\Cookies\49WJ943O.txt [ /media6degrees.com ]
    C:\Users\Kathy\AppData\Roaming\Microsoft\Windows\Cookies\P38UEM38.txt [ /ads.yahoo.com ]
    C:\Users\Kathy\AppData\Roaming\Microsoft\Windows\Cookies\ABSAMDU2.txt [ /adtechus.com ]
    C:\Users\Kathy\AppData\Roaming\Microsoft\Windows\Cookies\8JP9A100.txt [ /collective-media.net ]
    C:\Users\Kathy\AppData\Roaming\Microsoft\Windows\Cookies\TXIQOX1B.txt [ /revsci.net ]
    C:\Users\Kathy\AppData\Roaming\Microsoft\Windows\Cookies\9V7LJ5J7.txt [ /ru4.com ]
    C:\Users\Kathy\AppData\Roaming\Microsoft\Windows\Cookies\Q3IB99D7.txt [ /yieldmanager.net ]
    C:\Users\Kathy\AppData\Roaming\Microsoft\Windows\Cookies\LKC1CJUJ.txt [ /serving-sys.com ]
    C:\Users\Kathy\AppData\Roaming\Microsoft\Windows\Cookies\XZWTEWJT.txt [ /a1.interclick.com ]
    C:\Users\Kathy\AppData\Roaming\Microsoft\Windows\Cookies\TLALXK11.txt [ /lucidmedia.com ]
    C:\Users\Kathy\AppData\Roaming\Microsoft\Windows\Cookies\TNV4X0HM.txt [ /microsoftsto.112.2o7.net ]
    C:\Users\Kathy\AppData\Roaming\Microsoft\Windows\Cookies\EBH6DT60.txt [ /pro-market.net ]
    C:\Users\Kathy\AppData\Roaming\Microsoft\Windows\Cookies\XKUN34DS.txt [ /interclick.com ]
    C:\Users\Kathy\AppData\Roaming\Microsoft\Windows\Cookies\I1WOSX2S.txt [ /at.atwola.com ]
    C:\Users\Kathy\AppData\Roaming\Microsoft\Windows\Cookies\Y1DQ4HAK.txt [ /ads.pubmatic.com ]
    C:\Users\Kathy\AppData\Roaming\Microsoft\Windows\Cookies\KFTV489I.txt [ /insightexpressai.com ]
    C:\Users\Kathy\AppData\Roaming\Microsoft\Windows\Cookies\QW9PWTDN.txt [ /imrworldwide.com ]
    C:\USERS\KATHY\AppData\Roaming\Microsoft\Windows\Cookies\2AH9CQ0H.txt [ Cookie:kathy@adsonar.com/adserving ]
    C:\USERS\KATHY\AppData\Roaming\Microsoft\Windows\Cookies\Low\XIEM5ZF8.txt [ Cookie:kathy@media6degrees.com/ ]
    C:\USERS\KATHY\AppData\Roaming\Microsoft\Windows\Cookies\Low\YBU10IYC.txt [ Cookie:kathy@adsonar.com/adserving ]
    C:\USERS\KATHY\AppData\Roaming\Microsoft\Windows\Cookies\Low\E915H3J4.txt [ Cookie:kathy@eyeviewads.com/ ]
    C:\USERS\KATHY\AppData\Roaming\Microsoft\Windows\Cookies\Low\TRG6F3U0.txt [ Cookie:kathy@adtechus.com/ ]
    C:\USERS\KATHY\AppData\Roaming\Microsoft\Windows\Cookies\Low\8L8D3HXT.txt [ Cookie:kathy@collective-media.net/ ]
    C:\USERS\KATHY\AppData\Roaming\Microsoft\Windows\Cookies\Low\XC7FWZ3Y.txt [ Cookie:kathy@pointroll.com/ ]
    C:\USERS\KATHY\AppData\Roaming\Microsoft\Windows\Cookies\Low\JVRQD9X3.txt [ Cookie:kathy@estat.com/ ]
    C:\USERS\KATHY\AppData\Roaming\Microsoft\Windows\Cookies\Low\6U60Q7O9.txt [ Cookie:kathy@revsci.net/ ]
    C:\USERS\KATHY\AppData\Roaming\Microsoft\Windows\Cookies\Low\7437BDC9.txt [ Cookie:kathy@ru4.com/ ]
    C:\USERS\KATHY\AppData\Roaming\Microsoft\Windows\Cookies\Low\Q111MMCJ.txt [ Cookie:kathy@a1.interclick.com/ ]
    C:\USERS\KATHY\AppData\Roaming\Microsoft\Windows\Cookies\Low\KRO4TO20.txt [ Cookie:kathy@specificclick.net/ ]
    C:\USERS\KATHY\AppData\Roaming\Microsoft\Windows\Cookies\Low\3EULPNXU.txt [ Cookie:kathy@interclick.com/ ]
    C:\USERS\KATHY\AppData\Roaming\Microsoft\Windows\Cookies\Low\Y2IUZALS.txt [ Cookie:kathy@at.atwola.com/ ]
    C:\USERS\KATHY\AppData\Roaming\Microsoft\Windows\Cookies\Low\OFGHKV53.txt [ Cookie:kathy@clickbooth.com/ ]
    C:\USERS\KATHY\AppData\Roaming\Microsoft\Windows\Cookies\Low\RO0J7Y8G.txt [ Cookie:kathy@ads.pointroll.com/ ]
    C:\USERS\KATHY\AppData\Roaming\Microsoft\Windows\Cookies\Low\YQ8ZE39W.txt [ Cookie:kathy@tribalfusion.com/ ]
    C:\USERS\KATHY\AppData\Roaming\Microsoft\Windows\Cookies\Low\7DAUZ869.txt [ Cookie:kathy@bs.serving-sys.com/ ]
    C:\USERS\KATHY\AppData\Roaming\Microsoft\Windows\Cookies\Low\MNX8X9ME.txt [ Cookie:kathy@imrworldwide.com/ ]
    C:\USERS\KATHY\Cookies\49WJ943O.txt [ Cookie:kathy@media6degrees.com/ ]
    C:\USERS\KATHY\Cookies\2AH9CQ0H.txt [ Cookie:kathy@adsonar.com/adserving ]
    C:\USERS\KATHY\Cookies\ABSAMDU2.txt [ Cookie:kathy@adtechus.com/ ]
    C:\USERS\KATHY\Cookies\8JP9A100.txt [ Cookie:kathy@collective-media.net/ ]
    C:\USERS\KATHY\Cookies\TXIQOX1B.txt [ Cookie:kathy@revsci.net/ ]
    C:\USERS\KATHY\Cookies\9V7LJ5J7.txt [ Cookie:kathy@ru4.com/ ]
    C:\USERS\KATHY\Cookies\XZWTEWJT.txt [ Cookie:kathy@a1.interclick.com/ ]
    C:\USERS\KATHY\Cookies\XKUN34DS.txt [ Cookie:kathy@interclick.com/ ]
    C:\USERS\KATHY\Cookies\I1WOSX2S.txt [ Cookie:kathy@at.atwola.com/ ]
    C:\USERS\KATHY\Cookies\KFTV489I.txt [ Cookie:kathy@insightexpressai.com/ ]
    C:\USERS\KATHY\Cookies\QW9PWTDN.txt [ Cookie:kathy@imrworldwide.com/ ]
    C:\Users\Kathy\AppData\Roaming\Microsoft\Windows\Cookies\Low\KF3V64LC.txt [ /ads.yahoo.com ]
    C:\Users\Kathy\AppData\Roaming\Microsoft\Windows\Cookies\Low\P5QNK6V1.txt [ /ad.360yield.com ]
    C:\Users\Kathy\AppData\Roaming\Microsoft\Windows\Cookies\Low\IINTSF7V.txt [ /ads.undertone.com ]
    C:\Users\Kathy\AppData\Roaming\Microsoft\Windows\Cookies\Low\600IKH4V.txt [ /warnerbros.112.2o7.net ]
    C:\Users\Kathy\AppData\Roaming\Microsoft\Windows\Cookies\Low\0JWLO4W9.txt [ /vml.112.2o7.net ]
    C:\Users\Kathy\AppData\Roaming\Microsoft\Windows\Cookies\Low\EZDH7JG5.txt [ /yieldmanager.net ]
    C:\Users\Kathy\AppData\Roaming\Microsoft\Windows\Cookies\Low\UH3XLP30.txt [ /serving-sys.com ]
    C:\Users\Kathy\AppData\Roaming\Microsoft\Windows\Cookies\Low\0X4IZVHS.txt [ /lucidmedia.com ]
    C:\Users\Kathy\AppData\Roaming\Microsoft\Windows\Cookies\Low\42IU6XEK.txt [ /pro-market.net ]
    C:\Users\Kathy\AppData\Roaming\Microsoft\Windows\Cookies\Low\4D9CBJ21.txt [ /ads.pubmatic.com ]
    C:\Users\Kathy\AppData\Roaming\Microsoft\Windows\Cookies\Low\M81OQH1V.txt [ /ads.stickyadstv.com ]
    C:\Users\Kathy\AppData\Roaming\Microsoft\Windows\Cookies\Low\G0484P5Y.txt [ /ad.mlnadvertising.com ]
    secure.insightexpressai.com [ C:\USERS\KATHY\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\PXPPSYBZ ]
    .imrworldwide.com [ C:\USERS\KATHY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YLTFR9Q6.DEFAULT-1391991085774\COOKIES.SQLITE ]
    adfarm.mediaplex.com [ C:\USERS\KATHY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YLTFR9Q6.DEFAULT-1391991085774\COOKIES.SQLITE ]
    .doubleclick.net [ C:\USERS\KATHY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YLTFR9Q6.DEFAULT-1391991085774\COOKIES.SQLITE ]
    .atdmt.com [ C:\USERS\KATHY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YLTFR9Q6.DEFAULT-1391991085774\COOKIES.SQLITE ]
    .atdmt.com [ C:\USERS\KATHY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YLTFR9Q6.DEFAULT-1391991085774\COOKIES.SQLITE ]
    .advertising.com [ C:\USERS\KATHY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YLTFR9Q6.DEFAULT-1391991085774\COOKIES.SQLITE ]
    .ad.mlnadvertising.com [ C:\USERS\KATHY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YLTFR9Q6.DEFAULT-1391991085774\COOKIES.SQLITE ]
    c1.adform.net [ C:\USERS\KATHY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YLTFR9Q6.DEFAULT-1391991085774\COOKIES.SQLITE ]
    .zedo.com [ C:\USERS\KATHY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YLTFR9Q6.DEFAULT-1391991085774\COOKIES.SQLITE ]
    .zedo.com [ C:\USERS\KATHY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YLTFR9Q6.DEFAULT-1391991085774\COOKIES.SQLITE ]
    .zedo.com [ C:\USERS\KATHY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YLTFR9Q6.DEFAULT-1391991085774\COOKIES.SQLITE ]
    .mediaplex.com [ C:\USERS\KATHY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YLTFR9Q6.DEFAULT-1391991085774\COOKIES.SQLITE ]
    .mediaplex.com [ C:\USERS\KATHY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YLTFR9Q6.DEFAULT-1391991085774\COOKIES.SQLITE ]
    .revsci.net [ C:\USERS\KATHY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YLTFR9Q6.DEFAULT-1391991085774\COOKIES.SQLITE ]
    .zedo.com [ C:\USERS\KATHY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YLTFR9Q6.DEFAULT-1391991085774\COOKIES.SQLITE ]
    .zedo.com [ C:\USERS\KATHY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YLTFR9Q6.DEFAULT-1391991085774\COOKIES.SQLITE ]
    .zedo.com [ C:\USERS\KATHY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YLTFR9Q6.DEFAULT-1391991085774\COOKIES.SQLITE ]
    .zedo.com [ C:\USERS\KATHY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YLTFR9Q6.DEFAULT-1391991085774\COOKIES.SQLITE ]
    .pro-market.net [ C:\USERS\KATHY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YLTFR9Q6.DEFAULT-1391991085774\COOKIES.SQLITE ]
    .ru4.com [ C:\USERS\KATHY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YLTFR9Q6.DEFAULT-1391991085774\COOKIES.SQLITE ]
    .invitemedia.com [ C:\USERS\KATHY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YLTFR9Q6.DEFAULT-1391991085774\COOKIES.SQLITE ]
    .invitemedia.com [ C:\USERS\KATHY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YLTFR9Q6.DEFAULT-1391991085774\COOKIES.SQLITE ]
    .collective-media.net [ C:\USERS\KATHY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YLTFR9Q6.DEFAULT-1391991085774\COOKIES.SQLITE ]
    .media6degrees.com [ C:\USERS\KATHY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YLTFR9Q6.DEFAULT-1391991085774\COOKIES.SQLITE ]
    .ru4.com [ C:\USERS\KATHY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YLTFR9Q6.DEFAULT-1391991085774\COOKIES.SQLITE ]
    .serving-sys.com [ C:\USERS\KATHY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YLTFR9Q6.DEFAULT-1391991085774\COOKIES.SQLITE ]
    .serving-sys.com [ C:\USERS\KATHY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YLTFR9Q6.DEFAULT-1391991085774\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\USERS\KATHY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YLTFR9Q6.DEFAULT-1391991085774\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\USERS\KATHY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YLTFR9Q6.DEFAULT-1391991085774\COOKIES.SQLITE ]
    .adtechus.com [ C:\USERS\KATHY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YLTFR9Q6.DEFAULT-1391991085774\COOKIES.SQLITE ]
    .questionmarket.com [ C:\USERS\KATHY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YLTFR9Q6.DEFAULT-1391991085774\COOKIES.SQLITE ]
    .collective-media.net [ C:\USERS\KATHY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YLTFR9Q6.DEFAULT-1391991085774\COOKIES.SQLITE ]
    a.intentmedia.net [ C:\USERS\KATHY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YLTFR9Q6.DEFAULT-1391991085774\COOKIES.SQLITE ]
    stats.adotube.com [ C:\USERS\KATHY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YLTFR9Q6.DEFAULT-1391991085774\COOKIES.SQLITE ]
    .ru4.com [ C:\USERS\KATHY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YLTFR9Q6.DEFAULT-1391991085774\COOKIES.SQLITE ]
    .advertising.com [ C:\USERS\KATHY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YLTFR9Q6.DEFAULT-1391991085774\COOKIES.SQLITE ]
    .mediaplex.com [ C:\USERS\KATHY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YLTFR9Q6.DEFAULT-1391991085774\COOKIES.SQLITE ]
    .media.adfrontiers.com [ C:\USERS\KATHY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YLTFR9Q6.DEFAULT-1391991085774\COOKIES.SQLITE ]
    .zedo.com [ C:\USERS\KATHY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YLTFR9Q6.DEFAULT-1391991085774\COOKIES.SQLITE ]
    .zedo.com [ C:\USERS\KATHY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YLTFR9Q6.DEFAULT-1391991085774\COOKIES.SQLITE ]
    .zedo.com [ C:\USERS\KATHY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YLTFR9Q6.DEFAULT-1391991085774\COOKIES.SQLITE ]
    .zedo.com [ C:\USERS\KATHY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YLTFR9Q6.DEFAULT-1391991085774\COOKIES.SQLITE ]
    .zedo.com [ C:\USERS\KATHY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YLTFR9Q6.DEFAULT-1391991085774\COOKIES.SQLITE ]
    .legolas-media.com [ C:\USERS\KATHY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YLTFR9Q6.DEFAULT-1391991085774\COOKIES.SQLITE ]
    .at.atwola.com [ C:\USERS\KATHY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YLTFR9Q6.DEFAULT-1391991085774\COOKIES.SQLITE ]
    .tacoda.at.atwola.com [ C:\USERS\KATHY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YLTFR9Q6.DEFAULT-1391991085774\COOKIES.SQLITE ]
    .tacoda.at.atwola.com [ C:\USERS\KATHY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YLTFR9Q6.DEFAULT-1391991085774\COOKIES.SQLITE ]
    .tacoda.at.atwola.com [ C:\USERS\KATHY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YLTFR9Q6.DEFAULT-1391991085774\COOKIES.SQLITE ]
    .interclick.com [ C:\USERS\KATHY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YLTFR9Q6.DEFAULT-1391991085774\COOKIES.SQLITE ]
    .interclick.com [ C:\USERS\KATHY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YLTFR9Q6.DEFAULT-1391991085774\COOKIES.SQLITE ]
    .legolas-media.com [ C:\USERS\KATHY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YLTFR9Q6.DEFAULT-1391991085774\COOKIES.SQLITE ]
    mediaservices-d.openxenterprise.com [ C:\USERS\KATHY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YLTFR9Q6.DEFAULT-1391991085774\COOKIES.SQLITE ]
    .doubleclick.net [ C:\USERS\KATHY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YLTFR9Q6.DEFAULT-1391991085774\COOKIES.SQLITE ]
    imp.bid.ace.advertising.com [ C:\USERS\KATHY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YLTFR9Q6.DEFAULT-1391991085774\COOKIES.SQLITE ]
    .invitemedia.com [ C:\USERS\KATHY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YLTFR9Q6.DEFAULT-1391991085774\COOKIES.SQLITE ]
    .at.atwola.com [ C:\USERS\KATHY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YLTFR9Q6.DEFAULT-1391991085774\COOKIES.SQLITE ]
    .clickbooth.com [ C:\USERS\KATHY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YLTFR9Q6.DEFAULT-1391991085774\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\USERS\KATHY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YLTFR9Q6.DEFAULT-1391991085774\COOKIES.SQLITE ]
    .ads.pointroll.com [ C:\USERS\KATHY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YLTFR9Q6.DEFAULT-1391991085774\COOKIES.SQLITE ]
    .burstnet.com [ C:\USERS\KATHY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YLTFR9Q6.DEFAULT-1391991085774\COOKIES.SQLITE ]
    .burstnet.com [ C:\USERS\KATHY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YLTFR9Q6.DEFAULT-1391991085774\COOKIES.SQLITE ]
    c1.adform.net [ C:\USERS\KATHY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YLTFR9Q6.DEFAULT-1391991085774\COOKIES.SQLITE ]
    .adform.net [ C:\USERS\KATHY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YLTFR9Q6.DEFAULT-1391991085774\COOKIES.SQLITE ]
    .casalemedia.com [ C:\USERS\KATHY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YLTFR9Q6.DEFAULT-1391991085774\COOKIES.SQLITE ]
    .zedo.com [ C:\USERS\KATHY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YLTFR9Q6.DEFAULT-1391991085774\COOKIES.SQLITE ]
    .zedo.com [ C:\USERS\KATHY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YLTFR9Q6.DEFAULT-1391991085774\COOKIES.SQLITE ]
    .zedo.com [ C:\USERS\KATHY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YLTFR9Q6.DEFAULT-1391991085774\COOKIES.SQLITE ]
    .zedo.com [ C:\USERS\KATHY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YLTFR9Q6.DEFAULT-1391991085774\COOKIES.SQLITE ]
    .eyeviewads.com [ C:\USERS\KATHY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YLTFR9Q6.DEFAULT-1391991085774\COOKIES.SQLITE ]
    .media6degrees.com [ C:\USERS\KATHY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YLTFR9Q6.DEFAULT-1391991085774\COOKIES.SQLITE ]
    .warnerbros.112.2o7.net [ C:\USERS\KATHY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YLTFR9Q6.DEFAULT-1391991085774\COOKIES.SQLITE ]
    .revsci.net [ C:\USERS\KATHY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YLTFR9Q6.DEFAULT-1391991085774\COOKIES.SQLITE ]
    .adtechus.com [ C:\USERS\KATHY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YLTFR9Q6.DEFAULT-1391991085774\COOKIES.SQLITE ]
    .media.adfrontiers.com [ C:\USERS\KATHY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YLTFR9Q6.DEFAULT-1391991085774\COOKIES.SQLITE ]
    .ru4.com [ C:\USERS\KATHY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YLTFR9Q6.DEFAULT-1391991085774\COOKIES.SQLITE ]
    .a1.interclick.com [ C:\USERS\KATHY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YLTFR9Q6.DEFAULT-1391991085774\COOKIES.SQLITE ]
    .a1.interclick.com [ C:\USERS\KATHY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YLTFR9Q6.DEFAULT-1391991085774\COOKIES.SQLITE ]
    .a1.interclick.com [ C:\USERS\KATHY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YLTFR9Q6.DEFAULT-1391991085774\COOKIES.SQLITE ]
    .a1.interclick.com [ C:\USERS\KATHY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YLTFR9Q6.DEFAULT-1391991085774\COOKIES.SQLITE ]
    .a1.interclick.com [ C:\USERS\KATHY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YLTFR9Q6.DEFAULT-1391991085774\COOKIES.SQLITE ]
    .a1.interclick.com [ C:\USERS\KATHY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YLTFR9Q6.DEFAULT-1391991085774\COOKIES.SQLITE ]
    .tracking.dsmmadvantage.com [ C:\USERS\KATHY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YLTFR9Q6.DEFAULT-1391991085774\COOKIES.SQLITE ]
    .2o7.net [ C:\USERS\KATHY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YLTFR9Q6.DEFAULT-1391991085774\COOKIES.SQLITE ]
    .ru4.com [ C:\USERS\KATHY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YLTFR9Q6.DEFAULT-1391991085774\COOKIES.SQLITE ]
    .ru4.com [ C:\USERS\KATHY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YLTFR9Q6.DEFAULT-1391991085774\COOKIES.SQLITE ]
    .ru4.com [ C:\USERS\KATHY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YLTFR9Q6.DEFAULT-1391991085774\COOKIES.SQLITE ]
    .ru4.com [ C:\USERS\KATHY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YLTFR9Q6.DEFAULT-1391991085774\COOKIES.SQLITE ]
    .ru4.com [ C:\USERS\KATHY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YLTFR9Q6.DEFAULT-1391991085774\COOKIES.SQLITE ]
    .ru4.com [ C:\USERS\KATHY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YLTFR9Q6.DEFAULT-1391991085774\COOKIES.SQLITE ]
    .media6degrees.com [ C:\USERS\KATHY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YLTFR9Q6.DEFAULT-1391991085774\COOKIES.SQLITE ]
    .media6degrees.com [ C:\USERS\KATHY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YLTFR9Q6.DEFAULT-1391991085774\COOKIES.SQLITE ]
    .media6degrees.com [ C:\USERS\KATHY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YLTFR9Q6.DEFAULT-1391991085774\COOKIES.SQLITE ]
    .invitemedia.com [ C:\USERS\KATHY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YLTFR9Q6.DEFAULT-1391991085774\COOKIES.SQLITE ]
    .serving-sys.com [ C:\USERS\KATHY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YLTFR9Q6.DEFAULT-1391991085774\COOKIES.SQLITE ]
    .lucidmedia.com [ C:\USERS\KATHY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YLTFR9Q6.DEFAULT-1391991085774\COOKIES.SQLITE ]
    .serving-sys.com [ C:\USERS\KATHY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YLTFR9Q6.DEFAULT-1391991085774\COOKIES.SQLITE ]
    .questionmarket.com [ C:\USERS\KATHY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YLTFR9Q6.DEFAULT-1391991085774\COOKIES.SQLITE ]
    .questionmarket.com [ C:\USERS\KATHY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YLTFR9Q6.DEFAULT-1391991085774\COOKIES.SQLITE ]
    .questionmarket.com [ C:\USERS\KATHY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YLTFR9Q6.DEFAULT-1391991085774\COOKIES.SQLITE ]
    .yieldmanager.net [ C:\USERS\KATHY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YLTFR9Q6.DEFAULT-1391991085774\COOKIES.SQLITE ]
    .fastclick.net [ C:\USERS\KATHY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YLTFR9Q6.DEFAULT-1391991085774\COOKIES.SQLITE ]
    .advertising.com [ C:\USERS\KATHY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YLTFR9Q6.DEFAULT-1391991085774\COOKIES.SQLITE ]
    .magnify.grindmedia.com [ C:\USERS\KATHY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YLTFR9Q6.DEFAULT-1391991085774\COOKIES.SQLITE ]
    .magnify.grindmedia.com [ C:\USERS\KATHY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YLTFR9Q6.DEFAULT-1391991085774\COOKIES.SQLITE ]
    .magnify.grindmedia.com [ C:\USERS\KATHY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YLTFR9Q6.DEFAULT-1391991085774\COOKIES.SQLITE ]
    .grindmedia.com [ C:\USERS\KATHY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YLTFR9Q6.DEFAULT-1391991085774\COOKIES.SQLITE ]
    .specificclick.net [ C:\USERS\KATHY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YLTFR9Q6.DEFAULT-1391991085774\COOKIES.SQLITE ]
    .advertising.com [ C:\USERS\KATHY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YLTFR9Q6.DEFAULT-1391991085774\COOKIES.SQLITE ]
    .advertising.com [ C:\USERS\KATHY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YLTFR9Q6.DEFAULT-1391991085774\COOKIES.SQLITE ]
    .advertising.com [ C:\USERS\KATHY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YLTFR9Q6.DEFAULT-1391991085774\COOKIES.SQLITE ]
    .revsci.net [ C:\USERS\KATHY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YLTFR9Q6.DEFAULT-1391991085774\COOKIES.SQLITE ]
    .adlegend.com [ C:\USERS\KATHY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YLTFR9Q6.DEFAULT-1391991085774\COOKIES.SQLITE ]
    .tribalfusion.com [ C:\USERS\KATHY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YLTFR9Q6.DEFAULT-1391991085774\COOKIES.SQLITE ]
    .casalemedia.com [ C:\USERS\KATHY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YLTFR9Q6.DEFAULT-1391991085774\COOKIES.SQLITE ]
    .casalemedia.com [ C:\USERS\KATHY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YLTFR9Q6.DEFAULT-1391991085774\COOKIES.SQLITE ]
    .casalemedia.com [ C:\USERS\KATHY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YLTFR9Q6.DEFAULT-1391991085774\COOKIES.SQLITE ]
    .casalemedia.com [ C:\USERS\KATHY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YLTFR9Q6.DEFAULT-1391991085774\COOKIES.SQLITE ]
    usadserver.com [ C:\USERS\KATHY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YLTFR9Q6.DEFAULT-1391991085774\COOKIES.SQLITE ]
    .mediaplex.com [ C:\USERS\KATHY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YLTFR9Q6.DEFAULT-1391991085774\COOKIES.SQLITE ]
    .revsci.net [ C:\USERS\KATHY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YLTFR9Q6.DEFAULT-1391991085774\COOKIES.SQLITE ]


    Malwarebytes Anti-Malware 1.75.0.1300
    Malwarebytes : Free Anti-Malware

    Database version: v2014.02.12.01

    Windows Vista Service Pack 2 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Kathy :: KATHY-PC [administrator]

    2/11/2014 8:56:04 PM
    mbam-log-2014-02-11 (20-56-04).txt

    Scan type: Full scan (C:\|D:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 380342
    Time elapsed: 56 minute(s), 48 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)



    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 9:03:51 AM, on 2/12/2014
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v9.00 (9.00.8112.16533)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
    C:\Program Files (x86)\Dell\MediaDirect\PCMService.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Trend Micro\HijackThis\HiJackThis.exe
    C:\Windows\SysWOW64\DllHost.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: FAIESSO Helper Object - {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    O3 - Toolbar: avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
    O4 - HKLM\..\Run: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files (x86)\Dell\MediaDirect\PCMService.exe"
    O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\Alwil Software\Avast5\AvastUI.exe" /nogui
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
    O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
    O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O20 - Winlogon Notify: FastAccess - C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Andrea ST Filters Service (AESTFilters) - Unknown owner - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_cce24a4c\AESTSr64.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
    O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
    O23 - Service: FAService - Sensible Vision - C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: Audio Service (STacSV) - Unknown owner - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_cce24a4c\STacSV64.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 8795 bytes

  2. #2
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,158
    Points
    1301

    Default

    Hello,


    Hi! My name is zep516 and Welcome to help2go!
    I'll do the best I can to resolve your computer issue
    Please be patient with me as I am currently in training, and all of my responses to you have to be reviewed by my instructor before I post them. Just keep in mind that you get the advantage as you have 2 people examining your issue. Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions!

    First

    Please download OTL to your Desktop
    • Double click on the to run the program. On Vista/Win7 or 8 right click select Run As Administrator to start the program. If prompted by UAC, please allow it.
    • Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox
      and
    • Check the option for All under the Extra Registry section
    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
      • Please copy (Edit->Select All, Edit->Copy) the contents of these files and post them in your topic

    • OTL.txt <-- Will be opened, maximized
    • Extras.txt <-- Will be minimized on task bar.

    Please post the contents of both OTL.txt and Extras.txt files in your next reply.[/QUOTE]

  3. #3
    Member
    Join Date
    Mar 2010
    Posts
    61
    Points
    0

    Default

    OTL logfile created on: 2/12/2014 8:51:12 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kathy\Desktop
    64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.96 Gb Total Physical Memory | 2.38 Gb Available Physical Memory | 60.14% Memory free
    8.13 Gb Paging File | 6.22 Gb Available in Paging File | 76.58% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 288.01 Gb Total Space | 238.82 Gb Free Space | 82.92% Space Free | Partition Type: NTFS
    Drive D: | 10.00 Gb Total Space | 1.00 Gb Free Space | 10.01% Space Free | Partition Type: NTFS

    Computer Name: KATHY-PC | User Name: Kathy | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2014/02/12 20:47:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kathy\Desktop\OTL.exe
    PRC - [2014/02/08 21:51:07 | 003,767,096 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    PRC - [2014/02/08 21:51:07 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    PRC - [2013/12/18 13:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2008/12/18 13:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
    PRC - [2008/09/05 17:17:08 | 001,836,288 | ---- | M] (Sensible Vision ) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
    PRC - [2008/09/05 17:17:08 | 000,095,488 | ---- | M] (Sensible Vision ) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
    PRC - [2008/09/05 17:16:54 | 002,340,096 | ---- | M] (Sensible Vision ) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
    PRC - [2008/07/04 14:16:58 | 000,132,392 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Dell\MediaDirect\PCMService.exe


    ========== Modules (No Company Name) ==========

    MOD - [2014/02/08 21:51:16 | 019,336,120 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\libcef.dll
    MOD - [2008/09/05 17:16:36 | 000,233,216 | ---- | M] () -- C:\Windows\SysWOW64\FACrashRpt.dll
    MOD - [2008/09/05 17:16:36 | 000,059,136 | ---- | M] () -- C:\Windows\SysWOW64\FAib.dll
    MOD - [2008/09/05 17:16:20 | 000,087,296 | ---- | M] () -- C:\Windows\SysWOW64\FAIEExtension.dll


    ========== Services (SafeList) ==========

    SRV:64bit: - [2014/02/08 21:51:07 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
    SRV:64bit: - [2013/10/10 17:54:28 | 000,144,152 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
    SRV:64bit: - [2008/12/22 05:35:16 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\WLTRYSVC.EXE -- (wltrysvc)
    SRV:64bit: - [2008/12/22 04:26:38 | 000,281,600 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_cce24a4c\STacSV64.exe -- (STacSV)
    SRV:64bit: - [2008/12/22 04:26:06 | 000,088,576 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_cce24a4c\AESTSr64.exe -- (AESTFilters)
    SRV:64bit: - [2008/12/18 13:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
    SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2014/02/08 21:54:40 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2014/01/28 01:54:11 | 000,118,896 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2013/12/18 13:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/03/29 20:42:16 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2008/09/05 17:16:54 | 002,340,096 | ---- | M] (Sensible Vision ) [Auto | Running] -- C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe -- (FAService)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
    DRV:64bit: - [2014/02/08 21:51:20 | 001,038,072 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
    DRV:64bit: - [2014/02/08 21:51:20 | 000,421,704 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
    DRV:64bit: - [2014/02/08 21:51:20 | 000,207,904 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
    DRV:64bit: - [2014/02/08 21:51:20 | 000,078,648 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV:64bit: - [2014/02/08 21:51:20 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
    DRV:64bit: - [2014/02/08 21:51:20 | 000,065,264 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
    DRV:64bit: - [2014/02/08 21:51:19 | 000,064,752 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
    DRV:64bit: - [2012/02/29 08:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2011/07/22 11:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
    DRV:64bit: - [2011/07/12 16:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
    DRV:64bit: - [2011/05/12 13:03:12 | 000,006,144 | ---- | M] (Sophos Plc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\2493.tmp -- (MEMSWEEP2)
    DRV:64bit: - [2010/09/22 23:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\fssfltr.sys -- (fssfltr)
    DRV:64bit: - [2010/08/25 19:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2010/01/26 01:46:44 | 000,066,592 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\itecir.sys -- (itecir)
    DRV:64bit: - [2009/09/30 19:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
    DRV:64bit: - [2009/04/10 21:03:34 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
    DRV:64bit: - [2009/03/08 16:06:00 | 000,319,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA001Vid.sys -- (OA001Vid)
    DRV:64bit: - [2009/03/06 06:33:58 | 000,159,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA001Ufd.sys -- (OA001Ufd)
    DRV:64bit: - [2008/12/22 05:34:48 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCM42RLY.sys -- (BCM42RLY)
    DRV:64bit: - [2008/12/22 04:26:52 | 000,472,064 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)
    DRV:64bit: - [2008/12/17 04:22:04 | 001,526,776 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XX)
    DRV:64bit: - [2008/11/24 03:29:58 | 000,126,464 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
    DRV:64bit: - [2008/08/25 06:26:08 | 000,199,728 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Apfiltr.sys -- (ApfiltrService)
    DRV:64bit: - [2008/08/02 16:36:16 | 000,243,840 | ---- | M] (Sensible Vision ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\facap.sys -- (FACAP)
    DRV:64bit: - [2008/07/17 05:59:12 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys -- (rismxdp)
    DRV:64bit: - [2008/07/17 05:59:10 | 000,062,976 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys -- (rimmptsk)
    DRV:64bit: - [2008/07/17 05:59:08 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimspx64.sys -- (rimsptsk)
    DRV:64bit: - [2008/07/16 06:50:42 | 000,239,104 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\k57nd60a.sys -- (k57nd60a)
    DRV:64bit: - [2008/01/20 21:46:55 | 000,317,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express)
    DRV:64bit: - [2006/11/02 02:48:50 | 002,488,320 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)

    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\URLSearchHook: {9565115d-c7d6-46d3-bd63-b67b481a4368} - No CLSID value found
    IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-1369408010-4172177456-1871420540-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
    IE - HKU\S-1-5-21-1369408010-4172177456-1871420540-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKU\S-1-5-21-1369408010-4172177456-1871420540-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKU\S-1-5-21-1369408010-4172177456-1871420540-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=DLCDF7&pc=MDDC&src=IE-SearchBox
    IE - HKU\S-1-5-21-1369408010-4172177456-1871420540-1000\..\SearchScopes\{88FB16D2-04EA-4ffe-8079-CFF68F1B9CE6}: "URL" = http://www.search-results.com/web?q={searchTerms}&o=15868&l=dis&prt=BDIE&chn=retail&geo=US&ver=4.0.0.1588
    IE - HKU\S-1-5-21-1369408010-4172177456-1871420540-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "https://www.google.com/"
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0
    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_44.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2014/02/08 21:51:22 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/02/08 21:02:08 | 000,000,000 | ---D | M]

    [2009/06/11 13:38:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kathy\AppData\Roaming\Mozilla\Extensions
    [2009/06/11 13:38:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kathy\AppData\Roaming\Mozilla\Extensions\uploadr@flickr.com
    [2014/02/09 18:23:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
    [2014/02/09 18:23:22 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    [2009/09/18 12:10:03 | 000,003,700 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fast.png
    [2009/09/18 12:10:06 | 000,001,963 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fast.xml

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
    CHR - homepage: Google
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\PepperFlash\pepflashplayer.dll
    CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\pdf.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
    CHR - plugin: Java(TM) Platform SE 7 U17 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
    CHR - plugin: Java Deployment Toolkit 7.0.170.2 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
    CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - Extension: Docs = C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
    CHR - Extension: Google Drive = C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
    CHR - Extension: YouTube = C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: Google Search = C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: avast! WebRep = C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\
    CHR - Extension: Gmail = C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2013/04/05 19:56:31 | 000,445,511 | R--- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: 127.0.0.1 www.007guard.com
    O1 - Hosts: 127.0.0.1 007guard.com
    O1 - Hosts: 127.0.0.1 008i.com
    O1 - Hosts: 127.0.0.1 www.008k.com
    O1 - Hosts: 127.0.0.1 008k.com
    O1 - Hosts: 127.0.0.1 00hq.com
    O1 - Hosts: 127.0.0.1 00hq.com
    O1 - Hosts: 127.0.0.1 010402.com
    O1 - Hosts: 127.0.0.1 www.032439.com
    O1 - Hosts: 127.0.0.1 032439.com
    O1 - Hosts: 127.0.0.1 www.0scan.com
    O1 - Hosts: 127.0.0.1 0scan.com
    O1 - Hosts: 127.0.0.1 1000gratisproben.com
    O1 - Hosts: 127.0.0.1 1000gratisproben.com
    O1 - Hosts: 127.0.0.1 1001namen.com
    O1 - Hosts: 127.0.0.1 1001namen.com
    O1 - Hosts: 127.0.0.1 100888290cs.com
    O1 - Hosts: 127.0.0.1 博彩通,博彩网,金宝博188,博彩通评级,百家乐,奥妙百家乐
    O1 - Hosts: 127.0.0.1 www.100sexlinks.com
    O1 - Hosts: 127.0.0.1 100sexlinks.com
    O1 - Hosts: 127.0.0.1 www.10sek.com
    O1 - Hosts: 127.0.0.1 10sek.com
    O1 - Hosts: 127.0.0.1 www.1-2005-search.com
    O1 - Hosts: 127.0.0.1 1-2005-search.com
    O1 - Hosts: 15325 more lines...
    O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (FAIESSOHelper Class) - {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll (Sensible Vision )
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
    O3 - HKU\S-1-5-21-1369408010-4172177456-1871420540-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O3 - HKU\S-1-5-21-1369408010-4172177456-1871420540-1000\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
    O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
    O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Windows\SysNative\WLTRAY.exe (Dell Inc.)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
    O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [FAStartup] File not found
    O4 - HKLM..\Run: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe (Sensible Vision )
    O4 - HKLM..\Run: [PCMService] C:\Program Files (x86)\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
    O4 - HKU\S-1-5-21-1369408010-4172177456-1871420540-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware)
    O4 - Startup: C:\Users\Default\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
    O4 - Startup: C:\Users\Default User\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1369408010-4172177456-1871420540-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1369408010-4172177456-1871420540-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 97.81.22.195 71.92.29.130 24.217.201.67
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0E2FAA2A-D7E5-40AC-94F4-6A2D8EF2D11F}: DhcpNameServer = 97.81.22.195 71.92.29.130 24.217.201.67
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O20 - Winlogon\Notify\FastAccess: DllName - (C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll) - C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll ()
    O24 - Desktop WallPaper: C:\Users\Kathy\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O24 - Desktop BackupWallPaper: C:\Users\Kathy\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2014/02/12 20:47:35 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Kathy\Desktop\OTL.exe
    [2014/02/12 03:13:45 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
    [2014/02/12 03:13:44 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
    [2014/02/12 03:13:41 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
    [2014/02/12 03:13:40 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
    [2014/02/12 03:13:40 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
    [2014/02/12 03:13:40 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
    [2014/02/12 03:13:39 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
    [2014/02/12 03:13:39 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
    [2014/02/12 03:13:37 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
    [2014/02/12 03:13:36 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
    [2014/02/12 03:13:36 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
    [2014/02/12 03:13:35 | 002,334,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
    [2014/02/12 03:13:34 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
    [2014/02/12 03:13:34 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
    [2014/02/12 03:13:34 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
    [2014/02/12 03:03:55 | 000,000,000 | -HSD | C] -- C:\Config.Msi
    [2014/02/11 19:54:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
    [2014/02/11 19:54:35 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
    [2014/02/11 19:54:16 | 000,000,000 | ---D | C] -- C:\Users\Kathy\AppData\Roaming\SUPERAntiSpyware.com
    [2014/02/11 17:59:00 | 000,000,000 | ---D | C] -- C:\Users\Kathy\AppData\Local\ElevatedDiagnostics
    [2014/02/09 19:11:28 | 000,000,000 | ---D | C] -- C:\Users\Kathy\Desktop\Old Firefox Data
    [2014/02/09 18:17:15 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2014/02/09 17:58:04 | 000,000,000 | ---D | C] -- C:\Users\Kathy\AppData\Local\temp
    [2014/02/09 17:54:57 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2014/02/09 03:02:05 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
    [2014/02/08 21:54:10 | 000,000,000 | ---D | C] -- C:\Users\Kathy\AppData\Roaming\AVAST Software
    [2014/02/08 21:51:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
    [2014/02/08 21:41:25 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
    [2014/02/08 21:37:28 | 000,000,000 | ---D | C] -- C:\Users\Kathy\Desktop\RK_Quarantine
    [2014/02/08 21:29:42 | 004,691,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
    [2014/02/08 21:29:41 | 001,585,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
    [2014/02/08 21:29:41 | 000,234,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
    [2014/02/08 21:29:40 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
    [2014/02/08 21:29:40 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
    [2014/02/08 21:29:40 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
    [2014/02/08 21:29:40 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
    [2014/02/08 21:29:40 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
    [2014/02/08 21:29:40 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
    [2014/02/08 21:29:38 | 001,548,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
    [2014/02/08 21:29:37 | 001,706,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
    [2014/02/08 21:29:35 | 000,781,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FWPUCLNT.DLL
    [2014/02/08 21:29:35 | 000,596,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\FWPUCLNT.DLL
    [2014/02/08 21:29:25 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
    [2014/02/08 21:29:21 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icaapi.dll
    [2014/02/08 21:29:15 | 001,078,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certutil.exe
    [2014/02/08 21:29:14 | 000,812,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certutil.exe
    [2014/02/08 21:29:14 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certenc.dll
    [2014/02/08 21:29:13 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certenc.dll
    [2014/02/08 21:29:10 | 000,619,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll
    [2014/02/08 21:29:09 | 000,505,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll
    [2014/02/08 21:29:00 | 001,556,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
    [2014/02/08 21:29:00 | 000,566,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
    [2014/02/08 21:29:00 | 000,327,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
    [2014/02/08 21:29:00 | 000,287,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
    [2014/02/08 21:28:59 | 002,002,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
    [2014/02/08 21:28:59 | 001,268,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
    [2014/02/08 21:28:59 | 000,834,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
    [2014/02/08 21:28:59 | 000,196,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
    [2014/02/08 21:28:43 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptdlg.dll
    [2014/02/08 21:28:43 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cryptdlg.dll
    [2014/02/08 21:28:40 | 001,303,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rpcrt4.dll
    [2014/02/08 21:28:38 | 000,368,128 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
    [2014/02/08 21:28:38 | 000,293,376 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
    [2014/02/08 21:28:37 | 000,048,128 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
    [2014/02/08 21:28:37 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
    [2014/02/08 21:28:34 | 001,278,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
    [2014/02/08 21:28:28 | 000,031,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidparse.sys
    [2014/02/08 21:28:21 | 000,689,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\themeui.dll
    [2014/02/08 21:28:21 | 000,615,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\themeui.dll
    [2014/02/08 21:28:20 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scrrun.dll
    [2014/02/08 21:28:20 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wshom.ocx
    [2014/02/08 21:28:19 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\scrrun.dll
    [2014/02/08 21:28:19 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cscript.exe
    [2014/02/08 21:28:19 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cscript.exe
    [2014/02/08 21:28:19 | 000,131,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wshom.ocx
    [2014/02/08 21:28:19 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wshcon.dll
    [2014/02/08 21:28:17 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gdi32.dll
    [2014/02/08 21:28:17 | 000,124,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationCFFRasterizerNative_v0300.dll
    [2014/02/08 21:28:17 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
    [2014/02/08 21:28:14 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
    [2014/02/08 21:28:13 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
    [2014/02/08 21:28:07 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll
    [2014/02/08 21:28:05 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
    [2014/02/08 21:27:54 | 000,259,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
    [2014/02/08 21:27:54 | 000,007,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
    [2014/02/08 21:27:52 | 000,374,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SysFxUI.dll
    [2014/02/08 21:27:52 | 000,218,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\portcls.sys
    [2014/02/08 21:27:52 | 000,122,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\drmk.sys
    [2014/02/08 21:27:42 | 000,686,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
    [2014/02/08 21:27:42 | 000,443,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
    [2014/02/08 21:27:41 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\printcom.dll
    [2014/02/08 21:24:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
    [2014/02/08 21:23:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
    [2014/02/08 21:23:37 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
    [2014/02/08 21:23:21 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
    [2014/02/08 21:23:21 | 000,174,504 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
    [2014/02/08 21:23:21 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    [2014/02/08 21:23:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
    [2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2014/02/12 20:47:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kathy\Desktop\OTL.exe
    [2014/02/12 20:46:35 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2014/02/12 20:46:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2014/02/12 19:21:28 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2014/02/12 19:21:27 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2014/02/12 03:44:29 | 004,736,270 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2014/02/12 03:44:28 | 004,792,568 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2014/02/12 03:44:28 | 001,574,906 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2014/02/09 18:23:46 | 000,000,874 | ---- | M] () -- C:\Users\Kathy\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2014/02/09 18:23:29 | 000,000,850 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2014/02/09 17:39:27 | 000,057,486 | ---- | M] () -- C:\Users\Kathy\Documents\cc_20140209_173919.reg
    [2014/02/09 04:11:28 | 000,382,288 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2014/02/08 21:54:40 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
    [2014/02/08 21:54:40 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    [2014/02/08 21:51:52 | 000,001,842 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2014/02/08 21:51:20 | 001,038,072 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
    [2014/02/08 21:51:20 | 000,421,704 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
    [2014/02/08 21:51:20 | 000,334,136 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
    [2014/02/08 21:51:20 | 000,207,904 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
    [2014/02/08 21:51:20 | 000,078,648 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
    [2014/02/08 21:51:20 | 000,065,776 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
    [2014/02/08 21:51:20 | 000,065,264 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
    [2014/02/08 21:51:19 | 000,064,752 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
    [2014/02/08 21:51:18 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
    [2014/02/08 21:41:07 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
    [2014/02/05 05:00:21 | 002,334,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
    [2014/02/05 04:52:51 | 001,494,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
    [2014/02/05 04:52:37 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
    [2014/02/05 04:51:59 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
    [2014/02/05 04:51:52 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
    [2014/02/05 04:51:43 | 000,816,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
    [2014/02/05 04:51:34 | 000,729,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
    [2014/02/05 04:50:50 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
    [2014/02/05 04:50:05 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
    [2014/02/05 03:49:56 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
    [2014/02/05 03:49:14 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
    [2014/02/05 03:48:40 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
    [2014/02/05 03:48:08 | 000,717,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
    [2014/02/05 03:47:22 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
    [2014/02/05 03:46:50 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
    [2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2014/02/09 17:39:21 | 000,057,486 | ---- | C] () -- C:\Users\Kathy\Documents\cc_20140209_173919.reg
    [2014/02/08 21:41:09 | 000,207,904 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys
    [2014/02/08 21:41:08 | 000,065,776 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
    [2014/02/08 21:29:35 | 000,217,074 | ---- | C] () -- C:\Windows\SysNative\WFP.TMF
    [2012/07/22 14:19:51 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
    [2012/07/22 14:19:34 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
    [2012/07/22 14:18:53 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
    [2010/03/25 11:40:25 | 000,000,732 | ---- | C] () -- C:\Users\Kathy\AppData\Local\d3d9caps64.dat
    [2009/07/06 14:11:01 | 000,000,680 | ---- | C] () -- C:\Users\Kathy\AppData\Local\d3d9caps.dat
    [2009/06/12 19:32:45 | 000,004,646 | ---- | C] () -- C:\Users\Kathy\AppData\Roaming\wklnhst.dat
    [2009/06/10 15:14:42 | 000,007,168 | ---- | C] () -- C:\Users\Kathy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    ========== ZeroAccess Check ==========

    [2006/11/02 10:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\desktop.in0

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 12:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\SysWow64\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/10 23:11:16 | 000,891,392 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2009/04/10 22:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/20 21:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\SysWow64\wbem\wbemess.dll

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMPFC5A2B2
    @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84

    < End of report >

    OTL Extras logfile created on: 2/12/2014 8:51:12 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kathy\Desktop
    64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.96 Gb Total Physical Memory | 2.38 Gb Available Physical Memory | 60.14% Memory free
    8.13 Gb Paging File | 6.22 Gb Available in Paging File | 76.58% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 288.01 Gb Total Space | 238.82 Gb Free Space | 82.92% Space Free | Partition Type: NTFS
    Drive D: | 10.00 Gb Total Space | 1.00 Gb Free Space | 10.01% Space Free | Partition Type: NTFS

    Computer Name: KATHY-PC | User Name: Kathy | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (All) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
    .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
    .inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
    .ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
    .js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
    .jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
    .reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
    .txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
    .vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
    .vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
    .wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
    .wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .bat [@ = batfile] -- "%1" %*
    .chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
    .cmd [@ = cmdfile] -- "%1" %*
    .com [@ = comfile] -- "%1" %*
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .exe [@ = exefile] -- "%1" %*
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
    .hta [@ = htafile] -- "%1" %*
    .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
    .inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
    .ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
    .url [@ = InternetShortcut] -- C:\Windows\SysWOW64\rundll32.exe (Microsoft Corporation)
    .js [@ = JSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
    .jse [@ = JSEFile] -- C:\Windows\SysWOW64\WScript.exe (Microsoft Corporation)
    .pif [@ = piffile] -- "%1" %*
    .reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)
    .scr [@ = scrfile] -- "%1" /S
    .txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
    .vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
    .vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
    .wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
    .wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-1369408010-4172177456-1871420540-1000\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    batfile [open] -- "%1" %*
    batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
    cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    cmdfile [open] -- "%1" %*
    cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    htafile [open] -- "%1" %*
    htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    https [open] -- Reg Error: Value error.
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
    jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
    jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
    jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
    jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
    jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
    regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
    regfile [merge] -- Reg Error: Key error.
    regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
    vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
    vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
    vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
    vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
    vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
    vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
    wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
    wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
    wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    batfile [open] -- "%1" %*
    batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
    cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    cmdfile [open] -- "%1" %*
    cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    htafile [open] -- "%1" %*
    htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    https [open] -- Reg Error: Value error.
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    jsfile [edit] -- C:\Windows\SysWOW64\Notepad.exe %1 (Microsoft Corporation)
    jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
    jsfile [print] -- C:\Windows\SysWOW64\Notepad.exe /p %1 (Microsoft Corporation)
    jsefile [edit] -- C:\Windows\SysWOW64\Notepad.exe %1 (Microsoft Corporation)
    jsefile [open] -- C:\Windows\SysWOW64\WScript.exe "%1" %* (Microsoft Corporation)
    jsefile [print] -- C:\Windows\SysWOW64\Notepad.exe /p %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
    regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
    regfile [merge] -- Reg Error: Key error.
    regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
    vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
    vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
    vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
    vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
    vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
    vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
    wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
    wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
    wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
    "VistaSp2" = 1E 91 2D 80 43 68 CD 01 [binary data]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "oobe_av" = 1

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0458C8C8-CE71-4EFC-8D55-701180097A3E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
    "{2CFDA1E9-092C-4D2F-9BE6-8EF18153D267}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{A6A10C40-F416-4200-9EB8-595A019DA537}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
    "{EA85517D-815F-4A64-9E89-6CF0BAB1B333}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{F6AB56AD-FA68-4833-83F9-352E296F35D1}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{49333F39-6716-41DF-8869-24B72D823E0E}" = protocol=6 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |
    "{4E2716DE-E5D3-4E19-928A-1101B85060BA}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
    "{7D197FA0-441C-4D62-B9DF-448BD79C38B7}" = protocol=6 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |
    "{A2D14897-DA90-4721-A9B2-D31CBE370D10}" = protocol=17 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |
    "{BC63D877-EE4A-45B3-A187-FFF577A59E12}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
    "{BED727BB-6152-4BEB-AA1B-15470ACF40BF}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
    "{C8E24F1A-FB6C-4CDB-9706-E38621B2D1CF}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
    "{CBD69A3A-CC03-4AB1-85E9-84B2321B7DE7}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
    "{D70AF751-B516-43AA-B131-B497BB93648B}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
    "{D778D686-0DE0-4281-BC33-768EE8010C42}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
    "{D7DEFD48-5AE6-477D-8B9A-054A47F02AB5}" = dir=in | app=c:\program files (x86)\dell\mediadirect\pcmservice.exe |
    "{F1DF574C-D129-42DC-988B-DFB21B4B9D94}" = protocol=17 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
    "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
    "{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
    "{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{60D7B7D1-16A5-4168-9F46-AE956B0C5046}" = FastAccess
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset
    "{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
    "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
    "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
    "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
    "{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
    "Broadcom 802.11 Application" = Dell Wireless WLAN Card Utility
    "CCleaner" = CCleaner
    "Creative OA001" = Integrated Webcam Driver (1.06.03.0309)
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "MyDefrag v4.2.9_is1" = MyDefrag v4.2.9

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{053C30EA-D4C6-47A0-8537-8D231D9BE873}" = DELL0703
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 51
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
    "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
    "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
    "{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
    "{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
    "{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
    "{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
    "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
    "{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
    "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
    "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.9)
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F6BB6248-C507-46FE-8A35-1B16F35E0441}" = ITECIR
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 12 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "Advanced Audio FX Engine" = Advanced Audio FX Engine
    "avast" = avast! Free Antivirus
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "Dell Video Chat" = Dell Video Chat
    "Dell Webcam Central" = Dell Webcam Central
    "ESET Online Scanner" = ESET Online Scanner v3
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
    "Mozilla Firefox 27.0 (x86 en-US)" = Mozilla Firefox 27.0 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
    "WinLiveSuite" = Windows Live Essentials

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 2/9/2014 4:28:37 AM | Computer Name = Kathy-PC | Source = LoadPerf | ID = 3012
    Description =

    Error - 2/9/2014 4:28:37 AM | Computer Name = Kathy-PC | Source = LoadPerf | ID = 3011
    Description =

    Error - 2/9/2014 4:41:25 AM | Computer Name = Kathy-PC | Source = LoadPerf | ID = 3012
    Description =

    Error - 2/9/2014 4:41:25 AM | Computer Name = Kathy-PC | Source = LoadPerf | ID = 3011
    Description =

    Error - 2/9/2014 4:41:25 AM | Computer Name = Kathy-PC | Source = LoadPerf | ID = 3012
    Description =

    Error - 2/9/2014 4:41:25 AM | Computer Name = Kathy-PC | Source = LoadPerf | ID = 3011
    Description =

    Error - 2/9/2014 4:41:26 AM | Computer Name = Kathy-PC | Source = LoadPerf | ID = 3012
    Description =

    Error - 2/9/2014 4:41:26 AM | Computer Name = Kathy-PC | Source = LoadPerf | ID = 3011
    Description =

    Error - 2/9/2014 4:41:26 AM | Computer Name = Kathy-PC | Source = LoadPerf | ID = 3012
    Description =

    Error - 2/9/2014 4:41:26 AM | Computer Name = Kathy-PC | Source = LoadPerf | ID = 3011
    Description =

    [ System Events ]
    Error - 2/12/2014 12:13:46 AM | Computer Name = Kathy-PC | Source = atapi | ID = 262155
    Description = The driver detected a controller error on \Device\Ide\IdePort0.

    Error - 2/12/2014 12:13:46 AM | Computer Name = Kathy-PC | Source = atapi | ID = 262155
    Description = The driver detected a controller error on \Device\Ide\IdePort0.

    Error - 2/12/2014 4:02:49 AM | Computer Name = Kathy-PC | Source = DCOM | ID = 10005
    Description =

    Error - 2/12/2014 4:02:49 AM | Computer Name = Kathy-PC | Source = Service Control Manager | ID = 7009
    Description =

    Error - 2/12/2014 4:02:49 AM | Computer Name = Kathy-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 2/12/2014 4:02:50 AM | Computer Name = Kathy-PC | Source = Service Control Manager | ID = 7009
    Description =

    Error - 2/12/2014 4:02:50 AM | Computer Name = Kathy-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 2/12/2014 4:13:02 AM | Computer Name = Kathy-PC | Source = Service Control Manager | ID = 7009
    Description =

    Error - 2/12/2014 4:13:02 AM | Computer Name = Kathy-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 2/12/2014 4:38:12 AM | Computer Name = Kathy-PC | Source = Service Control Manager | ID = 7026
    Description =


    < End of report >

  4. #4
    Member
    Join Date
    Mar 2010
    Posts
    61
    Points
    0

    Default

    OTL logfile created on: 2/12/2014 8:51:12 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kathy\Desktop
    64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.96 Gb Total Physical Memory | 2.38 Gb Available Physical Memory | 60.14% Memory free
    8.13 Gb Paging File | 6.22 Gb Available in Paging File | 76.58% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 288.01 Gb Total Space | 238.82 Gb Free Space | 82.92% Space Free | Partition Type: NTFS
    Drive D: | 10.00 Gb Total Space | 1.00 Gb Free Space | 10.01% Space Free | Partition Type: NTFS

    Computer Name: KATHY-PC | User Name: Kathy | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2014/02/12 20:47:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kathy\Desktop\OTL.exe
    PRC - [2014/02/08 21:51:07 | 003,767,096 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    PRC - [2014/02/08 21:51:07 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    PRC - [2013/12/18 13:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2008/12/18 13:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
    PRC - [2008/09/05 17:17:08 | 001,836,288 | ---- | M] (Sensible Vision ) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
    PRC - [2008/09/05 17:17:08 | 000,095,488 | ---- | M] (Sensible Vision ) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
    PRC - [2008/09/05 17:16:54 | 002,340,096 | ---- | M] (Sensible Vision ) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
    PRC - [2008/07/04 14:16:58 | 000,132,392 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Dell\MediaDirect\PCMService.exe


    ========== Modules (No Company Name) ==========

    MOD - [2014/02/08 21:51:16 | 019,336,120 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\libcef.dll
    MOD - [2008/09/05 17:16:36 | 000,233,216 | ---- | M] () -- C:\Windows\SysWOW64\FACrashRpt.dll
    MOD - [2008/09/05 17:16:36 | 000,059,136 | ---- | M] () -- C:\Windows\SysWOW64\FAib.dll
    MOD - [2008/09/05 17:16:20 | 000,087,296 | ---- | M] () -- C:\Windows\SysWOW64\FAIEExtension.dll


    ========== Services (SafeList) ==========

    SRV:64bit: - [2014/02/08 21:51:07 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
    SRV:64bit: - [2013/10/10 17:54:28 | 000,144,152 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
    SRV:64bit: - [2008/12/22 05:35:16 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\WLTRYSVC.EXE -- (wltrysvc)
    SRV:64bit: - [2008/12/22 04:26:38 | 000,281,600 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_cce24a4c\STacSV64.exe -- (STacSV)
    SRV:64bit: - [2008/12/22 04:26:06 | 000,088,576 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_cce24a4c\AESTSr64.exe -- (AESTFilters)
    SRV:64bit: - [2008/12/18 13:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
    SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2014/02/08 21:54:40 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2014/01/28 01:54:11 | 000,118,896 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2013/12/18 13:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/03/29 20:42:16 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2008/09/05 17:16:54 | 002,340,096 | ---- | M] (Sensible Vision ) [Auto | Running] -- C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe -- (FAService)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
    DRV:64bit: - [2014/02/08 21:51:20 | 001,038,072 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
    DRV:64bit: - [2014/02/08 21:51:20 | 000,421,704 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
    DRV:64bit: - [2014/02/08 21:51:20 | 000,207,904 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
    DRV:64bit: - [2014/02/08 21:51:20 | 000,078,648 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV:64bit: - [2014/02/08 21:51:20 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
    DRV:64bit: - [2014/02/08 21:51:20 | 000,065,264 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
    DRV:64bit: - [2014/02/08 21:51:19 | 000,064,752 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
    DRV:64bit: - [2012/02/29 08:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2011/07/22 11:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
    DRV:64bit: - [2011/07/12 16:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
    DRV:64bit: - [2011/05/12 13:03:12 | 000,006,144 | ---- | M] (Sophos Plc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\2493.tmp -- (MEMSWEEP2)
    DRV:64bit: - [2010/09/22 23:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\fssfltr.sys -- (fssfltr)
    DRV:64bit: - [2010/08/25 19:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2010/01/26 01:46:44 | 000,066,592 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\itecir.sys -- (itecir)
    DRV:64bit: - [2009/09/30 19:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
    DRV:64bit: - [2009/04/10 21:03:34 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
    DRV:64bit: - [2009/03/08 16:06:00 | 000,319,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA001Vid.sys -- (OA001Vid)
    DRV:64bit: - [2009/03/06 06:33:58 | 000,159,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA001Ufd.sys -- (OA001Ufd)
    DRV:64bit: - [2008/12/22 05:34:48 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCM42RLY.sys -- (BCM42RLY)
    DRV:64bit: - [2008/12/22 04:26:52 | 000,472,064 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)
    DRV:64bit: - [2008/12/17 04:22:04 | 001,526,776 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XX)
    DRV:64bit: - [2008/11/24 03:29:58 | 000,126,464 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
    DRV:64bit: - [2008/08/25 06:26:08 | 000,199,728 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Apfiltr.sys -- (ApfiltrService)
    DRV:64bit: - [2008/08/02 16:36:16 | 000,243,840 | ---- | M] (Sensible Vision ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\facap.sys -- (FACAP)
    DRV:64bit: - [2008/07/17 05:59:12 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys -- (rismxdp)
    DRV:64bit: - [2008/07/17 05:59:10 | 000,062,976 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys -- (rimmptsk)
    DRV:64bit: - [2008/07/17 05:59:08 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimspx64.sys -- (rimsptsk)
    DRV:64bit: - [2008/07/16 06:50:42 | 000,239,104 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\k57nd60a.sys -- (k57nd60a)
    DRV:64bit: - [2008/01/20 21:46:55 | 000,317,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express)
    DRV:64bit: - [2006/11/02 02:48:50 | 002,488,320 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)

    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\URLSearchHook: {9565115d-c7d6-46d3-bd63-b67b481a4368} - No CLSID value found
    IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-1369408010-4172177456-1871420540-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
    IE - HKU\S-1-5-21-1369408010-4172177456-1871420540-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKU\S-1-5-21-1369408010-4172177456-1871420540-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKU\S-1-5-21-1369408010-4172177456-1871420540-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=DLCDF7&pc=MDDC&src=IE-SearchBox
    IE - HKU\S-1-5-21-1369408010-4172177456-1871420540-1000\..\SearchScopes\{88FB16D2-04EA-4ffe-8079-CFF68F1B9CE6}: "URL" = http://www.search-results.com/web?q={searchTerms}&o=15868&l=dis&prt=BDIE&chn=retail&geo=US&ver=4.0.0.1588
    IE - HKU\S-1-5-21-1369408010-4172177456-1871420540-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "https://www.google.com/"
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0
    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_44.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2014/02/08 21:51:22 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/02/08 21:02:08 | 000,000,000 | ---D | M]

    [2009/06/11 13:38:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kathy\AppData\Roaming\Mozilla\Extensions
    [2009/06/11 13:38:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kathy\AppData\Roaming\Mozilla\Extensions\uploadr@flickr.com
    [2014/02/09 18:23:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
    [2014/02/09 18:23:22 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    [2009/09/18 12:10:03 | 000,003,700 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fast.png
    [2009/09/18 12:10:06 | 000,001,963 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fast.xml

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
    CHR - homepage: Google
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\PepperFlash\pepflashplayer.dll
    CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\pdf.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
    CHR - plugin: Java(TM) Platform SE 7 U17 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
    CHR - plugin: Java Deployment Toolkit 7.0.170.2 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
    CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - Extension: Docs = C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
    CHR - Extension: Google Drive = C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
    CHR - Extension: YouTube = C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: Google Search = C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: avast! WebRep = C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\
    CHR - Extension: Gmail = C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2013/04/05 19:56:31 | 000,445,511 | R--- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: 127.0.0.1 www.007guard.com
    O1 - Hosts: 127.0.0.1 007guard.com
    O1 - Hosts: 127.0.0.1 008i.com
    O1 - Hosts: 127.0.0.1 www.008k.com
    O1 - Hosts: 127.0.0.1 008k.com
    O1 - Hosts: 127.0.0.1 00hq.com
    O1 - Hosts: 127.0.0.1 00hq.com
    O1 - Hosts: 127.0.0.1 010402.com
    O1 - Hosts: 127.0.0.1 www.032439.com
    O1 - Hosts: 127.0.0.1 032439.com
    O1 - Hosts: 127.0.0.1 www.0scan.com
    O1 - Hosts: 127.0.0.1 0scan.com
    O1 - Hosts: 127.0.0.1 1000gratisproben.com
    O1 - Hosts: 127.0.0.1 1000gratisproben.com
    O1 - Hosts: 127.0.0.1 1001namen.com
    O1 - Hosts: 127.0.0.1 1001namen.com
    O1 - Hosts: 127.0.0.1 100888290cs.com
    O1 - Hosts: 127.0.0.1 博彩通,博彩网,金宝博188,博彩通评级,百家乐,奥妙百家乐
    O1 - Hosts: 127.0.0.1 www.100sexlinks.com
    O1 - Hosts: 127.0.0.1 100sexlinks.com
    O1 - Hosts: 127.0.0.1 www.10sek.com
    O1 - Hosts: 127.0.0.1 10sek.com
    O1 - Hosts: 127.0.0.1 www.1-2005-search.com
    O1 - Hosts: 127.0.0.1 1-2005-search.com
    O1 - Hosts: 15325 more lines...
    O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (FAIESSOHelper Class) - {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll (Sensible Vision )
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
    O3 - HKU\S-1-5-21-1369408010-4172177456-1871420540-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O3 - HKU\S-1-5-21-1369408010-4172177456-1871420540-1000\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
    O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
    O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Windows\SysNative\WLTRAY.exe (Dell Inc.)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
    O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [FAStartup] File not found
    O4 - HKLM..\Run: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe (Sensible Vision )
    O4 - HKLM..\Run: [PCMService] C:\Program Files (x86)\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
    O4 - HKU\S-1-5-21-1369408010-4172177456-1871420540-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware)
    O4 - Startup: C:\Users\Default\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
    O4 - Startup: C:\Users\Default User\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1369408010-4172177456-1871420540-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1369408010-4172177456-1871420540-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 97.81.22.195 71.92.29.130 24.217.201.67
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0E2FAA2A-D7E5-40AC-94F4-6A2D8EF2D11F}: DhcpNameServer = 97.81.22.195 71.92.29.130 24.217.201.67
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O20 - Winlogon\Notify\FastAccess: DllName - (C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll) - C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll ()
    O24 - Desktop WallPaper: C:\Users\Kathy\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O24 - Desktop BackupWallPaper: C:\Users\Kathy\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2014/02/12 20:47:35 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Kathy\Desktop\OTL.exe
    [2014/02/12 03:13:45 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
    [2014/02/12 03:13:44 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
    [2014/02/12 03:13:41 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
    [2014/02/12 03:13:40 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
    [2014/02/12 03:13:40 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
    [2014/02/12 03:13:40 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
    [2014/02/12 03:13:39 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
    [2014/02/12 03:13:39 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
    [2014/02/12 03:13:37 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
    [2014/02/12 03:13:36 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
    [2014/02/12 03:13:36 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
    [2014/02/12 03:13:35 | 002,334,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
    [2014/02/12 03:13:34 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
    [2014/02/12 03:13:34 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
    [2014/02/12 03:13:34 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
    [2014/02/12 03:03:55 | 000,000,000 | -HSD | C] -- C:\Config.Msi
    [2014/02/11 19:54:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
    [2014/02/11 19:54:35 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
    [2014/02/11 19:54:16 | 000,000,000 | ---D | C] -- C:\Users\Kathy\AppData\Roaming\SUPERAntiSpyware.com
    [2014/02/11 17:59:00 | 000,000,000 | ---D | C] -- C:\Users\Kathy\AppData\Local\ElevatedDiagnostics
    [2014/02/09 19:11:28 | 000,000,000 | ---D | C] -- C:\Users\Kathy\Desktop\Old Firefox Data
    [2014/02/09 18:17:15 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2014/02/09 17:58:04 | 000,000,000 | ---D | C] -- C:\Users\Kathy\AppData\Local\temp
    [2014/02/09 17:54:57 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2014/02/09 03:02:05 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
    [2014/02/08 21:54:10 | 000,000,000 | ---D | C] -- C:\Users\Kathy\AppData\Roaming\AVAST Software
    [2014/02/08 21:51:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
    [2014/02/08 21:41:25 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
    [2014/02/08 21:37:28 | 000,000,000 | ---D | C] -- C:\Users\Kathy\Desktop\RK_Quarantine
    [2014/02/08 21:29:42 | 004,691,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
    [2014/02/08 21:29:41 | 001,585,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
    [2014/02/08 21:29:41 | 000,234,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
    [2014/02/08 21:29:40 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
    [2014/02/08 21:29:40 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
    [2014/02/08 21:29:40 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
    [2014/02/08 21:29:40 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
    [2014/02/08 21:29:40 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
    [2014/02/08 21:29:40 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
    [2014/02/08 21:29:38 | 001,548,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
    [2014/02/08 21:29:37 | 001,706,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
    [2014/02/08 21:29:35 | 000,781,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FWPUCLNT.DLL
    [2014/02/08 21:29:35 | 000,596,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\FWPUCLNT.DLL
    [2014/02/08 21:29:25 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
    [2014/02/08 21:29:21 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icaapi.dll
    [2014/02/08 21:29:15 | 001,078,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certutil.exe
    [2014/02/08 21:29:14 | 000,812,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certutil.exe
    [2014/02/08 21:29:14 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certenc.dll
    [2014/02/08 21:29:13 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certenc.dll
    [2014/02/08 21:29:10 | 000,619,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll
    [2014/02/08 21:29:09 | 000,505,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll
    [2014/02/08 21:29:00 | 001,556,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
    [2014/02/08 21:29:00 | 000,566,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
    [2014/02/08 21:29:00 | 000,327,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
    [2014/02/08 21:29:00 | 000,287,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
    [2014/02/08 21:28:59 | 002,002,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
    [2014/02/08 21:28:59 | 001,268,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
    [2014/02/08 21:28:59 | 000,834,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
    [2014/02/08 21:28:59 | 000,196,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
    [2014/02/08 21:28:43 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptdlg.dll
    [2014/02/08 21:28:43 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cryptdlg.dll
    [2014/02/08 21:28:40 | 001,303,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rpcrt4.dll
    [2014/02/08 21:28:38 | 000,368,128 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
    [2014/02/08 21:28:38 | 000,293,376 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
    [2014/02/08 21:28:37 | 000,048,128 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
    [2014/02/08 21:28:37 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
    [2014/02/08 21:28:34 | 001,278,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
    [2014/02/08 21:28:28 | 000,031,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidparse.sys
    [2014/02/08 21:28:21 | 000,689,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\themeui.dll
    [2014/02/08 21:28:21 | 000,615,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\themeui.dll
    [2014/02/08 21:28:20 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scrrun.dll
    [2014/02/08 21:28:20 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wshom.ocx
    [2014/02/08 21:28:19 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\scrrun.dll
    [2014/02/08 21:28:19 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cscript.exe
    [2014/02/08 21:28:19 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cscript.exe
    [2014/02/08 21:28:19 | 000,131,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wshom.ocx
    [2014/02/08 21:28:19 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wshcon.dll
    [2014/02/08 21:28:17 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gdi32.dll
    [2014/02/08 21:28:17 | 000,124,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationCFFRasterizerNative_v0300.dll
    [2014/02/08 21:28:17 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
    [2014/02/08 21:28:14 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
    [2014/02/08 21:28:13 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
    [2014/02/08 21:28:07 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll
    [2014/02/08 21:28:05 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
    [2014/02/08 21:27:54 | 000,259,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
    [2014/02/08 21:27:54 | 000,007,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
    [2014/02/08 21:27:52 | 000,374,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SysFxUI.dll
    [2014/02/08 21:27:52 | 000,218,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\portcls.sys
    [2014/02/08 21:27:52 | 000,122,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\drmk.sys
    [2014/02/08 21:27:42 | 000,686,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
    [2014/02/08 21:27:42 | 000,443,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
    [2014/02/08 21:27:41 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\printcom.dll
    [2014/02/08 21:24:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
    [2014/02/08 21:23:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
    [2014/02/08 21:23:37 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
    [2014/02/08 21:23:21 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
    [2014/02/08 21:23:21 | 000,174,504 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
    [2014/02/08 21:23:21 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    [2014/02/08 21:23:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
    [2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2014/02/12 20:47:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kathy\Desktop\OTL.exe
    [2014/02/12 20:46:35 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2014/02/12 20:46:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2014/02/12 19:21:28 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2014/02/12 19:21:27 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2014/02/12 03:44:29 | 004,736,270 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2014/02/12 03:44:28 | 004,792,568 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2014/02/12 03:44:28 | 001,574,906 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2014/02/09 18:23:46 | 000,000,874 | ---- | M] () -- C:\Users\Kathy\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2014/02/09 18:23:29 | 000,000,850 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2014/02/09 17:39:27 | 000,057,486 | ---- | M] () -- C:\Users\Kathy\Documents\cc_20140209_173919.reg
    [2014/02/09 04:11:28 | 000,382,288 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2014/02/08 21:54:40 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
    [2014/02/08 21:54:40 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    [2014/02/08 21:51:52 | 000,001,842 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2014/02/08 21:51:20 | 001,038,072 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
    [2014/02/08 21:51:20 | 000,421,704 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
    [2014/02/08 21:51:20 | 000,334,136 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
    [2014/02/08 21:51:20 | 000,207,904 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
    [2014/02/08 21:51:20 | 000,078,648 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
    [2014/02/08 21:51:20 | 000,065,776 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
    [2014/02/08 21:51:20 | 000,065,264 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
    [2014/02/08 21:51:19 | 000,064,752 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
    [2014/02/08 21:51:18 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
    [2014/02/08 21:41:07 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
    [2014/02/05 05:00:21 | 002,334,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
    [2014/02/05 04:52:51 | 001,494,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
    [2014/02/05 04:52:37 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
    [2014/02/05 04:51:59 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
    [2014/02/05 04:51:52 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
    [2014/02/05 04:51:43 | 000,816,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
    [2014/02/05 04:51:34 | 000,729,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
    [2014/02/05 04:50:50 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
    [2014/02/05 04:50:05 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
    [2014/02/05 03:49:56 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
    [2014/02/05 03:49:14 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
    [2014/02/05 03:48:40 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
    [2014/02/05 03:48:08 | 000,717,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
    [2014/02/05 03:47:22 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
    [2014/02/05 03:46:50 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
    [2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2014/02/09 17:39:21 | 000,057,486 | ---- | C] () -- C:\Users\Kathy\Documents\cc_20140209_173919.reg
    [2014/02/08 21:41:09 | 000,207,904 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys
    [2014/02/08 21:41:08 | 000,065,776 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
    [2014/02/08 21:29:35 | 000,217,074 | ---- | C] () -- C:\Windows\SysNative\WFP.TMF
    [2012/07/22 14:19:51 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
    [2012/07/22 14:19:34 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
    [2012/07/22 14:18:53 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
    [2010/03/25 11:40:25 | 000,000,732 | ---- | C] () -- C:\Users\Kathy\AppData\Local\d3d9caps64.dat
    [2009/07/06 14:11:01 | 000,000,680 | ---- | C] () -- C:\Users\Kathy\AppData\Local\d3d9caps.dat
    [2009/06/12 19:32:45 | 000,004,646 | ---- | C] () -- C:\Users\Kathy\AppData\Roaming\wklnhst.dat
    [2009/06/10 15:14:42 | 000,007,168 | ---- | C] () -- C:\Users\Kathy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    ========== ZeroAccess Check ==========

    [2006/11/02 10:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\desktop.in0

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 12:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\SysWow64\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/10 23:11:16 | 000,891,392 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2009/04/10 22:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/20 21:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\SysWow64\wbem\wbemess.dll

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMPFC5A2B2
    @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84

    < End of report >

    OTL Extras logfile created on: 2/12/2014 8:51:12 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kathy\Desktop
    64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.96 Gb Total Physical Memory | 2.38 Gb Available Physical Memory | 60.14% Memory free
    8.13 Gb Paging File | 6.22 Gb Available in Paging File | 76.58% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 288.01 Gb Total Space | 238.82 Gb Free Space | 82.92% Space Free | Partition Type: NTFS
    Drive D: | 10.00 Gb Total Space | 1.00 Gb Free Space | 10.01% Space Free | Partition Type: NTFS

    Computer Name: KATHY-PC | User Name: Kathy | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (All) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
    .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
    .inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
    .ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
    .js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
    .jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
    .reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
    .txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
    .vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
    .vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
    .wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
    .wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .bat [@ = batfile] -- "%1" %*
    .chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
    .cmd [@ = cmdfile] -- "%1" %*
    .com [@ = comfile] -- "%1" %*
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .exe [@ = exefile] -- "%1" %*
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
    .hta [@ = htafile] -- "%1" %*
    .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
    .inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
    .ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
    .url [@ = InternetShortcut] -- C:\Windows\SysWOW64\rundll32.exe (Microsoft Corporation)
    .js [@ = JSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
    .jse [@ = JSEFile] -- C:\Windows\SysWOW64\WScript.exe (Microsoft Corporation)
    .pif [@ = piffile] -- "%1" %*
    .reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)
    .scr [@ = scrfile] -- "%1" /S
    .txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
    .vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
    .vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
    .wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
    .wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-1369408010-4172177456-1871420540-1000\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    batfile [open] -- "%1" %*
    batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
    cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    cmdfile [open] -- "%1" %*
    cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    htafile [open] -- "%1" %*
    htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    https [open] -- Reg Error: Value error.
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
    jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
    jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
    jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
    jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
    jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
    regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
    regfile [merge] -- Reg Error: Key error.
    regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
    vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
    vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
    vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
    vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
    vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
    vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
    wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
    wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
    wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    batfile [open] -- "%1" %*
    batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
    cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    cmdfile [open] -- "%1" %*
    cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    htafile [open] -- "%1" %*
    htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    https [open] -- Reg Error: Value error.
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    jsfile [edit] -- C:\Windows\SysWOW64\Notepad.exe %1 (Microsoft Corporation)
    jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
    jsfile [print] -- C:\Windows\SysWOW64\Notepad.exe /p %1 (Microsoft Corporation)
    jsefile [edit] -- C:\Windows\SysWOW64\Notepad.exe %1 (Microsoft Corporation)
    jsefile [open] -- C:\Windows\SysWOW64\WScript.exe "%1" %* (Microsoft Corporation)
    jsefile [print] -- C:\Windows\SysWOW64\Notepad.exe /p %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
    regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
    regfile [merge] -- Reg Error: Key error.
    regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
    vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
    vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
    vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
    vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
    vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
    vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
    wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
    wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
    wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
    "VistaSp2" = 1E 91 2D 80 43 68 CD 01 [binary data]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "oobe_av" = 1

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0458C8C8-CE71-4EFC-8D55-701180097A3E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
    "{2CFDA1E9-092C-4D2F-9BE6-8EF18153D267}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{A6A10C40-F416-4200-9EB8-595A019DA537}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
    "{EA85517D-815F-4A64-9E89-6CF0BAB1B333}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{F6AB56AD-FA68-4833-83F9-352E296F35D1}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{49333F39-6716-41DF-8869-24B72D823E0E}" = protocol=6 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |
    "{4E2716DE-E5D3-4E19-928A-1101B85060BA}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
    "{7D197FA0-441C-4D62-B9DF-448BD79C38B7}" = protocol=6 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |
    "{A2D14897-DA90-4721-A9B2-D31CBE370D10}" = protocol=17 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |
    "{BC63D877-EE4A-45B3-A187-FFF577A59E12}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
    "{BED727BB-6152-4BEB-AA1B-15470ACF40BF}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
    "{C8E24F1A-FB6C-4CDB-9706-E38621B2D1CF}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
    "{CBD69A3A-CC03-4AB1-85E9-84B2321B7DE7}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
    "{D70AF751-B516-43AA-B131-B497BB93648B}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
    "{D778D686-0DE0-4281-BC33-768EE8010C42}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
    "{D7DEFD48-5AE6-477D-8B9A-054A47F02AB5}" = dir=in | app=c:\program files (x86)\dell\mediadirect\pcmservice.exe |
    "{F1DF574C-D129-42DC-988B-DFB21B4B9D94}" = protocol=17 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
    "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
    "{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
    "{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{60D7B7D1-16A5-4168-9F46-AE956B0C5046}" = FastAccess
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset
    "{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
    "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
    "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
    "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
    "{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
    "Broadcom 802.11 Application" = Dell Wireless WLAN Card Utility
    "CCleaner" = CCleaner
    "Creative OA001" = Integrated Webcam Driver (1.06.03.0309)
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "MyDefrag v4.2.9_is1" = MyDefrag v4.2.9

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{053C30EA-D4C6-47A0-8537-8D231D9BE873}" = DELL0703
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 51
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
    "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
    "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
    "{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
    "{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
    "{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
    "{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
    "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
    "{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
    "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
    "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.9)
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F6BB6248-C507-46FE-8A35-1B16F35E0441}" = ITECIR
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 12 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "Advanced Audio FX Engine" = Advanced Audio FX Engine
    "avast" = avast! Free Antivirus
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "Dell Video Chat" = Dell Video Chat
    "Dell Webcam Central" = Dell Webcam Central
    "ESET Online Scanner" = ESET Online Scanner v3
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
    "Mozilla Firefox 27.0 (x86 en-US)" = Mozilla Firefox 27.0 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
    "WinLiveSuite" = Windows Live Essentials

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 2/9/2014 4:28:37 AM | Computer Name = Kathy-PC | Source = LoadPerf | ID = 3012
    Description =

    Error - 2/9/2014 4:28:37 AM | Computer Name = Kathy-PC | Source = LoadPerf | ID = 3011
    Description =

    Error - 2/9/2014 4:41:25 AM | Computer Name = Kathy-PC | Source = LoadPerf | ID = 3012
    Description =

    Error - 2/9/2014 4:41:25 AM | Computer Name = Kathy-PC | Source = LoadPerf | ID = 3011
    Description =

    Error - 2/9/2014 4:41:25 AM | Computer Name = Kathy-PC | Source = LoadPerf | ID = 3012
    Description =

    Error - 2/9/2014 4:41:25 AM | Computer Name = Kathy-PC | Source = LoadPerf | ID = 3011
    Description =

    Error - 2/9/2014 4:41:26 AM | Computer Name = Kathy-PC | Source = LoadPerf | ID = 3012
    Description =

    Error - 2/9/2014 4:41:26 AM | Computer Name = Kathy-PC | Source = LoadPerf | ID = 3011
    Description =

    Error - 2/9/2014 4:41:26 AM | Computer Name = Kathy-PC | Source = LoadPerf | ID = 3012
    Description =

    Error - 2/9/2014 4:41:26 AM | Computer Name = Kathy-PC | Source = LoadPerf | ID = 3011
    Description =

    [ System Events ]
    Error - 2/12/2014 12:13:46 AM | Computer Name = Kathy-PC | Source = atapi | ID = 262155
    Description = The driver detected a controller error on \Device\Ide\IdePort0.

    Error - 2/12/2014 12:13:46 AM | Computer Name = Kathy-PC | Source = atapi | ID = 262155
    Description = The driver detected a controller error on \Device\Ide\IdePort0.

    Error - 2/12/2014 4:02:49 AM | Computer Name = Kathy-PC | Source = DCOM | ID = 10005
    Description =

    Error - 2/12/2014 4:02:49 AM | Computer Name = Kathy-PC | Source = Service Control Manager | ID = 7009
    Description =

    Error - 2/12/2014 4:02:49 AM | Computer Name = Kathy-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 2/12/2014 4:02:50 AM | Computer Name = Kathy-PC | Source = Service Control Manager | ID = 7009
    Description =

    Error - 2/12/2014 4:02:50 AM | Computer Name = Kathy-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 2/12/2014 4:13:02 AM | Computer Name = Kathy-PC | Source = Service Control Manager | ID = 7009
    Description =

    Error - 2/12/2014 4:13:02 AM | Computer Name = Kathy-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 2/12/2014 4:38:12 AM | Computer Name = Kathy-PC | Source = Service Control Manager | ID = 7026
    Description =


    < End of report >

  5. #5
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,158
    Points
    1301

    Default

    Hello & welcome


    Thanks for the log reports, It will take a bit of time to review and post the next set of instruction for you.

    [2014/02/08 21:37:28 | 000,000,000 | ---D | C] -- C:\Users\Kathy\Desktop\RK_Quarantine
    Can you explain that entry in the Log report. It's a malware removal tool called RogueKiller, did you run it yourself ? Do you have the Log file for it? Post it if you do.

    Thanks
    Joe

  6. #6
    Member
    Join Date
    Mar 2010
    Posts
    61
    Points
    0

    Default

    I did run RogueKiller previously trying to fix my problems. Unfortunately, I do not have the log file.

  7. #7
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,158
    Points
    1301

    Default

    OK.

    Thanks.

    Since this seems to be a connection issue or page load issue, I'll ask:

    How do you connect to the Internet? In other words do you have a modem and a router? Is it a high speed cable connection like Comcast or Verizon ?

  8. #8
    Member
    Join Date
    Mar 2010
    Posts
    61
    Points
    0

    Default

    I have Charter high speed internet and connect through my wireless router. I have other devices that also connect through the router and do not have any problems with them.

  9. #9
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,158
    Points
    1301

    Default

    Perfect! Exactly what I wanted to hear. Your computer looks to be in very good shape, better then most I see I'll have a few things for you to do, but not till tomorrow.

    Thanks
    Joe

  10. #10
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,158
    Points
    1301

    Default

    Hello tmlang74,

    We need to do a fix to delete some files using OTL

    • Double click on the to open the program. On Vista/Win7/Win8 right click select Run As Administrator to start the program. If prompted by UAC, please allow it.
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :COMMANDS
      [CREATERESTOREPOINT]
      
      :OTL
      DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
      IE - HKLM\..\URLSearchHook: {9565115d-c7d6-46d3-bd63-b67b481a4368} - No CLSID value found
      IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
      O4 - HKLM..\Run: [FAStartup] File not found
      @Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:FC5A2B2
      @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
      
      
      :Files
      ipconfig /flushdns /c
      
      :Commands
      [emptytemp]
      [resethosts]
    • Make sure all other windows are closed.
    • Click the Run Fix button at the top
    • Let the program run uninterrupted. The computer should reboot when the scan is done. If not, please reboot the computer.
    • Post the log that is found in C:\_OTL\Moved Files in your next reply.
    • Open OTL again and click the Quick Scan button.


    Next

    Please download Junkware Removal Tool to your Desktop.

    Please close your security software to avoid potential conflicts.
    Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
    The tool will open and start scanning your system.
    Please be patient as this can take a while to complete, depending on your system's specifications.
    On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
    Please post the contents of JRT.txt into your reply.


    Next

    Please download AdwCleaner by Xplode onto your Desktop.
    • Close all open programs and internet browsers.
    • Double click on AdwCleaner.exe to run the tool.
    • Click the Scan button and wait for the process to complete.
    • Click the Report button and the report will open in Notepad.
    • NOTE: If you get an error message, it means that nothing was found. Exit from AdwCleaner.
    • Click on the Clean button follow the prompts.[/*]
    • A log file will automatically open after the scan has finished and the PC has rebooted.
    • Please post the content of that log file with your next answer.
    • You can find the log file at C:\AdwCleaner



    Last

    Download Security Check by screen317 from Here or Here
    Save it to your Desktop.
    Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    Please post the following logs in your next reply:

    • OTL Fix Log located here--> C:\_OTL\Moved Files
    • OTL.txt Quick scan after fix.
    • JRT.txt Log
    • checkup.txt Log


    How is the computer now?

    Thanks
    Joe

Page 1 of 4 123 ... LastLast