Inactive Browser Hijack/Unable to Use SKYPE other functions

hlbull · 2011/07/21

No boot to normal mode still.
Rerunning aswMBR now.

broni · 2011/07/21

Ok....

hlbull · 2011/07/21

Here's the new log, Broni:

aswMBR version 0.9.8.945 Copyright(c) 2011 AVAST Software
Run date: 2011-07-21 21:35:08
-----------------------------
21:35:08.236 OS Version: Windows 6.0.6000
21:35:08.236 Number of processors: 2 586 0xF0D
21:35:08.237 ComputerName: HANNAH-LEIGH-PC UserName:
21:35:09.430 Initialize success
21:35:17.735 AVAST engine defs: 11072101
21:35:25.811 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
21:35:25.813 Disk 0 Vendor: WDC_WD25 01.0 Size: 238475MB BusType: 3
21:35:25.824 Disk 0 MBR read successfully
21:35:25.825 Disk 0 MBR scan
21:35:25.828 Disk 0 unknown MBR code
21:35:25.832 Disk 0 scanning sectors +488394752
21:35:25.917 Disk 0 scanning C:\Windows\system32\drivers
21:35:34.578 Service scanning
21:35:36.039 Modules scanning
21:35:41.256 Disk 0 trace - called modules:
21:35:41.278 ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
21:35:41.289 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x853477e0]
21:35:41.291 3 ntkrnlpa.exe[820b07e2] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8532a030]
21:35:43.020 AVAST engine scan C:\Windows
21:35:46.981 AVAST engine scan C:\Windows\system32
21:37:41.847 AVAST engine scan C:\Windows\system32\drivers
21:37:51.983 AVAST engine scan C:\Users\Hannah-Leigh Bull
21:48:14.225 AVAST engine scan C:\ProgramData
21:50:03.673 Scan finished successfully
21:51:40.699 Disk 0 MBR has been saved successfully to "C:\Users\Hannah-Leigh Bull\Desktop\MBR.dat "
21:51:40.703 The log file has been saved successfully to "C:\Users\Hannah-Leigh Bull\Desktop\aswMBR.txt "
21:52:38.936 Disk 0 MBR has been saved successfully to "C:\MBR.dat "
21:52:38.940 The log file has been saved successfully to "C:\aswMBR.txt "

broni · 2011/07/21

While in safe mode...

Go Start>Run (Start Search in Vista), type in:
msconfig
Click OK (hit Enter in Vista).

Click on Startup tab.
Click Disable all
IMPORTANT! In case of laptop, make sure, you do NOT disable any keyboard, or touchpad entries.

Click Services tab.
Put checkmark in Hide all Microsoft services
Click Disable all.

Click OK.
Attempt to restart computer in Normal Mode.

NOTE. If you use different firewall, than Windows firewall, turn Windows firewall on, just for this test, since your regular firewall won't be running.
If you use Windows firewall, you're fine.

Same problem?

hlbull · 2011/07/21

Yes same problem. Blue screen shortly after desktop loads in Normal Mode.
I followed the instructions above disabling all startup programs except for one which seemed to be related to my laptop mouse driver:

Startup Item
Alps Pointing-Device Driver

Manufacturer:
Alps Electric Co., Ltd.

Command:
C:\Program Files\DellTPad\Apoint.exe

Location:
HKLM\SOFTWARE\Mcrosoft\Windows\CurrentVersion\Run

broni · 2011/07/21

OK. Go back to "msconfig" and re-enable all items you just disabled.

What is the exact error you're getting while booting to normal mode?

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Click the Scan All Users checkbox.

Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

hlbull · 2011/07/21

The logs are too long for one post so I will have to break them up into a few posts.

----------------
OTL.exe results part 1/2
----------------

OTL logfile created on: 7/21/2011 10:24:29 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Hannah-Leigh Bull\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.49 Gb Available Physical Memory | 82.91% Memory free
3.13 Gb Paging File | 2.82 Gb Available in Paging File | 89.99% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220.31 Gb Total Space | 92.68 Gb Free Space | 42.07% Space Free | Partition Type: NTFS
Drive R: | 10.00 Gb Total Space | 5.83 Gb Free Space | 58.29% Space Free | Partition Type: NTFS

Computer Name: HANNAH-LEIGH-PC | User Name: Hannah-Leigh Bull | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/21 22:21:31 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Hannah-Leigh Bull\Desktop\OTL.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2008/10/29 00:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2006/11/02 03:45:13 | 000,497,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\HelpPane.exe

========== Modules (SafeList) ==========

MOD - [2011/07/21 22:21:31 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Hannah-Leigh Bull\Desktop\OTL.exe
MOD - [2006/11/02 03:38:57 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2008/09/03 00:16:18 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/03/31 21:45:33 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/01 22:37:08 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2008/01/01 22:37:02 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
SRV - [2007/09/20 19:20:26 | 000,028,672 | ---- | M] (Adobe Systems) [Auto | Stopped] -- C:\Program Files\Adobe\Adobe RoboSource Control 3.1\RSO3MiddleTierService.exe -- (RSO3MiddleTierService)
SRV - [2007/09/20 19:20:02 | 000,507,904 | ---- | M] (Adobe Systems) [Auto | Stopped] -- C:\Program Files\Adobe\Adobe RoboSource Control 3.1\RSO3Server.exe -- (RSO3Server)
SRV - [2007/04/03 16:18:08 | 001,516,584 | ---- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2007/02/15 11:51:18 | 002,232,320 | ---- | M] (South River Technologies, LLC) [Auto | Stopped] -- C:\Program Files\WebDrive\wdService.exe -- (WebDriveService)

========== Driver Services (SafeList) ==========

DRV - [2011/04/18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2008/01/01 22:37:18 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/10/04 22:24:00 | 007,628,608 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/09/26 09:12:00 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2007/09/24 03:27:26 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/04/03 16:17:08 | 000,306,295 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2007/01/31 13:45:06 | 000,127,376 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2007/01/18 14:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006/11/27 01:48:46 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006/11/27 01:48:44 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/27 01:48:44 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/21 06:25:44 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/11/11 13:50:04 | 000,166,912 | ---- | M] () [File_System | Auto | Stopped] -- C:\Program Files\WebDrive\wdfsd.sys -- (WebDriveFSD)
DRV - [2006/11/02 01:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 01:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2006/08/04 18:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-4225951657-1860771598-1606342484-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
IE - HKU\S-1-5-21-4225951657-1860771598-1606342484-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-4225951657-1860771598-1606342484-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4225951657-1860771598-1606342484-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src "
FF - prefs.js..browser.startup.homepage: "http://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-USfficial "
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: browserhighlighter@ebay.com:1.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.91

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/21 18:35:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/16 17:19:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/07/09 09:43:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011/07/13 19:32:22 | 000,000,000 | ---D | M]

[2010/09/16 06:29:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hannah-Leigh Bull\AppData\Roaming\Mozilla\Extensions
[2010/09/16 06:29:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hannah-Leigh Bull\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/07/16 17:23:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hannah-Leigh Bull\AppData\Roaming\Mozilla\Firefox\Profiles\z6p98krh.default\extensions
[2010/05/10 00:03:41 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Hannah-Leigh Bull\AppData\Roaming\Mozilla\Firefox\Profiles\z6p98krh.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/06/22 21:10:08 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Hannah-Leigh Bull\AppData\Roaming\Mozilla\Firefox\Profiles\z6p98krh.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/07/13 19:13:18 | 000,000,000 | ---D | M] (BitDefender QuickScan) -- C:\Users\Hannah-Leigh Bull\AppData\Roaming\Mozilla\Firefox\Profiles\z6p98krh.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2011/07/19 13:49:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/14 14:26:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/26 18:33:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/12/09 08:55:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/07/16 14:40:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) --
[2011/06/21 18:35:50 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/06/18 10:08:31 | 000,061,832 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\mozilla firefox\plugins\npatgpc.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/05/06 07:50:25 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/07/20 21:41:17 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-4225951657-1860771598-1606342484-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 8\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSConfig] C:\Windows\System32\msconfig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [binary data]
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [binary data]
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-4225951657-1860771598-1606342484-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4225951657-1860771598-1606342484-1000\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-4225951657-1860771598-1606342484-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-4225951657-1860771598-1606342484-1000\..Trusted Domains: intuit.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-4225951657-1860771598-1606342484-1000\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.100.1
O20 - AppInit_DLLs: (acaptuser32.dll) - C:\Windows\System32\acaptuser32.dll (Adobe Systems, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Hannah\Documents\Images\Owls\owl_1440_900-3.jpg
O24 - Desktop BackupWallPaper: C:\Hannah\Documents\Images\Owls\owl_1440_900-3.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2011/07/21 22:21:29 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\Hannah-Leigh Bull\Desktop\OTL.exe
[2011/07/21 22:05:52 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011/07/21 21:03:54 | 000,000,000 | ---D | C] -- C:\Users\Hannah-Leigh Bull\AppData\Roaming\ImgBurn
[2011/07/21 20:56:53 | 000,000,000 | ---D | C] -- C:\Users\Hannah-Leigh Bull\Desktop\Vista_Recovery_Disc
[2011/07/21 20:38:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
[2011/07/21 20:38:00 | 000,000,000 | ---D | C] -- C:\Program Files\ImgBurn
[2011/07/21 20:35:43 | 005,514,668 | ---- | C] (LIGHTNING UK!) -- C:\Users\Hannah-Leigh Bull\Desktop\SetupImgBurn_2.5.5.0.exe
[2011/07/21 20:02:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rocket Division Software
[2011/07/21 20:02:34 | 000,000,000 | ---D | C] -- C:\Program Files\Rocket Division Software
[2011/07/21 19:59:48 | 001,592,512 | ---- | C] (W3i, LLC) -- C:\Users\Hannah-Leigh Bull\Desktop\dvdburning.exe
[2011/07/21 18:34:36 | 001,915,904 | ---- | C] (AVAST Software) -- C:\Users\Hannah-Leigh Bull\Desktop\aswMBR.exe
[2011/07/20 21:43:06 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/07/20 21:32:41 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/07/20 21:32:40 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/07/20 21:32:40 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/07/20 21:32:40 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/07/20 21:32:33 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/07/20 21:32:32 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/07/20 21:32:30 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/07/20 21:32:26 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2011/07/20 21:31:15 | 004,151,535 | R--- | C] (Swearware) -- C:\Users\Hannah-Leigh Bull\Desktop\ComboFix.exe
[2011/07/20 19:22:35 | 001,436,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Hannah-Leigh Bull\Desktop\tdsskiller.exe
[2011/07/20 16:33:48 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/07/20 15:06:09 | 000,000,000 | ---D | C] -- C:\Users\Hannah-Leigh Bull\AppData\Local\Microsoft Corporation
[2011/07/20 15:04:48 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Windows 7 Upgrade Advisor
[2011/07/20 14:02:14 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/07/20 13:40:24 | 002,001,984 | ---- | C] (Trend Micro Inc.) -- C:\Users\Hannah-Leigh Bull\Desktop\HousecallLauncher.exe
[2011/07/19 13:53:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011/07/19 13:53:39 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2011/07/16 09:01:53 | 000,000,000 | ---D | C] -- C:\Users\Hannah-Leigh Bull\AppData\Roaming\Malwarebytes
[2011/07/16 09:01:27 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/07/16 09:01:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/07/16 09:01:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/07/16 09:01:21 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/07/16 09:01:21 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/07/15 16:03:05 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/07/09 15:53:21 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/07/09 15:51:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/07/09 15:50:47 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/07/09 15:50:45 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2007/07/16 11:19:32 | 004,964,360 | ---- | C] (Esoteric Technologies Pty Ltd) -- C:\Program Files\temp.000
[2005/06/23 08:06:16 | 000,106,496 | ---- | C] (Astro Communications Services) -- C:\Program Files\FINDCITY.DLL
[2005/03/17 12:02:56 | 004,964,360 | ---- | C] (Esoteric Technologies Pty Ltd) -- C:\Program Files\SOLFIRE.EXE
[2005/03/16 12:01:12 | 000,081,920 | ---- | C] (Esoteric Technologies Pty Ltd) -- C:\Program Files\PARTEDIT.EXE
[2005/01/22 21:56:12 | 000,036,864 | ---- | C] (Esoteric Technologies Pty Ltd) -- C:\Program Files\MNUEDIT.exe
[2005/01/22 21:53:01 | 000,057,344 | ---- | C] (Esoteric Technologies Pty Ltd) -- C:\Program Files\RULREDIT.exe
[2005/01/22 21:49:46 | 000,184,320 | ---- | C] (Esoteric Technologies Pty Ltd) -- C:\Program Files\PLNTRIUM.exe
[2005/01/22 21:26:36 | 000,151,552 | ---- | C] (Esoteric Technologies Pty Ltd) -- C:\Program Files\SFINTERP.exe
[2005/01/22 20:56:49 | 000,188,416 | ---- | C] (Esoteric Technologies Pty Ltd) -- C:\Program Files\DESIGNER.exe
[2005/01/22 20:38:39 | 000,212,992 | ---- | C] (Esoteric Technologies Pty Ltd) -- C:\Program Files\PGDESIGN.exe
[2005/01/22 20:22:42 | 000,139,264 | ---- | C] (Esoteric Technologies Pty Ltd) -- C:\Program Files\STAREDIT.exe
[2005/01/22 20:16:12 | 000,106,496 | ---- | C] (Esoteric Technologies Pty Ltd) -- C:\Program Files\Almutens.exe
[2005/01/22 19:27:20 | 001,204,224 | ---- | C] (Esoteric Technologies Pty Ltd ACN 003 895 396) -- C:\Program Files\SOLARMAP.EXE
[2005/01/13 23:03:02 | 000,601,088 | ---- | C] (Esoteric Technologies Pty Ltd) -- C:\Program Files\ETCONV.EXE
[2004/08/26 20:20:47 | 000,024,576 | ---- | C] (Esoteric Technologies Pty Ltd) -- C:\Program Files\FILEFIND.exe

========== Files - Modified Within 30 Days ==========

[2011/07/21 22:21:31 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Hannah-Leigh Bull\Desktop\OTL.exe
[2011/07/21 22:13:27 | 000,633,766 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/07/21 22:13:27 | 000,108,886 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/07/21 22:08:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/07/21 22:08:26 | 268,435,456 | -HS- | M] () -- C:\Windows\System32\temppf.sys
[2011/07/21 22:07:05 | 000,028,475 | ---- | M] () -- C:\Users\Hannah-Leigh Bull\AppData\Roaming\nvModes.001
[2011/07/21 22:07:05 | 000,008,268 | ---- | M] () -- C:\Users\Hannah-Leigh Bull\AppData\Local\d3d9caps.dat
[2011/07/21 21:52:38 | 000,000,512 | ---- | M] () -- C:\MBR.dat
[2011/07/21 21:51:40 | 000,000,512 | ---- | M] () -- C:\Users\Hannah-Leigh Bull\Desktop\MBR.dat
[2011/07/21 20:55:36 | 118,861,001 | ---- | M] () -- C:\Users\Hannah-Leigh Bull\Desktop\Vista_Recovery_Disc.zip
[2011/07/21 20:38:00 | 000,001,652 | ---- | M] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2011/07/21 20:36:05 | 005,514,668 | ---- | M] (LIGHTNING UK!) -- C:\Users\Hannah-Leigh Bull\Desktop\SetupImgBurn_2.5.5.0.exe
[2011/07/21 20:34:18 | 000,004,542 | ---- | M] () -- C:\Users\Hannah-Leigh Bull\Desktop\dvd-burning-software.htm
[2011/07/21 20:28:39 | 000,047,894 | ---- | M] () -- C:\Users\Hannah-Leigh Bull\Desktop\dyn-postdownload.php
[2011/07/21 20:20:56 | 000,000,943 | ---- | M] () -- C:\Users\Hannah-Leigh Bull\Desktop\Grab & Burn.lnk
[2011/07/21 20:15:21 | 000,039,869 | ---- | M] () -- C:\Users\Hannah-Leigh Bull\Desktop\ImgBurn-Download-27810.html
[2011/07/21 20:11:16 | 000,056,705 | ---- | M] () -- C:\Users\Hannah-Leigh Bull\Desktop\ImgBurn.shtml
[2011/07/21 19:59:52 | 001,592,512 | ---- | M] (W3i, LLC) -- C:\Users\Hannah-Leigh Bull\Desktop\dvdburning.exe
[2011/07/21 19:53:21 | 000,059,484 | ---- | M] () -- C:\Users\Hannah-Leigh Bull\Desktop\956-windows-vista-32-bit-x86-recovery-disc.html
[2011/07/21 18:35:18 | 001,915,904 | ---- | M] (AVAST Software) -- C:\Users\Hannah-Leigh Bull\Desktop\aswMBR.exe
[2011/07/20 23:58:25 | 000,002,633 | ---- | M] () -- C:\Users\Hannah-Leigh Bull\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003.lnk
[2011/07/20 22:23:32 | 000,302,592 | ---- | M] () -- C:\Users\Hannah-Leigh Bull\Desktop\ciq7gx6g.exe
[2011/07/20 21:41:17 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/07/20 21:31:41 | 004,151,535 | R--- | M] (Swearware) -- C:\Users\Hannah-Leigh Bull\Desktop\ComboFix.exe
[2011/07/20 21:28:14 | 001,008,041 | ---- | M] () -- C:\Users\Hannah-Leigh Bull\Desktop\rkill.exe
[2011/07/20 20:22:51 | 000,035,712 | ---- | M] () -- C:\Windows\System32\drivers\BlackBox.sys
[2011/07/20 19:22:54 | 001,436,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Hannah-Leigh Bull\Desktop\tdsskiller.exe
[2011/07/20 18:34:10 | 000,003,568 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/20 18:34:10 | 000,003,568 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/07/20 16:33:48 | 360,361,599 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/07/20 16:12:24 | 000,302,592 | ---- | M] () -- C:\Users\Hannah-Leigh Bull\Desktop\qjnmbyv3.exe
[2011/07/20 15:05:39 | 000,001,986 | ---- | M] () -- C:\Users\Public\Desktop\Windows 7 Upgrade Advisor.lnk
[2011/07/20 13:54:35 | 000,329,789 | ---- | M] () -- C:\Users\Hannah-Leigh Bull\AppData\Local\census.cache
[2011/07/20 13:54:07 | 000,218,123 | ---- | M] () -- C:\Users\Hannah-Leigh Bull\AppData\Local\ars.cache
[2011/07/20 13:41:11 | 000,000,036 | ---- | M] () -- C:\Users\Hannah-Leigh Bull\AppData\Local\housecall.guid.cache
[2011/07/20 13:40:35 | 002,001,984 | ---- | M] (Trend Micro Inc.) -- C:\Users\Hannah-Leigh Bull\Desktop\HousecallLauncher.exe
[2011/07/20 13:08:19 | 000,002,377 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/07/20 06:39:20 | 000,000,134 | ---- | M] () -- C:\Users\Hannah-Leigh Bull\Desktop\Windows Update - Shortcut.lnk
[2011/07/18 07:15:21 | 000,000,177 | ---- | M] () -- C:\Windows\hpbafd.ini
[2011/07/16 09:01:28 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/15 16:03:30 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/07/15 10:26:37 | 000,000,564 | ---- | M] () -- C:\Users\Hannah-Leigh Bull\Documents\ChatLog KMR2 Team Meeting 2011_07_15 10_26.rtf
[2011/07/13 19:32:55 | 000,001,890 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Acrobat 3D Version 8.lnk
[2011/07/13 18:28:32 | 000,081,984 | ---- | M] () -- C:\Windows\System32\bdod.bin
[2011/07/13 08:40:21 | 000,004,662 | ---- | M] () -- C:\Windows\solfire6.ini
[2011/07/13 08:40:21 | 000,000,330 | ---- | M] () -- C:\Program Files\Place1.fil
[2011/07/13 08:40:21 | 000,000,330 | ---- | M] () -- C:\Program Files\Place0.fil
[2011/07/13 08:37:53 | 000,017,301 | ---- | M] () -- C:\Program Files\objects.dfn
[2011/07/13 08:37:53 | 000,001,276 | ---- | M] () -- C:\Program Files\plist.dfn
[2011/07/13 08:37:53 | 000,000,404 | ---- | M] () -- C:\Program Files\alist.dfn
[2011/07/13 08:37:53 | 000,000,041 | ---- | M] () -- C:\Program Files\starlist.dfn
[2011/07/13 08:37:53 | 000,000,018 | ---- | M] () -- C:\Program Files\astrlist.dfn
[2011/07/13 08:37:53 | 000,000,015 | ---- | M] () -- C:\Program Files\partlist.dfn
[2011/07/13 08:37:53 | 000,000,013 | ---- | M] () -- C:\Program Files\ringlist.dfn
[2011/07/09 15:51:43 | 000,001,666 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/07/05 11:42:37 | 000,000,452 | ---- | M] () -- C:\Users\Hannah-Leigh Bull\Documents\ChatLog KMR2 Team Meeting 2011_07_05 11_42.rtf
[2011/06/26 00:45:56 | 000,256,000 | ---- | M] () -- C:\Windows\PEV.exe

========== Files Created - No Company Name ==========

[2011/07/21 21:52:38 | 000,000,512 | ---- | C] () -- C:\MBR.dat
[2011/07/21 20:41:48 | 118,861,001 | ---- | C] () -- C:\Users\Hannah-Leigh Bull\Desktop\Vista_Recovery_Disc.zip
[2011/07/21 20:38:00 | 000,001,664 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk
[2011/07/21 20:38:00 | 000,001,652 | ---- | C] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2011/07/21 20:28:39 | 000,047,894 | ---- | C] () -- C:\Users\Hannah-Leigh Bull\Desktop\dyn-postdownload.php
[2011/07/21 20:15:21 | 000,039,869 | ---- | C] () -- C:\Users\Hannah-Leigh Bull\Desktop\ImgBurn-Download-27810.html
[2011/07/21 20:12:17 | 000,004,542 | ---- | C] () -- C:\Users\Hannah-Leigh Bull\Desktop\dvd-burning-software.htm
[2011/07/21 20:11:16 | 000,056,705 | ---- | C] () -- C:\Users\Hannah-Leigh Bull\Desktop\ImgBurn.shtml
[2011/07/21 20:02:37 | 000,000,943 | ---- | C] () -- C:\Users\Hannah-Leigh Bull\Desktop\Grab & Burn.lnk
[2011/07/21 19:53:18 | 000,059,484 | ---- | C] () -- C:\Users\Hannah-Leigh Bull\Desktop\956-windows-vista-32-bit-x86-recovery-disc.html
[2011/07/21 19:03:54 | 000,000,512 | ---- | C] () -- C:\Users\Hannah-Leigh Bull\Desktop\MBR.dat
[2011/07/20 22:23:28 | 000,302,592 | ---- | C] () -- C:\Users\Hannah-Leigh Bull\Desktop\ciq7gx6g.exe
[2011/07/20 21:32:41 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/07/20 21:32:41 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/07/20 21:32:40 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/07/20 21:32:40 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/07/20 21:32:40 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/07/20 21:28:09 | 001,008,041 | ---- | C] () -- C:\Users\Hannah-Leigh Bull\Desktop\rkill.exe
[2011/07/20 20:06:12 | 000,035,712 | ---- | C] () -- C:\Windows\System32\drivers\BlackBox.sys
[2011/07/20 19:26:30 | 268,435,456 | -HS- | C] () -- C:\Windows\System32\temppf.sys
[2011/07/20 16:33:09 | 360,361,599 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/07/20 16:12:06 | 000,302,592 | ---- | C] () -- C:\Users\Hannah-Leigh Bull\Desktop\qjnmbyv3.exe
[2011/07/20 15:04:50 | 000,001,998 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 7 Upgrade Advisor.lnk
[2011/07/20 15:04:50 | 000,001,986 | ---- | C] () -- C:\Users\Public\Desktop\Windows 7 Upgrade Advisor.lnk
[2011/07/20 13:54:35 | 000,329,789 | ---- | C] () -- C:\Users\Hannah-Leigh Bull\AppData\Local\census.cache
[2011/07/20 13:54:07 | 000,218,123 | ---- | C] () -- C:\Users\Hannah-Leigh Bull\AppData\Local\ars.cache
[2011/07/20 13:41:11 | 000,000,036 | ---- | C] () -- C:\Users\Hannah-Leigh Bull\AppData\Local\housecall.guid.cache
[2011/07/20 06:39:20 | 000,000,134 | ---- | C] () -- C:\Users\Hannah-Leigh Bull\Desktop\Windows Update - Shortcut.lnk
[2011/07/19 13:53:40 | 000,002,377 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/07/16 09:01:28 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/15 16:03:30 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/07/15 16:03:08 | 000,001,810 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/07/15 10:26:37 | 000,000,564 | ---- | C] () -- C:\Users\Hannah-Leigh Bull\Documents\ChatLog KMR2 Team Meeting 2011_07_15 10_26.rtf
[2011/07/13 18:22:21 | 000,002,577 | ---- | C] () -- C:\Users\Public\Desktop\TurboTax 2010.lnk
[2011/07/13 18:22:21 | 000,001,998 | ---- | C] () -- C:\Users\Public\Desktop\Adobe FrameMaker 8.lnk
[2011/07/13 18:22:21 | 000,001,964 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Captivate 3.lnk
[2011/07/13 18:22:21 | 000,001,938 | ---- | C] () -- C:\Users\Public\Desktop\RoboSource Control 3 Explorer.lnk
[2011/07/13 18:22:21 | 000,001,890 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Acrobat 3D Version 8.lnk
[2011/07/13 18:22:21 | 000,001,728 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/07/13 18:22:21 | 000,001,689 | ---- | C] () -- C:\Users\Public\Desktop\IrfanView Thumbnails.lnk
[2011/07/13 18:22:21 | 000,001,686 | ---- | C] () -- C:\Users\Public\Desktop\Solar Fire Deluxe.lnk
[2011/07/13 18:22:21 | 000,001,666 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/07/13 18:22:21 | 000,000,993 | ---- | C] () -- C:\Users\Public\Desktop\Adobe RoboHelp 8 HTML.lnk
[2011/07/13 18:22:21 | 000,000,957 | ---- | C] () -- C:\Users\Public\Desktop\Adobe FrameMaker 7.2.lnk
[2011/07/13 18:22:21 | 000,000,861 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011/07/13 18:22:21 | 000,000,809 | ---- | C] () -- C:\Users\Public\Desktop\IrfanView.lnk
[2011/07/13 18:22:21 | 000,000,716 | ---- | C] () -- C:\Users\Public\Desktop\PuTTY.lnk
[2011/07/13 18:22:18 | 000,002,633 | ---- | C] () -- C:\Users\Hannah-Leigh Bull\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003.lnk
[2011/07/13 18:22:18 | 000,001,816 | ---- | C] () -- C:\Users\Hannah-Leigh Bull\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2011/07/13 18:22:18 | 000,001,750 | ---- | C] () -- C:\Users\Hannah-Leigh Bull\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/07/13 18:22:18 | 000,000,945 | ---- | C] () -- C:\Users\Hannah-Leigh Bull\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/07/13 18:22:18 | 000,000,258 | ---- | C] () -- C:\Users\Hannah-Leigh Bull\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2011/07/13 18:22:18 | 000,000,240 | ---- | C] () -- C:\Users\Hannah-Leigh Bull\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2011/07/13 18:22:13 | 000,002,455 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat 3D Version 8.lnk
[2011/07/13 18:22:13 | 000,002,449 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Distiller 8.lnk
[2011/07/13 18:22:13 | 000,002,036 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat 3D Version 8 Toolkit.lnk
[2011/07/13 18:22:13 | 000,002,034 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe LiveCycle Designer 8.0.lnk
[2011/07/13 18:22:13 | 000,001,950 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Photo Gallery.lnk
[2011/07/13 18:22:13 | 000,001,924 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2007.lnk
[2011/07/13 18:22:13 | 000,001,897 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
[2011/07/13 18:22:13 | 000,001,852 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Collaboration.lnk
[2011/07/13 18:22:13 | 000,001,830 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011/07/13 18:22:13 | 000,001,807 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MediaDirect.lnk
[2011/07/13 18:22:13 | 000,001,803 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2011/07/13 18:22:13 | 000,001,770 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Calendar.lnk
[2011/07/13 18:22:13 | 000,001,768 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Movie Maker.lnk
[2011/07/13 18:22:13 | 000,001,757 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Defender.lnk
[2011/07/13 18:22:13 | 000,001,743 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
[2011/07/13 18:22:13 | 000,001,703 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Contacts.lnk
[2011/07/13 18:22:13 | 000,001,630 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2011/07/13 18:22:13 | 000,001,270 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS4.lnk
[2011/07/13 18:22:13 | 000,000,860 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/07/13 18:22:13 | 000,000,604 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live.lnk
[2011/07/05 11:42:37 | 000,000,452 | ---- | C] () -- C:\Users\Hannah-Leigh Bull\Documents\ChatLog KMR2 Team Meeting 2011_07_05 11_42.rtf
[2011/05/21 01:27:30 | 000,011,012 | ---- | C] () -- C:\Program Files\~wmf.wm~
[2010/05/17 12:11:13 | 000,004,096 | ---- | C] () -- C:\Users\Hannah-Leigh Bull\AppData\Local\keyfile3.drm
[2009/02/05 08:55:38 | 000,164,683 | ---- | C] () -- C:\Program Files\solfire.chw
[2009/01/22 08:50:14 | 000,000,345 | ---- | C] () -- C:\Program Files\dyncols.ini
[2008/12/18 13:56:30 | 000,081,984 | ---- | C] () -- C:\Windows\System32\bdod.bin
[2008/08/14 20:56:25 | 000,008,268 | ---- | C] () -- C:\Users\Hannah-Leigh Bull\AppData\Local\d3d9caps.dat
[2008/08/11 22:03:48 | 000,000,177 | ---- | C] () -- C:\Windows\hpbafd.ini
[2008/07/03 16:15:46 | 000,000,056 | ---- | C] () -- C:\Windows\System32\ezsidmv.dat
[2008/06/14 12:28:06 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat
[2008/06/13 21:33:25 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.INI
[2008/06/13 19:15:01 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2008/06/13 15:57:07 | 000,000,600 | ---- | C] () -- C:\Users\Hannah-Leigh Bull\AppData\Local\PUTTY.RND
[2008/05/28 15:04:13 | 000,114,176 | ---- | C] () -- C:\Users\Hannah-Leigh Bull\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/05/26 15:38:56 | 000,458,280 | ---- | C] () -- C:\Program Files\July05Database.SFcht
[2008/04/24 07:36:53 | 000,028,475 | ---- | C] () -- C:\Users\Hannah-Leigh Bull\AppData\Roaming\nvModes.001
[2008/04/16 07:26:26 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll
[2008/04/16 07:24:09 | 000,027,019 | ---- | C] () -- C:\Windows\maxlink.ini
[2008/04/15 17:14:22 | 000,028,475 | ---- | C] () -- C:\Users\Hannah-Leigh Bull\AppData\Roaming\nvModes.dat
[2008/04/11 11:52:28 | 000,003,485 | ---- | C] () -- C:\Windows\mozver.dat
[2008/04/11 11:50:54 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008/04/10 16:19:45 | 000,000,275 | ---- | C] () -- C:\Program Files\SF_Ver.ini
[2008/04/10 16:16:27 | 000,017,301 | ---- | C] () -- C:\Program Files\objects.dfn
[2008/04/10 16:16:27 | 000,001,276 | ---- | C] () -- C:\Program Files\plist.dfn
[2008/04/10 16:16:27 | 000,000,404 | ---- | C] () -- C:\Program Files\alist.dfn
[2008/04/10 16:16:27 | 000,000,041 | ---- | C] () -- C:\Program Files\starlist.dfn
[2008/04/10 16:16:27 | 000,000,018 | ---- | C] () -- C:\Program Files\astrlist.dfn
[2008/04/10 16:16:27 | 000,000,015 | ---- | C] () -- C:\Program Files\partlist.dfn
[2008/04/10 16:16:27 | 000,000,013 | ---- | C] () -- C:\Program Files\ringlist.dfn
[2008/04/10 16:16:26 | 000,000,330 | ---- | C] () -- C:\Program Files\Place1.fil
[2008/04/10 16:11:46 | 000,004,662 | ---- | C] () -- C:\Windows\solfire6.ini
[2008/04/10 16:10:11 | 000,000,025 | ---- | C] () -- C:\Program Files\solfire.usr
[2008/04/10 15:02:30 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/03/31 21:58:11 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2007/07/25 15:40:02 | 000,999,424 | ---- | C] () -- C:\Windows\System32\WLIHVUI.dll
[2007/07/16 11:10:28 | 000,001,932 | ---- | C] () -- C:\Program Files\setup.lst
[2007/04/03 16:18:26 | 000,197,672 | ---- | C] () -- C:\Windows\System32\vpnapi.dll
[2007/02/15 11:51:16 | 000,069,632 | ---- | C] () -- C:\Windows\System32\wdIconDll.dll
[2006/11/10 07:26:12 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006/11/07 13:25:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/02 06:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 06:47:37 | 000,387,408 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 06:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 04:33:01 | 000,633,766 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 04:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 04:33:01 | 000,108,886 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 04:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 04:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 04:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 02:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 02:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 01:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 01:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/11/02 01:22:43 | 000,099,999 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2006/11/02 01:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2006/09/16 22:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/16 22:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2005/03/18 13:42:16 | 000,002,144 | ---- | C] () -- C:\Program Files\etsflink.ini
[2005/03/14 08:25:44 | 000,004,826 | ---- | C] () -- C:\Program Files\CHLUNMAN.FST
[2005/03/11 09:05:56 | 001,164,800 | ---- | C] () -- C:\Windows\System32\ETSF0002.DLL
[2005/03/10 15:06:28 | 000,000,116 | ---- | C] () -- C:\Program Files\etsfuser.ini
[2005/02/02 21:27:34 | 000,868,965 | ---- | C] () -- C:\Program Files\SOLFIRE.CHM
[2005/01/21 00:50:17 | 000,486,400 | ---- | C] () -- C:\Windows\System32\ETSF0001.dll
[2005/01/12 04:01:08 | 000,012,180 | ---- | C] () -- C:\Program Files\DYNSETUP.FIL
[2005/01/09 20:17:31 | 000,008,199 | ---- | C] () -- C:\Program Files\ASPPAT.INI
[2004/12/02 00:33:40 | 000,002,449 | ---- | C] () -- C:\Program Files\TIMEZONE.FIL
[2004/11/29 20:36:09 | 000,008,700 | ---- | C] () -- C:\Program Files\EPHSETUP.FIL
[2004/11/24 22:46:49 | 000,308,278 | ---- | C] () -- C:\Program Files\SF6Back.bmp
[2004/10/19 20:57:33 | 000,173,878 | ---- | C] () -- C:\Program Files\SFINIT.BMP
[2004/03/15 05:27:08 | 003,138,154 | ---- | C] () -- C:\Program Files\Acsia.dat
[2004/01/15 00:14:00 | 000,126,319 | ---- | C] () -- C:\Program Files\Acstt.dat
[2003/05/10 18:34:52 | 004,918,952 | ---- | C] () -- C:\Program Files\Acsua.dat
[2003/03/10 21:35:59 | 000,073,216 | ---- | C] () -- C:\Windows\System32\ETPlan2.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
[2002/08/30 05:30:00 | 000,000,330 | ---- | C] () -- C:\Program Files\Place0.fil
[2002/05/14 19:07:12 | 000,434,176 | ---- | C] () -- C:\Windows\System32\SWEDLL32.DLL
[2002/03/04 10:16:34 | 000,110,592 | R--- | C] () -- C:\Windows\System32\Jpeg32.dll
[2000/12/18 23:31:20 | 000,105,906 | ---- | C] () -- C:\Program Files\ECLIPSE.ELM
[2000/05/30 22:57:34 | 000,043,520 | ---- | C] () -- C:\Windows\System32\ETAST32.dll
[2000/05/04 21:13:38 | 000,032,784 | ---- | C] () -- C:\Program Files\TRI.PAG
[2000/05/04 21:13:00 | 000,026,809 | ---- | C] () -- C:\Program Files\BI.PAG
[2000/04/05 20:39:22 | 000,000,636 | ---- | C] () -- C:\Program Files\SOLFIRE.MNU
[2000/03/26 22:16:00 | 000,000,080 | ---- | C] () -- C:\Program Files\SOLARMAP.USR
[2000/03/13 21:39:44 | 000,038,759 | ---- | C] () -- C:\Program Files\QUAD.PAG
[2000/03/13 21:36:30 | 000,030,394 | ---- | C] () -- C:\Program Files\SYNGRID.PAG
[2000/03/13 21:27:04 | 000,001,076 | ---- | C] () -- C:\Program Files\MIDEAST.SFM
[2000/03/13 21:25:46 | 000,000,212 | ---- | C] () -- C:\Program Files\ASIA.SFM
[2000/03/13 21:23:46 | 000,000,440 | ---- | C] () -- C:\Program Files\CANADA.SFM
[2000/03/13 21:18:32 | 000,001,100 | ---- | C] () -- C:\Program Files\AFRICA.SFM
[2000/03/12 20:12:46 | 000,071,696 | ---- | C] () -- C:\Program Files\LEVEL5.PNT
[2000/03/12 20:11:18 | 001,129,226 | ---- | C] () -- C:\Program Files\LEVEL1.PNT
[2000/03/01 05:30:00 | 000,026,890 | ---- | C] () -- C:\Program Files\TZTABLE.BIN
[2000/03/01 05:30:00 | 000,000,284 | ---- | C] () -- C:\Program Files\TZTABLE.NDX
[2000/02/17 05:02:58 | 000,050,370 | ---- | C] () -- C:\Program Files\EUROPE.SMC
[2000/02/16 21:48:30 | 000,051,750 | ---- | C] () -- C:\Program Files\USA.SMC
[2000/02/16 21:26:36 | 000,003,358 | ---- | C] () -- C:\Program Files\CANADA.SMC
[2000/02/15 00:32:34 | 000,002,316 | ---- | C] () -- C:\Program Files\HYLEG.ALM
[2000/01/01 05:30:00 | 000,014,859 | ---- | C] () -- C:\Program Files\UNI.PAG
[1999/11/17 22:20:02 | 000,001,520 | ---- | C] () -- C:\Windows\ETASCII.INI

hlbull · 2011/07/21

--------------------------------------
OTL.exe results Part 2/2
--------------------------------------
[1999/11/09 00:57:42 | 000,003,392 | ---- | C] () -- C:\Program Files\TPL20AD.STA
[1999/11/09 00:57:40 | 000,003,392 | ---- | C] () -- C:\Program Files\POS20AD.STA
[1999/11/09 00:57:36 | 000,003,392 | ---- | C] () -- C:\Program Files\VUS20AD.STA
[1999/11/09 00:57:32 | 000,003,392 | ---- | C] () -- C:\Program Files\ADM20AD.STA
[1999/11/09 00:57:28 | 000,003,392 | ---- | C] () -- C:\Program Files\APO20AD.STA
[1999/11/09 00:57:24 | 000,003,392 | ---- | C] () -- C:\Program Files\KRO20AD.STA
[1999/11/09 00:57:20 | 000,003,392 | ---- | C] () -- C:\Program Files\ZEU20AD.STA
[1999/11/09 00:57:18 | 000,003,392 | ---- | C] () -- C:\Program Files\HAD20AD.STA
[1999/11/09 00:57:14 | 000,003,376 | ---- | C] () -- C:\Program Files\CUP20AD.STA
[1999/11/09 00:57:10 | 000,002,624 | ---- | C] () -- C:\Program Files\AST20AD.STA
[1999/11/09 00:57:06 | 000,002,816 | ---- | C] () -- C:\Program Files\HYG20AD.STA
[1999/11/09 00:57:02 | 000,002,720 | ---- | C] () -- C:\Program Files\CER20AD.STA
[1999/11/09 00:56:56 | 000,002,656 | ---- | C] () -- C:\Program Files\JUN20AD.STA
[1999/11/09 00:56:52 | 000,002,704 | ---- | C] () -- C:\Program Files\PAL20AD.STA
[1999/11/09 00:56:48 | 000,002,512 | ---- | C] () -- C:\Program Files\VES20AD.STA
[1999/11/09 00:56:44 | 000,003,328 | ---- | C] () -- C:\Program Files\CHI20AD.STA
[1999/11/09 00:56:40 | 000,003,376 | ---- | C] () -- C:\Program Files\PLU20AD.STA
[1999/11/09 00:56:38 | 000,003,376 | ---- | C] () -- C:\Program Files\NEP20AD.STA
[1999/11/09 00:56:34 | 000,003,360 | ---- | C] () -- C:\Program Files\URA20AD.STA
[1999/11/09 00:56:30 | 000,003,280 | ---- | C] () -- C:\Program Files\SAT20AD.STA
[1999/11/09 00:56:26 | 000,003,104 | ---- | C] () -- C:\Program Files\JUP20AD.STA
[1999/11/09 00:56:22 | 000,001,696 | ---- | C] () -- C:\Program Files\MAR20AD.STA
[1999/11/09 00:56:18 | 000,002,176 | ---- | C] () -- C:\Program Files\VEN20AD.STA
[1999/11/09 00:56:14 | 000,010,272 | ---- | C] () -- C:\Program Files\MER20AD.STA
[1999/11/09 00:52:28 | 000,003,392 | ---- | C] () -- C:\Program Files\TPL19AD.STA
[1999/11/09 00:52:24 | 000,003,376 | ---- | C] () -- C:\Program Files\POS19AD.STA
[1999/11/09 00:52:20 | 000,003,392 | ---- | C] () -- C:\Program Files\VUS19AD.STA
[1999/11/09 00:52:16 | 000,003,376 | ---- | C] () -- C:\Program Files\ADM19AD.STA
[1999/11/09 00:52:14 | 000,003,376 | ---- | C] () -- C:\Program Files\APO19AD.STA
[1999/11/09 00:52:10 | 000,003,392 | ---- | C] () -- C:\Program Files\KRO19AD.STA
[1999/11/09 00:52:06 | 000,003,376 | ---- | C] () -- C:\Program Files\ZEU19AD.STA
[1999/11/09 00:52:02 | 000,003,376 | ---- | C] () -- C:\Program Files\HAD19AD.STA
[1999/11/09 00:51:58 | 000,003,376 | ---- | C] () -- C:\Program Files\CUP19AD.STA
[1999/11/09 00:51:54 | 000,002,608 | ---- | C] () -- C:\Program Files\AST19AD.STA
[1999/11/09 00:51:50 | 000,002,816 | ---- | C] () -- C:\Program Files\HYG19AD.STA
[1999/11/09 00:51:46 | 000,002,688 | ---- | C] () -- C:\Program Files\CER19AD.STA
[1999/11/09 00:51:42 | 000,002,656 | ---- | C] () -- C:\Program Files\JUN19AD.STA
[1999/11/09 00:51:38 | 000,002,704 | ---- | C] () -- C:\Program Files\PAL19AD.STA
[1999/11/09 00:51:34 | 000,002,496 | ---- | C] () -- C:\Program Files\VES19AD.STA
[1999/11/09 00:51:30 | 000,003,328 | ---- | C] () -- C:\Program Files\CHI19AD.STA
[1999/11/09 00:51:26 | 000,003,376 | ---- | C] () -- C:\Program Files\PLU19AD.STA
[1999/11/09 00:51:22 | 000,003,376 | ---- | C] () -- C:\Program Files\NEP19AD.STA
[1999/11/09 00:51:18 | 000,003,360 | ---- | C] () -- C:\Program Files\URA19AD.STA
[1999/11/09 00:51:14 | 000,003,280 | ---- | C] () -- C:\Program Files\SAT19AD.STA
[1999/11/09 00:51:12 | 000,003,136 | ---- | C] () -- C:\Program Files\JUP19AD.STA
[1999/11/09 00:51:08 | 000,001,696 | ---- | C] () -- C:\Program Files\MAR19AD.STA
[1999/11/09 00:51:04 | 000,002,208 | ---- | C] () -- C:\Program Files\VEN19AD.STA
[1999/11/09 00:51:00 | 000,010,272 | ---- | C] () -- C:\Program Files\MER19AD.STA
[1999/11/08 19:40:38 | 000,079,478 | ---- | C] () -- C:\Program Files\STARS2.BMP
[1999/11/04 03:59:10 | 000,000,640 | ---- | C] () -- C:\Program Files\COLSCHEM.INI
[1999/11/01 03:17:12 | 000,000,103 | ---- | C] () -- C:\Program Files\INTEDIT.INI
[1999/10/28 19:52:42 | 000,002,164 | ---- | C] () -- C:\Program Files\STATE.INI
[1999/09/13 21:28:16 | 000,000,316 | ---- | C] () -- C:\Program Files\MWA.INI
[1999/05/30 22:19:28 | 000,000,965 | ---- | C] () -- C:\Program Files\RAYSBAKR.INI
[1999/04/22 19:45:10 | 000,000,643 | ---- | C] () -- C:\Program Files\RAYS.INI
[1998/12/07 19:41:54 | 000,442,208 | ---- | C] () -- C:\Program Files\LECLIPSE.BIN
[1998/12/07 19:40:22 | 000,321,246 | ---- | C] () -- C:\Program Files\SECLIPSE.BIN
[1998/11/18 03:41:06 | 000,079,492 | ---- | C] () -- C:\Program Files\STARS.BMP
[1997/06/04 00:43:58 | 000,004,123 | ---- | C] () -- C:\Program Files\GRID.PAG
[1997/06/04 00:43:34 | 000,004,759 | ---- | C] () -- C:\Program Files\DUAL.PAG
[1997/05/14 19:30:00 | 000,004,123 | ---- | C] () -- C:\Program Files\WHLGRID.PAG
[1997/05/12 21:45:28 | 000,004,006 | ---- | C] () -- C:\Program Files\HYLEG.ASP
[1997/05/06 18:50:46 | 000,000,609 | ---- | C] () -- C:\Program Files\TZTABLE.LST
[1997/03/23 18:33:04 | 000,001,800 | ---- | C] () -- C:\Program Files\DEGDIG2.FIL
[1997/03/23 18:33:04 | 000,000,108 | ---- | C] () -- C:\Program Files\SIGNDIG2.FIL
[1997/03/23 18:33:04 | 000,000,036 | ---- | C] () -- C:\Program Files\TRIPDIG2.FIL
[1997/03/19 19:13:08 | 000,000,579 | ---- | C] () -- C:\Program Files\HOUSE.ALM
[1997/03/11 18:52:52 | 000,000,630 | ---- | C] () -- C:\Program Files\SUNSMILE.BMP
[1997/03/05 23:35:10 | 000,000,652 | ---- | C] () -- C:\Program Files\RULERS2.FIL
[1997/01/14 18:56:10 | 000,000,579 | ---- | C] () -- C:\Program Files\ESSDIG.ALM
[1997/01/14 00:31:54 | 000,001,737 | ---- | C] () -- C:\Program Files\GENERAL.ALM
[1996/12/31 19:46:00 | 000,000,788 | ---- | C] () -- C:\Program Files\UK.SFM
[1996/12/31 18:21:22 | 000,042,642 | ---- | C] () -- C:\Program Files\UK.SMC
[1996/09/23 00:08:54 | 000,004,370 | ---- | C] () -- C:\Program Files\WORLD.SMC
[1996/09/12 00:11:56 | 000,089,600 | ---- | C] () -- C:\Windows\System32\ETPlan1.dll
[1996/08/24 21:16:18 | 000,002,880 | ---- | C] () -- C:\Program Files\DEGDIGS.FIL
[1996/08/21 21:01:00 | 000,000,108 | ---- | C] () -- C:\Program Files\WEIGHTS.FIL
[1996/06/20 03:48:20 | 000,136,376 | ---- | C] () -- C:\Program Files\ETLOGO.BMP
[1996/03/28 04:03:10 | 000,009,152 | ---- | C] () -- C:\Program Files\COUNTRY.FIL
[1996/02/29 19:18:04 | 000,000,704 | ---- | C] () -- C:\Program Files\GLOBE1.SFM
[1996/02/29 19:17:08 | 000,000,704 | ---- | C] () -- C:\Program Files\GLOBE2.SFM
[1996/02/29 19:16:30 | 000,000,704 | ---- | C] () -- C:\Program Files\GLOBE3.SFM
[1996/02/29 19:06:58 | 000,001,268 | ---- | C] () -- C:\Program Files\AUST-NZ.SFM
[1996/02/29 18:17:08 | 000,000,404 | ---- | C] () -- C:\Program Files\USA.SFM
[1996/02/29 05:12:42 | 000,000,572 | ---- | C] () -- C:\Program Files\EUROPE.SFM
[1996/02/26 18:46:56 | 000,000,380 | ---- | C] () -- C:\Program Files\WORLD.SFM
[1996/02/15 19:44:22 | 000,000,704 | ---- | C] () -- C:\Program Files\WORLD3.SFM
[1996/02/15 19:44:04 | 000,000,704 | ---- | C] () -- C:\Program Files\WORLD2.SFM
[1996/02/15 19:43:42 | 000,000,704 | ---- | C] () -- C:\Program Files\WORLD1.SFM
[1995/12/27 21:29:06 | 000,027,416 | ---- | C] () -- C:\Program Files\AUSTRALI.SMC
[1995/11/15 21:24:08 | 000,000,340 | ---- | C] () -- C:\Program Files\bright2.sms
[1995/11/15 21:21:12 | 000,000,340 | ---- | C] () -- C:\Program Files\default.sms
[1995/11/15 21:21:12 | 000,000,340 | ---- | C] () -- C:\Program Files\DARK.SMS
[1995/11/15 21:16:10 | 000,000,340 | ---- | C] () -- C:\Program Files\BRIGHT.SMS
[1995/11/15 21:13:00 | 000,000,340 | ---- | C] () -- C:\Program Files\DEF256.SMS
[1995/09/10 20:16:08 | 000,000,464 | ---- | C] () -- C:\Program Files\SAMERICA.SFM
[1994/07/24 21:13:44 | 000,003,640 | ---- | C] () -- C:\Program Files\PLANPARM.FIL
[1993/03/24 19:46:20 | 000,052,603 | ---- | C] () -- C:\Program Files\SPARKLE.WAV
[1993/01/05 20:51:26 | 000,153,636 | ---- | C] () -- C:\Program Files\AS18AD.EPH
[1993/01/05 20:35:32 | 000,153,636 | ---- | C] () -- C:\Program Files\AS19AD.EPH
[1993/01/05 20:02:46 | 000,076,944 | ---- | C] () -- C:\Program Files\AS20AD.EPH

========== LOP Check ==========

[2008/06/08 14:24:51 | 000,000,000 | ---D | M] -- C:\Users\Hannah-Leigh Bull\AppData\Roaming\Idiom Technologies, Inc
[2011/07/21 21:09:28 | 000,000,000 | ---D | M] -- C:\Users\Hannah-Leigh Bull\AppData\Roaming\ImgBurn
[2008/12/20 18:58:34 | 000,000,000 | ---D | M] -- C:\Users\Hannah-Leigh Bull\AppData\Roaming\IrfanView
[2011/07/20 21:26:32 | 000,000,000 | ---D | M] -- C:\Users\Hannah-Leigh Bull\AppData\Roaming\QuickScan
[2010/09/16 06:29:46 | 000,000,000 | ---D | M] -- C:\Users\Hannah-Leigh Bull\AppData\Roaming\Thunderbird
[2010/06/18 11:43:30 | 000,000,000 | ---D | M] -- C:\Users\Hannah-Leigh Bull\AppData\Roaming\webex
[2011/07/20 19:25:48 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2011/07/21 21:52:38 | 000,001,805 | ---- | M] () -- C:\aswMBR.txt
[2006/09/18 15:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2008/01/18 23:45:46 | 000,333,203 | RHS- | M] () -- C:\bootmgr
[2011/07/20 21:43:36 | 000,012,369 | ---- | M] () -- C:\ComboFix.txt
[2011/07/20 21:45:50 | 000,012,369 | ---- | M] () -- C:\ComboFix_log.txt
[2006/09/18 15:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2008/03/31 21:58:27 | 000,004,404 | R--- | M] () -- C:\dell.sdr
[2011/07/20 23:37:33 | 000,004,764 | ---- | M] () -- C:\GMER.log
[2008/04/10 16:16:39 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/07/21 21:52:38 | 000,000,512 | ---- | M] () -- C:\MBR.dat
[2008/04/10 16:16:39 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2009/01/27 21:22:55 | 000,000,301 | ---- | M] () -- C:\OS (C) - Shortcut.lnk
[2011/07/20 16:33:02 | 3533,099,008 | -HS- | M] () -- C:\pagefile.sys
[2008/08/09 03:12:43 | 000,001,300 | ---- | M] () -- C:\Rescued document.txt
[2011/07/20 21:29:31 | 000,000,526 | ---- | M] () -- C:\rkill.log
[2008/03/31 14:20:49 | 000,001,998 | ---- | M] () -- C:\SetWiFiBT.txt
[2011/07/20 19:25:17 | 000,061,660 | ---- | M] () -- C:\TDSSKiller.2.5.11.0_20.07.2011_19.24.09_log.txt

< %systemroot%\Fonts\*.com >
[2006/11/02 06:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 06:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 06:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2006/11/02 06:37:12 | 000,030,808 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 15:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2006/11/02 03:46:05 | 000,089,600 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\HPZPPLHN.DLL
[2006/11/02 06:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll
[2007/04/09 14:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\mdippr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2004/03/15 05:27:08 | 003,138,154 | ---- | M] () -- C:\Program Files\Acsia.dat
[2004/01/15 00:14:00 | 000,126,319 | ---- | M] () -- C:\Program Files\Acstt.dat
[2003/05/10 18:34:52 | 004,918,952 | ---- | M] () -- C:\Program Files\Acsua.dat
[1999/11/09 00:52:16 | 000,003,376 | ---- | M] () -- C:\Program Files\ADM19AD.STA
[1999/11/09 00:57:32 | 000,003,392 | ---- | M] () -- C:\Program Files\ADM20AD.STA
[2000/03/13 21:18:32 | 000,001,100 | ---- | M] () -- C:\Program Files\AFRICA.SFM
[2011/07/13 08:37:53 | 000,000,404 | ---- | M] () -- C:\Program Files\alist.dfn
[2005/01/22 20:16:12 | 000,106,496 | ---- | M] (Esoteric Technologies Pty Ltd) -- C:\Program Files\Almutens.exe
[1999/11/09 00:52:14 | 000,003,376 | ---- | M] () -- C:\Program Files\APO19AD.STA
[1999/11/09 00:57:28 | 000,003,392 | ---- | M] () -- C:\Program Files\APO20AD.STA
[1993/01/05 20:51:26 | 000,153,636 | ---- | M] () -- C:\Program Files\AS18AD.EPH
[1993/01/05 20:35:32 | 000,153,636 | ---- | M] () -- C:\Program Files\AS19AD.EPH
[1993/01/05 20:02:46 | 000,076,944 | ---- | M] () -- C:\Program Files\AS20AD.EPH
[1998/05/05 21:17:06 | 000,021,119 | ---- | M] () -- C:\Program Files\ASCIIHLP.HLP
[2000/03/13 21:25:46 | 000,000,212 | ---- | M] () -- C:\Program Files\ASIA.SFM
[2005/10/24 11:35:22 | 000,008,199 | ---- | M] () -- C:\Program Files\ASPPAT.INI
[1999/11/09 00:51:54 | 000,002,608 | ---- | M] () -- C:\Program Files\AST19AD.STA
[1999/11/09 00:57:10 | 000,002,624 | ---- | M] () -- C:\Program Files\AST20AD.STA
[2011/07/13 08:37:53 | 000,000,018 | ---- | M] () -- C:\Program Files\astrlist.dfn
[1996/02/29 19:06:58 | 000,001,268 | ---- | M] () -- C:\Program Files\AUST-NZ.SFM
[1995/12/27 21:29:06 | 000,027,416 | ---- | M] () -- C:\Program Files\AUSTRALI.SMC
[2000/05/04 21:13:00 | 000,026,809 | ---- | M] () -- C:\Program Files\BI.PAG
[1995/11/15 21:16:10 | 000,000,340 | ---- | M] () -- C:\Program Files\BRIGHT.SMS
[1995/11/15 21:24:08 | 000,000,340 | ---- | M] () -- C:\Program Files\bright2.sms
[2000/03/13 21:23:46 | 000,000,440 | ---- | M] () -- C:\Program Files\CANADA.SFM
[2000/02/16 21:26:36 | 000,003,358 | ---- | M] () -- C:\Program Files\CANADA.SMC
[1999/11/09 00:51:46 | 000,002,688 | ---- | M] () -- C:\Program Files\CER19AD.STA
[1999/11/09 00:57:02 | 000,002,720 | ---- | M] () -- C:\Program Files\CER20AD.STA
[1999/11/09 00:51:30 | 000,003,328 | ---- | M] () -- C:\Program Files\CHI19AD.STA
[1999/11/09 00:56:44 | 000,003,328 | ---- | M] () -- C:\Program Files\CHI20AD.STA
[2005/03/14 08:25:44 | 000,004,826 | ---- | M] () -- C:\Program Files\CHLUNMAN.FST
[1999/11/04 03:59:10 | 000,000,640 | ---- | M] () -- C:\Program Files\COLSCHEM.INI
[1996/03/28 04:03:10 | 000,009,152 | ---- | M] () -- C:\Program Files\COUNTRY.FIL
[1999/11/09 00:51:58 | 000,003,376 | ---- | M] () -- C:\Program Files\CUP19AD.STA
[1999/11/09 00:57:14 | 000,003,376 | ---- | M] () -- C:\Program Files\CUP20AD.STA
[1995/11/15 21:21:12 | 000,000,340 | ---- | M] () -- C:\Program Files\DARK.SMS
[1995/11/15 21:13:00 | 000,000,340 | ---- | M] () -- C:\Program Files\DEF256.SMS
[1995/11/15 21:21:12 | 000,000,340 | ---- | M] () -- C:\Program Files\default.sms
[1997/03/23 18:33:04 | 000,001,800 | ---- | M] () -- C:\Program Files\DEGDIG2.FIL
[1996/08/24 21:16:18 | 000,002,880 | ---- | M] () -- C:\Program Files\DEGDIGS.FIL
[2005/01/22 20:56:49 | 000,188,416 | ---- | M] (Esoteric Technologies Pty Ltd) -- C:\Program Files\DESIGNER.exe
[2008/12/18 17:18:21 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini
[1997/06/04 00:43:34 | 000,004,759 | ---- | M] () -- C:\Program Files\DUAL.PAG
[2010/12/03 23:28:45 | 000,000,345 | ---- | M] () -- C:\Program Files\dyncols.ini
[2005/01/12 04:01:08 | 000,012,180 | ---- | M] () -- C:\Program Files\DYNSETUP.FIL
[2000/12/18 23:31:20 | 000,105,906 | ---- | M] () -- C:\Program Files\ECLIPSE.ELM
[2004/11/29 20:36:09 | 000,008,700 | ---- | M] () -- C:\Program Files\EPHSETUP.FIL
[1997/01/14 18:56:10 | 000,000,579 | ---- | M] () -- C:\Program Files\ESSDIG.ALM
[2007/02/23 11:43:48 | 000,601,088 | ---- | M] (Esoteric Technologies Pty Ltd) -- C:\Program Files\ETCONV.EXE
[2005/01/22 22:49:54 | 000,014,697 | ---- | M] () -- C:\Program Files\ETCONV.HLP
[1996/06/20 03:48:20 | 000,136,376 | ---- | M] () -- C:\Program Files\ETLOGO.BMP
[2005/03/18 13:42:16 | 000,002,144 | ---- | M] () -- C:\Program Files\etsflink.ini
[2005/03/10 15:06:28 | 000,000,116 | ---- | M] () -- C:\Program Files\etsfuser.ini
[1996/02/29 05:12:42 | 000,000,572 | ---- | M] () -- C:\Program Files\EUROPE.SFM
[2000/02/17 05:02:58 | 000,050,370 | ---- | M] () -- C:\Program Files\EUROPE.SMC
[2004/08/26 20:20:47 | 000,024,576 | ---- | M] (Esoteric Technologies Pty Ltd) -- C:\Program Files\FILEFIND.exe
[2005/06/23 08:06:16 | 000,106,496 | ---- | M] (Astro Communications Services) -- C:\Program Files\FINDCITY.DLL
[1997/01/14 00:31:54 | 000,001,737 | ---- | M] () -- C:\Program Files\GENERAL.ALM
[1996/02/29 19:18:04 | 000,000,704 | ---- | M] () -- C:\Program Files\GLOBE1.SFM
[1996/02/29 19:17:08 | 000,000,704 | ---- | M] () -- C:\Program Files\GLOBE2.SFM
[1996/02/29 19:16:30 | 000,000,704 | ---- | M] () -- C:\Program Files\GLOBE3.SFM
[1997/06/04 00:43:58 | 000,004,123 | ---- | M] () -- C:\Program Files\GRID.PAG
[1999/11/09 00:52:02 | 000,003,376 | ---- | M] () -- C:\Program Files\HAD19AD.STA
[1999/11/09 00:57:18 | 000,003,392 | ---- | M] () -- C:\Program Files\HAD20AD.STA
[1997/03/19 19:13:08 | 000,000,579 | ---- | M] () -- C:\Program Files\HOUSE.ALM
[1999/11/09 00:51:50 | 000,002,816 | ---- | M] () -- C:\Program Files\HYG19AD.STA
[1999/11/09 00:57:06 | 000,002,816 | ---- | M] () -- C:\Program Files\HYG20AD.STA
[2000/02/15 00:32:34 | 000,002,316 | ---- | M] () -- C:\Program Files\HYLEG.ALM
[1997/05/12 21:45:28 | 000,004,006 | ---- | M] () -- C:\Program Files\HYLEG.ASP
[1999/11/01 03:17:12 | 000,000,103 | ---- | M] () -- C:\Program Files\INTEDIT.INI
[2008/03/02 20:58:08 | 000,458,280 | ---- | M] () -- C:\Program Files\July05Database.SFcht
[1999/11/09 00:51:42 | 000,002,656 | ---- | M] () -- C:\Program Files\JUN19AD.STA
[1999/11/09 00:56:56 | 000,002,656 | ---- | M] () -- C:\Program Files\JUN20AD.STA
[1999/11/09 00:51:12 | 000,003,136 | ---- | M] () -- C:\Program Files\JUP19AD.STA
[1999/11/09 00:56:26 | 000,003,104 | ---- | M] () -- C:\Program Files\JUP20AD.STA
[1999/11/09 00:52:10 | 000,003,392 | ---- | M] () -- C:\Program Files\KRO19AD.STA
[1999/11/09 00:57:24 | 000,003,392 | ---- | M] () -- C:\Program Files\KRO20AD.STA
[1998/12/07 19:41:54 | 000,442,208 | ---- | M] () -- C:\Program Files\LECLIPSE.BIN
[2000/03/12 20:11:18 | 001,129,226 | ---- | M] () -- C:\Program Files\LEVEL1.PNT
[2000/03/12 20:12:46 | 000,071,696 | ---- | M] () -- C:\Program Files\LEVEL5.PNT
[1999/11/09 00:51:08 | 000,001,696 | ---- | M] () -- C:\Program Files\MAR19AD.STA
[1999/11/09 00:56:22 | 000,001,696 | ---- | M] () -- C:\Program Files\MAR20AD.STA
[1999/11/09 00:51:00 | 000,010,272 | ---- | M] () -- C:\Program Files\MER19AD.STA
[1999/11/09 00:56:14 | 000,010,272 | ---- | M] () -- C:\Program Files\MER20AD.STA
[2000/03/13 21:27:04 | 000,001,076 | ---- | M] () -- C:\Program Files\MIDEAST.SFM
[2005/01/22 21:56:12 | 000,036,864 | ---- | M] (Esoteric Technologies Pty Ltd) -- C:\Program Files\MNUEDIT.exe
[1999/09/13 21:28:16 | 000,000,316 | ---- | M] () -- C:\Program Files\MWA.INI
[1999/11/09 00:51:22 | 000,003,376 | ---- | M] () -- C:\Program Files\NEP19AD.STA
[1999/11/09 00:56:38 | 000,003,376 | ---- | M] () -- C:\Program Files\NEP20AD.STA
[2011/07/13 08:37:53 | 000,017,301 | ---- | M] () -- C:\Program Files\objects.dfn
[1999/11/09 00:51:38 | 000,002,704 | ---- | M] () -- C:\Program Files\PAL19AD.STA
[1999/11/09 00:56:52 | 000,002,704 | ---- | M] () -- C:\Program Files\PAL20AD.STA
[2005/03/16 12:01:12 | 000,081,920 | ---- | M] (Esoteric Technologies Pty Ltd) -- C:\Program Files\PARTEDIT.EXE
[2011/07/13 08:37:53 | 000,000,015 | ---- | M] () -- C:\Program Files\partlist.dfn
[2005/01/22 20:38:39 | 000,212,992 | ---- | M] (Esoteric Technologies Pty Ltd) -- C:\Program Files\PGDESIGN.exe
[2011/07/13 08:40:21 | 000,000,330 | ---- | M] () -- C:\Program Files\Place0.fil
[2011/07/13 08:40:21 | 000,000,330 | ---- | M] () -- C:\Program Files\Place1.fil
[1994/07/24 21:13:44 | 000,003,640 | ---- | M] () -- C:\Program Files\PLANPARM.FIL
[2011/07/13 08:37:53 | 000,001,276 | ---- | M] () -- C:\Program Files\plist.dfn
[2005/01/22 21:49:46 | 000,184,320 | ---- | M] (Esoteric Technologies Pty Ltd) -- C:\Program Files\PLNTRIUM.exe
[1999/11/09 00:51:26 | 000,003,376 | ---- | M] () -- C:\Program Files\PLU19AD.STA
[1999/11/09 00:56:40 | 000,003,376 | ---- | M] () -- C:\Program Files\PLU20AD.STA
[1999/11/09 00:52:24 | 000,003,376 | ---- | M] () -- C:\Program Files\POS19AD.STA
[1999/11/09 00:57:40 | 000,003,392 | ---- | M] () -- C:\Program Files\POS20AD.STA
[2000/03/13 21:39:44 | 000,038,759 | ---- | M] () -- C:\Program Files\QUAD.PAG
[1999/04/22 19:45:10 | 000,000,643 | ---- | M] () -- C:\Program Files\RAYS.INI
[1999/05/30 22:19:28 | 000,000,965 | ---- | M] () -- C:\Program Files\RAYSBAKR.INI
[2005/01/20 19:31:53 | 000,019,456 | ---- | M] () -- C:\Program Files\Readme.doc
[2011/07/13 08:37:53 | 000,000,013 | ---- | M] () -- C:\Program Files\ringlist.dfn
[1997/03/05 23:35:10 | 000,000,652 | ---- | M] () -- C:\Program Files\RULERS2.FIL
[2005/01/22 21:53:01 | 000,057,344 | ---- | M] (Esoteric Technologies Pty Ltd) -- C:\Program Files\RULREDIT.exe
[1995/09/10 20:16:08 | 000,000,464 | ---- | M] () -- C:\Program Files\SAMERICA.SFM
[1999/11/09 00:51:14 | 000,003,280 | ---- | M] () -- C:\Program Files\SAT19AD.STA
[1999/11/09 00:56:30 | 000,003,280 | ---- | M] () -- C:\Program Files\SAT20AD.STA
[1998/12/07 19:40:22 | 000,321,246 | ---- | M] () -- C:\Program Files\SECLIPSE.BIN
[2007/07/16 11:10:28 | 000,001,932 | ---- | M] () -- C:\Program Files\setup.lst
[2008/04/10 16:50:09 | 000,011,086 | ---- | M] () -- C:\Program Files\sf6.log
[2004/11/24 22:46:49 | 000,308,278 | ---- | M] () -- C:\Program Files\SF6Back.bmp
[2011/07/13 08:40:21 | 000,001,342 | ---- | M] () -- C:\Program Files\SFDesktop.ini
[2004/10/19 20:57:33 | 000,173,878 | ---- | M] () -- C:\Program Files\SFINIT.BMP
[2005/01/22 21:26:36 | 000,151,552 | ---- | M] (Esoteric Technologies Pty Ltd) -- C:\Program Files\SFINTERP.exe
[2008/04/10 16:19:45 | 000,000,275 | ---- | M] () -- C:\Program Files\SF_Ver.ini
[1997/03/23 18:33:04 | 000,000,108 | ---- | M] () -- C:\Program Files\SIGNDIG2.FIL
[2007/04/23 17:13:44 | 001,204,224 | ---- | M] (Esoteric Technologies Pty Ltd ACN 003 895 396) -- C:\Program Files\SOLARMAP.EXE
[2000/03/26 22:16:00 | 000,000,080 | ---- | M] () -- C:\Program Files\SOLARMAP.USR
[2006/07/31 10:07:30 | 000,868,965 | ---- | M] () -- C:\Program Files\SOLFIRE.CHM
[2009/02/05 08:55:38 | 000,164,683 | ---- | M] () -- C:\Program Files\solfire.chw
[2007/07/16 11:19:32 | 004,964,360 | ---- | M] (Esoteric Technologies Pty Ltd) -- C:\Program Files\SOLFIRE.EXE
[2000/04/05 20:39:22 | 000,000,636 | ---- | M] () -- C:\Program Files\SOLFIRE.MNU
[2008/04/10 16:10:11 | 000,000,025 | ---- | M] () -- C:\Program Files\solfire.usr
[1993/03/24 19:46:20 | 000,052,603 | ---- | M] () -- C:\Program Files\SPARKLE.WAV
[2005/01/22 20:22:42 | 000,139,264 | ---- | M] (Esoteric Technologies Pty Ltd) -- C:\Program Files\STAREDIT.exe
[2011/07/13 08:37:53 | 000,000,041 | ---- | M] () -- C:\Program Files\starlist.dfn
[1998/11/18 03:41:06 | 000,079,492 | ---- | M] () -- C:\Program Files\STARS.BMP
[1999/11/08 19:40:38 | 000,079,478 | ---- | M] () -- C:\Program Files\STARS2.BMP
[1999/10/28 19:52:42 | 000,002,164 | ---- | M] () -- C:\Program Files\STATE.INI
[1997/03/11 18:52:52 | 000,000,630 | ---- | M] () -- C:\Program Files\SUNSMILE.BMP
[2000/03/13 21:36:30 | 000,030,394 | ---- | M] () -- C:\Program Files\SYNGRID.PAG
[2007/07/16 11:19:32 | 004,964,360 | ---- | M] (Esoteric Technologies Pty Ltd) -- C:\Program Files\temp.000
[2004/12/02 00:33:40 | 000,002,449 | ---- | M] () -- C:\Program Files\TIMEZONE.FIL
[1999/11/09 00:52:28 | 000,003,392 | ---- | M] () -- C:\Program Files\TPL19AD.STA
[1999/11/09 00:57:42 | 000,003,392 | ---- | M] () -- C:\Program Files\TPL20AD.STA
[2000/05/04 21:13:38 | 000,032,784 | ---- | M] () -- C:\Program Files\TRI.PAG
[1997/03/23 18:33:04 | 000,000,036 | ---- | M] () -- C:\Program Files\TRIPDIG2.FIL
[2006/11/27 12:45:44 | 000,026,890 | ---- | M] () -- C:\Program Files\TZTABLE.BIN
[1997/05/06 18:50:46 | 000,000,609 | ---- | M] () -- C:\Program Files\TZTABLE.LST
[2006/11/27 12:45:44 | 000,000,284 | ---- | M] () -- C:\Program Files\TZTABLE.NDX
[1996/12/31 19:46:00 | 000,000,788 | ---- | M] () -- C:\Program Files\UK.SFM
[1996/12/31 18:21:22 | 000,042,642 | ---- | M] () -- C:\Program Files\UK.SMC
[2000/01/01 05:30:00 | 000,014,859 | ---- | M] () -- C:\Program Files\UNI.PAG
[1999/11/09 00:51:18 | 000,003,360 | ---- | M] () -- C:\Program Files\URA19AD.STA
[1999/11/09 00:56:34 | 000,003,360 | ---- | M] () -- C:\Program Files\URA20AD.STA
[1996/02/29 18:17:08 | 000,000,404 | ---- | M] () -- C:\Program Files\USA.SFM
[2000/02/16 21:48:30 | 000,051,750 | ---- | M] () -- C:\Program Files\USA.SMC
[1999/11/09 00:51:04 | 000,002,208 | ---- | M] () -- C:\Program Files\VEN19AD.STA
[1999/11/09 00:56:18 | 000,002,176 | ---- | M] () -- C:\Program Files\VEN20AD.STA
[1999/11/09 00:51:34 | 000,002,496 | ---- | M] () -- C:\Program Files\VES19AD.STA
[1999/11/09 00:56:48 | 000,002,512 | ---- | M] () -- C:\Program Files\VES20AD.STA
[1999/11/09 00:52:20 | 000,003,392 | ---- | M] () -- C:\Program Files\VUS19AD.STA
[1999/11/09 00:57:36 | 000,003,392 | ---- | M] () -- C:\Program Files\VUS20AD.STA
[1996/08/21 21:01:00 | 000,000,108 | ---- | M] () -- C:\Program Files\WEIGHTS.FIL
[1997/05/14 19:30:00 | 000,004,123 | ---- | M] () -- C:\Program Files\WHLGRID.PAG
[1996/02/26 18:46:56 | 000,000,380 | ---- | M] () -- C:\Program Files\WORLD.SFM
[1996/09/23 00:08:54 | 000,004,370 | ---- | M] () -- C:\Program Files\WORLD.SMC
[1996/02/15 19:43:42 | 000,000,704 | ---- | M] () -- C:\Program Files\WORLD1.SFM
[1996/02/15 19:44:04 | 000,000,704 | ---- | M] () -- C:\Program Files\WORLD2.SFM
[1996/02/15 19:44:22 | 000,000,704 | ---- | M] () -- C:\Program Files\WORLD3.SFM
[1999/11/09 00:52:06 | 000,003,376 | ---- | M] () -- C:\Program Files\ZEU19AD.STA
[1999/11/09 00:57:20 | 000,003,392 | ---- | M] () -- C:\Program Files\ZEU20AD.STA
[2011/05/21 01:27:30 | 000,011,012 | ---- | M] () -- C:\Program Files\~wmf.wm~

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2006/11/02 04:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 04:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 04:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 04:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 04:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/05/01 10:02:14 | 000,000,286 | -HS- | M] () -- C:\Users\Hannah-Leigh Bull\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2011/07/21 18:35:18 | 001,915,904 | ---- | M] (AVAST Software) -- C:\Users\Hannah-Leigh Bull\Desktop\aswMBR.exe
[2011/07/20 22:23:32 | 000,302,592 | ---- | M] () -- C:\Users\Hannah-Leigh Bull\Desktop\ciq7gx6g.exe
[2011/07/20 21:31:41 | 004,151,535 | R--- | M] (Swearware) -- C:\Users\Hannah-Leigh Bull\Desktop\ComboFix.exe
[2011/07/21 19:59:52 | 001,592,512 | ---- | M] (W3i, LLC) -- C:\Users\Hannah-Leigh Bull\Desktop\dvdburning.exe
[2011/07/20 13:40:35 | 002,001,984 | ---- | M] (Trend Micro Inc.) -- C:\Users\Hannah-Leigh Bull\Desktop\HousecallLauncher.exe
[2011/07/21 22:21:31 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Hannah-Leigh Bull\Desktop\OTL.exe
[2011/07/20 16:12:24 | 000,302,592 | ---- | M] () -- C:\Users\Hannah-Leigh Bull\Desktop\qjnmbyv3.exe
[2011/07/20 21:28:14 | 001,008,041 | ---- | M] () -- C:\Users\Hannah-Leigh Bull\Desktop\rkill.exe
[2011/07/21 20:36:05 | 005,514,668 | ---- | M] (LIGHTNING UK!) -- C:\Users\Hannah-Leigh Bull\Desktop\SetupImgBurn_2.5.5.0.exe
[2011/07/20 19:22:54 | 001,436,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Hannah-Leigh Bull\Desktop\tdsskiller.exe
[2011/07/20 15:03:49 | 008,669,472 | ---- | M] (Microsoft Corporation) -- C:\Users\Hannah-Leigh Bull\Desktop\Windows7UpgradeAdvisorSetup.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2008/04/09 10:22:59 | 000,000,402 | -HS- | M] () -- C:\Users\Hannah-Leigh Bull\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >
[2007/08/13 03:05:24 | 000,600,328 | ---- | M] (Intel Corporation) -- C:\Windows\Installer\iProInst.exe
[1 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Users\Hannah-Leigh Bull\Documents\XML:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Hannah-Leigh Bull\Documents\WebDrive:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Hannah-Leigh Bull\Documents\TurboTax:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Hannah-Leigh Bull\Documents\Office Clip Art:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Hannah-Leigh Bull\Documents\My RoboHelp Projects:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Hannah-Leigh Bull\Documents\Llama Deara Ranch:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Hannah-Leigh Bull\Documents\cache:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Hannah-Leigh Bull\Documents\Adobe Systems:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Hannah-Leigh Bull\Desktop\ML042.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Hannah-Leigh Bull\Desktop\ML020.jpg:Roxio EMC Stream

< End of report >

hlbull · 2011/07/21

---------------------------------
Extras.txt Part 1/1
---------------------------------
OTL Extras logfile created on: 7/21/2011 10:24:29 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Hannah-Leigh Bull\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.49 Gb Available Physical Memory | 82.91% Memory free
3.13 Gb Paging File | 2.82 Gb Available in Paging File | 89.99% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220.31 Gb Total Space | 92.68 Gb Free Space | 42.07% Space Free | Partition Type: NTFS
Drive R: | 10.00 Gb Total Space | 5.83 Gb Free Space | 58.29% Space Free | Partition Type: NTFS

Computer Name: HANNAH-LEIGH-PC | User Name: Hannah-Leigh Bull | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-4225951657-1860771598-1606342484-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1 ",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-4225951657-1860771598-1606342484-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 1
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B9A0E7C-AC93-4A12-A9B6-59C701A42659}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{280287D3-F8C0-41B8-9266-FE9460516DC9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{34AC989B-2FCE-4CC1-822C-FC38CE7E770C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{351020CE-7F4E-4CC7-BC95-76232CBCE20E}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdater.exe |
"{3C2DBFFA-556D-43A0-96F8-04E8403750FC}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdateservice.exe |
"{4A999252-7DCA-4329-A220-6F64596848DA}" = rport=138 | protocol=17 | dir=out | app=system |
"{5F896F6A-E5FF-4CD9-A169-CA011B6B8D9E}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{6C8317C0-3FB9-49CA-A73A-C4CC13E438A2}" = lport=445 | protocol=6 | dir=in | app=system |
"{88BD51B7-B70B-4E29-ADA0-E4BAA340DB68}" = rport=445 | protocol=6 | dir=out | app=system |
"{900D5A7E-0569-410E-AFCD-D9F88830210E}" = lport=138 | protocol=17 | dir=in | app=system |
"{B60AF029-3492-45CF-B030-320BE82B74A2}" = lport=139 | protocol=6 | dir=in | app=system |
"{CF2D4E8F-35FF-40BA-9DD8-8049A5A234BD}" = rport=137 | protocol=17 | dir=out | app=system |
"{DDEE15CA-D840-4DD0-B6BD-D78A63D804E4}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{DE226C90-D077-407D-85D2-C4446BD66395}" = rport=139 | protocol=6 | dir=out | app=system |
"{EA72A9C2-1456-45D5-A38A-8EB1D57D30AC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F6793B66-FD05-4150-B2E9-695B48585CE3}" = lport=137 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{12601593-20EC-4604-89BE-77BBDE22D80D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{26D801F9-7044-4573-9665-DFB5EBCA6C1A}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{3649024E-3FD4-4BC3-B913-43B2F89CC612}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{3BF42AA1-5A34-41B0-9F4E-5B5F11754CA9}" = protocol=17 | dir=in | app=c:\program files\mozilla thunderbird\thunderbird.exe |
"{4194214B-EE0C-434E-BBB4-00900598813C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{482DC3CA-0991-420F-9DDE-EF59BE4FD6AD}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{4D80D1D9-13E5-4E72-882B-D82486954D18}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{57F1D61A-48B8-42CD-9122-CEC33F608130}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{580BB46E-86C2-4D8D-9877-404084BD3DE9}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{5C46E5FE-AC32-4578-9342-55DBF1C699BD}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{62F45C06-CD00-4D90-BEA2-305DACCDDF6D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{6BFD4A00-8AB3-4100-A3E4-CB1AE7864C56}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{75AD978F-6683-4706-AB81-C803DAAE8536}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{84E05543-2C05-43EC-A48B-9A8CD6E8D197}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{8C9EC455-3221-40A2-8EFE-1DB2A82A6481}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{90C9F0DF-2F2C-4361-9FA1-280F0F7707C8}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9117C7EA-B48E-4724-A458-4A9FCC55C963}" = protocol=6 | dir=in | app=c:\program files\mozilla thunderbird\thunderbird.exe |
"{95E5E75F-1228-4D1F-B4B8-93BB9F4B7AA4}" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"{B0BA8877-A192-4E95-B16C-C827D7B69E04}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{C94F04AD-C832-4E74-8AFC-132CBF63B6EA}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{D94BCF54-9CD7-415B-9BFF-74550B0A0F96}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"TCP Query User{2DCB9D1C-B5F1-416C-887D-52196F365929}C:\program files\java\jre1.5.0_11\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.5.0_11\bin\javaw.exe |
"TCP Query User{53DDD3A4-649B-47CD-9946-0F1963360D30}C:\program files\adobe\adobe robohelp 8\robohtml\robohtml.exe" = protocol=6 | dir=in | app=c:\program files\adobe\adobe robohelp 8\robohtml\robohtml.exe |
"TCP Query User{84726DB1-AA02-460B-B2B8-CA5450F68157}C:\program files\adobe\adobe robohelp 8\robohtml\robohtml.exe" = protocol=6 | dir=in | app=c:\program files\adobe\adobe robohelp 8\robohtml\robohtml.exe |
"TCP Query User{C77A9AF5-1C2D-4718-B5D1-26451A2ED8AB}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{D94B7C9E-6C9B-49D3-8969-CD9F03098957}C:\program files\java\jre1.5.0_11\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.5.0_11\bin\javaw.exe |
"TCP Query User{DFB61CE9-A0D2-4269-BD71-58BACBAFD267}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{E89DE6E1-7B95-4956-8A1E-A363B995613B}C:\program files\adobe\adobe robohelp 7\robohtml\robohtml.exe" = protocol=6 | dir=in | app=c:\program files\adobe\adobe robohelp 7\robohtml\robohtml.exe |
"UDP Query User{00253C2B-86BD-4DB8-BAA8-C9FDBE9F6903}C:\program files\adobe\adobe robohelp 7\robohtml\robohtml.exe" = protocol=17 | dir=in | app=c:\program files\adobe\adobe robohelp 7\robohtml\robohtml.exe |
"UDP Query User{4D940DB0-3D33-4124-8E15-C8EA55208087}C:\program files\java\jre1.5.0_11\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.5.0_11\bin\javaw.exe |
"UDP Query User{65D426D0-8D02-48A3-870C-F748701A6E7B}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{9761F110-3A70-493F-98DD-20D88581BDD7}C:\program files\java\jre1.5.0_11\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.5.0_11\bin\javaw.exe |
"UDP Query User{B5720348-9929-45E1-B91A-287FF93A3C50}C:\program files\adobe\adobe robohelp 8\robohtml\robohtml.exe" = protocol=17 | dir=in | app=c:\program files\adobe\adobe robohelp 8\robohtml\robohtml.exe |
"UDP Query User{CB5A7D8A-0BE1-4917-AD6B-0BDB2EE14190}C:\program files\adobe\adobe robohelp 8\robohtml\robohtml.exe" = protocol=17 | dir=in | app=c:\program files\adobe\adobe robohelp 8\robohtml\robohtml.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0F95AA42-0FF6-4D48-9CA1-64C8D0777500}" = QuickSet
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1E8654D8-C57E-7C59-F56B-244EA9387499}" = Adobe Help Viewer 2
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 26
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{2C1D09AC-88B3-465F-9EBF-B475602CDEB1}" = TSI
"{2C1D09AC-88B3-465F-9EBF-B475602CDEB1} Adobe Technical Communication Suite" = Adobe Technical Communication Suite
"{2E7B6B00-5ECD-49A1-8FD4-4B647C5D8027}" = Adobe Captivate 3
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{305AA0B5-6298-4C99-AEB5-8ED1F3D0E007}" = FMSuitePlugin
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{3B4ABF80-EAA2-012B-AE5C-000000000000}" = TurboTax 2009 wnmiper
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides
"{61838F4E-4C4E-4251-8689-C660199DA084}" = Adobe RoboHelp 7.0.1
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{71C97545-E547-4A8B-B0C8-61FF853270AC}" = PaperPort
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7961C367-4C84-4B42-8642-3B3B021B5B8E}" = Adobe RoboHelp 7
"{7B4CA480-7321-4AD4-BED1-F7177671C37E}" = Adobe FrameMaker 8
"{7CF6E959-07C5-4F5B-AAEC-7406DFFDC20E}" = Adobe FrameMaker v7.2
"{7D7FCE07-97DA-49CD-9CBF-5B63015ABB22}" = Solar Fire Deluxe
"{7E6066E6-8B5B-4100-B0FA-1D9E9B663CBA}" = iTunes
"{83B48E1F-F38A-4169-A83A-71C7814512F9}" = TurboTax 2010 wnmiper
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A6441D1-632B-4220-9A3E-E30BA10277A7}" = Adobe FrameMaker 8 p277 Patcher
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9312E9B8-129A-4025-8F88-8A0581CC7C4C}" = RoboSource Control 3.1
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
"{A55ACE70-01FA-4821-89A6-43CACF226ACF}" = Adobe RoboHelp 7.0.3
"{A6E0806C-59CA-4987-A116-7E20252A4EB2}" = NaviNet Claims Professional Claim Processor
"{A7E3B245-0798-4F71-9C3F-556C130B60D3}" = Adobe RoboHelp 8
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AC76BA86-1033-F400-7761-000000000003}" = Adobe Acrobat 3D version 8
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{BD75D917-DE9F-49B5-9808-654D9B9AAFDB}" = Adobe Setup
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C6A3F6EA-EAAD-49F0-8DDF-B2483D07B56B}" = Adobe FrameMaker 8 p273 Patcher
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs
"{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}" = Cisco Systems VPN Client 5.0.00.0340
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF6F8056-3EC3-4582-A915-9BF11A82097A}" = TurboTax 2008 wnmiper
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{E7FEF7E8-DF29-4D3D-A1B3-4547E9CD77CE}" = Adobe RoboHelp 7.0.2
"{F08E87FD-F62B-4BAC-A2D6-A94755653F30}" = WebDrive
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F5D7FAB5-A1FD-4DD3-983E-4155B09D7102}" = mCore
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"acrocheck FrameMaker Plug-in_is1" = acrocheck FrameMaker Plug-in
"ActiveTouchMeetingClient" = WebEx
"Adobe Acrobat 3D version 8" = Adobe Acrobat 3D version 8
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe RoboHelp 7" = Adobe RoboHelp 7
"Adobe RoboHelp 8" = Adobe RoboHelp 8
"Adobe_a53cb2c567aa4d64cce042b738c635e" = Adobe ExtendScript Toolkit CS4
"ahv2.188B8094779BEFAABA1D70C6602409E1C81B16E6.1" = Adobe Help Viewer 2
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"Exact Audio Copy" = Exact Audio Copy 0.99pb4
"IrfanView" = IrfanView (remove only)
"KLiteCodecPack_is1" = K-Lite Codec Pack 3.8.5 Standard
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 5.0 (x86 en-US)" = Mozilla Firefox 5.0 (x86 en-US)
"Mozilla Thunderbird (5.0)" = Mozilla Thunderbird (5.0)
"NVIDIA Drivers" = NVIDIA Drivers
"Office Clip Art" = Office Clip Art
"ProInst" = Intel(R) PROSet/Wireless Software
"PuTTY_is1" = PuTTY version 0.60
"TurboTax 2008" = TurboTax 2008
"TurboTax 2009" = TurboTax 2009
"TurboTax 2010" = TurboTax 2010
"VLC media player" = VLC media player 0.9.6

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4225951657-1860771598-1606342484-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Adobe Acrobat Connect Add-in" = Adobe Acrobat Connect Add-in
"GoToMeeting" = GoToMeeting 4.8.0.723
"WorldServer OpenTopic Editor Integration" = WorldServer OpenTopic Editor Integration

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

broni · 2011/07/21

You didn't say:

What is the exact error you're getting while booting to normal mode?
Click to expand...

I'm checking your OTL logs now.

hlbull · 2011/07/21

Here is the blue screen error exactly (to the best of my ability reading the image).
----------------------------------
A problem has been detected and windows has been shut down to prevent damage to your computer.

If this is the first time you've seen this stop error screen, restart your computer. If this screen appears again, follow these steps:

Check to be sure you have adequate disk space. If a driver is identified in the stop message, diable the driver or check with the manufacturer for driver updates. Try changing video adapters.

Check with your hardware vendor for any BIOS updates. Disable BIOS memory options such as caching or shadowing. If you need to use Safe Mode to remove or disable components, restart your computer, press F8 to select Advanced Startup Options, and then select Safe Mode.

Technical Information:

*** STOP: 0x0000008E (0xC0000005,0x821FSC19,0xA3AD091C,0x00000000)

Collecting data for crash dump ...
Initializing disk for crash dump ...

broni · 2011/07/21

Is this legit Vista installation?
Was it an upgrade from Windows XP?
Any particular reason why no Service pack is installed?

===================================================

Run OTL

Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following

Code:

:OTL
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [SunJavaUpdateSched] File not found
O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - File not found
@Alternate Data Stream - 76 bytes -> C:\Users\Hannah-Leigh Bull\Documents\XML:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Hannah-Leigh Bull\Documents\WebDrive:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Hannah-Leigh Bull\Documents\TurboTax:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Hannah-Leigh Bull\Documents\Office Clip Art:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Hannah-Leigh Bull\Documents\My RoboHelp Projects:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Hannah-Leigh Bull\Documents\Llama Deara Ranch:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Hannah-Leigh Bull\Documents\cache:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Hannah-Leigh Bull\Documents\Adobe Systems:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Hannah-Leigh Bull\Desktop\ML042.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Hannah-Leigh Bull\Desktop\ML020.jpg:Roxio EMC Stream


:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]

Then click the [color= "#FF0000"]Run Fix[/color] button at the top
Let the program run unhindered, reboot the PC when it is done
You will get a log that shows the results of the fix. Please post it.

hlbull · 2011/07/22

Broni, unfortunately the Windows BBS system was inaccessible last night after I received your reply notice.

Responses:

Is this legit Vista installation?

The laptop was purchased in 2008 from Dell with Vista installed on it. Vista has been a challenge after the ease of use of XP, but not until July 13, 2011 did I have these frustrating viruses.

Was it an upgrade from Windows XP? No. When I purchased the laptop, Dell allowed it to ship only with Vista installed, not XP.

Any particular reason why no Service pack is installed?

Service Packs 1 and 2 were installed on it over the years as and on Wednesday when I reviewed the Windows Update history, I saw both of them in the list of installed updates. On Thursday they disappeared when a service person from my wireless broadband company worked on the system.

I will do what you say to do later this morn when I wake up. Unfortunately, I will need to leave early Saturday morn for a trip and won't return until Sunday July 31. I am here today and tonight and can work with you as best I can tonight.

hlbull · 2011/07/22

A file named 07222011_044 823 in Moved Files (C:\_OTL) is empty.

The system still operates only in safe mode.

Here is what I found in Moved Files (C:\_OTL) in a file 07222011_044 823.log; is there any place else I should look for a log:

-------------------------------------------------------
All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{85d1f590-48f4-11d9-9669-0800200c9a66}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{85d1f590-48f4-11d9-9669-0800200c9a66}\ not found.
ADS C:\Users\Hannah-Leigh Bull\Documents\XML:Roxio EMC Stream deleted successfully.
ADS C:\Users\Hannah-Leigh Bull\Documents\WebDrive:Roxio EMC Stream deleted successfully.
ADS C:\Users\Hannah-Leigh Bull\Documents\TurboTax:Roxio EMC Stream deleted successfully.
ADS C:\Users\Hannah-Leigh Bull\Documents\Office Clip Art:Roxio EMC Stream deleted successfully.
Unable to delete ADS C:\Users\Hannah-Leigh Bull\Documents\My RoboHelp Projects:Roxio EMC Stream .
ADS C:\Users\Hannah-Leigh Bull\Documents\Llama Deara Ranch:Roxio EMC Stream deleted successfully.
ADS C:\Users\Hannah-Leigh Bull\Documents\cache:Roxio EMC Stream deleted successfully.
ADS C:\Users\Hannah-Leigh Bull\Documents\Adobe Systems:Roxio EMC Stream deleted successfully.
ADS C:\Users\Hannah-Leigh Bull\Desktop\ML042.jpg:Roxio EMC Stream deleted successfully.
ADS C:\Users\Hannah-Leigh Bull\Desktop\ML020.jpg:Roxio EMC Stream deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Hannah-Leigh Bull
->Temp folder emptied: 60042315 bytes
->Temporary Internet Files folder emptied: 45281559 bytes
->Java cache emptied: 23938580 bytes
->FireFox cache emptied: 49272594 bytes
->Flash cache emptied: 3982297 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
RecycleBin emptied: 1676 bytes

Total Files Cleaned = 174.00 mb

[EMPTYFLASH]

User: All Users

User: Default

User: Default User
----------------------------------------------------------------------------

Thanks so much for your help, Broni.

broni · 2011/07/22

Do you have Vista DVD?

On Thursday they disappeared when a service person from my wireless broadband company worked on the system.
Click to expand...

What was the issue there?

Please run a free online scan with the ESET Online Scanner

Disable your antivirus program

Tick the box next to YES, I accept the Terms of Use

Click Start

IMPORTANT! UN-check Remove found threats

Accept any security warnings from your browser.

Check Scan archives

Click Start

ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

When the scan completes, push List of found threats

Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

hlbull · 2011/07/22

Hi, Broni!

No, I have only the recovery disk I created last night. The Wireless Broadband Service person was trying to see whether he could help. I'm not sure what he did. But I had just checked the installed updates the day before and Service Pack 2 had been installed in Oct '09. During his efforts, the update history got corrupted.

It was he that diagnosed hijacked browser. I had been receiving Windows notices about IE in the background while I used Firefox. Also SKYPE wouldn't run. On Wednesday 7/13 I got the Critical Disk Error virus, and managed to run Windows Defender find a culprit, remove a few files, unhide my folders so that I could see that the hard disk really was there, and so on.

Running in safe mode is difficult for work though. The computer overheats, and I need to turn it off periodically. Also very sensitive to touch.

Will run ESET Online Scanner now.

broni · 2011/07/22

OK.....

The computer overheats, and I need to turn it off periodically
Click to expand...

This MAY be a reason why it doesn't want to start in normal mode.

Download System Information for Windows (SIW free version)
No installation required.

After it scans your computer, navigate to Hardware>Sensors and post all info from there.

hlbull · 2011/07/22

SIW can't run in safe mode. The computer only started over heating since the computer refused to go into normal mode, and I had to work in safe mode with networking yesterday and today.

Emulating Hardware says WDC WD25 00BEVS-75UST Assembly temp now 41 degrees C, min is 40, max is 42.

broni · 2011/07/22

That's hard drive temperature.
I'll be more interested in CPU temperature.
Do you have any readings regarding CPU temperature in BIOS?

hlbull · 2011/07/22

How do I find CPU temperature in BIOS? Can I do it while the other scan is running?

Log in or Sign up

Inactive Browser Hijack/Unable to Use SKYPE other functions

hlbull Inactive Thread Starter

broni Moderator Malware Analyst

hlbull Inactive Thread Starter

broni Moderator Malware Analyst

hlbull Inactive Thread Starter

broni Moderator Malware Analyst

hlbull Inactive Thread Starter

hlbull Inactive Thread Starter

hlbull Inactive Thread Starter

broni Moderator Malware Analyst

hlbull Inactive Thread Starter

broni Moderator Malware Analyst

hlbull Inactive Thread Starter

hlbull Inactive Thread Starter

broni Moderator Malware Analyst

hlbull Inactive Thread Starter

broni Moderator Malware Analyst

hlbull Inactive Thread Starter

broni Moderator Malware Analyst

hlbull Inactive Thread Starter

Share This Page

Log in or Sign up

Inactive Browser Hijack/Unable to Use SKYPE other functions

hlbull Inactive Thread Starter

broni Moderator Malware Analyst

hlbull Inactive Thread Starter

broni Moderator Malware Analyst

hlbull Inactive Thread Starter

broni Moderator Malware Analyst

hlbull Inactive Thread Starter

hlbull Inactive Thread Starter

hlbull Inactive Thread Starter

broni Moderator Malware Analyst

hlbull Inactive Thread Starter

broni Moderator Malware Analyst

hlbull Inactive Thread Starter

hlbull Inactive Thread Starter

broni Moderator Malware Analyst

hlbull Inactive Thread Starter

broni Moderator Malware Analyst

hlbull Inactive Thread Starter

broni Moderator Malware Analyst

hlbull Inactive Thread Starter

Share This Page

Useful Searches