So, i've had this malware for a week or so, I ran malware bytes several times and each time its finished, the spyware kools down for about 2 days before starting up again. The spyware isn't perticularly annoying but it plays a random AUDIO ad with NO window shown (pops up at RANDOM intervals of about 1-4 hours). I am at lost as to what to do next. Also, it has DISABLED my sophos automatic updater.

Here is the hijackthis log

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 8:28:27 PM, on 01/03/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18248)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Users\Owner\AppData\Local\Temp\debug.exe
C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Games\Steam\Steam.exe
c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msntask.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\PROGRA~2\Java\jre6\bin\jp2launcher.exe
C:\Program Files (x86)\Java\jre6\bin\java.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\TrendMicro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=91&bd=Pavilion&pf=cnnb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=91&bd=Pavilion&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=91&bd=Pavilion&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=91&bd=Pavilion&pf=cnnb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam" update "Software\Hewlett-Packard\Media\Webcam"
O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
O4 - HKLM\..\Run: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [UpdatePDIRShortCut] "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [sps2i] C:\Users\Owner\AppData\Local\Temp\sps2i.exe
O4 - HKLM\..\Run: [NACAgentUI] C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [CMS_Freedur] "C:\Users\Owner\AppData\Roaming\Freedur\freedur.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Paladin Antivirus] "C:\Program Files (x86)\Paladin Antivirus\pav.exe" -noscan
O4 - HKCU\..\Run: [asg984jgkfmgasi8ug98jgkfgfb] C:\Users\Owner\AppData\Local\Temp\debug.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\SysWOW64\Adobe\Shockwave 11\SwHelper_1150600.exe -Update -1150600 -"Mozilla/5.0_(Windows;_U;_Windows_NT_6.0;_en-US)_AppleWebKit/532.0_(KHTML,_like_Gecko)_Chrome/3.0.195.33_Safari/532.0" -"http://media.pearsoncmg.com/bc/bc_marieb_ehap_8/activities/chapter5/Act5F.html"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: 61871.lnk = C:\Users\Owner\AppData\Local\Temp\mvNat.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files (x86)\LimeWire\LimeWire.exe
O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = ?
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Unknown owner - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_86727c20\AESTSr64.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: @C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Cisco NAC Agent (NACAgent) - Cisco Systems, Inc. - C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files (x86)\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Sophos AutoUpdate Service - Sophos Plc - C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Audio Service (STacSV) - Unknown owner - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_86727c20\STacSV64.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: Validity Fingerprint Service (vfsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vfsFPService.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 15323 bytes

Can you please do the following.


===============

Download and Run ATF Cleaner
Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it.

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache

*The other boxes are optional*
Then click the Empty Selected button.

Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.

===========

Run hijackthis and hit the Open the Misc Tools Section and then the Open Uninstall Manager.

Then hit the Save List button. Save to the desktop for easy access. Open the log file and copy the entire list and paste it here please.

===========

Copy the bold text below and paste it into notepad. Save it to your desktop as find.bat and make sure type is set to All Files.


cd\
cd Program Files
DIR /AD /B /P > ProgramFiles.txt
start ProgramFiles.txt
cls
exit


Double click find.bat and let it run for a minute. It will open up a report in notepad. Please copy that text and post it here in your next reply.

=======================

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:


netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\System32\config\*.sav
CREATERESTOREPOINT

* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

Hi, these are the logs of the scans that I've performed according to what you gave me:

From hijack this:
A Tale in the Desert
Acrobat.com
Acrobat.com
Activation Assistant for the 2007 Microsoft Office suites
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.2
Adobe Shockwave Player 11.5
Apple Application Support
Apple Software Update
Battlefield: Bad Company 2
Burnout(TM) Paradise The Ultimate Box
Call of Duty(R) 2
Children of the Nile
Children of the Nile: Alexandria
Cisco NAC Agent
Combined Community Codec Pack 2008-09-21 16:18
Compatibility Pack for the 2007 Office system
CopyTrans Suite Remove Only
Counter-Strike: Source
CSS FULL DZ [Oct 15 2007] v18.1
CyberLink DVD Suite
CyberLink DVD Suite
DAEMON Tools Toolbar
DC++ 0.750
DepositFiles FileManager with FTP 0.9.9.163
Dual-Core Optimizer
erLT
ESU for Microsoft Vista
Google Earth Plug-in
Google Update Helper
Haali Media Splitter
Half-Life 2
Half-Life 2: Episode One
Hearts of Iron III
HiJackThis
Hitman Blood Money
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Experience Enhancements
HP Doc Viewer
HP Help and Support
HP MediaSmart DVD
HP MediaSmart DVD
HP MediaSmart Music/Photo/Video
HP MediaSmart Music/Photo/Video
HP MediaSmart Webcam
HP MediaSmart Webcam
HP Quick Launch Buttons 6.40 H2
HP Update
HP User Guides 0115
HP Wireless Assistant
HPAsset component for HP Active Support Library
HPTCSSetup
IDT Audio
iPhone Configuration Utility
Java(TM) 6 Update 18
Java(TM) 6 Update 7
JMicron JMB38X Flash Media Controller
Junk Mail filter update
LabelPrint
LabelPrint
Left 4 Dead
Left 4 Dead 2
LightScribe System Software 1.14.17.1
LimeWire 5.4.6
Logitech SetPoint
LogMeIn Hamachi
LogMeIn Hamachi
Malwarebytes' Anti-Malware
Matroska Pack
Messenger Plus! Live
Microsoft Choice Guard
Microsoft Flight Simulator X
Microsoft Flight Simulator X
Microsoft Flight Simulator X Service Pack 1
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Live Search Toolbar
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Microsoft WSE 3.0 Runtime
Mozilla Firefox (3.0.16)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
muvee Reveal
My HP Games
NetZero Preloader
NVIDIA PhysX
Power2Go
Power2Go
PowerDirector
PowerDirector
PowerISO
PunkBuster Services
QuickFreedom 1.2.0
QuickTime
RCT3 Soaked
Realtek 8169 8168 8101E 8102E Ethernet Driver
RollerCoaster Tycoon® 3
SimpleOCR 3.1
Skype™ 4.1
Sophos Anti-Virus
Sophos AutoUpdate
Starcraft
Steam
Team Fortress 2
The Elder Scrolls IV: Oblivion - Game of the Year Edition
Torchlight
Trine
Trine Demo
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Office 2007 (KB934528)
Virtual Villagers 3 - The Secret City
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live OneCare safety scanner
Windows Live OneCare safety scanner
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Media Player Firefox Plugin
World of Warcraft
Yahoo! Messenger
Yahoo! Toolbar

From the find.bat:

AWS
Bonjour
Common Files
DIFX
DigitalPersona
Dragon Naturally Speaking Preferred 10.1
Hewlett-Packard
IDT
Internet Explorer
iPod
iTunes
Logitech
Microsoft Games
Microsoft IntelliPoint
Microsoft IntelliType Pro
Microsoft Office
Movie Maker
MSBuild
Reference Assemblies
Synaptics
Uninstall Information
Validity Sensors, Inc
WIDCOMM
Windows Calendar
Windows Collaboration
Windows Defender
Windows Journal
Windows Mail
Windows Media Player
Windows NT
Windows Photo Gallery
Windows Sidebar
WinRAR

"Dragon Naturally Speaking Preferred 10.1" is the spyware/malware that I downloaded, it is a real legit program but unfortunately the one I downloaded is a malware/spyware.

From the OTL log:

OTL logfile created on: 11/03/2010 8:41:34 PM - Run 1
OTL by OldTimer - Version 3.1.37.0 Folder = C:\Users\Owner\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 57.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 286.00 Gb Total Space | 13.80 Gb Free Space | 4.82% Space Free | Partition Type: NTFS
Drive D: | 12.09 Gb Total Space | 1.94 Gb Free Space | 16.02% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OWNER-PC
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/03/11 20:38:30 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
PRC - [2010/03/06 11:24:24 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010/02/20 23:17:32 | 000,039,428 | -H-- | M] () -- C:\Users\Owner\AppData\Local\Temp\debug.exe
PRC - [2010/02/17 17:32:27 | 000,319,280 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
PRC - [2010/02/05 17:29:12 | 000,454,400 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe
PRC - [2010/02/05 17:28:26 | 000,742,144 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe
PRC - [2009/10/28 12:31:31 | 000,080,936 | ---- | M] (Sophos Plc) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
PRC - [2009/08/22 18:19:13 | 000,245,760 | ---- | M] (Sophos Plc) -- C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
PRC - [2009/08/22 18:19:06 | 000,172,032 | ---- | M] (Sophos Plc) -- C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
PRC - [2009/08/22 17:54:47 | 000,098,304 | ---- | M] (Sophos Plc) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
PRC - [2009/07/26 16:44:34 | 003,883,856 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
PRC - [2009/07/20 04:00:00 | 000,077,824 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
PRC - [2009/04/23 08:51:38 | 000,691,656 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe
PRC - [2009/02/06 16:07:48 | 000,027,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
PRC - [2008/10/06 12:54:52 | 000,365,952 | ---- | M] () -- C:\Program Files (x86)\SMINST\BLService.exe
PRC - [2008/07/14 21:15:10 | 000,322,624 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe
PRC - [2008/06/19 16:04:50 | 000,014,376 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe


========== Modules (SafeList) ==========

MOD - [2010/03/11 20:38:30 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
MOD - [2009/11/04 16:20:34 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\msvcr80.dll
MOD - [2009/09/02 19:33:56 | 000,195,072 | ---- | M] (Sophos Plc) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured.dll
MOD - [2009/07/20 04:00:00 | 000,057,344 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\x86\GameHook.dll
MOD - [2009/07/20 04:00:00 | 000,038,912 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\x86\lgscroll.dll
MOD - [2008/01/20 21:50:03 | 000,450,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll
MOD - [2008/01/20 21:48:06 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/07/20 12:36:14 | 000,160,784 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2008/11/07 11:16:07 | 000,053,760 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\bthserv.dll -- (BthServ)
SRV:64bit: - [2008/09/16 12:33:26 | 000,719,152 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\vfsFPService.exe -- (vfsFPService)
SRV:64bit: - [2008/08/05 12:12:22 | 000,251,904 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_86727c20\STacSV64.exe -- (STacSV)
SRV:64bit: - [2008/06/27 10:53:06 | 000,089,088 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_86727c20\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008/03/18 18:25:40 | 000,023,040 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\Hpservice.exe -- (hpsrv)
SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/03/06 11:24:24 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/02/05 17:28:26 | 000,742,144 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe -- (NACAgent)
SRV - [2009/10/29 12:27:56 | 001,767,816 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2009/10/28 12:31:31 | 000,080,936 | ---- | M] (Sophos Plc) [Unknown | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe -- (SAVAdminService)
SRV - [2009/09/05 18:36:05 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/08/22 18:19:06 | 000,172,032 | ---- | M] (Sophos Plc) [Auto | Running] -- C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe -- (Sophos AutoUpdate Service)
SRV - [2009/08/22 17:54:47 | 000,098,304 | ---- | M] (Sophos Plc) [Unknown | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe -- (SAVService)
SRV - [2008/10/06 12:54:52 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/09/16 12:33:18 | 000,599,344 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vfsFPService.exe -- (vfsFPService)
SRV - [2008/07/27 13:01:49 | 000,093,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2008/07/14 21:15:10 | 000,322,624 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe -- (DpHost)
SRV - [2006/11/02 08:34:14 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2006/11/02 01:35:15 | 000,060,994 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2006/11/02 01:35:15 | 000,055,846 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vss.mof -- (VSS)
SRV - [2006/10/26 23:47:54 | 000,065,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=91&bd=Pavilion&pf=cnnb
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=91&bd=Pavilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=91&bd=Pavilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=91&bd=Pavilion&pf=cnnb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=91&bd=Pavilion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=91&bd=Pavilion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 0.0.0.0:80

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..extensions.enabledItems: {10289AD8-241D-406C-8168-6508B4D257D6}:0.4
FF - prefs.js..extensions.enabledItems: otis@digitalpersona.com:1.0.1.1
FF - prefs.js..extensions.enabledItems: addon@freedur.com:1.13.2009060504
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20090123.1

FF - HKLM\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\ [2009/05/17 07:23:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{10289AD8-241D-406C-8168-6508B4D257D6}: C:\DepositFiles\Depositfiles Filemanager with FTP\Firefox\ [2009/10/07 18:34:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.16\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/03/05 12:32:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.16\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/03/05 12:32:17 | 000,000,000 | ---D | M]

[2010/02/02 11:37:05 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
[2010/02/02 11:37:05 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2009/08/10 05:36:56 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\extensions
[2009/08/01 05:41:19 | 000,000,000 | ---D | M] (CS Lite) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\extensions\{00084897-021a-4361-8423-083407a033e0}
[2009/08/01 05:41:23 | 000,000,000 | ---D | M] (JonDoFox) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\extensions\{437be45a-4114-11dd-b9ab-71d256d89593}
[2009/08/01 05:41:21 | 000,000,000 | ---D | M] (Dr.Web anti-virus link checker) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\extensions\{6614d11d-d21d-b211-ae23-815234e1ebb5}
[2009/08/01 05:41:24 | 000,000,000 | ---D | M] (SafeCache) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\extensions\{670a77c5-010e-4476-a8ce-d09171318839}
[2009/08/01 05:41:24 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009/08/01 05:41:21 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/08/01 05:41:19 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/08/01 05:41:23 | 000,000,000 | ---D | M] (Menu Editor) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\extensions\{EDA7B1D7-F793-4e03-B074-E6F303317FB0}
[2009/08/01 05:41:24 | 000,000,000 | ---D | M] (ProfileSwitcher) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\extensions\{fa8476cf-a98c-4e08-99b4-65a69cb4b7d4}
[2009/08/01 05:41:21 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\extensions\beysim@beysim.net
[2009/08/01 05:41:19 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\extensions\elemhidehelper@adblockplus.org
[2010/03/11 14:54:35 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\v62ldiv0.default\extensions
[2009/12/27 16:31:38 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\v62ldiv0.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/06/17 14:08:48 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\v62ldiv0.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/07/27 20:27:15 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\v62ldiv0.default\extensions\addon@freedur.com
[2010/03/10 21:38:50 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions

O1 HOSTS File: ([2006/09/18 16:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Sophos Web Content Scanner) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SophosBHOX64.dll (Sophos Plc)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL ()
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [NACAgentUI] C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [sps2i] C:\Users\Owner\AppData\Local\Temp\sps2i.exe File not found
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [asg984jgkfmgasi8ug98jgkfgfb] C:\Users\Owner\AppData\Local\Temp\debug.exe ()
O4 - HKCU..\Run: [CMS_Freedur] C:\Users\Owner\AppData\Roaming\Freedur\freedur.exe File not found
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Paladin Antivirus] C:\Program Files (x86)\Paladin Antivirus\pav.exe File not found
O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\Windows\SysWOW64\Adobe\Shockwave 11\SwHelper_1150600.exe -Update -1150600 -Mozilla\5.0_(Windows;_U;_Windows_NT_6.0;_en-US)_AppleWebKit\532.0_(KHTML,_like_Gecko)_Chrome\3.0.195.33_Safari\532.0 - File not found
O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\61871.lnk = C:\Users\Owner\AppData\Local\Temp\mvNat.exe File not found
O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files (x86)\LimeWire\LimeWire.exe (Lime Wire, LLC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysNative\wshbth.dll ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.226.1.93 24.226.10.193 24.226.10.194
O18:64bit: - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL) - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured_x64.dll (Sophos Plc)
O20 - AppInit_DLLs: (C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL) - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Plc)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\Titanium1.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\Titanium1.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{d7f816c4-f4a3-11de-ace3-00247e611725}\Shell\1\Command - "" = H:\Recycle.exe -- File not found
O33 - MountPoints2\{d7f816c4-f4a3-11de-ace3-00247e611725}\Shell\2\Command - "" = H:\Recycle.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: Ias - C:\Windows\SysNative\ias [2008/01/20 22:06:38 | 000,000,000 | ---D | M]
NetSvcs:64bit: Irmon - C:\Windows\SysNative\irmon.dll ()
NetSvcs:64bit: Wmi - C:\Windows\SysNative\wmi.dll ()
NetSvcs: Ias - C:\Windows\SysWOW64\ias [2008/01/20 22:08:35 | 000,000,000 | ---D | M]
NetSvcs: Wmi - C:\Windows\SysWOW64\wmi.dll (Microsoft Corporation)
OTL cannot create restorepoints on Vista OSs!

========== Files/Folders - Created Within 14 Days ==========

[2010/03/11 20:38:28 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2010/03/06 11:25:09 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\PunkBuster
[2010/03/06 11:25:04 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\BFBC2
[2010/03/01 20:27:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TrendMicro
[2010/03/01 13:36:22 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\Tilted Mill
[2010/02/28 13:25:09 | 000,000,000 | ---D | C] -- C:\eGenesis
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/03/11 20:43:19 | 007,077,888 | -HS- | M] () -- C:\Users\Owner\NTUSER.DAT
[2010/03/11 20:38:30 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2010/03/11 20:37:54 | 000,000,092 | ---- | M] () -- C:\Users\Owner\Desktop\find.bat
[2010/03/11 20:36:11 | 000,002,553 | ---- | M] () -- C:\Users\Owner\Desktop\HiJackThis.lnk
[2010/03/11 20:18:26 | 000,106,127 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/03/11 20:18:26 | 000,106,127 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/03/11 20:17:46 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/03/11 20:16:17 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/03/11 20:16:15 | 000,003,344 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/03/11 20:16:15 | 000,003,344 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/03/11 20:16:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/03/11 20:16:04 | 4292,026,368 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/11 16:53:35 | 000,524,288 | -HS- | M] () -- C:\Users\Owner\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms
[2010/03/11 16:53:35 | 000,065,536 | -HS- | M] () -- C:\Users\Owner\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf
[2010/03/11 16:53:13 | 000,002,434 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/03/11 16:45:26 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-148236403-4087186441-390601442-1000UA.job
[2010/03/11 16:06:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/03/11 12:27:27 | 001,478,638 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/03/11 12:27:27 | 000,675,284 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2010/03/11 12:27:27 | 000,603,282 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/03/11 12:27:27 | 000,128,422 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2010/03/11 12:27:27 | 000,106,696 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/03/10 23:30:00 | 000,000,542 | ---- | M] () -- C:\Windows\tasks\McMaster Scan.job
[2010/03/10 18:35:04 | 003,417,766 | -H-- | M] () -- C:\Users\Owner\AppData\Local\IconCache.db
[2010/03/10 02:45:01 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-148236403-4087186441-390601442-1000Core.job
[2010/03/09 10:58:28 | 000,002,413 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2010/03/08 21:32:54 | 000,000,145 | ---- | M] () -- C:\Users\Owner\webct_upload_applet.properties
[2010/03/06 16:28:33 | 000,215,128 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2010/03/06 16:28:33 | 000,215,128 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010/03/06 11:24:24 | 002,434,856 | ---- | M] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2010/03/06 11:24:24 | 000,075,064 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010/03/03 21:14:54 | 000,007,592 | ---- | M] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2010/03/01 13:20:53 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_LHidFilt_01005.Wdf
[2010/03/01 13:19:11 | 000,001,695 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
[2010/03/01 13:19:11 | 000,001,683 | ---- | M] () -- C:\Users\Public\Desktop\Logitech Mouse and Keyboard Settings.lnk
[2010/02/28 13:41:34 | 000,317,435 | ---- | M] () -- C:\Windows\A Tale in the Desert Uninstaller.exe
[2010/02/28 13:41:34 | 000,000,762 | ---- | M] () -- C:\Users\Owner\Desktop\A Tale in the Desert.lnk
[2010/02/27 16:23:29 | 000,002,255 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/11 20:38:04 | 000,000,525 | ---- | C] () -- C:\Program Files\ProgramFiles.txt
[2010/03/11 20:37:54 | 000,000,092 | ---- | C] () -- C:\Users\Owner\Desktop\find.bat
[2010/03/08 21:31:08 | 000,000,145 | ---- | C] () -- C:\Users\Owner\webct_upload_applet.properties
[2010/03/06 11:25:13 | 000,215,128 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2010/03/06 11:24:25 | 000,215,128 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010/03/06 11:24:24 | 000,075,064 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010/03/06 11:24:23 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2010/03/06 11:23:50 | 000,517,960 | ---- | C] () -- C:\Windows\SysNative\XAudio2_5.dll
[2010/03/06 11:23:49 | 000,176,968 | ---- | C] () -- C:\Windows\SysNative\xactengine3_5.dll
[2010/03/06 11:23:46 | 002,582,888 | ---- | C] () -- C:\Windows\SysNative\D3DCompiler_42.dll
[2010/03/06 11:23:45 | 005,554,512 | ---- | C] () -- C:\Windows\SysNative\d3dcsx_42.dll
[2010/03/06 11:23:44 | 000,285,024 | ---- | C] () -- C:\Windows\SysNative\d3dx11_42.dll
[2010/03/06 11:23:43 | 000,523,088 | ---- | C] () -- C:\Windows\SysNative\d3dx10_42.dll
[2010/03/06 11:23:42 | 002,475,352 | ---- | C] () -- C:\Windows\SysNative\D3DX9_42.dll
[2010/03/06 11:23:32 | 000,073,544 | ---- | C] () -- C:\Windows\SysNative\XAPOFX1_3.dll
[2010/03/06 11:23:17 | 000,513,544 | ---- | C] () -- C:\Windows\SysNative\XAudio2_2.dll
[2010/03/06 11:23:17 | 000,072,200 | ---- | C] () -- C:\Windows\SysNative\XAPOFX1_1.dll
[2010/03/06 11:23:16 | 000,177,672 | ---- | C] () -- C:\Windows\SysNative\xactengine3_2.dll
[2010/03/01 20:27:39 | 000,002,553 | ---- | C] () -- C:\Users\Owner\Desktop\HiJackThis.lnk
[2010/03/01 13:20:53 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_LHidFilt_01005.Wdf
[2010/02/28 13:26:41 | 000,317,435 | ---- | C] () -- C:\Windows\A Tale in the Desert Uninstaller.exe
[2010/02/28 13:26:41 | 000,000,762 | ---- | C] () -- C:\Users\Owner\Desktop\A Tale in the Desert.lnk
[2010/01/06 17:02:03 | 000,429,000 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_vcredistMSI0DA0.txt
[2010/01/06 17:02:03 | 000,011,694 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_vcredistUI0DA0.txt
[2010/01/04 00:44:48 | 000,460,248 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_vcredistMSI0564.txt
[2010/01/04 00:44:47 | 000,011,460 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_vcredistUI0564.txt
[2009/12/30 19:08:01 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2009/10/14 23:34:18 | 000,000,345 | ---- | C] () -- C:\Windows\SoftWriting.ini
[2009/09/17 09:36:09 | 000,000,732 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps64.dat
[2009/08/23 22:12:33 | 000,000,760 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\setup_ldm.iss
[2009/07/16 09:03:57 | 000,000,600 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\winscp.rnd
[2009/07/06 21:46:44 | 000,197,120 | ---- | C] () -- C:\Windows\patchw32.dll
[2009/06/24 13:13:13 | 001,490,168 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/06/20 18:04:59 | 000,028,085 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_depcheckdotnetfx30.txt
[2009/06/20 18:04:50 | 000,033,714 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_dotnetfx3install.txt
[2009/06/20 18:04:50 | 000,003,352 | ---- | C] () -- C:\Users\Owner\AppData\Local\uxeventlog.txt
[2009/06/20 18:04:50 | 000,000,604 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_dotnetfx3error.txt
[2009/06/15 11:39:01 | 000,000,258 | ---- | C] () -- C:\Windows\game.ini
[2009/06/14 19:33:09 | 000,007,592 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2009/06/14 15:40:19 | 000,133,632 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/14 15:36:30 | 000,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Local\QSwitch.txt
[2009/06/14 15:36:30 | 000,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Local\DSwitch.txt
[2009/06/14 15:36:30 | 000,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Local\AtStart.txt
[2009/05/17 07:28:07 | 000,106,127 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/05/17 07:22:50 | 000,000,105 | ---- | C] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
[2009/05/17 07:22:42 | 000,000,032 | ---- | C] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
[2009/05/17 07:22:18 | 000,000,032 | ---- | C] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
[2009/05/17 07:21:46 | 000,000,032 | ---- | C] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
[2009/05/17 07:20:29 | 000,000,032 | ---- | C] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
[2009/05/17 07:12:46 | 000,106,127 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2008/11/07 10:59:28 | 000,000,109 | ---- | C] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
[2008/11/07 10:54:27 | 000,000,110 | ---- | C] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
[2008/11/07 10:52:55 | 000,000,105 | ---- | C] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
[2008/11/07 10:51:44 | 000,000,107 | ---- | C] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
[2008/10/28 16:40:48 | 000,173,552 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2008/10/06 20:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008/10/06 20:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008/10/06 20:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008/10/06 20:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008/10/06 20:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008/10/06 20:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008/10/06 20:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008/10/06 20:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008/10/06 20:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008/10/06 20:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2008/01/20 21:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/20 21:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2007/11/14 18:17:34 | 000,204,800 | ---- | C] () -- C:\Windows\SysWow64\CogentBioSDK.dll

========== LOP Check ==========

[2009/07/06 21:42:18 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Atari
[2009/08/19 08:49:35 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Bioshock
[2009/09/10 08:10:50 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\CiscoCAA
[2009/07/15 10:05:46 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\CopyTrans
[2009/06/18 18:50:46 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\DAEMON Tools Lite
[2010/01/14 17:05:06 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\DC++
[2009/06/14 15:36:28 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\DigitalPersona
[2009/08/19 08:03:38 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\FloodLightGames
[2009/08/10 09:37:05 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Freedur
[2009/07/06 21:46:55 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Leadertech
[2010/03/11 20:19:43 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\LimeWire
[2009/08/19 21:30:28 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PlayFirst
[2010/01/04 00:45:33 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\runic games
[2010/03/11 20:43:24 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\uTorrent
[2009/08/12 03:32:47 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\WildTangent
[2009/07/15 10:04:31 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\WindSolutions
[2010/03/10 23:30:00 | 000,000,542 | ---- | M] () -- C:\Windows\Tasks\McMaster Scan.job
[2010/03/11 16:53:14 | 000,032,544 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2008/04/11 08:03:48 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe


< MD5 for: AGP440.SYS >
[2008/01/20 21:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys
[2008/01/20 21:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/01/20 21:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
[2008/11/07 11:32:15 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=35137384FFB6FB4B4C3063CEB5DB34BE -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6000.20847_none_37d5e5fef5f86cf7\atapi.sys
[2008/11/07 11:32:15 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=B388797CAAB36D523840347CC6A39B96 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.22193_none_398211faf34b271a\atapi.sys
[2009/04/11 02:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 06:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: EVENTLOG.DLL >
[2007/05/18 00:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files (x86)\CyberLink\PowerDirector\EventLog.dll

< MD5 for: IASTORV.SYS >
[2008/01/20 21:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2008/01/20 21:51:03 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll
[2009/04/11 01:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll
[2009/04/11 02:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll
[2008/01/20 21:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\SysWOW64\netlogon.dll
[2008/01/20 21:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\SysWOW64\netlogon.dll
[2008/01/20 21:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2008/01/20 21:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/20 21:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\SysWOW64\scecli.dll
[2008/01/20 21:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\SysWOW64\scecli.dll
[2008/01/20 21:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll
[2008/01/20 21:49:49 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll
[2009/04/11 01:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll
[2009/04/11 02:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\System32\config\*.sav >
< End of report >

From the OTL "extras" log:

OTL Extras logfile created on: 11/03/2010 8:41:34 PM - Run 1
OTL by OldTimer - Version 3.1.37.0 Folder = C:\Users\Owner\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 57.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 286.00 Gb Total Space | 13.80 Gb Free Space | 4.82% Space Free | Partition Type: NTFS
Drive D: | 12.09 Gb Total Space | 1.94 Gb Free Space | 16.02% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OWNER-PC
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.reg[@ = Regedit.Document] -- c:\Winnt\Regedit.exe File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.reg [@ = Regedit.Document] -- c:\Winnt\Regedit.exe File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" ()
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l ()
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0DF542D6-AFED-4AD1-ADD9-86792B13604A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{16AE517B-5468-4343-B7A4-94043E1733E9}" = lport=3390 | protocol=6 | dir=in | app=system |
"{1CB1F040-D74C-4460-ADB7-FFC331F5B485}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{1F0E0753-AFEF-4164-89D8-E4925AD99D4E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2221388E-1925-4C10-AD9D-BF02BB6F8272}" = rport=138 | protocol=17 | dir=out | app=system |
"{2BF85C19-BFCA-4617-9D25-A5C261188F8D}" = rport=10244 | protocol=6 | dir=out | app=system |
"{2C18F383-2003-4295-89A2-0E5809F059DE}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{31E9A384-A2B2-4643-93CC-8F02746BF7D5}" = lport=3390 | protocol=6 | dir=in | app=system |
"{32B59533-8D71-474F-BE10-15269F66AE45}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{357E45FE-A86D-49E3-A18F-96B0F86BBA6F}" = lport=10244 | protocol=6 | dir=in | app=system |
"{39E89C71-4BCC-4B09-9AFC-4CB8FEE2B67E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{3FCCAC44-EF0C-4928-B2F7-4F23755D9809}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{41BCDAC3-C757-4B2C-A667-BA4CBFFAD488}" = rport=445 | protocol=6 | dir=out | app=system |
"{44B90E9F-F34A-41DF-A653-81E0B87EDBF5}" = lport=10244 | protocol=6 | dir=in | app=system |
"{4673DB8D-DBEC-4883-9DA8-78BF8F3BFDFF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{48CF4815-E4EF-49EA-9694-3BD9E045B1AD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4B321A76-C3DB-47AA-A372-324990575ABF}" = lport=138 | protocol=17 | dir=in | app=system |
"{4B63DBD9-5EB9-4B10-988A-B9EECF8B9FE2}" = lport=2869 | protocol=6 | dir=in | app=system |
"{4C72A1CD-2BE9-4DF6-AF11-386F13A269CF}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4DF59778-C2DD-4402-BB40-749BEC81C094}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4F167FE4-8FB8-417F-BF63-AB8EAD3C2E3D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{537D7371-81C3-4CA2-896F-47EB683B8514}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5A652F11-4A58-4C16-8DAE-1E475D5AE30B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5D99AD73-6FEC-48AE-86D4-A5293F0682B4}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{5E04034A-7E2C-4647-8FF3-7D0DB5C6D7BB}" = rport=10243 | protocol=6 | dir=out | app=system |
"{60558252-353D-4C1C-8F8B-A45BDA8BFCD1}" = lport=445 | protocol=6 | dir=in | app=system |
"{66718601-D209-4238-B228-E25F9A475AEC}" = rport=139 | protocol=6 | dir=out | app=system |
"{7274BD63-E2D0-4D2A-9644-1A0DC2D83E78}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{82DBEA97-E8DC-4EFD-B0D5-330331610CE6}" = lport=137 | protocol=17 | dir=in | app=system |
"{852907C3-69C9-461E-82DC-DE519EEA98EC}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8A110E82-AB39-44B7-A822-B909B5FA4A11}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8FF40FE4-0251-4A05-B571-170F10B9550F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9A14D07E-2BC7-4745-AAC2-5626B94FB38A}" = lport=139 | protocol=6 | dir=in | app=system |
"{BEA0DE52-6B28-4A84-A1FA-482A3C4CF7B9}" = lport=10243 | protocol=6 | dir=in | app=system |
"{CA988287-559F-435C-A228-ACC3736F2B97}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{CDCC6E59-0C18-42B4-9B4C-7DD7CCC3F464}" = lport=2869 | protocol=6 | dir=in | app=system |
"{CE4E8BFB-2BC8-47C9-9B14-0EED4DCF1286}" = rport=10244 | protocol=6 | dir=out | app=system |
"{DB56A7E6-D347-43C6-B743-D32FAB39175B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{EA77B184-4F0C-4501-A210-DFFD16D0B6CA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{ED8BD3C2-08AD-4085-9E9D-4A0412AC4248}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{EE0C5EC3-45B1-4B28-B811-0548526FB11F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F690608C-8115-4C3E-B975-22963BA0D4FD}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{F9CD25F2-094B-403C-8A73-DD31603AB4CE}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FA0DFE8B-1765-44D5-BA3A-6F1FC91C0008}" = rport=137 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0040E01A-2518-4101-B130-42B11B267373}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{01389247-5844-424E-ACFF-6EDE60DC8E18}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-enus-downloader.exe |
"{0397281B-FDA8-4427-9EED-4AED08EC81FE}" = protocol=17 | dir=in | app=c:\games\steam\steamapps\common\oblivion\oblivionlauncher.exe |
"{05B3A5B4-F7F3-4CD1-8DB9-F046434B4780}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{0613984C-C86D-45CC-8F63-92EB250F2067}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{06F2D355-BD2F-4207-832E-3CC6DDF63476}" = protocol=17 | dir=in | app=c:\games\steam\steamapps\common\left 4 dead\left4dead.exe |
"{0B0F853D-8F57-4C0E-9D5D-75FE0EE893DE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{0CB83CAE-C503-46DF-8895-6969C1A4154F}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe |
"{0D2BF5D4-4535-4BC4-B4D1-C3E26A10D7CE}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{0F74844D-7F86-4A95-A3B7-9884813B3A37}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
"{18B239F9-EBC6-4E32-8E63-926D01BEFE84}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-enus-downloader.exe |
"{18EDF471-C98D-4B81-9035-96991A58F569}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{1AB5B4E3-2BEA-427A-97D8-1B1824A549A3}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{1EA82BEA-D930-4823-827B-3092F9EBB4A3}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{29E45BF0-43A0-4ACB-9DED-D9579B3E1BC1}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2A443A6B-F21B-4CFA-A82B-81ACC313E264}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-enus-downloader.exe |
"{2B5C092A-DE9B-411E-89C0-BB943AF40F52}" = protocol=6 | dir=in | app=c:\games\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{2D061A1A-FCBC-4B87-8F26-2022F558C73B}" = protocol=6 | dir=in | app=c:\games\burnout paradise\burnoutconfigtool.exe |
"{2DDB2E32-ECFE-41CA-A3EE-F64A08C59EBE}" = protocol=6 | dir=in | app=c:\games\steam\steamapps\common\oblivion\oblivionlauncher.exe |
"{2F1D238B-CE19-4CF1-B8A8-5D87452E8F75}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{314BA37B-09FB-4F2A-9B0A-705855771CDF}" = protocol=17 | dir=in | app=c:\users\owner\appdata\local\temp\mvnat.exe |
"{32B02CD0-4083-4720-A835-3FF18A9A2229}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{37586014-EC25-4C18-B8CE-725F4A2436D3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{3C86594E-999A-4D2C-8790-ACB45AD55C0C}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-enus-downloader.exe |
"{42904258-1200-432D-A91A-74A8C1B0824D}" = protocol=17 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{4A739E89-AA1E-4364-A245-BBBA84F5A60E}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{4AFDB86D-DFD6-42C1-9971-D346FD59AE5D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{51128462-E3F1-4E59-AE71-ED549E049B02}" = protocol=58 | dir=in | app=system |
"{52CBFFEC-4465-4593-A654-63C1AA5BB7A5}" = protocol=17 | dir=in | app=c:\games\burnout paradise\burnoutlauncher.exe |
"{54F020AE-4E4F-4711-9C31-4DE43C082741}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{558DAC6E-33A7-4B0E-ABD1-FABFE4B4AB4D}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\tv\qpservice.exe |
"{5864DDF3-038E-433F-A12D-FB6188280F2F}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{59284652-C284-4B17-9B2B-07157B5312BB}" = protocol=17 | dir=in | app=c:\games\mass effect\binaries\masseffect.exe |
"{5EBC92AB-5C58-469E-8765-06770717BADE}" = protocol=17 | dir=in | app=c:\games\steam\steamapps\common\left 4 dead\left4dead.exe |
"{64C79E3C-403A-418B-8933-C2FFEFDF884E}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{689F7B1D-99E9-4BB8-A2D8-F9A486DB2F05}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{691473C8-E3DE-4940-A94D-3ABB55119AA3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6B462842-C9B5-4737-9C35-6BEB1A9D16C9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6CE655E9-13AC-49F5-BFF7-034EEABE3144}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{6D5AF221-0818-4DBD-9E00-1D0E189F11F2}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |
"{6DE8CC0A-7B14-4AB3-9F83-7F9009DC9E37}" = protocol=17 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{700E5F23-E203-439D-A159-2F4E6E3ACA84}" = protocol=17 | dir=in | app=c:\games\steam\steamapps\common\children of the nile\cotn.exe |
"{7223F422-EB16-4703-A522-D24A56294FBD}" = protocol=17 | dir=in | app=c:\games\burnout paradise\burnoutconfigtool.exe |
"{7435BD31-25EC-40A4-AFCE-4E10C82021F6}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{7670EB9C-F766-42AF-9098-CFD5F1F45BB5}" = protocol=6 | dir=out | app=system |
"{77542DE2-A9D7-4559-8239-78A046EF0D88}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{79586751-1A7D-4019-B524-1BEFD41AABF3}" = protocol=6 | dir=in | app=c:\games\mass effect\binaries\masseffect.exe |
"{798E77AE-7CE7-4975-BA9A-F5C4AE2A68C9}" = protocol=17 | dir=in | app=c:\games\steam\steamapps\common\children of the nile alexandria\cotn.exe |
"{7AABBB63-0040-4855-8D25-102C7B30B568}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-enus-downloader.exe |
"{7E88564F-7664-4FD7-A126-68D3AFCE9994}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{81D49C81-F33B-48C9-9576-8A9D7737564F}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |
"{82F6541E-432B-4771-AE0C-DC30584C81D0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{831F5498-E102-49A5-8480-9A4D65C3F971}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
"{83966BDC-62D9-417C-9F7B-C8D8D5EB7BA6}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-enus-downloader.exe |
"{88D58AED-7425-4F2D-9241-DD7EB0DD6FB8}" = protocol=6 | dir=in | app=c:\games\steam\steamapps\common\battlefield bad company 2\bfbc2game.exe |
"{8BEDE8FB-C972-4961-A798-3617F62C72FE}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\tv\qp.exe |
"{8DD370C0-520A-41B8-9B79-96E4B47817DE}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{8F46E3A3-668D-4926-969E-C811E28F0ABA}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{92E4A6FA-CED9-4AF9-BB60-AD061255FD7E}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{948D8099-04B4-47FD-9AD9-5938144006DC}" = protocol=6 | dir=in | app=c:\games\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{95D5D34B-01A5-477C-A813-B9824DDFF339}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{95F69370-F824-407B-BBC8-81FFA9FAD53D}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{9CA4B789-5766-4DBD-9AEB-3D05E4B634BC}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{A17B2322-3AEF-40C4-BA1C-4FA52FD54BF7}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0-enus-downloader.exe |
"{A3C81AF9-F73E-4395-9097-714F86CF11B6}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{A53EF8A3-6CB2-42C0-A5AC-EEFDD74D26EA}" = protocol=6 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{A77FBD2F-AE9D-4674-9226-150C74B295FE}" = protocol=17 | dir=in | app=c:\games\mass effect\masseffectlauncher.exe |
"{AAAF9D7D-8FE6-4D9E-963E-D5BE72B62A37}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{ABE14D3B-0D15-4767-821B-7A098757DB4E}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{AE7331F5-CB88-4270-999A-FA72BEA17954}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AF07AF72-13DF-473C-837E-BF0AC18688D1}" = protocol=17 | dir=in | app=c:\games\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{B25FA29D-BD11-4E5C-BB04-35EC0B899CB7}" = protocol=6 | dir=in | app=c:\games\steam\steamapps\common\left 4 dead\left4dead.exe |
"{B41FF756-74BD-4C8A-A434-75009D0B3203}" = protocol=6 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{B5005DA4-FD14-4673-B5FE-D3B8EB55906E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B69177D9-AB97-4B5D-82D1-BD0534569CFB}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |
"{B6C2EA31-7A05-4567-A139-206BA882FD35}" = protocol=6 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"{B7C8F989-1234-41DF-8ACD-372F8F2F587C}" = protocol=6 | dir=in | app=c:\games\steam\steamapps\common\trine demo\trine_launcher.exe |
"{B8E759FF-F91E-4CD2-B572-53880EF723BB}" = protocol=6 | dir=in | app=c:\games\burnout paradise\burnoutparadise.exe |
"{BB07080D-80B6-4B19-AA67-EE5C562B16D2}" = protocol=17 | dir=in | app=c:\games\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{BD62CDF5-368B-4A55-A27F-D11053F03BE6}" = protocol=17 | dir=in | app=c:\games\steam\steamapps\common\battlefield bad company 2\bfbc2game.exe |
"{BDD5A028-0BA0-438F-BEF3-1DA5552ECB0F}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |
"{C3659544-59ED-4A77-845A-3791A041B408}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
"{C604B9EE-5A8E-4607-8978-3C577C8A5BD4}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{C6B65230-AE0B-44A8-9A93-B424D833CB4C}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{C8827EF6-8F3E-4B3B-AEBA-290E95A23AEF}" = protocol=6 | dir=in | app=c:\games\steam\steamapps\common\left 4 dead\left4dead.exe |
"{CA6CB3FF-9638-4756-B33A-FED023D7C93C}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{CAA8BF0D-2655-4124-A03B-696DFB43AE0F}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{CDD93EA6-EC29-4132-A5B1-8FEDA18AC640}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{CEB88DC1-D0AB-4B94-B098-15B3C7FFCC1D}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |
"{CFA660DC-5EE9-4DC4-9666-FD2BCA16A4FD}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{D18D1163-AA83-429D-B195-4DC541433EA8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D2B2D92A-F856-431A-B748-BE3B110026EF}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{D446E366-6CEF-423F-83E6-7BC7FC926507}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{D7128600-4AE2-4E31-965D-3AC171632229}" = protocol=17 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"{D9697925-4D3D-42C3-9E34-7528173EBE18}" = protocol=6 | dir=in | app=c:\games\steam\steamapps\common\children of the nile\cotn.exe |
"{D9D115DA-EB73-4916-8C4A-4B5911C00268}" = protocol=6 | dir=in | app=c:\games\mass effect\masseffectlauncher.exe |
"{D9DBD72B-0D6D-4C67-8A9C-124CBF3CD040}" = protocol=6 | dir=in | app=c:\users\owner\appdata\local\temp\mvnat.exe |
"{DABABD14-0362-4A60-B184-93D4EBF9A365}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{E1377DFB-C6EE-455B-9E3C-F704668EA31B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E18FA245-DDAB-46C5-8983-35319FC537B9}" = protocol=6 | dir=in | app=c:\games\burnout paradise\burnoutlauncher.exe |
"{E2CC4367-FF88-4BF0-84BD-17380C1D1E9B}" = protocol=17 | dir=in | app=c:\games\steam\steamapps\common\trine demo\trine_launcher.exe |
"{E6797015-B480-4961-AD9E-2A7F983E70F6}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{E9B56C95-FA53-4482-97B0-CF3F29377176}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{EA2217A6-090E-4AEB-AA4C-D5D97AA349F5}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
"{F292652E-5D72-4D43-8A11-4DAA6E7CEDE5}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0-enus-downloader.exe |
"{F31893AB-3AF7-4E99-BBCC-7545B9240DAB}" = protocol=17 | dir=in | app=c:\games\burnout paradise\burnoutparadise.exe |
"{F768FDF6-1DAC-4305-A22F-37B5C0B3D672}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{F77D778B-376C-44B6-9675-9DE930036E4F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F7EFBEFC-72CA-43FA-9791-7E3F43608215}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-203 |
"{FB5A0395-3115-4503-B428-87BDC3233790}" = protocol=6 | dir=in | app=c:\games\steam\steamapps\common\children of the nile alexandria\cotn.exe |
"{FEF57162-4B91-413D-BD7C-49FA8535AF1A}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{FF4A0C73-0652-4504-95D1-7FD221617217}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FFC97E5E-16D1-493C-B6F6-C93F1E78D833}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"TCP Query User{04DE6630-8E29-47C1-B7F8-D6AB99FC1C2A}C:\games\steam\steamapps\321003352\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\games\steam\steamapps\321003352\team fortress 2\hl2.exe |
"TCP Query User{173184EF-F386-408C-8C01-17C98BCB1B65}C:\games\wow\launcher.exe" = protocol=6 | dir=in | app=c:\games\wow\launcher.exe |
"TCP Query User{42572322-1C57-4CB5-931B-8C776BF26DD0}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{4823A309-C39D-49A8-8AA1-BF5F2C2085E7}C:\games\starcraft\starcraft.exe" = protocol=6 | dir=in | app=c:\games\starcraft\starcraft.exe |
"TCP Query User{5E0D6763-D758-4D82-8371-4D1242698E15}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"TCP Query User{73CD294D-49A8-40C5-9028-92F6ECCFA683}C:\program files (x86)\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files (x86)\emule\emule.exe |
"TCP Query User{8044CB11-24F2-4C85-82A2-50271D2E0A59}C:\games\steam\steamapps\321003352\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\games\steam\steamapps\321003352\counter-strike source\hl2.exe |
"TCP Query User{845849AA-61B0-4A35-AB3B-F9730B5458FC}C:\egenesis\a tale in the desert\eclient.exe" = protocol=6 | dir=in | app=c:\egenesis\a tale in the desert\eclient.exe |
"TCP Query User{86039C10-03EF-4770-B204-3FCFE156BC90}C:\program files (x86)\dc++\dcplusplus.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dc++\dcplusplus.exe |
"TCP Query User{8AE3123E-6CE1-46E3-9A8D-B39DE05BA347}C:\games\starcraft\starcraft.exe" = protocol=6 | dir=in | app=c:\games\starcraft\starcraft.exe |
"TCP Query User{95FAD169-E797-42A5-B364-3516725DF3A8}C:\program files (x86)\dc++\dcplusplus.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dc++\dcplusplus.exe |
"TCP Query User{D14BFA7C-4024-437E-A98F-D1EC3624011E}C:\games\steam\steamapps\321003352\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\games\steam\steamapps\321003352\counter-strike source\hl2.exe |
"TCP Query User{F8A59E90-AE0D-42EC-B28F-B86AE3C6545B}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{07A9AEC1-529D-4AF1-9FDB-68D78929065C}C:\program files (x86)\dc++\dcplusplus.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dc++\dcplusplus.exe |
"UDP Query User{4C90155C-26AB-4D04-94BC-308682CB8946}C:\games\steam\steamapps\321003352\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\games\steam\steamapps\321003352\counter-strike source\hl2.exe |
"UDP Query User{52C10953-0F80-4151-BF87-A9D9181AFF7F}C:\games\steam\steamapps\321003352\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\games\steam\steamapps\321003352\counter-strike source\hl2.exe |
"UDP Query User{5A843F9B-2A9B-4027-9697-7AC76DFC933A}C:\games\starcraft\starcraft.exe" = protocol=17 | dir=in | app=c:\games\starcraft\starcraft.exe |
"UDP Query User{6CBEFAC9-E0E9-4329-AEEE-35C886364078}C:\program files (x86)\dc++\dcplusplus.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dc++\dcplusplus.exe |
"UDP Query User{6F8444B8-6D13-4FA4-8069-B72C9EBE670E}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{7796DC98-3873-41D7-8FD2-E1A954E53B99}C:\program files (x86)\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files (x86)\emule\emule.exe |
"UDP Query User{9291E1BB-6548-46C3-9463-254440C423A9}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"UDP Query User{9DF0AFFE-EDD9-4A02-8FB0-A2116E05EEBD}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{A27E7BEA-E78E-4F67-AA19-94573B1177C9}C:\games\wow\launcher.exe" = protocol=17 | dir=in | app=c:\games\wow\launcher.exe |
"UDP Query User{E2FC6314-3B67-466A-A958-0BB17D1A5509}C:\games\starcraft\starcraft.exe" = protocol=17 | dir=in | app=c:\games\starcraft\starcraft.exe |
"UDP Query User{F6D54886-E64E-4289-A760-1348C8C10A94}C:\games\steam\steamapps\321003352\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\games\steam\steamapps\321003352\team fortress 2\hl2.exe |
"UDP Query User{FD10AF5D-71D5-490E-BC84-BAB5AEE708B6}C:\egenesis\a tale in the desert\eclient.exe" = protocol=17 | dir=in | app=c:\egenesis\a tale in the desert\eclient.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = HP Integrated Module with Bluetooth wireless technology 6.0.1.6204
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{2F97CE84-9C33-4631-821B-85EA371EA254}" = ProtectSmart Hard Drive Protection
"{41B29F37-71AA-41A4-BD15-8C8B7102A092}" = Microsoft IntelliType Pro 6.3
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{567E8236-C414-4888-8211-3D61608D57AE}" = Validity Sensors software
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9EFC40E3-5F31-4F75-8445-286273F74D8E}" = Apple Mobile Device Support
"{A5F59952-475D-4DCC-BEAD-C216FC68E05C}" = iTunes
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2A0CBEE-8949-474E-9D2B-539726D20531}" = Microsoft IntelliPoint 6.3
"{D2F7994F-661E-46D1-A1DF-67F2887AAA7E}" = HP MediaSmart SmartMenu
"{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD}" = Bonjour
"{E0318E3E-8059-4BD3-BEBE-D3E65D34503D}" = DigitalPersona Personal 3.1.0
"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
"07B260955637F1FF7587ED2AA87459040DD09BF7" = Windows Driver Package - ENE (enecir) HIDClass (09/04/2008 2.6.0.0)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NVIDIA Drivers" = NVIDIA Drivers
"ReadyDriver Plus_is1" = ReadyDriver Plus 1.1
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"{034759DA-E21A-4795-BFB3-C66D17FAD183}" = Sophos Anti-Virus
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{067EC517-9731-43FD-B4D5-296EE0027BBB}" = LogMeIn Hamachi
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{15C418EB-7675-42be-B2B3-281952DA014D}" = Sophos AutoUpdate
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 18
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{33C355C4-9B87-4254-B795-0A9CDAFFA53F}_is1" = DepositFiles FileManager with FTP 0.9.9.163
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 H2
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZero Preloader
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}" = Microsoft Games for Windows - LIVE
"{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6632ABC5-9AEE-4243-9086-FB358DB58147}" = Cisco NAC Agent
"{6663554C-2FC7-4CDC-809D-1BCD59189853}_is1" = Trine
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{676B241C-AED4-400B-98FF-267773B94B11}_is1" = QuickFreedom 1.2.0
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A370610-3778-44AF-9AAC-69B2FD1A3356}" = Microsoft Live Search Toolbar
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{834903BF-7B6E-4C97-891C-AC1AECA91CEC}" = HP User Guides 0115
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{846DDADA-0239-4B67-A6B1-33658863793B}" = HPTCSSetup
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{926CC8AE-8414-43DF-8EB4-CF26D9C3C663}" =
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon® 3
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"{9A996B6A-846E-4A89-B9C4-17546B7BE49F}" = Burnout(TM) Paradise The Ultimate Box
"{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A804B134-F03D-4EFD-9BC0-DCD257AA1B22}" = Hitman Blood Money
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B607C354-CD79-4D22-86D1-92DC94153F42}" = Apple Application Support
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{BCA02FAD-2C86-4C8C-A815-51C09F4E51FF}" = Dual-Core Optimizer
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{D0106CC2-E34B-4FA3-B6B6-91F0ACEA2CC3}" = Hearts of Iron III
"{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DA80700F-068D-11DF-9686-005056806466}" = Google Earth Plug-in
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DD35C328-F115-BEDA-6EEE-E00C5AACCCBC}" = muvee Reveal
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{EA926717-CE5A-4CB4-AB21-9E6E9565A458}" = RCT3 Soaked
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F8DEF1A3-B91E-4935-914A-2AF55C3FC971}" = MLB 2K9
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FD052FB9-FE90-4438-B355-15EDC89D8FB1}" = Microsoft Games for Windows - LIVE Redistributable
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"A Tale in the Desert" = A Tale in the Desert
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2008-09-21 16:18
"CopyTrans Suite" = CopyTrans Suite Remove Only
"CSS FULL DZ [Oct 15 2007]" = CSS FULL DZ [Oct 15 2007] v18.1
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"DC++" = DC++ 0.750
"ENTERPRISE" = Microsoft Office Enterprise 2007
"HaaliMkx" = Haali Media Splitter
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"LimeWire" = LimeWire 5.4.6
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Matroska Pack" = Matroska Pack
"Messenger Plus! Live" = Messenger Plus! Live
"Mozilla Firefox (3.0.16)" = Mozilla Firefox (3.0.16)
"PowerISO" = PowerISO
"PunkBusterSvc" = PunkBuster Services
"Runic Games Torchlight" = Torchlight
"SimpleOCR 3.1" = SimpleOCR 3.1
"SP1_9527A496-5DF9-412A-ADC7-168BA5379CA6" = Microsoft Flight Simulator X Service Pack 1
"Starcraft" = Starcraft
"Steam App 17100" = Children of the Nile
"Steam App 17120" = Children of the Nile: Alexandria
"Steam App 220" = Half-Life 2
"Steam App 22330" = The Elder Scrolls IV: Oblivion - Game of the Year Edition
"Steam App 240" = Counter-Strike: Source
"Steam App 24960" = Battlefield: Bad Company 2
"Steam App 35710" = Trine Demo
"Steam App 380" = Half-Life 2: Episode One
"Steam App 440" = Team Fortress 2
"Steam App 500" = Left 4 Dead
"Steam App 550" = Left 4 Dead 2
"Virtual Villagers 3 - The Secret City" = Virtual Villagers 3 - The Secret City
"WildTangent hp Master Uninstall" = My HP Games
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite_Wave3" = Windows Live Essentials
"World of Warcraft" = World of Warcraft
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"Google Chrome" = Google Chrome
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 06/03/2010 1:45:25 AM | Computer Name = Owner-PC | Source = Google Update | ID = 20
Description =

Error - 06/03/2010 2:06:26 AM | Computer Name = Owner-PC | Source = Google Update | ID = 20
Description =

Error - 06/03/2010 2:45:25 AM | Computer Name = Owner-PC | Source = Google Update | ID = 20
Description =

Error - 06/03/2010 3:39:08 AM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10
Description =

Error - 06/03/2010 12:23:53 PM | Computer Name = Owner-PC | Source = System Restore | ID = 8193
Description =

Error - 07/03/2010 1:08:50 AM | Computer Name = Owner-PC | Source = Application Error | ID = 1000
Description = Faulting application hl2.exe, version 0.0.0.0, time stamp 0x4445c334,
faulting module filesystem_steam.dll_unloaded, version 0.0.0.0, time stamp 0x47e2d72b,
exception code 0xc0000005, fault offset 0x02fd553e, process id 0x18e8, application
start time 0x01cabda8a741c060.

Error - 07/03/2010 12:33:33 PM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10
Description =

Error - 07/03/2010 12:35:46 PM | Computer Name = Owner-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "C:\Program Files (x86)\Windows
Live\Photo Gallery\MovieMaker.Exe".Error in manifest or policy file "C:\Program
Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

Error - 07/03/2010 12:35:46 PM | Computer Name = Owner-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "C:\Program Files (x86)\Windows
Live\Photo Gallery\MovieMaker.Exe".Error in manifest or policy file "C:\Program
Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

Error - 08/03/2010 3:08:36 AM | Computer Name = Owner-PC | Source = Application Error | ID = 1000
Description = Faulting application hl2.exe, version 0.0.0.0, time stamp 0x4445c334,
faulting module filesystem_steam.dll_unloaded, version 0.0.0.0, time stamp 0x47e2d72b,
exception code 0xc0000005, fault offset 0x024d553e, process id 0x1148, application
start time 0x01cabe8846014ae3.

[ DigitalPersona Pro Events ]
Error - 02/08/2009 8:37:03 PM | Computer Name = Owner-PC | Source = DigitalPersona Pro | ID = 17827841
Description = One-to-one fingerprint match failed.

Error - 12/08/2009 10:52:03 AM | Computer Name = Owner-PC | Source = DigitalPersona Pro | ID = 17827841
Description = One-to-one fingerprint match failed.

Error - 17/09/2009 11:00:47 AM | Computer Name = Owner-PC | Source = DigitalPersona Pro | ID = 17827841
Description = One-to-one fingerprint match failed.

Error - 17/09/2009 11:00:52 AM | Computer Name = Owner-PC | Source = DigitalPersona Pro | ID = 17827841
Description = One-to-one fingerprint match failed.

Error - 23/11/2009 10:15:53 AM | Computer Name = Owner-PC | Source = DigitalPersona Pro | ID = 17827841
Description = One-to-one fingerprint match failed.

[ Media Center Events ]
Error - 23/06/2009 11:24:40 AM | Computer Name = Owner-PC | Source = Mcx2Dvcs | ID = 401
Description =

Error - 03/03/2010 12:39:03 AM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 11/03/2010 9:41:21 PM | Computer Name = Owner-PC | Source = SAVOnAccess | ID = 3997781
Description = File [...ProgramData\Cisco\Cisco NAC Agent\logs\NACAgentLogCurrent.log]'s
scan succeeded following a timeout/busy condition - it is being logged in case
it contributed to that condition. Process NACAgent.exe, (start check timestamp [
1cac1851e4cfce2]).

Error - 11/03/2010 9:41:21 PM | Computer Name = Owner-PC | Source = SAVOnAccess | ID = 3997781
Description = File [...ProgramData\Cisco\Cisco NAC Agent\logs\NACAgentLogCurrent.log]'s
scan succeeded following a timeout/busy condition - it is being logged in case
it contributed to that condition. Process NACAgent.exe, (start check timestamp [
1cac1851e4d7212]).

Error - 11/03/2010 9:41:21 PM | Computer Name = Owner-PC | Source = SAVOnAccess | ID = 3997781
Description = File [...ProgramData\Cisco\Cisco NAC Agent\logs\NACAgentLogCurrent.log]'s
scan succeeded following a timeout/busy condition - it is being logged in case
it contributed to that condition. Process NACAgent.exe, (start check timestamp [
1cac1851e4de742]).

Error - 11/03/2010 9:41:21 PM | Computer Name = Owner-PC | Source = SAVOnAccess | ID = 3997781
Description = File [...ProgramData\Cisco\Cisco NAC Agent\logs\NACAgentLogCurrent.log]'s
scan succeeded following a timeout/busy condition - it is being logged in case
it contributed to that condition. Process NACAgent.exe, (start check timestamp [
1cac1851e4e3562]).

Error - 11/03/2010 9:41:21 PM | Computer Name = Owner-PC | Source = SAVOnAccess | ID = 3997781
Description = File [...ProgramData\Cisco\Cisco NAC Agent\logs\NACAgentLogCurrent.log]'s
scan succeeded following a timeout/busy condition - it is being logged in case
it contributed to that condition. Process NACAgent.exe, (start check timestamp [
1cac1851e4eaa92]).

Error - 11/03/2010 9:41:21 PM | Computer Name = Owner-PC | Source = SAVOnAccess | ID = 3997781
Description = File [...ProgramData\Cisco\Cisco NAC Agent\logs\NACAgentLogCurrent.log]'s
scan succeeded following a timeout/busy condition - it is being logged in case
it contributed to that condition. Process NACAgent.exe, (start check timestamp [
1cac1851e4ef8b2]).

Error - 11/03/2010 9:41:21 PM | Computer Name = Owner-PC | Source = SAVOnAccess | ID = 3997781
Description = File [...ProgramData\Cisco\Cisco NAC Agent\logs\NACAgentLogCurrent.log]'s
scan succeeded following a timeout/busy condition - it is being logged in case
it contributed to that condition. Process NACAgent.exe, (start check timestamp [
1cac1851e4f6de2]).

Error - 11/03/2010 9:41:22 PM | Computer Name = Owner-PC | Source = SAVOnAccess | ID = 3997781
Description = File [...ProgramData\Cisco\Cisco NAC Agent\logs\NACAgentLogCurrent.log]'s
scan succeeded following a timeout/busy condition - it is being logged in case
it contributed to that condition. Process NACAgent.exe, (start check timestamp [
1cac1851ee5e182]).

Error - 11/03/2010 9:41:22 PM | Computer Name = Owner-PC | Source = SAVOnAccess | ID = 3997781
Description = File [...ProgramData\Cisco\Cisco NAC Agent\logs\NACAgentLogCurrent.log]'s
scan succeeded following a timeout/busy condition - it is being logged in case
it contributed to that condition. Process NACAgent.exe, (start check timestamp [
1cac1851ee656b2]).

Error - 11/03/2010 9:41:26 PM | Computer Name = Owner-PC | Source = SAVOnAccess | ID = 3997781
Description = File [...ProgramData\Cisco\Cisco NAC Agent\logs\NACAgentLogCurrent.log]'s
scan succeeded following a timeout/busy condition - it is being logged in case
it contributed to that condition. Process NACAgent.exe, (start check timestamp [
1cac1852149c222]).


< End of report >

Have you downloaded the legitimate Dragon yet?

Have you downloaded the legitimate Dragon yet?

Nope. I deleted the fake one and the malware/spy ware is still there.

Can you delete the dragon folder from Program Files.

==

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
    O4 - HKLM..\Run: [sps2i] C:\Users\Owner\AppData\Local\Temp\sps2i.exe File not found
    O4 - HKCU..\Run: [asg984jgkfmgasi8ug98jgkfgfb] C:\Users\Owner\AppData\Local\Temp\debug.exe ()
    O4 - HKCU..\Run: [CMS_Freedur] C:\Users\Owner\AppData\Roaming\Freedur\freedur.exe File not found
    O4 - HKCU..\Run: [Paladin Antivirus] C:\Program Files (x86)\Paladin Antivirus\pav.exe File not found
    O4 - HKCU..\RunOnce: [Shockwave Updater] C:\Windows\SysWOW64\Adobe\Shockwave 11\SwHelper_1150600.exe -Update -1150600 -Mozilla\5.0_(Windows;_U;_Windows_NT_6.0;_en-US)_AppleWebKit\532.0_(KHTML,_like_Gecko)_Chrome\3.0.195.33_Safari\532.0 - File not found
    O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\61871.lnk = C:\Users\Owner\AppData\Local\Temp\mvNat.exe File not found
    
    :Commands
    [emptytemp]
    [resethosts]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

====

Post a new hijackthis log please.

Hi, I did the fix/scan according to what you've given me and I deleted the dragon speak program from program files.

Here is the log after the fix:

User: Owner
->Temp folder emptied: 482307400 bytes
->Temporary Internet Files folder emptied: 79514526 bytes
->Java cache emptied: 85740494 bytes
->FireFox cache emptied: 78477680 bytes
->Google Chrome cache emptied: 180683673 bytes
->Flash cache emptied: 430205 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 482387910 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3842506 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 60344 bytes
RecycleBin emptied: 7808071169 bytes

Total Files Cleaned = 8,775.00 mb

File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
HOSTS file reset successfully

OTL by OldTimer - Version 3.1.37.0 log created on 03132010_040441

Files\Folders moved on Reboot...
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TPZ9M4O9\arrow[1].gif scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TPZ9M4O9\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TPZ9M4O9\SecurityBadge_16x16[1].gif scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TPZ9M4O9\View[1].aspx scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MRJ5ZG2I\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MRJ5ZG2I\embeded[1].htm scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MRJ5ZG2I\main[1].css scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MRJ5ZG2I\StartButton_16x16[1].gif scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MRJ5ZG2I\white_gradient[1].png scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I48ZEVK4\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I48ZEVK4\embeded[1].htm scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I48ZEVK4\RequiredFieldsNS[1].js scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I48ZEVK4\right[2].gif scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I48ZEVK4\SurveyScriptsNS[2].js scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I48ZEVK4\View[1].aspx scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9NWE31DZ\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9NWE31DZ\embeded[1].htm scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9NWE31DZ\View[1].aspx scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9NWE31DZ\windows_update16[1].png scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Here is the log from the "quick scan":

OTL logfile created on: 13/03/2010 4:12:03 AM - Run 2
OTL by OldTimer - Version 3.1.37.0 Folder = C:\Users\Owner\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 61.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 286.00 Gb Total Space | 24.28 Gb Free Space | 8.49% Space Free | Partition Type: NTFS
Drive D: | 12.09 Gb Total Space | 1.94 Gb Free Space | 16.02% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OWNER-PC
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/03/11 20:38:30 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
PRC - [2010/03/06 11:24:24 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010/02/17 17:32:27 | 000,319,280 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
PRC - [2010/02/05 17:29:12 | 000,454,400 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe
PRC - [2010/02/05 17:28:26 | 000,742,144 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe
PRC - [2009/10/28 12:31:31 | 000,080,936 | ---- | M] (Sophos Plc) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
PRC - [2009/08/22 18:19:13 | 000,245,760 | ---- | M] (Sophos Plc) -- C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
PRC - [2009/08/22 18:19:06 | 000,172,032 | ---- | M] (Sophos Plc) -- C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
PRC - [2009/08/22 17:54:47 | 000,098,304 | ---- | M] (Sophos Plc) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
PRC - [2009/07/26 16:44:34 | 003,883,856 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
PRC - [2009/07/20 04:00:00 | 000,077,824 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
PRC - [2009/04/23 08:51:38 | 000,691,656 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe
PRC - [2008/10/06 12:54:52 | 000,365,952 | ---- | M] () -- C:\Program Files (x86)\SMINST\BLService.exe
PRC - [2008/07/14 21:15:10 | 000,322,624 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe
PRC - [2008/06/19 16:04:50 | 000,014,376 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2008/01/20 21:51:43 | 000,168,960 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe


========== Modules (SafeList) ==========

MOD - [2010/03/11 20:38:30 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
MOD - [2009/11/04 16:20:34 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\msvcr80.dll
MOD - [2009/09/02 19:33:56 | 000,195,072 | ---- | M] (Sophos Plc) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured.dll
MOD - [2009/07/20 04:00:00 | 000,057,344 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\x86\GameHook.dll
MOD - [2009/07/20 04:00:00 | 000,038,912 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\x86\lgscroll.dll
MOD - [2008/01/20 21:50:03 | 000,450,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll
MOD - [2008/01/20 21:48:06 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/07/20 12:36:14 | 000,160,784 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2008/11/07 11:16:07 | 000,053,760 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\bthserv.dll -- (BthServ)
SRV:64bit: - [2008/09/16 12:33:26 | 000,719,152 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\vfsFPService.exe -- (vfsFPService)
SRV:64bit: - [2008/08/05 12:12:22 | 000,251,904 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_86727c20\STacSV64.exe -- (STacSV)
SRV:64bit: - [2008/06/27 10:53:06 | 000,089,088 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_86727c20\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008/03/18 18:25:40 | 000,023,040 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\Hpservice.exe -- (hpsrv)
SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/03/06 11:24:24 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/02/05 17:28:26 | 000,742,144 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe -- (NACAgent)
SRV - [2009/10/29 12:27:56 | 001,767,816 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2009/10/28 12:31:31 | 000,080,936 | ---- | M] (Sophos Plc) [Unknown | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe -- (SAVAdminService)
SRV - [2009/09/05 18:36:05 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/08/22 18:19:06 | 000,172,032 | ---- | M] (Sophos Plc) [Auto | Running] -- C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe -- (Sophos AutoUpdate Service)
SRV - [2009/08/22 17:54:47 | 000,098,304 | ---- | M] (Sophos Plc) [Unknown | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe -- (SAVService)
SRV - [2008/10/06 12:54:52 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/09/16 12:33:18 | 000,599,344 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vfsFPService.exe -- (vfsFPService)
SRV - [2008/07/27 13:01:49 | 000,093,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2008/07/14 21:15:10 | 000,322,624 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe -- (DpHost)
SRV - [2006/11/02 08:34:14 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2006/11/02 01:35:15 | 000,060,994 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2006/11/02 01:35:15 | 000,055,846 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vss.mof -- (VSS)
SRV - [2006/10/26 23:47:54 | 000,065,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=91&bd=Pavilion&pf=cnnb
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=91&bd=Pavilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=91&bd=Pavilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=91&bd=Pavilion&pf=cnnb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=91&bd=Pavilion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=91&bd=Pavilion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 0.0.0.0:80

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..extensions.enabledItems: {10289AD8-241D-406C-8168-6508B4D257D6}:0.4
FF - prefs.js..extensions.enabledItems: otis@digitalpersona.com:1.0.1.1
FF - prefs.js..extensions.enabledItems: addon@freedur.com:1.13.2009060504
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20090123.1

FF - HKLM\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\ [2009/05/17 07:23:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{10289AD8-241D-406C-8168-6508B4D257D6}: C:\DepositFiles\Depositfiles Filemanager with FTP\Firefox\ [2009/10/07 18:34:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.16\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/03/05 12:32:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.16\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/03/05 12:32:17 | 000,000,000 | ---D | M]

[2010/02/02 11:37:05 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
[2010/02/02 11:37:05 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2009/08/10 05:36:56 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\extensions
[2009/08/01 05:41:19 | 000,000,000 | ---D | M] (CS Lite) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\extensions\{00084897-021a-4361-8423-083407a033e0}
[2009/08/01 05:41:23 | 000,000,000 | ---D | M] (JonDoFox) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\extensions\{437be45a-4114-11dd-b9ab-71d256d89593}
[2009/08/01 05:41:21 | 000,000,000 | ---D | M] (Dr.Web anti-virus link checker) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\extensions\{6614d11d-d21d-b211-ae23-815234e1ebb5}
[2009/08/01 05:41:24 | 000,000,000 | ---D | M] (SafeCache) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\extensions\{670a77c5-010e-4476-a8ce-d09171318839}
[2009/08/01 05:41:24 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009/08/01 05:41:21 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/08/01 05:41:19 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/08/01 05:41:23 | 000,000,000 | ---D | M] (Menu Editor) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\extensions\{EDA7B1D7-F793-4e03-B074-E6F303317FB0}
[2009/08/01 05:41:24 | 000,000,000 | ---D | M] (ProfileSwitcher) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\extensions\{fa8476cf-a98c-4e08-99b4-65a69cb4b7d4}
[2009/08/01 05:41:21 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\extensions\beysim@beysim.net
[2009/08/01 05:41:19 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\extensions\elemhidehelper@adblockplus.org
[2010/03/11 14:54:35 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\v62ldiv0.default\extensions
[2009/12/27 16:31:38 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\v62ldiv0.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/06/17 14:08:48 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\v62ldiv0.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/07/27 20:27:15 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\v62ldiv0.default\extensions\addon@freedur.com
[2010/03/10 21:38:50 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/03/13 04:05:58 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Sophos Web Content Scanner) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SophosBHOX64.dll (Sophos Plc)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL ()
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [NACAgentUI] C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files (x86)\LimeWire\LimeWire.exe (Lime Wire, LLC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysNative\wshbth.dll ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class)
O18:64bit: - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL) - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured_x64.dll (Sophos Plc)
O20 - AppInit_DLLs: (C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL) - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Plc)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\Titanium1.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\Titanium1.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{d7f816c4-f4a3-11de-ace3-00247e611725}\Shell\1\Command - "" = H:\Recycle.exe -- File not found
O33 - MountPoints2\{d7f816c4-f4a3-11de-ace3-00247e611725}\Shell\2\Command - "" = H:\Recycle.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2010/03/13 04:04:41 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/03/12 18:45:29 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Apple
[2010/03/12 18:45:11 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Apple Computer
[2010/03/11 22:28:10 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Adobe
[2010/03/11 20:38:28 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2010/03/06 11:25:09 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\PunkBuster
[2010/03/06 11:25:04 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\BFBC2
[2010/03/01 20:27:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TrendMicro
[2010/03/01 13:36:22 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\Tilted Mill
[2010/02/28 13:25:09 | 000,000,000 | ---D | C] -- C:\eGenesis

========== Files - Modified Within 14 Days ==========

[2010/03/13 04:15:07 | 007,077,888 | -HS- | M] () -- C:\Users\Owner\NTUSER.DAT
[2010/03/13 04:09:45 | 000,106,127 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/03/13 04:08:38 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/03/13 04:07:47 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/03/13 04:07:45 | 000,003,344 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/03/13 04:07:44 | 000,003,344 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/03/13 04:07:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/03/13 04:07:34 | 4292,026,368 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/13 04:06:38 | 000,524,288 | -HS- | M] () -- C:\Users\Owner\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms
[2010/03/13 04:06:38 | 000,065,536 | -HS- | M] () -- C:\Users\Owner\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf
[2010/03/13 04:06:18 | 000,002,434 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/03/13 04:06:13 | 003,730,572 | -H-- | M] () -- C:\Users\Owner\AppData\Local\IconCache.db
[2010/03/13 04:06:10 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/03/13 03:45:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-148236403-4087186441-390601442-1000UA.job
[2010/03/13 02:45:01 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-148236403-4087186441-390601442-1000Core.job
[2010/03/12 23:30:00 | 000,000,542 | ---- | M] () -- C:\Windows\tasks\McMaster Scan.job
[2010/03/12 18:45:05 | 000,002,255 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/03/12 11:41:37 | 000,106,127 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/03/11 20:38:30 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2010/03/11 20:37:54 | 000,000,092 | ---- | M] () -- C:\Users\Owner\Desktop\find.bat
[2010/03/11 20:36:11 | 000,002,553 | ---- | M] () -- C:\Users\Owner\Desktop\HiJackThis.lnk
[2010/03/11 12:27:27 | 001,478,638 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/03/11 12:27:27 | 000,675,284 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2010/03/11 12:27:27 | 000,603,282 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/03/11 12:27:27 | 000,128,422 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2010/03/11 12:27:27 | 000,106,696 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/03/09 10:58:28 | 000,002,413 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2010/03/08 21:32:54 | 000,000,145 | ---- | M] () -- C:\Users\Owner\webct_upload_applet.properties
[2010/03/06 16:28:33 | 000,215,128 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2010/03/06 16:28:33 | 000,215,128 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010/03/06 11:24:24 | 002,434,856 | ---- | M] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2010/03/06 11:24:24 | 000,075,064 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010/03/03 21:14:54 | 000,007,592 | ---- | M] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2010/03/01 13:20:53 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_LHidFilt_01005.Wdf
[2010/03/01 13:19:11 | 000,001,695 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
[2010/03/01 13:19:11 | 000,001,683 | ---- | M] () -- C:\Users\Public\Desktop\Logitech Mouse and Keyboard Settings.lnk
[2010/02/28 13:41:34 | 000,317,435 | ---- | M] () -- C:\Windows\A Tale in the Desert Uninstaller.exe
[2010/02/28 13:41:34 | 000,000,762 | ---- | M] () -- C:\Users\Owner\Desktop\A Tale in the Desert.lnk

========== Files Created - No Company Name ==========

[2010/03/11 20:38:04 | 000,000,525 | ---- | C] () -- C:\Program Files\ProgramFiles.txt
[2010/03/11 20:37:54 | 000,000,092 | ---- | C] () -- C:\Users\Owner\Desktop\find.bat
[2010/03/08 21:31:08 | 000,000,145 | ---- | C] () -- C:\Users\Owner\webct_upload_applet.properties
[2010/03/06 11:25:13 | 000,215,128 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2010/03/06 11:24:25 | 000,215,128 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010/03/06 11:24:24 | 000,075,064 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010/03/06 11:24:23 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2010/03/06 11:23:50 | 000,517,960 | ---- | C] () -- C:\Windows\SysNative\XAudio2_5.dll
[2010/03/06 11:23:49 | 000,176,968 | ---- | C] () -- C:\Windows\SysNative\xactengine3_5.dll
[2010/03/06 11:23:46 | 002,582,888 | ---- | C] () -- C:\Windows\SysNative\D3DCompiler_42.dll
[2010/03/06 11:23:45 | 005,554,512 | ---- | C] () -- C:\Windows\SysNative\d3dcsx_42.dll
[2010/03/06 11:23:44 | 000,285,024 | ---- | C] () -- C:\Windows\SysNative\d3dx11_42.dll
[2010/03/06 11:23:43 | 000,523,088 | ---- | C] () -- C:\Windows\SysNative\d3dx10_42.dll
[2010/03/06 11:23:42 | 002,475,352 | ---- | C] () -- C:\Windows\SysNative\D3DX9_42.dll
[2010/03/06 11:23:32 | 000,073,544 | ---- | C] () -- C:\Windows\SysNative\XAPOFX1_3.dll
[2010/03/06 11:23:17 | 000,513,544 | ---- | C] () -- C:\Windows\SysNative\XAudio2_2.dll
[2010/03/06 11:23:17 | 000,072,200 | ---- | C] () -- C:\Windows\SysNative\XAPOFX1_1.dll
[2010/03/06 11:23:16 | 000,177,672 | ---- | C] () -- C:\Windows\SysNative\xactengine3_2.dll
[2010/03/01 20:27:39 | 000,002,553 | ---- | C] () -- C:\Users\Owner\Desktop\HiJackThis.lnk
[2010/03/01 13:20:53 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_LHidFilt_01005.Wdf
[2010/02/28 13:26:41 | 000,317,435 | ---- | C] () -- C:\Windows\A Tale in the Desert Uninstaller.exe
[2010/02/28 13:26:41 | 000,000,762 | ---- | C] () -- C:\Users\Owner\Desktop\A Tale in the Desert.lnk
[2010/01/06 17:02:03 | 000,429,000 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_vcredistMSI0DA0.txt
[2010/01/06 17:02:03 | 000,011,694 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_vcredistUI0DA0.txt
[2010/01/04 00:44:48 | 000,460,248 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_vcredistMSI0564.txt
[2010/01/04 00:44:47 | 000,011,460 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_vcredistUI0564.txt
[2009/12/30 19:08:01 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2009/10/14 23:34:18 | 000,000,345 | ---- | C] () -- C:\Windows\SoftWriting.ini
[2009/09/17 09:36:09 | 000,000,732 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps64.dat
[2009/08/23 22:12:33 | 000,000,760 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\setup_ldm.iss
[2009/07/16 09:03:57 | 000,000,600 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\winscp.rnd
[2009/07/06 21:46:44 | 000,197,120 | ---- | C] () -- C:\Windows\patchw32.dll
[2009/06/24 13:13:13 | 001,490,168 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/06/20 18:04:59 | 000,028,085 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_depcheckdotnetfx30.txt
[2009/06/20 18:04:50 | 000,033,714 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_dotnetfx3install.txt
[2009/06/20 18:04:50 | 000,003,352 | ---- | C] () -- C:\Users\Owner\AppData\Local\uxeventlog.txt
[2009/06/20 18:04:50 | 000,000,604 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_dotnetfx3error.txt
[2009/06/15 11:39:01 | 000,000,258 | ---- | C] () -- C:\Windows\game.ini
[2009/06/14 19:33:09 | 000,007,592 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2009/06/14 15:40:19 | 000,133,632 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/14 15:36:30 | 000,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Local\QSwitch.txt
[2009/06/14 15:36:30 | 000,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Local\DSwitch.txt
[2009/06/14 15:36:30 | 000,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Local\AtStart.txt
[2009/05/17 07:28:07 | 000,106,127 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/05/17 07:22:50 | 000,000,105 | ---- | C] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
[2009/05/17 07:22:42 | 000,000,032 | ---- | C] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
[2009/05/17 07:22:18 | 000,000,032 | ---- | C] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
[2009/05/17 07:21:46 | 000,000,032 | ---- | C] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
[2009/05/17 07:20:29 | 000,000,032 | ---- | C] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
[2009/05/17 07:12:46 | 000,106,127 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2008/11/07 10:59:28 | 000,000,109 | ---- | C] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
[2008/11/07 10:54:27 | 000,000,110 | ---- | C] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
[2008/11/07 10:52:55 | 000,000,105 | ---- | C] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
[2008/11/07 10:51:44 | 000,000,107 | ---- | C] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
[2008/10/28 16:40:48 | 000,173,552 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2008/10/06 20:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008/10/06 20:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008/10/06 20:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008/10/06 20:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008/10/06 20:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008/10/06 20:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008/10/06 20:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008/10/06 20:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008/10/06 20:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008/10/06 20:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2008/01/20 21:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/20 21:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2007/11/14 18:17:34 | 000,204,800 | ---- | C] () -- C:\Windows\SysWow64\CogentBioSDK.dll

========== LOP Check ==========

[2009/07/06 21:42:18 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Atari
[2009/08/19 08:49:35 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Bioshock
[2009/09/10 08:10:50 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\CiscoCAA
[2009/07/15 10:05:46 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\CopyTrans
[2009/06/18 18:50:46 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\DAEMON Tools Lite
[2010/01/14 17:05:06 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\DC++
[2009/06/14 15:36:28 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\DigitalPersona
[2009/08/19 08:03:38 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\FloodLightGames
[2009/08/10 09:37:05 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Freedur
[2009/07/06 21:46:55 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Leadertech
[2010/03/13 04:11:17 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\LimeWire
[2009/08/19 21:30:28 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PlayFirst
[2010/01/04 00:45:33 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\runic games
[2010/03/13 04:15:25 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\uTorrent
[2009/08/12 03:32:47 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\WildTangent
[2009/07/15 10:04:31 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\WindSolutions
[2010/03/12 23:30:00 | 000,000,542 | ---- | M] () -- C:\Windows\Tasks\McMaster Scan.job
[2010/03/13 04:06:16 | 000,032,544 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========


< End of report >

Any changes with IE?

Hey, I think your solution worked!!! =DD but then sophos update still doesn't work.. or that just might be a problem with my school's server? not really sure. What kind of malware/spyware protection do you recommend (either pay or non pay)?

THANK YOU SO MUCH!!!

No worries :). Try Comodo av and firewall. Malwarebytes anti-malware too.

Launch OTL and click on the Cleanup button. Follow the prompts.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.