please help me =/

Need help removing this virus asap =/

OTL logfile created on: 6/28/2010 6:55:22 PM - Run 5
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Users\baby elly\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 58.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 220.31 Gb Total Space | 136.37 Gb Free Space | 61.90% Space Free | Partition Type: NTFS
Drive D: | 1.89 Gb Total Space | 0.82 Gb Free Space | 43.47% Space Free | Partition Type: FAT
Drive E: | 12.58 Gb Total Space | 1.99 Gb Free Space | 15.79% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BABYELLY-PC
Current User Name: baby elly
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/06/27 10:23:53 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\baby elly\Downloads\OTL(2).exe
PRC - [2010/06/10 11:31:38 | 018,702,520 | ---- | M] (ooVoo LLC) -- C:\Program Files (x86)\oovoo\ooVoo.exe
PRC - [2010/04/12 18:46:36 | 001,135,912 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/03/28 23:10:00 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2009/08/22 03:21:19 | 000,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
PRC - [2009/07/26 17:44:34 | 003,883,856 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
PRC - [2009/01/21 11:23:16 | 000,210,216 | R--- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe
PRC - [2008/12/25 16:41:20 | 000,189,736 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2008/12/25 16:41:16 | 001,316,136 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
PRC - [2008/12/17 20:11:40 | 000,365,952 | ---- | M] () -- C:\Program Files (x86)\SMINST\BLService.exe
PRC - [2008/11/28 21:04:26 | 001,148,200 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2008/11/26 20:13:08 | 000,296,320 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
PRC - [2008/11/26 20:13:08 | 000,116,096 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
PRC - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe


========== Modules (SafeList) ==========

MOD - [2010/06/27 10:23:53 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\baby elly\Downloads\OTL(2).exe
MOD - [2008/01/20 22:50:01 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2008/01/20 22:48:06 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2008/12/31 08:35:14 | 000,934,400 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\Ati2evxx.exe -- (Ati External Event Utility)
SRV:64bit: - [2008/10/26 16:49:46 | 000,279,040 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_8aadd48d\STacSV64.exe -- (STacSV)
SRV:64bit: - [2008/06/27 11:53:06 | 000,089,088 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_8aadd48d\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008/03/18 19:25:40 | 000,023,040 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\Hpservice.exe -- (hpsrv)
SRV:64bit: - [2008/03/18 08:26:56 | 000,015,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/03/18 14:27:14 | 001,020,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/08/22 03:21:19 | 000,117,640 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe -- (Norton Internet Security)
SRV - [2008/12/17 20:11:40 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/11/26 20:13:08 | 000,296,320 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe -- (TVCapSvc) TV Background Capture Service (TVBCS)
SRV - [2008/11/26 20:13:08 | 000,116,096 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe -- (TVSched) TV Task Scheduler (TVTS)
SRV - [2008/10/25 11:44:08 | 000,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2007/05/31 17:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 17:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/11/02 09:34:14 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2006/11/02 02:35:15 | 000,060,994 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2006/11/02 02:35:15 | 000,055,846 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vss.mof -- (VSS)
SRV - [2005/11/14 05:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/02/03 00:47:34 | 000,583,296 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NISx64\1008000.029\ccHPx64.sys -- (ccHP)
DRV:64bit: - [2009/08/22 03:21:19 | 000,476,720 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NISx64\1008000.029\SRTSP64.SYS -- (SRTSP)
DRV:64bit: - [2009/08/22 03:21:19 | 000,402,992 | ---- | M] () [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1008000.029\SYMEFA64.SYS -- (SymEFA)
DRV:64bit: - [2009/08/22 03:21:19 | 000,334,384 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NISx64\1008000.029\BHDrvx64.sys -- (BHDrvx64)
DRV:64bit: - [2009/08/22 03:21:19 | 000,278,576 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NISx64\1008000.029\SYMTDI.SYS -- (SYMTDI)
DRV:64bit: - [2009/08/22 03:21:19 | 000,032,304 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1008000.029\SRTSPX64.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2009/08/22 03:21:19 | 000,031,280 | R--- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\SymIMv.sys -- (SymIM)
DRV:64bit: - [2009/04/08 06:46:13 | 001,526,776 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XX)
DRV:64bit: - [2009/03/09 21:40:57 | 000,172,592 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2008/12/31 10:01:20 | 004,993,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2008/10/26 16:50:58 | 000,469,504 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)
DRV:64bit: - [2008/10/23 05:42:06 | 000,128,352 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\jmcr.sys -- (JMCR)
DRV:64bit: - [2008/09/04 13:48:00 | 000,064,000 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\enecir.sys -- (enecir)
DRV:64bit: - [2008/08/06 12:26:08 | 000,174,592 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/07/24 12:48:10 | 000,250,928 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2008/06/23 07:54:02 | 000,099,368 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2008/06/23 07:54:02 | 000,091,176 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2008/06/23 07:54:02 | 000,019,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2008/03/27 15:10:56 | 000,026,984 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2008/03/27 15:10:14 | 000,040,296 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2008/03/21 08:47:14 | 001,253,376 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2008/01/20 22:47:28 | 000,046,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2008/01/20 22:46:57 | 003,154,432 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NETw3v64.sys -- (NETw3v64) Intel(R)
DRV:64bit: - [2008/01/20 22:46:55 | 000,111,104 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2008/01/20 22:46:52 | 000,019,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2007/06/18 20:13:12 | 000,018,432 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2006/10/03 21:45:36 | 000,273,408 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV - [2009/05/05 17:42:08 | 001,461,808 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090601.003\EX64.SYS -- (NAVEX15)
DRV - [2009/05/05 17:42:08 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2009/05/05 17:42:08 | 000,136,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090601.003\ENG64.SYS -- (NAVENG)
DRV - [2009/01/29 17:50:10 | 000,396,848 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090528.001\IDSviA64.sys -- (IDSVia64)
DRV - [2008/11/28 21:04:24 | 000,146,928 | ---- | M] (CyberLink Corp.) [2009/04/08 04:19:17] [Kernel | Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})
DRV - [2006/09/18 17:36:40 | 000,003,066 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip)
DRV - [2006/09/18 17:35:23 | 000,001,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE - HKLM\..\URLSearchHook: {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Program Files (x86)\PageRage\tbPage.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.facebook.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Program Files (x86)\PageRage\tbPage.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www.mystart.com?pr=oovoo2_2"
FF - prefs.js..extensions.enabledItems: plugin@yontoo.com:1.10.01
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.5.4.20081105
FF - prefs.js..extensions.enabledItems: {98f782cf-9b6b-41ca-909b-b4fdc0bbc23a}:3.1
FF - prefs.js..extensions.enabledItems: {8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}:2.1.0
FF - prefs.js..extensions.enabledItems: {23AF126E-8B70-46AF-AEA7-13A74F37DDC1}:1.9.1

FF - HKLM\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2010/04/26 16:26:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/03/28 23:10:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/03/29 13:18:54 | 000,000,000 | ---D | M]

[2010/02/10 00:02:03 | 000,000,000 | ---D | M] -- C:\Users\baby elly\AppData\Roaming\Mozilla\Extensions
[2009/02/03 14:26:02 | 000,000,000 | ---D | M] -- C:\Users\baby elly\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2010/06/28 17:42:03 | 000,000,000 | ---D | M] -- C:\Users\baby elly\AppData\Roaming\Mozilla\Firefox\Profiles\6gvzdwa0.default\extensions
[2010/04/23 14:57:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\baby elly\AppData\Roaming\Mozilla\Firefox\Profiles\6gvzdwa0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/16 22:33:37 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\baby elly\AppData\Roaming\Mozilla\Firefox\Profiles\6gvzdwa0.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/06/18 01:29:37 | 000,000,000 | ---D | M] (VMN Toolbar) -- C:\Users\baby elly\AppData\Roaming\Mozilla\Firefox\Profiles\6gvzdwa0.default\extensions\{98f782cf-9b6b-41ca-909b-b4fdc0bbc23a}
[2010/04/23 14:57:04 | 000,000,000 | ---D | M] -- C:\Users\baby elly\AppData\Roaming\Mozilla\Firefox\Profiles\6gvzdwa0.default\extensions\staged-xpis
[2010/06/28 18:23:23 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2009/10/09 08:33:38 | 000,000,000 | ---D | M] (PageRage Toolbar) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{9565115d-c7d6-46d3-bd63-b67b481a4368}
[2009/10/09 08:33:28 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions\plugin@yontoo.com
[2010/02/15 16:49:16 | 000,000,940 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\vmndtxtb.xml

O1 HOSTS File: ([2006/09/18 17:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (PriceGongBHO Class) - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files (x86)\PriceGong\2.1.0\PriceGongIE.dll (PriceGong)
O2 - BHO: (Shop to Win 2) - {20FEC4E7-F7B7-438B-8191-33D2EFC5EBEA} - C:\Program Files (x86)\Shop to Win 2\ShoppingBHO.dll (Freecause Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (PageRage Toolbar) - {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Program Files (x86)\PageRage\tbPage.dll (Conduit Ltd.)
O2 - BHO: (no name) - {99E00A4C-D35E-11DD-BA95-9B6A56D89593} - No CLSID value found.
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Updater For VMN Toolbar) - {d5b8015d-68af-4b2c-9412-e349d82ab4a2} - C:\Program Files (x86)\vmndtxtb\auxi\vmndtxAu.dll (Visicom Media)
O2 - BHO: (VMN Toolbar) - {f379a94e-3c5d-4bad-b32c-0e3af1cc3617} - C:\Program Files (x86)\vmndtxtb\vmndtxDx.dll ()
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Client\YontooIEClient.dll (Yontoo Technology, Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (PageRage Toolbar) - {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Program Files (x86)\PageRage\tbPage.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (VMN Toolbar) - {f379a94e-3c5d-4bad-b32c-0e3af1cc3617} - C:\Program Files (x86)\vmndtxtb\vmndtxDx.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (PageRage Toolbar) - {9565115D-C7D6-46D3-BD63-B67B481A4368} - C:\Program Files (x86)\PageRage\tbPage.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [DVDAgent] C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Network Error Advisor] C:\Program Files (x86)\vmndtxtb\EXERunner.exe \..\Lo File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TSMAgent] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [TVAgent] C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Ndomavefogutu] File not found
O4 - HKCU..\Run: [oopjbrlb] C:\Users\baby elly\AppData\Local\kxyagpdfy\nerwbirtssd.exe ()
O4 - HKCU..\Run: [ooVoo.exe] C:\program files (x86)\oovoo\oovoo.exe (ooVoo LLC)
O4 - HKCU..\Run: [Rfusivagoxo] File not found
O4 - HKCU..\Run: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} https://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.74.162 68.87.68.162
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - Reg Error: Key error. File not found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Humpback Whale.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Humpback Whale.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{3a4d4e66-1a70-11df-a7eb-00247e574941}\Shell - "" = AutoRun
O33 - MountPoints2\{3a4d4e66-1a70-11df-a7eb-00247e574941}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -- File not found
O33 - MountPoints2\{67bd9666-0e83-11de-b8b0-00247e574941}\Shell\AutoRun\command - "" = G:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe -- File not found
O33 - MountPoints2\{67bd9666-0e83-11de-b8b0-00247e574941}\Shell\open\command - "" = G:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe -- File not found
O33 - MountPoints2\{ffaa65fd-f881-11de-bfd2-00247e574941}\Shell\AutoRun\command - "" = RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\Drive13.exe
O33 - MountPoints2\{ffaa65fd-f881-11de-bfd2-00247e574941}\Shell\open\command - "" = RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\Drive13.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/06/28 15:17:36 | 000,000,000 | ---D | C] -- C:\Users\baby elly\AppData\Roaming\Malwarebytes
[2010/06/28 15:17:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/06/28 15:17:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/06/27 11:13:58 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/06/26 21:53:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Downloaded Installers
[2010/06/26 20:58:02 | 000,000,000 | ---D | C] -- C:\Users\baby elly\AppData\Local\kxyagpdfy
[2010/06/21 18:09:21 | 000,000,000 | ---D | C] -- C:\Users\baby elly\AppData\Roaming\Facebook
[2010/06/17 17:15:11 | 000,000,000 | ---D | C] -- C:\Users\baby elly\AppData\Local\{23AF126E-8B70-46AF-AEA7-13A74F37DDC1}
[2010/06/17 17:00:36 | 000,000,000 | ---D | C] -- C:\Users\baby elly\Originals
[2010/06/17 12:33:19 | 000,000,000 | ---D | C] -- C:\Users\baby elly\AppData\Roaming\PhotoScape
[2010/06/17 12:28:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PhotoScape
[2010/06/15 19:59:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\oovoo
[2010/06/15 19:58:41 | 000,000,000 | ---D | C] -- C:\Users\baby elly\AppData\Roaming\oovooinstaller
[2010/05/11 00:40:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2010/05/05 18:59:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Winferno
[2010/05/05 18:54:15 | 000,000,000 | ---D | C] -- C:\Users\baby elly\AppData\Roaming\FinalMediaPlayer
[2010/05/05 18:54:08 | 000,000,000 | ---D | C] -- C:\Users\baby elly\AppData\Local\WeatherBug
[2010/05/05 18:54:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FinalMediaPlayer
[2010/05/05 18:54:06 | 000,000,000 | ---D | C] -- C:\Users\baby elly\AppData\Roaming\WeatherBug
[2010/05/05 18:53:49 | 000,835,584 | ---- | C] (Capital Intellect Inc) -- C:\Windows\SysWow64\WINCTL4.OCX
[2010/05/05 18:53:49 | 000,495,616 | ---- | C] (Capital Intellect Inc) -- C:\Windows\SysWow64\WINUTIL5.DLL
[2010/05/05 18:53:49 | 000,393,216 | ---- | C] (Capital Intellect Inc) -- C:\Windows\SysWow64\WINLCTL5.DLL
[2010/05/05 18:53:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free Offers from Freeze.com
[2010/05/05 18:53:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winferno
[2010/05/05 18:53:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PriceGong
[2010/05/05 18:52:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Shop to Win 2
[2010/05/05 18:52:43 | 000,000,000 | ---D | C] -- C:\Users\baby elly\AppData\Roaming\vmndtxtb
[2010/05/05 18:52:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\vmndtxtb
[2010/04/23 15:20:06 | 000,000,000 | ---D | C] -- C:\Users\baby elly\Documents\Downloads
[2010/04/23 10:58:45 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2010/04/18 23:39:42 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010/04/18 03:50:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2010/04/18 03:49:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
[2010/04/16 22:33:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner
[2010/03/30 21:58:24 | 000,353,592 | ---- | C] (DivX, Inc.) -- C:\Windows\SysWow64\DivXControlPanelApplet.cpl

========== Files - Modified Within 90 Days ==========

[2010/06/28 18:56:14 | 003,932,160 | -HS- | M] () -- C:\Users\baby elly\NTUSER.DAT
[2010/06/28 18:55:59 | 000,000,442 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{740F8423-F1E3-428B-BA32-1336E1D8BCAE}.job
[2010/06/28 18:47:28 | 000,002,495 | ---- | M] () -- C:\Users\baby elly\AppData\Local\ononidopumam.dll
[2010/06/28 18:45:49 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/06/28 18:45:42 | 000,000,458 | ---- | M] () -- C:\Windows\tasks\RegPowerClean.job
[2010/06/28 18:45:36 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/06/28 18:45:36 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/06/28 18:45:28 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/06/28 18:45:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/06/28 18:45:13 | 4260,564,992 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/28 18:16:37 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/06/28 18:16:34 | 000,524,288 | -HS- | M] () -- C:\Users\baby elly\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms
[2010/06/28 18:16:34 | 000,065,536 | -HS- | M] () -- C:\Users\baby elly\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf
[2010/06/28 18:16:33 | 003,050,222 | -H-- | M] () -- C:\Users\baby elly\AppData\Local\IconCache.db
[2010/06/28 18:13:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/06/28 17:24:07 | 000,002,551 | ---- | M] () -- C:\Users\baby elly\Application Data\Microsoft\Internet Explorer\Quick Launch\HP MediaSmart.lnk
[2010/06/28 17:23:49 | 000,002,495 | ---- | M] () -- C:\Users\baby elly\AppData\Local\odequbefova.dll
[2010/06/28 17:23:27 | 000,002,495 | ---- | M] () -- C:\Users\baby elly\AppData\Local\Pmuxe.dat
[2010/06/28 15:54:21 | 000,000,377 | ---- | M] () -- C:\Users\baby elly\Documents - Shortcut.lnk
[2010/06/28 15:48:23 | 000,002,495 | ---- | M] () -- C:\Users\baby elly\AppData\Local\ugeweweciqusolet.dll
[2010/06/28 14:32:05 | 000,000,444 | ---- | M] () -- C:\Windows\tasks\RPCReminder.job
[2010/06/27 19:44:48 | 000,070,144 | ---- | M] () -- C:\Users\baby elly\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/27 03:08:50 | 000,604,502 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/06/27 03:08:49 | 000,715,936 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/06/27 03:08:49 | 000,104,170 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/06/26 05:54:24 | 000,000,000 | ---- | M] () -- C:\Users\baby elly\AppData\Local\Nriroce.bin
[2010/06/25 20:51:11 | 000,000,590 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for baby elly.job
[2010/06/22 22:02:39 | 000,283,648 | -H-- | M] () -- C:\Users\baby elly\photothumb.db
[2010/06/22 15:24:53 | 000,000,034 | -H-- | M] () -- C:\Users\baby elly\.picasa.ini
[2010/06/22 06:49:34 | 000,000,680 | ---- | M] () -- C:\Users\baby elly\AppData\Local\d3d9caps.dat
[2010/06/17 17:58:42 | 002,154,988 | ---- | M] () -- C:\Users\baby elly\lol.jpg
[2010/06/17 17:45:38 | 003,362,819 | ---- | M] () -- C:\Users\baby elly\andres1.jpg
[2010/06/17 17:37:55 | 003,712,388 | ---- | M] () -- C:\Users\baby elly\photoshootmw.jpg
[2010/06/17 17:29:53 | 001,212,458 | ---- | M] () -- C:\Users\baby elly\eliza.jpg
[2010/06/17 17:16:15 | 002,369,434 | ---- | M] () -- C:\Users\baby elly\default6.jpg
[2010/06/17 17:10:26 | 001,565,614 | ---- | M] () -- C:\Users\baby elly\default5.jpg34948
[2010/06/17 17:10:26 | 000,000,000 | ---- | M] () -- C:\Users\baby elly\default5.jpg
[2010/06/17 17:08:08 | 003,763,490 | ---- | M] () -- C:\Users\baby elly\mephoto17.jpg
[2010/06/17 17:00:48 | 005,399,490 | ---- | M] () -- C:\Users\baby elly\meagaiin.jpg
[2010/06/17 16:56:43 | 001,533,088 | ---- | M] () -- C:\Users\baby elly\default3.jpg
[2010/06/17 16:52:53 | 001,721,819 | ---- | M] () -- C:\Users\baby elly\default2.jpg
[2010/06/17 16:49:57 | 002,955,745 | ---- | M] () -- C:\Users\baby elly\mephoto16.jpg
[2010/06/17 16:49:13 | 001,932,080 | ---- | M] () -- C:\Users\baby elly\mephoto15.jpg
[2010/06/17 16:48:14 | 001,797,114 | ---- | M] () -- C:\Users\baby elly\mephoto14.jpg
[2010/06/17 16:47:11 | 001,791,742 | ---- | M] () -- C:\Users\baby elly\default.jpg
[2010/06/17 16:42:04 | 006,936,514 | ---- | M] () -- C:\Users\baby elly\just seening me.jpg
[2010/06/17 16:41:38 | 002,965,883 | ---- | M] () -- C:\Users\baby elly\mephoto12.jpg
[2010/06/17 16:41:13 | 002,531,148 | ---- | M] () -- C:\Users\baby elly\mephoto13.jpg
[2010/06/17 16:35:13 | 002,848,137 | ---- | M] () -- C:\Users\baby elly\mephoto11.jpg
[2010/06/17 16:28:47 | 003,834,202 | ---- | M] () -- C:\Users\baby elly\mephoto10.jpg
[2010/06/17 16:28:33 | 001,431,299 | ---- | M] () -- C:\Users\baby elly\mephoto7.jpg
[2010/06/17 16:28:08 | 001,907,742 | ---- | M] () -- C:\Users\baby elly\mephoto9.jpg
[2010/06/17 16:27:43 | 002,163,175 | ---- | M] () -- C:\Users\baby elly\mephoto8.jpg
[2010/06/17 16:26:36 | 001,887,006 | ---- | M] () -- C:\Users\baby elly\mephoto6.jpg
[2010/06/17 16:25:51 | 003,948,014 | ---- | M] () -- C:\Users\baby elly\mephoto5.jpg
[2010/06/17 16:24:28 | 003,572,797 | ---- | M] () -- C:\Users\baby elly\mephoto4.jpg
[2010/06/17 16:23:28 | 003,808,393 | ---- | M] () -- C:\Users\baby elly\mephoto3.jpg
[2010/06/17 16:20:50 | 004,098,547 | ---- | M] () -- C:\Users\baby elly\mephoto2.jpg
[2010/06/17 16:20:13 | 001,996,137 | ---- | M] () -- C:\Users\baby elly\mephoto.jpg
[2010/06/17 12:28:32 | 000,000,856 | ---- | M] () -- C:\Users\baby elly\Application Data\Microsoft\Internet Explorer\Quick Launch\PhotoScape.lnk
[2010/06/17 12:28:32 | 000,000,832 | ---- | M] () -- C:\Users\baby elly\Desktop\PhotoScape.lnk
[2010/06/17 12:21:34 | 002,746,756 | ---- | M] () -- C:\Users\baby elly\mefv.jpg
[2010/06/17 12:08:26 | 000,000,927 | ---- | M] () -- C:\Users\baby elly\Application Data\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk
[2010/06/17 12:08:26 | 000,000,903 | ---- | M] () -- C:\Users\Public\Desktop\Picasa 3.lnk
[2010/06/15 19:59:37 | 000,001,730 | ---- | M] () -- C:\Users\Public\Desktop\ooVoo.lnk
[2010/06/14 07:29:59 | 000,397,088 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/05/26 12:53:52 | 000,048,128 | ---- | M] () -- C:\Windows\SysNative\atmlib.dll
[2010/05/26 10:56:53 | 000,366,080 | ---- | M] () -- C:\Windows\SysNative\atmfd.dll
[2010/05/18 18:31:44 | 000,000,376 | ---- | M] () -- C:\Users\baby elly\Documents\Pictures - Shortcut.lnk
[2010/05/18 18:31:40 | 000,184,341 | ---- | M] () -- C:\Users\baby elly\mec.jpg
[2010/05/14 16:30:20 | 000,774,930 | ---- | M] () -- C:\Users\baby elly\pro3.jpg
[2010/05/14 15:43:04 | 000,747,922 | ---- | M] () -- C:\Users\baby elly\DSCF1526.jpg
[2010/05/14 15:17:12 | 000,734,232 | ---- | M] () -- C:\Users\baby elly\project.jpg
[2010/05/05 18:54:10 | 000,000,928 | ---- | M] () -- C:\Users\baby elly\Application Data\Microsoft\Internet Explorer\Quick Launch\FinalMediaPlayer.lnk
[2010/05/05 18:54:10 | 000,000,904 | ---- | M] () -- C:\Users\baby elly\Desktop\FinalMediaPlayer.lnk
[2010/05/05 18:53:51 | 000,001,192 | ---- | M] () -- C:\Users\baby elly\Application Data\Microsoft\Internet Explorer\Quick Launch\Winferno Registry Power Cleaner.lnk
[2010/05/05 18:52:43 | 000,000,152 | ---- | M] () -- C:\Users\baby elly\Desktop\Free ID Theft Protection Trial.url
[2010/05/04 02:54:49 | 000,243,712 | ---- | M] () -- C:\Windows\SysNative\occache.dll
[2010/05/04 02:52:45 | 000,706,048 | ---- | M] () -- C:\Windows\SysNative\msfeeds.dll
[2010/05/04 02:52:04 | 001,538,560 | ---- | M] () -- C:\Windows\SysNative\inetcpl.cpl
[2010/05/04 02:51:49 | 000,219,136 | ---- | M] () -- C:\Windows\SysNative\ieui.dll
[2010/05/04 02:51:49 | 000,132,096 | ---- | M] () -- C:\Windows\SysNative\iesysprep.dll
[2010/05/04 02:51:48 | 002,334,208 | ---- | M] () -- C:\Windows\SysNative\iertutil.dll
[2010/05/04 02:51:48 | 000,077,312 | ---- | M] () -- C:\Windows\SysNative\iesetup.dll
[2010/05/04 02:51:48 | 000,072,192 | ---- | M] () -- C:\Windows\SysNative\iernonce.dll
[2010/05/04 02:51:47 | 000,252,416 | ---- | M] () -- C:\Windows\SysNative\iepeers.dll
[2010/05/04 01:01:59 | 000,162,816 | ---- | M] () -- C:\Windows\SysNative\ieUnatt.exe
[2010/05/04 01:01:39 | 000,070,656 | ---- | M] () -- C:\Windows\SysNative\ie4uinit.exe
[2010/05/04 01:01:04 | 000,012,288 | ---- | M] () -- C:\Windows\SysNative\msfeedssync.exe
[2010/04/29 15:39:28 | 000,024,664 | ---- | M] () -- C:\Windows\SysNative\drivers\mbam.sys
[2010/04/23 11:00:36 | 000,001,424 | ---- | M] () -- C:\Users\baby elly\Desktop\DivX Movies.lnk
[2010/04/23 08:12:18 | 000,107,528 | ---- | M] () -- C:\Users\baby elly\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/04/23 03:04:49 | 000,000,254 | ---- | M] () -- C:\Windows\win.ini
[2010/04/16 22:33:33 | 000,001,686 | ---- | M] () -- C:\Users\baby elly\Desktop\CCleaner.lnk
[2010/04/16 12:40:20 | 001,570,816 | ---- | M] () -- C:\Windows\SysNative\quartz.dll
[2010/04/16 12:35:56 | 000,032,256 | ---- | M] () -- C:\Windows\SysNative\Apphlpdm.dll
[2010/04/16 10:50:22 | 004,240,384 | ---- | M] () -- C:\Windows\SysNative\GameUXLegacyGDFs.dll
[2010/04/15 13:50:55 | 000,013,152 | ---- | M] () -- C:\Users\baby elly\Documents\Natacha_Lopez.docx
[2010/04/14 14:35:26 | 000,375,808 | ---- | M] () -- C:\Windows\SysNative\psisdecd.dll
[2010/04/14 14:35:24 | 000,289,792 | ---- | M] () -- C:\Windows\SysNative\psisrndr.ax
[2010/04/14 14:35:23 | 000,558,592 | ---- | M] () -- C:\Windows\SysNative\EncDec.dll
[2010/04/14 14:33:49 | 000,101,376 | ---- | M] () -- C:\Windows\SysNative\MSNP.ax
[2010/04/14 14:33:13 | 000,227,328 | ---- | M] () -- C:\Windows\SysNative\mpg2splt.ax
[2010/03/30 21:58:24 | 000,353,592 | ---- | M] (DivX, Inc.) -- C:\Windows\SysWow64\DivXControlPanelApplet.cpl

========== Files Created - No Company Name ==========

[2010/06/28 18:47:24 | 000,002,495 | ---- | C] () -- C:\Users\baby elly\AppData\Local\ononidopumam.dll
[2010/06/28 17:23:31 | 000,002,495 | ---- | C] () -- C:\Users\baby elly\AppData\Local\odequbefova.dll
[2010/06/28 15:54:21 | 000,000,377 | ---- | C] () -- C:\Users\baby elly\Documents - Shortcut.lnk
[2010/06/28 15:48:23 | 000,002,495 | ---- | C] () -- C:\Users\baby elly\AppData\Local\ugeweweciqusolet.dll
[2010/06/28 15:17:12 | 000,024,664 | ---- | C] () -- C:\Windows\SysNative\drivers\mbam.sys
[2010/06/25 03:00:48 | 000,227,328 | ---- | C] () -- C:\Windows\SysNative\mpg2splt.ax
[2010/06/25 03:00:48 | 000,101,376 | ---- | C] () -- C:\Windows\SysNative\MSNP.ax
[2010/06/25 03:00:43 | 000,375,808 | ---- | C] () -- C:\Windows\SysNative\psisdecd.dll
[2010/06/25 03:00:43 | 000,289,792 | ---- | C] () -- C:\Windows\SysNative\psisrndr.ax
[2010/06/25 03:00:42 | 000,558,592 | ---- | C] () -- C:\Windows\SysNative\EncDec.dll
[2010/06/24 03:00:41 | 001,942,856 | ---- | C] () -- C:\Windows\SysNative\dfshim.dll
[2010/06/24 03:00:41 | 000,444,752 | ---- | C] () -- C:\Windows\SysNative\mscoree.dll
[2010/06/24 03:00:41 | 000,320,352 | ---- | C] () -- C:\Windows\SysNative\PresentationHost.exe
[2010/06/24 03:00:41 | 000,109,912 | ---- | C] () -- C:\Windows\SysNative\PresentationHostProxy.dll
[2010/06/24 03:00:41 | 000,048,960 | ---- | C] () -- C:\Windows\SysNative\netfxperf.dll
[2010/06/24 00:08:42 | 000,032,256 | ---- | C] () -- C:\Windows\SysNative\Apphlpdm.dll
[2010/06/24 00:08:41 | 004,240,384 | ---- | C] () -- C:\Windows\SysNative\GameUXLegacyGDFs.dll
[2010/06/22 15:24:52 | 000,000,034 | -H-- | C] () -- C:\Users\baby elly\.picasa.ini
[2010/06/17 17:58:41 | 002,154,988 | ---- | C] () -- C:\Users\baby elly\lol.jpg
[2010/06/17 17:45:37 | 003,362,819 | ---- | C] () -- C:\Users\baby elly\andres1.jpg
[2010/06/17 17:37:07 | 003,712,388 | ---- | C] () -- C:\Users\baby elly\photoshootmw.jpg
[2010/06/17 17:29:52 | 001,212,458 | ---- | C] () -- C:\Users\baby elly\eliza.jpg
[2010/06/17 17:16:15 | 002,369,434 | ---- | C] () -- C:\Users\baby elly\default6.jpg
[2010/06/17 17:15:12 | 000,002,495 | ---- | C] () -- C:\Users\baby elly\AppData\Local\Pmuxe.dat
[2010/06/17 17:15:12 | 000,000,000 | ---- | C] () -- C:\Users\baby elly\AppData\Local\Nriroce.bin
[2010/06/17 17:10:26 | 001,565,614 | ---- | C] () -- C:\Users\baby elly\default5.jpg34948
[2010/06/17 17:10:25 | 000,000,000 | ---- | C] () -- C:\Users\baby elly\default5.jpg
[2010/06/17 17:00:46 | 005,399,490 | ---- | C] () -- C:\Users\baby elly\meagaiin.jpg
[2010/06/17 16:58:22 | 003,763,490 | ---- | C] () -- C:\Users\baby elly\mephoto17.jpg
[2010/06/17 16:56:42 | 001,533,088 | ---- | C] () -- C:\Users\baby elly\default3.jpg
[2010/06/17 16:52:53 | 001,721,819 | ---- | C] () -- C:\Users\baby elly\default2.jpg
[2010/06/17 16:49:46 | 002,955,745 | ---- | C] () -- C:\Users\baby elly\mephoto16.jpg
[2010/06/17 16:49:03 | 001,932,080 | ---- | C] () -- C:\Users\baby elly\mephoto15.jpg
[2010/06/17 16:47:10 | 001,791,742 | ---- | C] () -- C:\Users\baby elly\default.jpg
[2010/06/17 16:43:53 | 001,797,114 | ---- | C] () -- C:\Users\baby elly\mephoto14.jpg
[2010/06/17 16:42:03 | 006,936,514 | ---- | C] () -- C:\Users\baby elly\just seening me.jpg
[2010/06/17 16:37:07 | 002,531,148 | ---- | C] () -- C:\Users\baby elly\mephoto13.jpg
[2010/06/17 16:36:46 | 002,965,883 | ---- | C] () -- C:\Users\baby elly\mephoto12.jpg
[2010/06/17 16:35:06 | 002,848,137 | ---- | C] () -- C:\Users\baby elly\mephoto11.jpg
[2010/06/17 16:30:40 | 000,283,648 | -H-- | C] () -- C:\Users\baby elly\photothumb.db
[2010/06/17 16:28:23 | 003,834,202 | ---- | C] () -- C:\Users\baby elly\mephoto10.jpg
[2010/06/17 16:28:01 | 001,907,742 | ---- | C] () -- C:\Users\baby elly\mephoto9.jpg
[2010/06/17 16:27:34 | 002,163,175 | ---- | C] () -- C:\Users\baby elly\mephoto8.jpg
[2010/06/17 16:27:09 | 001,431,299 | ---- | C] () -- C:\Users\baby elly\mephoto7.jpg
[2010/06/17 16:26:24 | 001,887,006 | ---- | C] () -- C:\Users\baby elly\mephoto6.jpg
[2010/06/17 16:25:15 | 003,948,014 | ---- | C] () -- C:\Users\baby elly\mephoto5.jpg
[2010/06/17 16:24:03 | 003,572,797 | ---- | C] () -- C:\Users\baby elly\mephoto4.jpg
[2010/06/17 16:22:25 | 003,808,393 | ---- | C] () -- C:\Users\baby elly\mephoto3.jpg
[2010/06/17 16:20:34 | 004,098,547 | ---- | C] () -- C:\Users\baby elly\mephoto2.jpg
[2010/06/17 16:19:57 | 001,996,137 | ---- | C] () -- C:\Users\baby elly\mephoto.jpg
[2010/06/17 12:28:32 | 000,000,856 | ---- | C] () -- C:\Users\baby elly\Application Data\Microsoft\Internet Explorer\Quick Launch\PhotoScape.lnk
[2010/06/17 12:28:32 | 000,000,832 | ---- | C] () -- C:\Users\baby elly\Desktop\PhotoScape.lnk
[2010/06/17 12:21:34 | 002,746,756 | ---- | C] () -- C:\Users\baby elly\mefv.jpg
[2010/06/17 12:08:26 | 000,000,927 | ---- | C] () -- C:\Users\baby elly\Application Data\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk
[2010/06/17 12:08:26 | 000,000,903 | ---- | C] () -- C:\Users\Public\Desktop\Picasa 3.lnk
[2010/06/15 19:59:37 | 000,001,730 | ---- | C] () -- C:\Users\Public\Desktop\ooVoo.lnk
[2010/06/12 16:49:50 | 000,366,080 | ---- | C] () -- C:\Windows\SysNative\atmfd.dll
[2010/06/12 16:49:50 | 000,048,128 | ---- | C] () -- C:\Windows\SysNative\atmlib.dll
[2010/06/12 16:49:45 | 009,250,816 | ---- | C] () -- C:\Windows\SysNative\mshtml.dll
[2010/06/12 16:49:44 | 012,468,736 | ---- | C] () -- C:\Windows\SysNative\ieframe.dll
[2010/06/12 16:49:39 | 002,334,208 | ---- | C] () -- C:\Windows\SysNative\iertutil.dll
[2010/06/12 16:49:38 | 001,484,288 | ---- | C] () -- C:\Windows\SysNative\urlmon.dll
[2010/06/12 16:49:38 | 001,147,904 | ---- | C] () -- C:\Windows\SysNative\wininet.dll
[2010/06/12 16:49:38 | 000,459,776 | ---- | C] () -- C:\Windows\SysNative\iedkcs32.dll
[2010/06/12 16:49:37 | 001,538,560 | ---- | C] () -- C:\Windows\SysNative\inetcpl.cpl
[2010/06/12 16:49:37 | 001,062,912 | ---- | C] () -- C:\Windows\SysNative\mstime.dll
[2010/06/12 16:49:37 | 000,706,048 | ---- | C] () -- C:\Windows\SysNative\msfeeds.dll
[2010/06/12 16:49:37 | 000,243,712 | ---- | C] () -- C:\Windows\SysNative\occache.dll
[2010/06/12 16:49:36 | 001,638,912 | ---- | C] () -- C:\Windows\SysNative\mshtml.tlb
[2010/06/12 16:49:36 | 000,252,416 | ---- | C] () -- C:\Windows\SysNative\iepeers.dll
[2010/06/12 16:49:36 | 000,219,136 | ---- | C] () -- C:\Windows\SysNative\ieui.dll
[2010/06/12 16:49:36 | 000,162,816 | ---- | C] () -- C:\Windows\SysNative\ieUnatt.exe
[2010/06/12 16:49:36 | 000,132,096 | ---- | C] () -- C:\Windows\SysNative\iesysprep.dll
[2010/06/12 16:49:36 | 000,077,312 | ---- | C] () -- C:\Windows\SysNative\iesetup.dll
[2010/06/12 16:49:36 | 000,072,192 | ---- | C] () -- C:\Windows\SysNative\iernonce.dll
[2010/06/12 16:49:36 | 000,071,680 | ---- | C] () -- C:\Windows\SysNative\msfeedsbs.dll
[2010/06/12 16:49:36 | 000,070,656 | ---- | C] () -- C:\Windows\SysNative\ie4uinit.exe
[2010/06/12 16:49:36 | 000,031,744 | ---- | C] () -- C:\Windows\SysNative\jsproxy.dll
[2010/06/12 16:49:36 | 000,012,288 | ---- | C] () -- C:\Windows\SysNative\msfeedssync.exe
[2010/06/12 16:49:25 | 000,084,480 | ---- | C] () -- C:\Windows\SysNative\asycfilt.dll
[2010/06/12 16:49:19 | 002,749,952 | ---- | C] () -- C:\Windows\SysNative\win32k.sys
[2010/06/12 16:49:10 | 001,570,816 | ---- | C] () -- C:\Windows\SysNative\quartz.dll
[2010/06/03 12:20:22 | 000,000,680 | ---- | C] () -- C:\Users\baby elly\AppData\Local\d3d9caps.dat
[2010/06/01 20:45:17 | 000,002,048 | ---- | C] () -- C:\Windows\SysNative\tzres.dll
[2010/05/18 18:31:44 | 000,000,376 | ---- | C] () -- C:\Users\baby elly\Documents\Pictures - Shortcut.lnk
[2010/05/18 18:31:40 | 000,184,341 | ---- | C] () -- C:\Users\baby elly\mec.jpg
[2010/05/14 16:30:19 | 000,774,930 | ---- | C] () -- C:\Users\baby elly\pro3.jpg
[2010/05/14 15:43:03 | 000,747,922 | ---- | C] () -- C:\Users\baby elly\DSCF1526.jpg
[2010/05/14 15:17:11 | 000,734,232 | ---- | C] () -- C:\Users\baby elly\project.jpg
[2010/05/11 18:42:00 | 000,974,848 | ---- | C] () -- C:\Windows\SysNative\inetcomm.dll
[2010/05/05 18:54:27 | 000,000,444 | ---- | C] () -- C:\Windows\tasks\RPCReminder.job
[2010/05/05 18:54:10 | 000,000,928 | ---- | C] () -- C:\Users\baby elly\Application Data\Microsoft\Internet Explorer\Quick Launch\FinalMediaPlayer.lnk
[2010/05/05 18:54:10 | 000,000,904 | ---- | C] () -- C:\Users\baby elly\Desktop\FinalMediaPlayer.lnk
[2010/05/05 18:54:07 | 000,000,458 | ---- | C] () -- C:\Windows\tasks\RegPowerClean.job
[2010/05/05 18:53:51 | 000,001,192 | ---- | C] () -- C:\Users\baby elly\Application Data\Microsoft\Internet Explorer\Quick Launch\Winferno Registry Power Cleaner.lnk
[2010/05/05 18:52:43 | 000,000,152 | ---- | C] () -- C:\Users\baby elly\Desktop\Free ID Theft Protection Trial.url
[2010/04/23 15:27:53 | 000,442,368 | ---- | C] () -- C:\Windows\SysNative\winhttp.dll
[2010/04/20 07:34:44 | 000,656,384 | ---- | C] () -- C:\Windows\SysNative\kerberos.dll
[2010/04/20 07:34:42 | 000,338,944 | ---- | C] () -- C:\Windows\SysNative\schannel.dll
[2010/04/18 03:37:09 | 000,049,160 | ---- | C] () -- C:\Windows\SysNative\infocardcpl.cpl
[2010/04/18 03:37:03 | 000,011,264 | ---- | C] () -- C:\Windows\SysNative\icardres.dll
[2010/04/18 03:37:02 | 001,383,936 | ---- | C] () -- C:\Windows\SysNative\icardagt.exe
[2010/04/18 03:37:02 | 001,168,928 | ---- | C] () -- C:\Windows\SysNative\PresentationNative_v0300.dll
[2010/04/18 03:37:02 | 000,167,432 | ---- | C] () -- C:\Windows\SysNative\infocardapi.dll
[2010/04/18 03:36:50 | 000,126,520 | ---- | C] () -- C:\Windows\SysNative\PresentationCFFRasterizerNative_v0300.dll
[2010/04/18 03:24:25 | 000,158,208 | ---- | C] () -- C:\Windows\SysNative\mscorier.dll
[2010/04/18 03:24:22 | 000,076,288 | ---- | C] () -- C:\Windows\SysNative\mscories.dll
[2010/04/18 03:19:48 | 000,032,768 | ---- | C] () -- C:\Windows\SysNative\nshhttp.dll
[2010/04/18 03:19:45 | 000,610,304 | ---- | C] () -- C:\Windows\SysNative\drivers\http.sys
[2010/04/18 03:19:45 | 000,033,792 | ---- | C] () -- C:\Windows\SysNative\httpapi.dll
[2010/04/17 12:50:06 | 000,817,664 | ---- | C] () -- C:\Windows\SysNative\jscript.dll
[2010/04/17 12:49:59 | 000,189,440 | ---- | C] () -- C:\Windows\SysNative\t2embed.dll
[2010/04/17 12:49:59 | 000,096,256 | ---- | C] () -- C:\Windows\SysNative\fontsub.dll
[2010/04/17 12:49:51 | 000,791,552 | ---- | C] () -- C:\Windows\SysNative\localspl.dll
[2010/04/17 12:49:44 | 001,420,688 | ---- | C] () -- C:\Windows\SysNative\drivers\tcpip.sys
[2010/04/17 12:49:41 | 000,224,256 | ---- | C] () -- C:\Windows\SysNative\iphlpsvc.dll
[2010/04/17 12:49:41 | 000,029,696 | ---- | C] () -- C:\Windows\SysNative\drivers\tunnel.sys
[2010/04/17 12:49:27 | 004,678,032 | ---- | C] () -- C:\Windows\SysNative\ntoskrnl.exe
[2010/04/17 12:43:43 | 013,426,176 | ---- | C] () -- C:\Windows\SysNative\wmp.dll
[2010/04/17 12:43:38 | 000,372,736 | ---- | C] () -- C:\Windows\SysNative\unregmp2.exe
[2010/04/17 12:43:30 | 008,147,968 | ---- | C] () -- C:\Windows\SysNative\wmploc.DLL
[2010/04/17 12:39:02 | 001,691,648 | ---- | C] () -- C:\Windows\SysNative\connect.dll
[2010/04/17 12:38:53 | 000,054,272 | ---- | C] () -- C:\Windows\SysNative\iyuv_32.dll
[2010/04/17 12:38:53 | 000,038,400 | ---- | C] () -- C:\Windows\SysNative\msvidc32.dll
[2010/04/17 12:38:53 | 000,025,600 | ---- | C] () -- C:\Windows\SysNative\msyuv.dll
[2010/04/17 12:38:52 | 000,093,184 | ---- | C] () -- C:\Windows\SysNative\mciavi32.dll
[2010/04/17 12:38:52 | 000,015,872 | ---- | C] () -- C:\Windows\SysNative\msrle32.dll
[2010/04/17 12:38:52 | 000,013,824 | ---- | C] () -- C:\Windows\SysNative\tsbyuv.dll
[2010/04/17 12:38:51 | 000,108,544 | ---- | C] () -- C:\Windows\SysNative\avifil32.dll
[2010/04/17 12:38:51 | 000,076,800 | ---- | C] () -- C:\Windows\SysNative\avicap32.dll
[2010/04/17 12:38:46 | 000,143,360 | ---- | C] () -- C:\Windows\SysNative\msvfw32.dll
[2010/04/17 12:34:14 | 001,280,512 | ---- | C] () -- C:\Windows\SysNative\rpcrt4.dll
[2010/04/17 12:32:39 | 000,437,248 | ---- | C] () -- C:\Windows\SysNative\WSDApi.dll
[2010/04/17 12:32:33 | 000,818,688 | ---- | C] () -- C:\Windows\SysNative\WMSPDMOD.DLL
[2010/04/17 12:31:53 | 000,273,920 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb10.sys
[2010/04/17 12:31:53 | 000,135,168 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb.sys
[2010/04/17 12:31:53 | 000,105,472 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb20.sys
[2010/04/17 12:30:35 | 000,280,576 | ---- | C] () -- C:\Windows\SysNative\rastls.dll
[2010/04/17 12:30:34 | 000,295,936 | ---- | C] () -- C:\Windows\SysNative\raschap.dll
[2010/04/17 12:30:32 | 000,612,864 | ---- | C] () -- C:\Windows\SysNative\vbscript.dll
[2010/04/17 12:30:29 | 001,208,832 | ---- | C] () -- C:\Windows\SysNative\kernel32.dll
[2010/04/17 12:30:24 | 000,025,600 | ---- | C] () -- C:\Windows\SysNative\amxread.dll
[2010/04/17 12:30:24 | 000,015,872 | ---- | C] () -- C:\Windows\SysNative\apilogen.dll
[2010/04/17 12:30:00 | 000,388,608 | ---- | C] () -- C:\Windows\SysNative\gdi32.dll
[2010/04/17 12:29:47 | 000,464,384 | ---- | C] () -- C:\Windows\SysNative\drivers\srv.sys
[2010/04/17 12:29:47 | 000,141,824 | ---- | C] () -- C:\Windows\SysNative\drivers\srvnet.sys
[2010/04/17 12:29:45 | 000,324,608 | ---- | C] () -- C:\Windows\SysNative\PortableDeviceApi.dll
[2010/04/17 12:29:39 | 001,875,456 | ---- | C] () -- C:\Windows\SysNative\msxml3.dll
[2010/04/17 12:29:38 | 001,794,560 | ---- | C] () -- C:\Windows\SysNative\msxml6.dll
[2010/04/17 12:29:15 | 002,423,296 | ---- | C] () -- C:\Windows\SysNative\mstscax.dll
[2010/04/17 12:29:04 | 000,880,640 | ---- | C] () -- C:\Windows\SysNative\timedate.cpl
[2010/04/17 12:28:57 | 001,030,656 | ---- | C] () -- C:\Windows\SysNative\printfilterpipelinesvc.exe
[2010/04/17 12:28:52 | 000,718,336 | ---- | C] () -- C:\Windows\SysNative\rpcss.dll
[2010/04/17 12:28:50 | 000,231,424 | ---- | C] () -- C:\Windows\SysNative\sdohlp.dll
[2010/04/17 12:28:50 | 000,036,352 | ---- | C] () -- C:\Windows\SysNative\printfilterpipelineprxy.dll
[2010/04/17 12:28:49 | 000,163,840 | ---- | C] () -- C:\Windows\SysNative\iasrecst.dll
[2010/04/17 12:28:49 | 000,075,776 | ---- | C] () -- C:\Windows\SysNative\iasads.dll
[2010/04/17 12:28:49 | 000,061,440 | ---- | C] () -- C:\Windows\SysNative\iasdatastore.dll
[2010/04/17 12:28:49 | 000,024,576 | ---- | C] () -- C:\Windows\SysNative\iashost.exe
[2010/04/17 12:28:31 | 000,594,944 | ---- | C] () -- C:\Windows\SysNative\RMActivate_isv.exe
[2010/04/17 12:28:31 | 000,594,432 | ---- | C] () -- C:\Windows\SysNative\RMActivate.exe
[2010/04/17 12:28:31 | 000,413,696 | ---- | C] () -- C:\Windows\SysNative\RMActivate_ssp_isv.exe
[2010/04/17 12:28:31 | 000,409,600 | ---- | C] () -- C:\Windows\SysNative\RMActivate_ssp.exe
[2010/04/17 12:28:30 | 000,535,040 | ---- | C] () -- C:\Windows\SysNative\secproc.dll
[2010/04/17 12:28:30 | 000,534,016 | ---- | C] () -- C:\Windows\SysNative\secproc_isv.dll
[2010/04/17 12:28:29 | 000,457,216 | ---- | C] () -- C:\Windows\SysNative\msdrm.dll
[2010/04/17 12:28:29 | 000,159,232 | ---- | C] () -- C:\Windows\SysNative\secproc_ssp_isv.dll
[2010/04/17 12:28:29 | 000,158,720 | ---- | C] () -- C:\Windows\SysNative\secproc_ssp.dll
[2010/04/17 12:26:38 | 003,547,136 | ---- | C] () -- C:\Windows\SysNative\mf.dll
[2010/04/17 12:26:38 | 002,900,480 | ---- | C] () -- C:\Windows\SysNative\WMVCORE.DLL
[2010/04/17 12:26:31 | 001,692,160 | ---- | C] () -- C:\Windows\SysNative\lsasrv.dll
[2010/04/17 12:26:31 | 000,268,800 | ---- | C] () -- C:\Windows\SysNative\msv1_0.dll
[2010/04/17 12:26:31 | 000,205,312 | ---- | C] () -- C:\Windows\SysNative\wdigest.dll
[2010/04/17 12:26:30 | 000,515,656 | ---- | C] () -- C:\Windows\SysNative\drivers\ksecdd.sys
[2010/04/17 12:26:30 | 000,094,720 | ---- | C] () -- C:\Windows\SysNative\secur32.dll
[2010/04/17 12:26:30 | 000,011,264 | ---- | C] () -- C:\Windows\SysNative\lsass.exe
[2010/04/17 12:25:45 | 000,088,576 | ---- | C] () -- C:\Windows\SysNative\atl.dll
[2010/04/17 12:25:23 | 000,141,312 | ---- | C] () -- C:\Windows\SysNative\netiohlp.dll
[2010/04/17 12:25:22 | 000,032,256 | ---- | C] () -- C:\Windows\SysNative\NETSTAT.EXE
[2010/04/17 12:25:22 | 000,023,040 | ---- | C] () -- C:\Windows\SysNative\ARP.EXE
[2010/04/17 12:25:22 | 000,012,800 | ---- | C] () -- C:\Windows\SysNative\MRINFO.EXE
[2010/04/17 12:25:22 | 000,010,752 | ---- | C] () -- C:\Windows\SysNative\TCPSVCS.EXE
[2010/04/17 12:25:21 | 000,011,264 | ---- | C] () -- C:\Windows\SysNative\finger.exe
[2010/04/17 12:25:21 | 000,010,240 | ---- | C] () -- C:\Windows\SysNative\HOSTNAME.EXE
[2010/04/17 12:25:20 | 000,021,504 | ---- | C] () -- C:\Windows\SysNative\ROUTE.EXE
[2010/04/17 12:25:20 | 000,017,920 | ---- | C] () -- C:\Windows\SysNative\netevent.dll
[2010/04/17 12:24:41 | 000,174,592 | ---- | C] () -- C:\Windows\SysNative\drivers\srv2.sys
[2010/04/17 12:24:34 | 001,245,184 | ---- | C] () -- C:\Windows\SysNative\WMNetMgr.dll
[2010/04/17 12:24:33 | 000,112,640 | ---- | C] () -- C:\Windows\SysNative\logagent.exe
[2010/04/17 12:24:22 | 000,082,944 | ---- | C] () -- C:\Windows\SysNative\msasn1.dll
[2010/04/17 12:24:16 | 000,202,752 | ---- | C] () -- C:\Windows\SysNative\wkssvc.dll
[2010/04/17 12:24:08 | 000,730,112 | ---- | C] () -- C:\Windows\SysNative\msdtcprx.dll
[2010/04/17 12:24:08 | 000,048,640 | ---- | C] () -- C:\Windows\SysNative\xolehlp.dll
[2010/04/17 12:24:04 | 000,072,192 | ---- | C] () -- C:\Windows\SysNative\l3codeca.acm
[2010/04/17 12:23:15 | 012,897,792 | ---- | C] () -- C:\Windows\SysNative\shell32.dll
[2010/04/17 12:22:42 | 000,368,128 | ---- | C] () -- C:\Windows\SysNative\wmpdxm.dll
[2010/04/17 12:22:40 | 000,009,216 | ---- | C] () -- C:\Windows\SysNative\spwmp.dll
[2010/04/17 12:22:40 | 000,005,120 | ---- | C] () -- C:\Windows\SysNative\msdxm.ocx
[2010/04/17 12:22:40 | 000,005,120 | ---- | C] () -- C:\Windows\SysNative\dxmasf.dll
[2010/04/17 12:22:37 | 000,043,520 | ---- | C] () -- C:\Windows\SysNative\msdxm.tlb
[2010/04/17 12:22:37 | 000,018,432 | ---- | C] () -- C:\Windows\SysNative\amcompat.tlb
[2010/04/17 12:22:31 | 000,176,640 | ---- | C] () -- C:\Windows\SysNative\Faultrep.dll
[2010/04/17 12:22:31 | 000,120,832 | ---- | C] () -- C:\Windows\SysNative\wersvc.dll
[2010/04/17 12:22:24 | 000,470,016 | ---- | C] () -- C:\Windows\SysNative\PhotoMetadataHandler.dll
[2010/04/17 12:22:24 | 000,386,560 | ---- | C] () -- C:\Windows\SysNative\WindowsCodecsExt.dll
[2010/04/17 12:22:23 | 000,841,216 | ---- | C] () -- C:\Windows\SysNative\WindowsCodecs.dll
[2010/04/17 12:22:12 | 002,608,803 | ---- | C] () -- C:\Windows\SysNative\wlan.tmf
[2010/04/17 12:22:11 | 000,615,936 | ---- | C] () -- C:\Windows\SysNative\wlansvc.dll
[2010/04/17 12:22:11 | 000,376,832 | ---- | C] () -- C:\Windows\SysNative\wlansec.dll
[2010/04/17 12:22:11 | 000,353,280 | ---- | C] () -- C:\Windows\SysNative\wlanmsm.dll
[2010/04/17 12:22:11 | 000,157,184 | ---- | C] () -- C:\Windows\SysNative\L2SecHC.dll
[2010/04/17 12:22:10 | 000,097,792 | ---- | C] () -- C:\Windows\SysNative\wlanhlp.dll
[2010/04/17 12:22:10 | 000,086,528 | ---- | C] () -- C:\Windows\SysNative\wlanapi.dll
[2010/04/17 11:44:32 | 000,218,112 | ---- | C] () -- C:\Windows\SysNative\wintrust.dll
[2010/04/17 11:44:26 | 000,104,960 | ---- | C] () -- C:\Windows\SysNative\cabview.dll
[2010/04/16 22:54:10 | 002,621,440 | ---- | C] () -- C:\Windows\SysNative\wucltux.dll
[2010/04/16 22:54:10 | 002,424,024 | ---- | C] () -- C:\Windows\SysNative\wuaueng.dll
[2010/04/16 22:54:10 | 000,057,560 | ---- | C] () -- C:\Windows\SysNative\wuauclt.exe
[2010/04/16 22:54:10 | 000,043,744 | ---- | C] () -- C:\Windows\SysNative\wups2.dll
[2010/04/16 22:53:18 | 000,700,640 | ---- | C] () -- C:\Windows\SysNative\wuapi.dll
[2010/04/16 22:53:18 | 000,098,816 | ---- | C] () -- C:\Windows\SysNative\wudriver.dll
[2010/04/16 22:53:18 | 000,038,112 | ---- | C] () -- C:\Windows\SysNative\wups.dll
[2010/04/16 22:52:29 | 000,185,416 | ---- | C] () -- C:\Windows\SysNative\wuwebv.dll
[2010/04/16 22:52:29 | 000,036,864 | ---- | C] () -- C:\Windows\SysNative\wuapp.exe
[2010/04/16 22:33:33 | 000,001,686 | ---- | C] () -- C:\Users\baby elly\Desktop\CCleaner.lnk
[2010/04/15 13:50:54 | 000,013,152 | ---- | C] () -- C:\Users\baby elly\Documents\Natacha_Lopez.docx
[2008/01/20 22:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/20 22:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2009/05/06 23:45:02 | 000,000,000 | ---D | M] -- C:\Users\baby elly\AppData\Roaming\acccore
[2010/06/21 18:09:23 | 000,000,000 | ---D | M] -- C:\Users\baby elly\AppData\Roaming\Facebook
[2010/05/05 18:54:15 | 000,000,000 | ---D | M] -- C:\Users\baby elly\AppData\Roaming\FinalMediaPlayer
[2010/06/28 12:19:21 | 000,000,000 | ---D | M] -- C:\Users\baby elly\AppData\Roaming\LimeWire
[2009/10/09 09:38:42 | 000,000,000 | ---D | M] -- C:\Users\baby elly\AppData\Roaming\muvee Technologies
[2010/06/15 19:59:49 | 000,000,000 | ---D | M] -- C:\Users\baby elly\AppData\Roaming\ooVoo Details
[2010/06/15 19:58:41 | 000,000,000 | ---D | M] -- C:\Users\baby elly\AppData\Roaming\oovooinstaller
[2010/06/28 18:22:07 | 000,000,000 | ---D | M] -- C:\Users\baby elly\AppData\Roaming\PhotoScape
[2010/06/28 18:47:10 | 000,000,000 | ---D | M] -- C:\Users\baby elly\AppData\Roaming\vmndtxtb
[2010/05/05 18:54:06 | 000,000,000 | ---D | M] -- C:\Users\baby elly\AppData\Roaming\WeatherBug
[2009/05/10 17:04:46 | 000,000,000 | ---D | M] -- C:\Users\baby elly\AppData\Roaming\WildTangent
[2010/06/28 18:45:42 | 000,000,458 | ---- | M] () -- C:\Windows\Tasks\RegPowerClean.job
[2010/06/28 14:32:05 | 000,000,444 | ---- | M] () -- C:\Windows\Tasks\RPCReminder.job
[2010/06/28 18:16:38 | 000,032,536 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/06/28 18:55:59 | 000,000,442 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{740F8423-F1E3-428B-BA32-1336E1D8BCAE}.job

========== Purity Check ==========


< End of report >

Hello, and welcome to GeekPolice.

Please note the following information about the malware forum:

• Only Tech Officers, Global Moderators, Administrators, and Malware Advisors are allowed to give advice on removing malware from your computer.
  
• From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by the staff I noted above.
  
• Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
  
• If you have already asked for help somewhere, please post the link to the topic you were helped.
  
• We try our best to reply quickly, but for any reason we do not reply in two days, do one of two things:
  
  Reply to this topic with the word BUMP, or
  see this topic.
  
  
• Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

---

Please visit this webpage for a tutorial on downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

See the area: Using ComboFix, and when done, post the log back here.

thanks <3

Post the log when you have it ready.