Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I think I have the Help Assistant Virus


  • This topic is locked This topic is locked
45 replies to this topic

#1 lisa5

lisa5

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:08:03 AM

Posted 20 February 2010 - 03:19 PM

First let me say I am little better than a computer dummy.
I do think my computer is infected with the help assistant virus. I have ran avg8.5 and malwarebyte's and have found nothing, but the help assistant file keeps comming back after I disable and delete it. My computer is very slow and freezes or just shuts down in the middle of whatever.
I have done the dds and attach.
I cannot run gmer computer get a blue screen or shuts down


DDS (Ver_09-12-01.01) - NTFSx86
Run by Lisa at 13:27:41.06 on Sat 02/20/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.318 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
svchost.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\iWin Games\iWinTrusted.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Lisa\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.dell.com/
mSearchAssistant = hxxp://www.google.com/ie
BHO: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: IEHlprObj Class: {8ca5ed52-f3fb-4414-a105-2e3491156990} - c:\program files\iwin games\iWinGamesHookIE.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: {f0131487-39e4-4b68-b78a-034e545a8627} - c:\windows\system32\fccddecY.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [DellSupport] "c:\program files\dell support\DSAgnt.exe" /startup
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\isuspm.exe" -scheduler
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd.exe"
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [PCSuiteTrayApplication] c:\program files\nokia\nokia pc suite 6\LaunchApplication.exe -startup
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [BlackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
dRun: [Nokia.PCSync] c:\program files\nokia\nokia pc suite 6\PcSync2.exe /NoDialog
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\deskto~1.lnk - c:\program files\research in motion\blackberry\DesktopMgr.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: pogo.com\www
DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} - hxxp://www.worldwinner.com/games/v47/scrabblecubes/scrabblecubes.cab
DPF: {038E2507-7A48-41E2-94AD-7F23D199AF4E} - hxxp://www.worldwinner.com/games/v54/zengems/zengems.cab
DPF: {04063354-A10E-4427-A1EC-F3CC81587BC6} - hxxp://www.worldwinner.com/games/v41/mines/mines.cab
DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} - hxxp://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
DPF: {0B195D55-0AB4-48C7-828F-34BE10BA4266} - hxxp://www.worldwinner.com/games/v53/dealornodeal/dealornodeal.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {18C3FD15-74F6-4280-9C98-3590C966B7B8} - hxxp://www.worldwinner.com/games/v47/skillgam/skillgam.cab
DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} - hxxp://www.worldwinner.com/games/v47/shared/FunGamesLoader.cab
DPF: {1D082E71-DF20-4AAF-863B-596428C49874} - hxxp://www.worldwinner.com/games/v50/tpir/tpir.cab
DPF: {2C153C75-8476-434B-B3C3-57B63A3D1939} - hxxp://www.worldwinner.com/games/v48/brickout/brickout.cab
DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} - hxxp://www.worldwinner.com/games/v50/pool/pool.cab
DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} - hxxp://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
DPF: {3D3DBC64-0D21-4EA4-94EE-86D6D9B31C0C} - hxxp://www.worldwinner.com/games/v45/moneylist/moneylist.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www2.snapfish.com/SnapfishActivia.cab
DPF: {41D1977F-4161-4720-800F-EA4903983A38} - hxxp://www.worldwinner.com/games/v43/jigsaw/jigsaw.cab
DPF: {42FDC231-A411-45F8-B8B6-3B5026111DA8} - hxxp://www.worldwinner.com/games/v47/solitairerush/solitairerush.cab
DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} - hxxp://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} - hxxp://www.worldwinner.com/games/v63/bjattack/bja.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase1140.cab
DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} - hxxp://www.worldwinner.com/games/v51/bejeweled/bejeweled.cab
DPF: {61900274-3323-4446-BDCD-91548D32AF1B} - hxxp://www.worldwinner.com/games/v56/spidersolitaire/spidersolitaire.cab
DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} - hxxp://www.worldwinner.com/games/v49/blockwerx/blockwerx.cab
DPF: {64CD313F-F079-4D93-959F-4D28B5519449} - hxxp://www.worldwinner.com/games/v56/jeopardy/jeopardy.cab
DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} - hxxp://www.worldwinner.com/games/v41/freecell/freecell.cab
DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} - hxxps://www.taxsimple.org/tsweb/msrdp.cab
DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} - hxxp://zone.msn.com/bingame/amun/default/mjolauncher.cab
DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} - hxxp://zone.msn.com/bingame/zpagames/GAME_UNO1.cab60096.cab
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FA2192F-B95D-40E3-898F-8D7ABB8E00D0} - hxxp://clubgames.pogo.com/online2/pogop/mahjong_escape_ancient_japan/SpinTopGamesLauncher.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {94299420-321F-4FF9-A247-62A23EBB640B} - hxxp://www.worldwinner.com/games/v46/wordmojo/wordmojo.cab
DPF: {95A311CD-EC8E-452A-BCEC-B844EB616D03} - hxxp://www.worldwinner.com/games/v51/bejeweledtwist/bejeweledtwist.cab
DPF: {97438FE9-D361-4279-BA82-98CC0877A717} - hxxp://www.worldwinner.com/games/v57/cubis/cubis.cab
DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} - hxxp://www.worldwinner.com/games/v46/sol/sol.cab
DPF: {A021A215-6CDC-44B4-8C16-90491CED9605} - hxxp://www.worldwinner.com/games/v68/clue/clue.cab
DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} - hxxp://www.worldwinner.com/games/v57/wof/wof.cab
DPF: {A91FB93D-7561-4524-8484-5C27C8FA8D42} - hxxp://www.worldwinner.com/games/v50/luxor/luxor.cab
DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} - hxxp://www.worldwinner.com/games/v67/swapit/swapit.cab
DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} - hxxp://www.worldwinner.com/games/v41/hangman/hangman.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
DPF: {BA35B9B8-DE9E-47C9-AFA7-3C77E3DDFD39} - hxxp://www.worldwinner.com/games/v46/monopoly/monopoly.cab
DPF: {BA94245D-2AA0-4953-9D9F-B0EE4CC02C43} - hxxp://www.worldwinner.com/games/v42/tilecity/tilecity.cab
DPF: {BB637307-92FA-47EC-B3F7-6969078673CC} - hxxp://www.worldwinner.com/games/v45/royal/royal.cab
DPF: {BCF9A64D-1440-4404-863C-F5DF2B99F798} - hxxp://zone.msn.com/bingame/zpagames/zpa_catan.cab55579.cab
DPF: {C5326A4D-E9AA-40AD-A09A-E74304D86B47} - hxxp://www.worldwinner.com/games/v52/dinerdash/dinerdash.cab
DPF: {C82BB209-F528-46F9-96D5-69DEF7260916} - hxxp://www.worldwinner.com/games/v45/mysterypi/mysterypi.cab
DPF: {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} - hxxp://www.worldwinner.com/games/v43/paint/paint.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} - hxxp://www.worldwinner.com/games/v47/familyfeud/familyfeud.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} - hxxp://download.games.yahoo.com/games/web_games/gamehouse/frenzy/SproutLauncher.cab
DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} - hxxp://zone.msn.com/bingame/cnma/default/ct.cab
DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} - hxxp://zone.msn.com/binframework/v10/StProxy.cab55579.cab
DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} - hxxp://zone.msn.com/bingame/dash/default/DinerDash.1.0.0.94.cab
DPF: {E12EB891-D000-421B-A8ED-EDE1BDCA14A0} - hxxp://www.worldwinner.com/games/v44/golfsol/golfsol.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} - hxxp://www.worldwinner.com/games/v47/wwspades/wwspades.cab
DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} - hxxp://zone.msn.com/bingame/zpagames/ZPA_Backgammon.cab64162.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-5-11 335240]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-5-11 27784]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-5-11 108552]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-7-4 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-7-4 297752]
R2 iWinTrusted;iWinTrusted;c:\program files\iwin games\iWinTrusted.exe [2010-1-21 78104]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-12-10 1247600]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2007-9-17 18560]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys --> c:\windows\system32\drivers\nmwcdnsu.sys [?]

============== File Associations ===============

regfile=regedit.exe "%1" %*

=============== Created Last 30 ================

2010-02-20 18:22:57 0 ----a-w- c:\documents and settings\lisa\defogger_reenable
2010-02-19 13:32:08 0 d-----w- c:\docume~1\lisa\applic~1\Quirky Games
2010-02-14 01:55:37 0 d-----w- c:\docume~1\alluse~1\applic~1\Research In Motion
2010-02-12 23:52:59 0 d-----w- c:\windows\pss
2010-02-12 22:38:23 0 d-----w- c:\program files\common files\Research In Motion
2010-02-12 22:38:22 0 d-----w- c:\program files\Research In Motion

==================== Find3M ====================

2010-01-07 21:07:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 21:07:04 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-31 16:50:03 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-31 16:50:03 353792 ------w- c:\windows\system32\dllcache\srv.sys
2009-12-21 13:19:18 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2009-12-17 22:38:12 96800 ----a-w- c:\windows\fonts\anvers black.ttf
2009-12-17 22:38:12 110460 ----a-w- c:\windows\fonts\anvers regular.ttf
2009-12-17 22:38:12 100676 ----a-w- c:\windows\fonts\anvers bold.ttf
2009-12-16 18:43:27 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-16 18:43:27 343040 ------w- c:\windows\system32\dllcache\mspaint.exe
2009-12-14 07:08:23 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-14 07:08:23 33280 ------w- c:\windows\system32\dllcache\csrsrv.dll
2009-12-08 19:27:51 2189184 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-12-08 19:26:15 2145280 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-08 19:26:15 2145280 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-12-08 18:43:51 2023936 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-08 18:43:51 2023936 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-12-08 18:43:50 2066048 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-12-08 09:23:28 474112 ------w- c:\windows\system32\dllcache\shlwapi.dll
2009-12-04 18:22:22 455424 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2009-11-27 17:11:44 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 17:11:44 17920 ------w- c:\windows\system32\dllcache\msyuv.dll
2009-11-27 17:11:44 1291776 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 17:11:44 1291776 ------w- c:\windows\system32\dllcache\quartz.dll
2009-11-27 16:07:35 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:07:35 8704 ------w- c:\windows\system32\dllcache\tsbyuv.dll
2009-11-27 16:07:35 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07:35 28672 ------w- c:\windows\system32\dllcache\msvidc32.dll
2009-11-27 16:07:34 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:07:34 84992 ------w- c:\windows\system32\dllcache\avifil32.dll
2009-11-27 16:07:34 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-27 16:07:34 48128 ------w- c:\windows\system32\dllcache\iyuv_32.dll
2009-11-27 16:07:34 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:07:34 11264 ------w- c:\windows\system32\dllcache\msrle32.dll
2008-03-25 11:54:47 0 ----a-w- c:\program files\temp01
2008-08-21 12:00:25 88 --sh--r- c:\windows\system32\92F4BEDB8D.sys
2008-08-21 12:00:37 2516 --sha-w- c:\windows\system32\KGyGaAvL.sys
2008-05-11 00:31:30 545 --sha-w- c:\windows\system32\lSstCcfe.ini2
2008-05-11 00:31:34 6591 --sha-w- c:\windows\system32\ppqAbccf.ini2
2008-05-11 00:31:31 6641 --sha-w- c:\windows\system32\sBbISrqr.ini2
2008-05-11 17:28:51 1035950 --sha-w- c:\windows\system32\SttAyyay.ini2
2008-05-11 16:49:05 1041612 --sha-w- c:\windows\system32\Yceddccf.ini2

============= FINISH: 13:28:25.87 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:03 AM

Posted 21 February 2010 - 04:05 PM

Hi,

Ok, please try GMER again, but this time try it in safe mode. If that doesn't work, try it again but uncheck the Devices. Finally, if all else fails, please run RootRepeal as below.

We Need to check for Rootkits with RootRepeal
  1. Download RootRepeal from the following location and save it to your desktop.
  2. Extract RootRepeal.exe from the archive.
  3. Open on your desktop.
  4. Click the tab.
  5. Click the button.
  6. Check all seven boxes:
  7. Push Ok
  8. Check the box for your main system drive (Usually C:), and press Ok.
  9. Allow RootRepeal to run a scan of your system. This may take some time.
  10. Once the scan completes, push the button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#3 lisa5

lisa5
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:08:03 AM

Posted 22 February 2010 - 10:47 PM

I still could not get gmer to work so I ran root repeal here is the log...thanks for your help

Attached Files



#4 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:03 AM

Posted 23 February 2010 - 06:35 PM

OK, I see signs of an MBR infection among others. One last check just to confirm it's help assistant variant of the MBR rootkit. Please run this log:

We need to create an OTL report,
  • Please download OTL from this link.
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in:

    netsvcs
    msconfig
    activex
    drivers32
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32
    ahcix86s.sys
    nvrd32.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT

  • Click the Quick Scan button.
  • The scan should take a few minutes.
  • Please copy and paste both logs in your reply.



If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#5 lisa5

lisa5
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:08:03 AM

Posted 24 February 2010 - 07:55 AM

Here are the lo

OTL logfile created on: 2/24/2010 6:43:23 AM - Run 1
OTL by OldTimer - Version 3.1.30.1 Folder = C:\Documents and Settings\Lisa\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.00 Mb Total Physical Memory | 342.00 Mb Available Physical Memory | 36.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.33 Gb Total Space | 101.89 Gb Free Space | 70.59% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DIRTMCGIRT
Current User Name: Lisa
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/02/23 22:20:07 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lisa\Desktop\OTL.exe
PRC - [2010/01/21 14:12:42 | 000,078,104 | ---- | M] (iWin Inc.) -- C:\Program Files\iWin Games\iWinTrusted.exe
PRC - [2009/12/12 08:06:37 | 002,043,160 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2009/10/11 04:17:35 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/08/26 07:21:16 | 000,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/08/26 07:21:15 | 000,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2009/08/26 07:21:12 | 000,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2009/08/26 07:21:11 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
PRC - [2009/08/26 07:21:03 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2009/05/21 09:55:32 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2008/08/13 17:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/05/10 06:15:28 | 000,282,624 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
PRC - [2008/04/13 19:12:41 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/19 20:16:29 | 001,247,600 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2007/06/18 14:10:32 | 000,271,360 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
PRC - [2007/06/15 15:55:00 | 000,300,544 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2007/05/04 05:19:15 | 000,160,832 | ---- | M] (Siber Systems) -- C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2006/08/28 22:57:12 | 000,395,776 | ---- | M] (Gteko Ltd.) -- C:\Program Files\Dell Support\DSAgnt.exe
PRC - [2006/08/23 20:12:44 | 000,155,715 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2006/08/15 11:00:20 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2006/07/25 18:03:42 | 000,100,032 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2005/10/05 04:12:00 | 000,094,208 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe
PRC - [2004/04/07 13:07:32 | 001,135,728 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
PRC - [2003/10/29 03:06:00 | 000,024,576 | R--- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2003/09/16 05:19:24 | 000,237,568 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PRC - [2003/08/04 17:28:18 | 000,049,152 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\hpwuSchd.exe
PRC - [1999/12/12 12:01:00 | 000,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTSVCCDA.EXE


========== Modules (SafeList) ==========

MOD - [2010/02/23 22:20:07 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lisa\Desktop\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - [2010/01/21 14:12:42 | 000,078,104 | ---- | M] (iWin Inc.) [Auto | Running] -- C:\Program Files\iWin Games\iWinTrusted.exe -- (iWinTrusted)
SRV - [2009/10/11 04:17:35 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/08/26 07:21:11 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc)
SRV - [2009/08/26 07:21:03 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2008/08/13 17:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2007/09/19 20:16:29 | 001,247,600 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2007/06/15 15:55:00 | 000,300,544 | ---- | M] (Nokia.) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2006/08/23 20:12:44 | 000,155,715 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2006/07/25 18:03:42 | 002,119,360 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate)
SRV - [2006/07/25 18:03:42 | 000,100,032 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2005/08/16 05:37:20 | 000,295,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\termsrv32.dll -- (TermService)
SRV - [2004/10/22 03:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/04/07 13:07:32 | 001,135,728 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS)
SRV - [2004/01/05 02:30:14 | 000,065,795 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\hpzipm12.exe -- (Pml Driver HPZ12)
SRV - [2003/07/28 13:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [1999/12/12 12:01:00 | 000,044,032 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\WINDOWS\system32\CTSVCCDA.EXE -- (Creative Service for CDROM Access)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirec...amp;gc=1&q=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3923066532-3476145575-110521125-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com/
IE - HKU\S-1-5-21-3923066532-3476145575-110521125-1007\S-1-5-21-3923066532-3476145575-110521125-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1



O1 HOSTS File: ([2008/05/11 11:52:15 | 000,000,734 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems)
O2 - BHO: (IEHlprObj Class) - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\Program Files\iWin Games\iWinGamesHookIE.dll (iWin Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {F0131487-39E4-4B68-B78A-034E545A8627} - C:\WINDOWS\System32\fccddecY.dll File not found
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems)
O3 - HKU\S-1-5-21-3923066532-3476145575-110521125-1007\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\S-1-5-21-3923066532-3476145575-110521125-1007\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [HP Component Manager] C:\Program Files\HP\hpcoretech\hpcmpmgr.exe File not found
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [ISUSPM Startup] c:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe (Nokia)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKU\.DEFAULT..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.)
O4 - HKU\S-1-5-18..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.)
O4 - HKU\S-1-5-21-3923066532-3476145575-110521125-1007..\Run: [DellSupport] C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\S-1-5-21-3923066532-3476145575-110521125-1007..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKU\S-1-5-21-3923066532-3476145575-110521125-1007..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (Macrovision Corporation)
O4 - HKU\S-1-5-21-3923066532-3476145575-110521125-1007..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKU\S-1-5-21-3923066532-3476145575-110521125-1007..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated)
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe (Research In Motion Limited)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3923066532-3476145575-110521125-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-3923066532-3476145575-110521125-1007\..Trusted Domains: pogo.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-3923066532-3476145575-110521125-1007\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} http://www.worldwinner.com/games/v47/scrab...rabblecubes.cab (ScrabbleCubes Control)
O16 - DPF: {038E2507-7A48-41E2-94AD-7F23D199AF4E} http://www.worldwinner.com/games/v54/zengems/zengems.cab (ZenGems Control)
O16 - DPF: {04063354-A10E-4427-A1EC-F3CC81587BC6} http://www.worldwinner.com/games/v41/mines/mines.cab (Mines Control)
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab (MSN Games – Matchmaking)
O16 - DPF: {0B195D55-0AB4-48C7-828F-34BE10BA4266} http://www.worldwinner.com/games/v53/dealo...ealornodeal.cab (DealOrNoDeal Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {18C3FD15-74F6-4280-9C98-3590C966B7B8} http://www.worldwinner.com/games/v47/skillgam/skillgam.cab (SkillGam Control)
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} http://www.worldwinner.com/games/v47/share...GamesLoader.cab (FunGamesLoader Object)
O16 - DPF: {1D082E71-DF20-4AAF-863B-596428C49874} http://www.worldwinner.com/games/v50/tpir/tpir.cab (TPIR Control)
O16 - DPF: {2C153C75-8476-434B-B3C3-57B63A3D1939} http://www.worldwinner.com/games/v48/brickout/brickout.cab (Brickout Control)
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} http://www.pogo.com/cdl/launcher/PogoWebLa...erInstaller.CAB (PogoWebLauncher Control)
O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} http://www.worldwinner.com/games/v50/pool/pool.cab (Pool Control)
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab (MSN Games – Buddy Invite)
O16 - DPF: {3D3DBC64-0D21-4EA4-94EE-86D6D9B31C0C} http://www.worldwinner.com/games/v45/moneylist/moneylist.cab (MoneyList Control)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www2.snapfish.com/SnapfishActivia.cab (Snapfish Activia)
O16 - DPF: {41D1977F-4161-4720-800F-EA4903983A38} http://www.worldwinner.com/games/v43/jigsaw/jigsaw.cab (Jigsaw Genius Control)
O16 - DPF: {42FDC231-A411-45F8-B8B6-3B5026111DA8} http://www.worldwinner.com/games/v47/solit...litairerush.cab (SolitaireRush Control)
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab (MSN Games – Game Chat)
O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} http://www.worldwinner.com/games/v63/bjattack/bja.cab (BJA Control)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase1140.cab (Windows Live Safety Center Base Module)
O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} http://www.worldwinner.com/games/v51/bejeweled/bejeweled.cab (Bejeweled Control)
O16 - DPF: {61900274-3323-4446-BDCD-91548D32AF1B} http://www.worldwinner.com/games/v56/spide...ersolitaire.cab (SpiderSolitaire Control)
O16 - DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} http://www.worldwinner.com/games/v49/blockwerx/blockwerx.cab (Blockwerx Control)
O16 - DPF: {64CD313F-F079-4D93-959F-4D28B5519449} http://www.worldwinner.com/games/v56/jeopardy/jeopardy.cab (Jeopardy Control)
O16 - DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} http://www.worldwinner.com/games/v41/freecell/freecell.cab (FreeCell Control)
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} https://www.taxsimple.org/tsweb/msrdp.cab (Microsoft RDP Client Control (redist))
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} http://zone.msn.com/bingame/amun/default/mjolauncher.cab (MJLauncherCtrl Class)
O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} http://zone.msn.com/bingame/zpagames/GAME_UNO1.cab60096.cab (UnoCtrl Class)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinner.com/games/shared/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FA2192F-B95D-40E3-898F-8D7ABB8E00D0} http://clubgames.pogo.com/online2/pogop/ma...mesLauncher.cab (SpinTop Games Launcher)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} http://www.worldwinner.com/games/v46/wordmojo/wordmojo.cab (WordMojo Control)
O16 - DPF: {95A311CD-EC8E-452A-BCEC-B844EB616D03} http://www.worldwinner.com/games/v51/bejew...eweledtwist.cab (BejeweledTwist Control)
O16 - DPF: {97438FE9-D361-4279-BA82-98CC0877A717} http://www.worldwinner.com/games/v57/cubis/cubis.cab (Cubis Control)
O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} http://www.worldwinner.com/games/v46/sol/sol.cab (Sol Control)
O16 - DPF: {A021A215-6CDC-44B4-8C16-90491CED9605} http://www.worldwinner.com/games/v68/clue/clue.cab (Clue Control)
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} http://www.worldwinner.com/games/v57/wof/wof.cab (WoF Control)
O16 - DPF: {A91FB93D-7561-4524-8484-5C27C8FA8D42} http://www.worldwinner.com/games/v50/luxor/luxor.cab (WwLuxor Control)
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} http://www.worldwinner.com/games/v67/swapit/swapit.cab (SwapIt Control)
O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} http://www.worldwinner.com/games/v41/hangman/hangman.cab (Hangman Control)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/...k.cab102118.cab (MSN Games - Installer)
O16 - DPF: {BA35B9B8-DE9E-47C9-AFA7-3C77E3DDFD39} http://www.worldwinner.com/games/v46/monopoly/monopoly.cab (Monopoly Control)
O16 - DPF: {BA94245D-2AA0-4953-9D9F-B0EE4CC02C43} http://www.worldwinner.com/games/v42/tilecity/tilecity.cab (Tilecity Control)
O16 - DPF: {BB637307-92FA-47EC-B3F7-6969078673CC} http://www.worldwinner.com/games/v45/royal/royal.cab (Royal Control)
O16 - DPF: {BCF9A64D-1440-4404-863C-F5DF2B99F798} http://zone.msn.com/bingame/zpagames/zpa_catan.cab55579.cab (MSN Games - Catan Online)
O16 - DPF: {C5326A4D-E9AA-40AD-A09A-E74304D86B47} http://www.worldwinner.com/games/v52/dinerdash/dinerdash.cab (DinerDash Control)
O16 - DPF: {C82BB209-F528-46F9-96D5-69DEF7260916} http://www.worldwinner.com/games/v45/mysterypi/mysterypi.cab (MysteryPI Control)
O16 - DPF: {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} http://www.worldwinner.com/games/v43/paint/paint.cab (Paint Control)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} http://www.worldwinner.com/games/v47/famil.../familyfeud.cab (FamilyFeud Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} http://download.games.yahoo.com/games/web_...outLauncher.cab (SproutLauncherCtrl Class)
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} http://zone.msn.com/bingame/cnma/default/ct.cab (TikGames Online Control)
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} http://zone.msn.com/binframework/v10/StProxy.cab55579.cab (MSN Games – Game Communicator)
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} http://zone.msn.com/bingame/dash/default/D...sh.1.0.0.94.cab (CPlayFirstDinerDashControl Object)
O16 - DPF: {E12EB891-D000-421B-A8ED-EDE1BDCA14A0} http://www.worldwinner.com/games/v44/golfsol/golfsol.cab (GolfSol Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} http://www.worldwinner.com/games/v47/wwspades/wwspades.cab (WWSpades Control)
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} http://zone.msn.com/bingame/zpagames/ZPA_B...on.cab64162.cab (MSN Games – Backgammon)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.66.208.2 208.66.208.3
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\Lisa\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Lisa\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 05:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2005/08/16 05:22:48 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpReg: ISUSPM - hkey= - key= - C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (Macrovision Corporation)
MsConfig - StartUpReg: ISUSScheduler - hkey= - key= - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
MsConfig - StartUpReg: nwiz - hkey= - key= - File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {1BC46932-21B2-4130-86E0-B4EB4F7A7A7B} - Microsoft .NET Framework 1.0 Hotfix (KB887998)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.3
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.3
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {407408d4-94ed-4d86-ab69-a7f649d112ee} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {BDE0FA43-6952-4BA8-8C58-09AF690F88E1} - Microsoft .NET Framework 1.0 Hotfix (KB930494)
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E8EA5BD6-D931-4001-ABF6-81BAA500360A} - Microsoft .NET Framework 1.0 Hotfix (KB953295)
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EA29D410-CE41-4953-A862-2DE706A1DAD7} - Microsoft .NET Framework 1.0 Service Pack 3
ActiveX: {FDC11A6F-17D1-48f9-9EA3-9051954BAA24} - .NET Framework
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: KB910393 - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\EasyCDBlock.inf,PerUserInstall

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.LEAD - LCODCCMP.DLL File not found
Drivers32: wave - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16891891626803200)

========== Files/Folders - Created Within 14 Days ==========

[2010/02/23 22:20:05 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Lisa\Desktop\OTL.exe
[2010/02/22 21:20:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lisa\Desktop\RootRepeal
[2010/02/20 13:33:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lisa\Desktop\gmer
[2010/02/19 08:32:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lisa\Application Data\Quirky Games
[2010/02/13 20:55:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2010/02/12 18:52:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/02/12 17:38:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Research In Motion
[2010/02/12 17:38:22 | 000,000,000 | ---D | C] -- C:\Program Files\Research In Motion
[2010/02/12 15:54:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Roxio
[2008/05/11 16:31:36 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2008/05/11 16:31:36 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2008/05/11 16:31:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2008/05/11 16:31:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/02/24 06:29:57 | 000,000,256 | ---- | M] () -- C:\WINDOWS\System32\pool.bin
[2010/02/24 06:29:20 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/24 06:28:14 | 000,081,191 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/02/24 06:27:46 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/24 06:27:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/24 06:27:34 | 1005,047,808 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/23 22:20:07 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lisa\Desktop\OTL.exe
[2010/02/23 22:11:37 | 056,148,788 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/02/23 12:18:42 | 004,194,304 | -H-- | M] () -- C:\Documents and Settings\Lisa\NTUSER.DAT
[2010/02/23 12:18:09 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Lisa\ntuser.ini
[2010/02/22 21:25:51 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Lisa\Desktop\settings.dat
[2010/02/22 21:25:01 | 000,464,491 | ---- | M] () -- C:\Documents and Settings\Lisa\Desktop\RootRepeal.zip
[2010/02/21 12:55:27 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/02/20 13:33:01 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Lisa\Desktop\gmer.zip
[2010/02/20 13:26:29 | 000,524,288 | ---- | M] () -- C:\Documents and Settings\Lisa\Desktop\dds.scr
[2010/02/20 13:22:57 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Lisa\defogger_reenable
[2010/02/15 15:41:05 | 001,583,464 | -H-- | M] () -- C:\Documents and Settings\Lisa\Local Settings\Application Data\IconCache.db
[2010/02/13 20:55:40 | 000,000,901 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\BlackBerry Media Sync.lnk
[2010/02/12 19:25:20 | 000,000,973 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/02/12 19:25:20 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/02/12 19:25:20 | 000,000,209 | RHS- | M] () -- C:\boot.ini
[2010/02/12 18:04:59 | 000,001,741 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Desktop Manager.lnk
[2010/02/12 18:04:59 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Desktop Manager.lnk
[2010/02/12 17:16:55 | 000,273,376 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/02/11 05:07:21 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/24 06:27:34 | 1005,047,808 | -HS- | C] () -- C:\hiberfil.sys
[2010/02/22 21:27:47 | 000,464,491 | ---- | C] () -- C:\Documents and Settings\Lisa\Desktop\RootRepeal.zip
[2010/02/22 21:25:51 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Lisa\Desktop\settings.dat
[2010/02/20 13:32:58 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Lisa\Desktop\gmer.zip
[2010/02/20 13:26:26 | 000,524,288 | ---- | C] () -- C:\Documents and Settings\Lisa\Desktop\dds.scr
[2010/02/20 13:22:57 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Lisa\defogger_reenable
[2010/02/13 20:55:40 | 000,000,901 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\BlackBerry Media Sync.lnk
[2010/02/12 18:04:59 | 000,001,741 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Desktop Manager.lnk
[2010/02/12 18:04:59 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Desktop Manager.lnk
[2009/10/16 05:23:58 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/09/24 08:30:23 | 000,000,014 | ---- | C] () -- C:\Documents and Settings\Lisa\Application Data\iniasd.txt
[2009/02/03 19:20:58 | 000,000,051 | ---- | C] () -- C:\WINDOWS\iTouch.ini
[2008/05/12 06:16:57 | 000,083,008 | ---- | C] () -- C:\WINDOWS\System32\iehcptca.dll
[2008/05/12 05:55:37 | 000,083,008 | ---- | C] () -- C:\WINDOWS\System32\bmfyfdva.dll
[2008/05/11 17:48:30 | 000,083,024 | ---- | C] () -- C:\WINDOWS\System32\unxqmyjm.dll
[2008/05/11 13:23:34 | 001,505,241 | -HS- | C] () -- C:\WINDOWS\System32\mnsnpyoi.ini
[2008/05/11 12:04:42 | 001,035,950 | -HS- | C] () -- C:\WINDOWS\System32\SttAyyay.ini2
[2008/05/11 12:04:42 | 001,035,950 | -HS- | C] () -- C:\WINDOWS\System32\SttAyyay.ini
[2008/05/11 10:08:46 | 001,506,133 | -HS- | C] () -- C:\WINDOWS\System32\fxonsaeb.ini
[2008/05/11 09:20:45 | 001,505,643 | -HS- | C] () -- C:\WINDOWS\System32\tcxmojdw.ini
[2008/05/11 08:58:08 | 001,505,523 | -HS- | C] () -- C:\WINDOWS\System32\bydkqjmq.ini
[2008/05/11 07:03:43 | 001,041,612 | -HS- | C] () -- C:\WINDOWS\System32\Yceddccf.ini2
[2008/05/11 07:03:43 | 001,041,612 | -HS- | C] () -- C:\WINDOWS\System32\Yceddccf.ini
[2008/05/10 17:01:55 | 000,006,591 | -HS- | C] () -- C:\WINDOWS\System32\ppqAbccf.ini2
[2008/05/10 17:01:55 | 000,006,591 | -HS- | C] () -- C:\WINDOWS\System32\ppqAbccf.ini
[2008/05/10 15:51:02 | 000,000,545 | -HS- | C] () -- C:\WINDOWS\System32\lSstCcfe.ini2
[2008/05/10 15:51:02 | 000,000,545 | -HS- | C] () -- C:\WINDOWS\System32\lSstCcfe.ini
[2008/05/10 10:08:26 | 000,006,641 | -HS- | C] () -- C:\WINDOWS\System32\sBbISrqr.ini2
[2008/05/10 10:08:26 | 000,006,641 | -HS- | C] () -- C:\WINDOWS\System32\sBbISrqr.ini
[2008/05/06 05:52:39 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Lisa\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/03/25 06:54:47 | 000,000,000 | ---- | C] () -- C:\Program Files\temp01
[2008/02/09 17:24:09 | 000,013,467 | ---- | C] () -- C:\Documents and Settings\Lisa\Application Data\NMM-MetaData.db
[2007/05/09 11:44:30 | 000,001,552 | ---- | C] () -- C:\Documents and Settings\Lisa\Application Data\wklnhst.dat
[2007/04/15 08:38:49 | 000,002,516 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2007/04/15 08:38:49 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\92F4BEDB8D.sys
[2007/03/29 22:00:40 | 000,203,264 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[2007/01/28 15:42:04 | 000,000,774 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2006/12/25 13:44:23 | 000,000,047 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/12/16 17:03:09 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Lisa\Local Settings\Application Data\fusioncache.dat
[2006/12/10 00:38:13 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/12/10 00:31:36 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/12/10 00:27:24 | 000,000,541 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/12/09 23:57:16 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/12/09 23:57:16 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/12/09 23:57:16 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/12/09 23:57:16 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/12/09 23:57:16 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/12/09 23:57:16 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/12/09 23:57:14 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/12/09 23:57:02 | 000,000,394 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/10 09:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/16 05:37:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/05 15:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/01/05 02:30:18 | 000,565,248 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2008/03/11 07:16:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\3 Blokes Studios
[2008/03/30 07:59:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Astar Games
[2009/02/04 12:22:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2009/11/05 08:36:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\blg
[2009/06/06 06:21:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\cupcakecafe
[2009/08/04 03:17:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Escape From Paradise
[2009/04/27 07:26:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy-PizzaParty
[2009/02/12 07:56:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy2
[2009/09/17 12:33:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy3
[2010/01/14 13:28:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy3_America
[2008/06/30 06:41:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreshGames
[2009/02/17 08:36:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fugazo
[2007/05/11 11:17:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FunGames
[2009/06/24 11:01:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse
[2008/04/11 14:00:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Go Go Gourmet
[2009/07/30 02:05:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GoBit Games
[2007/11/24 08:52:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gogii
[2009/06/12 08:27:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gogii Games
[2009/09/19 06:34:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HipSoft
[2009/01/01 08:29:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hot Lava Games
[2009/05/11 07:34:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2009/11/24 09:01:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Islands
[2009/08/09 05:45:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin
[2008/12/31 09:48:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Iwin Ashtons Family Resort
[2009/02/04 05:19:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin Games
[2007/05/01 07:44:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JollyBear
[2010/01/01 06:52:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kristanix Games
[2007/09/17 11:11:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Leapfrog
[2009/07/19 07:40:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lifetime
[2008/06/25 06:51:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ludia
[2009/06/02 09:46:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Mean Hamster
[2007/11/24 13:32:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2007/04/04 08:49:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9
[2008/12/05 08:42:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NevoSoft Games
[2009/05/11 07:39:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia
[2008/09/17 07:35:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oberon Games
[2007/09/06 11:08:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2009/09/16 07:30:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2007/09/22 13:59:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2008/12/11 11:17:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Questtracers
[2010/02/13 20:55:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2009/12/09 08:35:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\rionix
[2007/05/04 05:20:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2009/10/21 05:06:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2007/11/23 14:33:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpinTop Games
[2009/02/10 09:41:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SugarGames
[2009/10/21 11:14:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SuperRanch
[2008/01/31 16:24:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2010/02/19 08:30:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/01/25 09:39:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TheRace_dev
[2010/01/11 11:00:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UClick
[2008/01/12 11:04:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Valusoft
[2007/05/23 18:15:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/11/23 17:01:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VirtualFarm
[2009/08/14 12:59:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildWestQuest2
[2009/09/29 07:28:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\XLab
[2008/05/12 06:21:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YAHOO
[2007/08/28 12:24:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2009/02/11 13:03:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dominic\Application Data\Azureus
[2007/01/20 19:25:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dominic\Application Data\Leadertech
[2008/04/16 20:15:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dominic\Application Data\LimeWire
[2007/10/27 11:07:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dominic\Application Data\Nokia
[2008/07/29 21:41:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dominic\Application Data\Nokia Multimedia Player
[2008/05/09 22:23:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dominic\Application Data\PC Suite
[2008/09/19 15:08:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dominic\Application Data\PlayFirst
[2010/01/31 20:00:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dominic\Application Data\Research In Motion
[2008/08/25 15:29:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dominic\Application Data\Skinux
[2007/09/06 13:26:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dominic\Application Data\Template
[2007/07/08 13:59:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dominic\Application Data\Viewpoint
[2007/05/29 05:31:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josahua\Application Data\Leadertech
[2008/11/03 12:41:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josahua\Application Data\Nokia
[2008/01/04 14:53:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josahua\Application Data\Nokia Multimedia Player
[2007/11/26 15:18:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josahua\Application Data\PC Suite
[2009/03/25 13:34:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josahua\Application Data\PlayFirst
[2010/02/13 20:55:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josahua\Application Data\Research In Motion
[2008/01/20 18:45:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josahua\Application Data\SecondLife
[2008/08/25 11:09:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josahua\Application Data\Skinux
[2008/10/08 12:09:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josahua\Application Data\Viewpoint
[2009/11/02 12:26:49 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Lisa\Application Data\.#
[2007/11/22 07:28:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\Abra Academy2
[2008/07/19 07:52:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\Alawar
[2008/10/13 07:30:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\AlterLab
[2008/07/22 05:45:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\Amaranth Games
[2008/09/05 07:22:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\BeachPartyCraze
[2009/04/25 11:40:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\Big Fish Games
[2009/12/31 13:58:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\BlamGames
[2009/11/05 08:36:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\blg
[2009/09/15 13:37:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\Boolat Games
[2009/02/10 08:40:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\Boomzap
[2009/07/26 17:51:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\Camel101
[2009/06/14 06:35:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\Cat's Eye Games
[2007/02/13 08:16:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\Chicken Chase
[2009/03/07 13:04:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\EleFun Games
[2009/05/31 06:50:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\Enchanted Katya
[2008/08/24 07:14:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\FarmerJane
[2008/11/07 11:14:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\FirstColony
[2009/07/16 05:55:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\Friday's games
[2009/03/12 12:17:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\funkitron
[2009/07/10 06:07:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\Gaijin Ent
[2008/07/30 06:53:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\GameHouse
[2008/12/04 08:26:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\GameInvest
[2008/11/12 08:28:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\Gamelab
[2009/11/04 11:26:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\GamesCafe
[2008/08/27 08:12:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\Go-Go Gourmet Chef of the Year
[2009/06/12 08:27:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\Gogii Games
[2009/06/12 07:36:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\GOL_byHasbro
[2007/12/16 11:34:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\Home Sweet Home
[2009/06/01 07:54:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\HuruBeachParty
[2008/05/28 07:13:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\ITTNord
[2009/08/09 05:45:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\iWin
[2009/07/10 03:53:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\Iwin Ashtons Family Resort
[2009/07/18 05:57:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\Iwin JanesZOO
[2007/12/19 08:59:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\iWinArcade
[2008/08/31 06:26:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\iWin_DressUpRush
[2009/02/19 06:50:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\iWin_JanesRealty
[2008/08/23 05:02:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\IWin_Janes_Realty
[2007/09/25 09:29:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\Jane s Hotel
[2009/07/31 06:17:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\Jane s Hotel Family Hero
[2009/08/14 06:08:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\Jetsetter
[2006/12/16 17:25:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\Leadertech
[2008/06/25 06:51:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\Ludia
[2007/03/21 08:09:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\Magic Academy
[2008/02/17 06:33:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\Magic Seeds
[2009/06/02 09:46:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\Mean Hamster
[2009/07/20 07:12:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\Meridian93
[2007/07/18 06:00:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\My Games
[2008/11/25 07:47:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\MysteryStudio
[2008/05/08 08:03:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\Nokia
[2008/02/11 17:52:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\Nokia Multimedia Player
[2008/09/17 07:35:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\Oberon Games
[2007/05/31 09:26:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\Ohana Games
[2007/09/06 13:38:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\PC Suite
[2009/07/26 06:38:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\Peace Craft
[2008/10/24 07:29:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\PetShowCraze
[2010/01/15 06:44:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\Pi Eye Games
[2009/08/14 07:19:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\Pirateville
[2009/10/21 07:27:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\PlayFirst
[2009/02/09 16:38:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\Playrix Entertainment
[2008/11/29 07:59:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\Pogo Games
[2009/12/25 09:18:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\Purple Patch Games
[2010/02/19 08:32:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\Quirky Games
[2010/01/15 17:36:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\Research In Motion
[2009/01/25 07:45:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\Restorer
[2009/11/29 05:36:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\RobinsonCrusoeIW
[2007/06/20 09:24:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\Sandlot Games
[2008/01/01 08:45:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\SecondLife
[2009/06/04 05:25:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\Shape games
[2008/08/25 05:58:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\Skinux
[2008/04/11 13:11:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\Snapfish
[2008/03/11 17:08:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\SprillBermudeEng
[2009/09/29 07:45:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\Sudden Games LLC
[2009/01/09 08:34:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\SulusGames
[2007/12/03 10:38:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\Teggo
[2007/05/09 11:44:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\Template
[2010/01/15 05:55:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\TheFixerUpper
[2010/01/10 12:54:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\Twintale Entertainment
[2010/01/11 11:00:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\UClick
[2008/01/12 11:04:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\Valusoft
[2007/05/23 18:15:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\Viewpoint
[2008/07/01 04:26:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\ViquaSoft
[2009/12/08 09:27:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\YoudaGames
[2007/01/19 08:59:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Myranda\Application Data\Leadertech
[2007/09/06 16:37:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Myranda\Application Data\PC Suite
[2008/08/02 21:23:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Myranda\Application Data\PlayFirst
[2010/01/16 00:56:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Myranda\Application Data\Research In Motion
[2008/08/25 18:54:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Myranda\Application Data\Skinux
[2010/02/08 06:34:10 | 000,000,434 | ---- | M] () -- C:\WINDOWS\Tasks\EasyShare Registration Task.job

========== Purity Check ==========



========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[2008/04/13 19:11:51 | 001,267,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\comsvcs.dll
[2009/03/08 03:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009/03/08 03:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[6 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/10 06:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys
[2004/08/10 06:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/11/09 08:12:31 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/11/09 08:12:31 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\i386\AGP440.SYS
[2004/08/04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/10 06:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2004/08/10 06:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/11/09 08:12:31 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/11/09 08:12:31 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\i386\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/10 06:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\i386\eventlog.dll
[2004/08/10 06:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/10 06:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\i386\netlogon.dll
[2004/08/10 06:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: NVATABUS.SYS >
[2006/08/05 15:00:40 | 000,105,344 | ---- | M] (NVIDIA Corporation) MD5=75562456AA672BB5FE56D3C64C6D1C7D -- C:\drivers\storage\r133282\nvatabus.sys
[2006/08/05 15:00:40 | 000,105,344 | ---- | M] (NVIDIA Corporation) MD5=75562456AA672BB5FE56D3C64C6D1C7D -- C:\i386\nvatabus.sys
[2006/08/05 15:00:40 | 000,105,344 | ---- | M] (NVIDIA Corporation) MD5=75562456AA672BB5FE56D3C64C6D1C7D -- C:\WINDOWS\system32\drivers\nvatabus.sys

< MD5 for: SCECLI.DLL >
[2004/08/10 06:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\i386\scecli.dll
[2004/08/10 06:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DE77CFA8
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7377F1F0
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:47417312
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:30261F39
@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5D2A2F0A
@Alternate Data Stream - 97 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C3B5FCD5
@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AA004D25
@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:98AE08EA
@Alternate Data Stream - 221 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FF9C44FE
@Alternate Data Stream - 218 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1B9E79B3
@Alternate Data Stream - 217 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D31BE97C
@Alternate Data Stream - 211 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0FEE2B
@Alternate Data Stream - 211 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:80B291A7
@Alternate Data Stream - 210 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:453190EC
@Alternate Data Stream - 207 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D2A5A561
@Alternate Data Stream - 200 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:70E897B5
@Alternate Data Stream - 197 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:260575F1
@Alternate Data Stream - 195 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BE7C4A02
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E031F3E0
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D667795F
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:75C2528D
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:71D079CF
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2974B0EE
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AA341DB1
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A636021B
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:81F54BD5
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:72739815
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EB79041A
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AF2F4B57
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0FEBD921
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9CAC5FE6
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8CD95DE0
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C5DF7C58
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9F222B60
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D8F9D810
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7198E1D2
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:16EC8A23
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EBB0F1B8
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C04C48D4
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:80D975A5
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:600AE553
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CA3AE363
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C901CAC2
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B0CCE303
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7318DDBB
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:891DBAFE
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:03460648
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FDFD169D
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C76BA037
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B9B2111D
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4001342B
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:15E80018
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9B7E8561
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3DBE30A1
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5EB551C8
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E21D3CA0
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B8AA1353
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:980E793B
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:588B60C7
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D3EC24B3
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C8E29393
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:38D7EDFD
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1A15C0AF
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C3CB23B4
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9D6A0800
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:698B483C
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5313B881
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4BD41AB7
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:31F2397C
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:257AC7F8
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1F0F3115
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1AC0C8F5
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:175A5CD9
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:09B77012
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C058FCE5
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:95C6C67C
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6DA18708
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:64D6413B
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07A0D262
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FFBCBDB7
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F6C4647E
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8BCF4DE2
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8643C5BE
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:15769D8A
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E7B6FAF9
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D30E46DD
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B0FAC520
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A65DC98A
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7E22C00F
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2AB14A6F
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2A2493EF
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:294A5F28
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:28616E30
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:03C75FD1
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1713795
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D09AEE3D
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8B51CAAE
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:737EACFF
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6E1F359F
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5635DE41
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:53384F1D
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:51EFAA18
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:434C6E35
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:353FE71F
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:353B2FF9
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:331DC9FF
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:12796943
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D8669B93
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CE3C36B2
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B6DD2C7E
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:831F2C78
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:78B923B2
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6A4D7243
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:65756BF8
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:25BA2318
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1841A803
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B3EC7D1
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AED4FFF5
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:949483BD
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:887EAE14
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:77CF9481
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5FC8527A
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4FBA7D5F
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4E2EA264
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4C49306C
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:22C51F97
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0EECBA6F
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E0290D16
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DC2110AD
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CE480C3E
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:87638BB9
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7B403ABD
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:554C6431
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2AF596C6
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D8DB81DC
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D5DFA607
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AC9D1415
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:99B66030
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8AC21D46
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8543BABC
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7CC608E0
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4F636E25
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:43E95997
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:09D6487A
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05E95A33
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B203B914
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A1CD17F9
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C8FE79B
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5854B349
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4E6B8D68
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4A463A25
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:42F46912
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:13E7A9FC
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0F55D468
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F7A93447
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F43B7E8F
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E46A89F4
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C7B98566
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BF1E33F2
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BDCD8531
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9F2B366E
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:99963C1E
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7867C00C
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:530B6B9E
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:385BC52C
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:24641E0D
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E80EB80C
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B243260B
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AA60673F
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8CCDAB14
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:89C2A42C
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7807E31A
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:081F773D
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FF333535
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F4F720BA
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E11ABA64
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ADE16379
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A6346EE9
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9485E512
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8DD623B3
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7B212553
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:18897B1D
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FFA87584
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EA701346
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E27E39D4
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:925FD91A
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7B8643BF
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:748520A2
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:63DBE157
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:56C17A93
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4CF61E54
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FEEEFFAD
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ADD788AD
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8CF19C1B
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:340E7CCA
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FE53E4F7
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EB3AF287
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BBE07C18
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AEC895D8
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8EEDCEA2
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:706B1B92
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:649ABDC5
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1B565D04
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D3306355
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6F54246A
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E0C8C69E
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7F835A58
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6BF0805F
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5BB2BD38
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:54272E15
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:38FFC456
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:376AEA88
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CE87230
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C90C4DBA
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:33AFD01D
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0A6D6CB4
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CDCE26D3
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:93CEB973
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:81653DC8
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:567FC9C2
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E868CDC2
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E1982A23
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9E3E060F
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:59D05D9A
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CE6885F1
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6520B0F3
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A1693604
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AA37E770
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:957E9765
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3E06C78F
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D7DA89B1
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1195DB2
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9AB56A06
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:94F67F32
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:451F9341
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:439E3411
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4072646B
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3857ABB7
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0860D6D6
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:89C6F032
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6BD304B9
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:68F81F4B
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:44688298
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9EF92A1A
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:69FD6BF0
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:429EC15A
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:33611CFB
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:592D7272
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:538B96B5
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DA50D64F
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D630D1F5
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:34B7238D
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:32BD974D
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:241FA548
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EF71CAB5
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:877DEA57
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:75E82066
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E412AAF2
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BCFEBC21
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3EA10C5C
< End of report >


OTL Extras logfile created on: 2/24/2010 6:43:23 AM - Run 1
OTL by OldTimer - Version 3.1.30.1 Folder = C:\Documents and Settings\Lisa\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.00 Mb Total Physical Memory | 342.00 Mb Available Physical Memory | 36.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.33 Gb Total Space | 101.89 Gb Free Space | 70.59% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DIRTMCGIRT
Current User Name: Lisa
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
"2479:TCP" = 2479:TCP:*:Enabled:Services
"3246:TCP" = 3246:TCP:*:Enabled:Services
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
"80:TCP" = 80:TCP:*:Enabled:Services

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
"2479:TCP" = 2479:TCP:*:Enabled:Services
"3246:TCP" = 3246:TCP:*:Enabled:Services
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (America Online, Inc)
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- (America Online, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (America Online, Inc)
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- (Eastman Kodak Company)
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe:*:Enabled:backWeb-8876480 -- File not found
"C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe" = C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater -- (Nokia Corporation)
"C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe" = C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process -- (Nokia Corporation)
"C:\WINDOWS\system32\java.exe" = C:\WINDOWS\system32\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\iWin Games\iWinGames.exe" = C:\Program Files\iWin Games\iWinGames.exe:*:Enabled:iWin Games application. -- (iWin Inc.)
"C:\Program Files\iWin Games\WebUpdater.exe" = C:\Program Files\iWin Games\WebUpdater.exe:*:Enabled:iWin Games updater. -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03EDED24-8375-407D-A721-4643D9768BE1}" = kgchlwn
"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC
"{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}" = Symantec KB-DocID:2003093015493306
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{0FABD3D7-3036-4e78-B29D-58957ADB0A12}" = HP PSC & OfficeJet 3.5
"{11964613-805F-432D-A12B-169554B793E7}" = Nokia Connectivity Cable Driver
"{11F3F858-4131-4FFA-A560-3FE282933B6E}" = kgchday
"{133CD5EF-A4A1-442a-8D50-910B5DEF76BD}" = 4200_Help
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{1F7473D9-6C0B-4F5A-8FA4-AB8AD78CBE54}" = DocProc
"{24C8FBF7-26C6-48ca-834B-A4E5C09E362F}" = AiO_Scan
"{257EC58E-03FD-472B-A9B6-93F23A3C4CB0}" = Scan
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 17
"{29B50D30-EAFC-4cea-9F76-3A0E3729E9B0}" = SkinsHP1
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}" = Creative MediaSource
"{300D9EF4-2721-4cb4-A6C3-FB2337CFEA2D}" = AIOMinimal
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{34611BCF-3157-405b-A34E-879C7DC79142}" = 4200
"{34957B51-9676-41CE-9E52-44AE91B73F1C}" = HP Software Update
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{40A594D0-1490-4979-9382-D2B764F949C6}" = BlackBerry® Media Sync
"{415B8A4E-0EA2-4C69-975C-EEE07B837FD7}" = Unload
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}" = Dell CinePlayer
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{48242276-DB89-42e8-9678-BD4280D7B99A}" = Copy
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{57C7C46A-D35D-492d-A328-4F8C9B5B4B52}" = PrintScreen
"{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}" = fflink
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{63F2408D-A675-4d97-A256-70EACB6B9B4A}" = AiOSoftware
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{68A2A8FC-2CA0-4b6c-BE09-CC7ABE2A8DDC}" = 4200Trb
"{693C08A7-9E76-43FF-B11E-9A58175474C4}" = kgckids
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{7169FA93-66C2-43BD-86E0-CD332A686B29}" = Nokia Software Updater
"{723C033E-63EA-4227-BAB2-0AA8693C16EB}" = Director
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{745A92AF-53B4-41A7-91C3-9B026B1D5897}" = InstantShare
"{7A3F0566-5E05-4919-9C98-456F6B5CF831}" = Get High Speed Internet!
"{7ADE3A47-B425-45E9-8FF6-11BE2B775645}" = Corel Snapfire Plus
"{81DD5688-695A-4c1d-AE7D-368BF857725A}" = TrayApp
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A8664E1-84C8-4936-891C-BC1F07797549}" = kgcvday
"{8BBF6DFD-0AD9-43A7-9FBD-BF065E3866AF}" = URGE
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{91CA0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Small Business Edition 2003
"{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}" = QuickTime
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{99A40651-0BC2-4095-8F9A-A40FAB224FEF}" = PC Connectivity Solution
"{9A0DCD97-9648-45ed-A52C-133C728AB2FF}" = 4200Tour
"{9B03C535-3AEA-4ef2-B326-0A01A2207034}" = CreativeProjects
"{9BD54685-1496-46A5-AB62-357CD140ED8B}" = kgcinvt
"{A1588373-1D86-4D44-86C9-78ABD190F9CC}" = kgcmove
"{A2500497-FD32-493e-B8E5-28D6728DBEF5}" = Readme
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}" = Nokia PC Suite
"{AC1A0C88-45DF-1284-734A-6FDD0D96C79F}" = MyFonts Order M942074
"{AC76BA86-7AD7-1033-7B44-A70900000002}" = Adobe Reader 7.0.9
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{AF226123-1A6F-4ec1-8DEF-E35E7A0D0127}" = Fax
"{B0DF58A2-40DF-4465-AA56-38623EC9938C}" = Documentation & Support Launcher
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B6884A07-0305-47AE-9969-8F26FADC17DE}" = Games, Music, & Photos Launcher
"{BC339BFD-F550-471a-8D26-4D08126C62F7}" = SkinsHP2
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C252EB7B-7AE0-46DE-9BEE-DF681B885F13}" = Modem Diagnostic Tool
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBE3E0AF-73BB-4c21-8B96-B09E003EDE7F}" = QuickProjects
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEE2252C-4035-4B27-8EC6-0B085DD3A413}" = Dell Support 3.2.1
"{D186329B-1B4D-408D-ABEC-EA5CE1F182C9}" = Overland
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{E18B549C-5D15-45DA-8D8F-8FD2BD946344}" = kgcbaby
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E42BD75A-FC23-4E3F-9F91-2658334C644F}" = Internet Service Offers Launcher
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}" = tooltips
"{E8BFBD0A-8002-4dc9-869C-E495FA9DCE7A}" = PhotoGallery
"{EE59E3BD-6B7D-4BBB-B9CD-20EA7AEF1E10}" = BlackBerry Desktop Software 5.0
"{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}" = kgcbase
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FB64BF25-3593-4E4E-AA85-84AEF1D1475F}" = Broadcom Management Programs
"{FBBF532A-47AC-457d-AC06-0D3163D8911E}" = WebReg
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"0C5EDC3653FED5B121F464339EAC12534D253B25" = Windows Driver Package - Nokia Modem (02/15/2007 3.1)
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"360Share Pro" = 360Share Pro(remove only)
"4077F884D1BB007055BDB83B621D87220A73F30F" = Windows Driver Package - Nokia (WUDFRd) WPD (06/01/2007 6.84.33.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AI RoboForm" = AI RoboForm (All Users)
"Amazing Heists: Dillinger" = Amazing Heists: Dillinger (remove only)
"America Online us" = America Online (Choose which version to remove)
"amg-cakemaniatm3" = Cake Mania™ 3
"amg-deliciousemilystasteoffame" = Delicious - Emily's Taste of Fame
"amg-deliciousemilysteagarden" = Delicious - Emily's Tea Garden
"amg-farmfrenzypizzaparty" = Farm Frenzy - Pizza Party!
"amg-operationmania" = Operation Mania
"amg-planttycoon" = Plant Tycoon
"amg-poshboutique" = Posh Boutique
"amg-tikibar" = TikiBar
"AOL Connectivity Services" = AOL Connectivity Services
"AVG8Uninstall" = AVG Free 8.5
"B726756F5B5A5AA9D798B399386FC6205A45F19E" = Windows Driver Package - Nokia Modem (02/15/2007 3.1)
"BFGC" = Big Fish Games: Game Manager
"BFG-Diner Dash: Hometown Hero" = Diner Dash: Hometown Hero (remove only)
"BFG-Farm Frenzy 3" = Farm Frenzy 3
"BFG-Virtual Families" = Virtual Families
"BlackBerry_{EE59E3BD-6B7D-4BBB-B9CD-20EA7AEF1E10}" = BlackBerry Desktop Software 5.0
"CD8424B9400BFF7D34AA18F816C71322AC4BDAA7" = Windows Driver Package - Nokia Modem (05/24/2007 6.84.0.1)
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"Cooking Dash" = Cooking Dash (remove only)
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"Dell Game Console" = Dell Game Console
"Diner Dash 2 Restaurant Rescue" = Diner Dash 2 Restaurant Rescue (remove only)
"EmeraldQFE2" = Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
"Farm Frenzy 2" = Farm Frenzy 2 (remove only)
"Fish Tycoon" = Fish Tycoon
"GameHouse" = GameHouse
"HP Photo & Imaging" = HP Image Zone 3.5
"ie8" = Windows Internet Explorer 8
"iWinArcade" = iWin Games (remove only)
"LiveUpdate" = LiveUpdate 3.0 (Symantec Corporation)
"Lost Fortunes" = Lost Fortunes (remove only)
"Lottso Deluxe" = Lottso Deluxe (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"MuVo Driver" = Creative Mass Storage Drivers
"Nokia PC Suite" = Nokia PC Suite
"NVIDIA Drivers" = NVIDIA Drivers
"PokerStars" = PokerStars
"RealPlayer 6.0" = RealPlayer Basic
"Sally's Spa" = Sally's Spa
"Sandlot Games Client Services_is1" = Sandlot Games Client Services
"SysInfo" = Creative System Information
"ViewpointMediaPlayer" = Viewpoint Media Player
"Virtual Villagers The Secret City" = Virtual Villagers The Secret City
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WIC" = Windows Imaging Component
"WildTangent CDA" = WildTangent Web Driver
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"Winemaker Extraordinaire" = Winemaker Extraordinaire (remove only)
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01005" = Microsoft User-Mode Driver Framework Feature Pack 1.5

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/22/2010 10:09:13 PM | Computer Name = DIRTMCGIRT | Source = MsiInstaller | ID = 11706
Description = Product: Sonic Activation Module -- Error 1706. An installation package
for the product Sonic Activation Module cannot be found. Try the installation again
using a valid copy of the installation package 'Activate.MSI'.

Error - 2/22/2010 10:09:25 PM | Computer Name = DIRTMCGIRT | Source = Application Hang | ID = 1002
Description = Hanging application DesktopMgr.exe, version 5.0.0.11, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2/22/2010 11:41:45 PM | Computer Name = DIRTMCGIRT | Source = Application Hang | ID = 1002
Description = Hanging application DesktopMgr.exe, version 5.0.0.11, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2/23/2010 12:01:51 AM | Computer Name = DIRTMCGIRT | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2/23/2010 7:46:47 AM | Computer Name = DIRTMCGIRT | Source = MsiInstaller | ID = 11706
Description = Product: Sonic Activation Module -- Error 1706. An installation package
for the product Sonic Activation Module cannot be found. Try the installation again
using a valid copy of the installation package 'Activate.MSI'.

Error - 2/23/2010 12:49:45 PM | Computer Name = DIRTMCGIRT | Source = MsiInstaller | ID = 11706
Description = Product: Sonic Activation Module -- Error 1706. An installation package
for the product Sonic Activation Module cannot be found. Try the installation again
using a valid copy of the installation package 'Activate.MSI'.

Error - 2/23/2010 12:50:35 PM | Computer Name = DIRTMCGIRT | Source = MsiInstaller | ID = 11706
Description = Product: Sonic Activation Module -- Error 1706. An installation package
for the product Sonic Activation Module cannot be found. Try the installation again
using a valid copy of the installation package 'Activate.MSI'.

Error - 2/23/2010 11:08:26 PM | Computer Name = DIRTMCGIRT | Source = Application Hang | ID = 1002
Description = Hanging application ISUSPM.exe, version 6.0.100.65103, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2/23/2010 11:08:39 PM | Computer Name = DIRTMCGIRT | Source = MsiInstaller | ID = 11706
Description = Product: Sonic Activation Module -- Error 1706. An installation package
for the product Sonic Activation Module cannot be found. Try the installation again
using a valid copy of the installation package 'Activate.MSI'.

Error - 2/23/2010 11:08:58 PM | Computer Name = DIRTMCGIRT | Source = Application Hang | ID = 1002
Description = Hanging application DesktopMgr.exe, version 5.0.0.11, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 2/22/2010 10:40:06 PM | Computer Name = DIRTMCGIRT | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 2/22/2010 10:40:06 PM | Computer Name = DIRTMCGIRT | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD AmdK8 AvgLdx86 AvgMfx86 AvgTdiX eeCtrl Fips IPSec MRxSmb NetBIOS NetBT nvatabus nvraid RasAcd
Rdbss
Tcpip

Error - 2/22/2010 11:36:07 PM | Computer Name = DIRTMCGIRT | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 2/22/2010 11:38:14 PM | Computer Name = DIRTMCGIRT | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 2/22/2010 11:38:22 PM | Computer Name = DIRTMCGIRT | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 2/22/2010 11:41:11 PM | Computer Name = DIRTMCGIRT | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
nvatabus nvraid

Error - 2/23/2010 7:45:58 AM | Computer Name = DIRTMCGIRT | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
nvatabus nvraid

Error - 2/23/2010 12:47:45 PM | Computer Name = DIRTMCGIRT | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
nvatabus nvraid

Error - 2/23/2010 11:08:05 PM | Computer Name = DIRTMCGIRT | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
nvatabus nvraid

Error - 2/24/2010 7:29:20 AM | Computer Name = DIRTMCGIRT | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
nvatabus nvraid


< End of report >

#6 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:03 AM

Posted 24 February 2010 - 07:30 PM

Hello, lisa5.
OK, finally have confirmation the help assistant virus is indeed likely active...among other malware present. Let's get to work!

One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you do decide to proceed, please continue with the fix below.

I see Viewpoint is installed on your machine. Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This changed from what we know in 2006 read this article:

http://www.clickz.com/news/article.php/3561546

I suggest you remove the program now. Go to the Control Panel, then Add or Remove Programs uninstall the following if they exist: Viewpoint, Viewpoint Manager, Viewpoint Media Player.



Step 1

Next, please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop as lisa5CF.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on lisa5CF.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply, along with any symptoms that are present after it runs.



Step 2
  1. Download and save HelpAsst_mebroot_fix.exe to your desktop.
  2. Double-click to run the tool
  3. Please download MBR.EXE by GMER. Save the file in the C:\windows\system32\ folder.
  4. Click Start --> Run type in mbr.exe -f and click OK.
  5. Reboot. (IMPORTANT!)
  6. Open Notepad and copy and paste the text in the codebox below (excluding the word Code) into Notepad.
    CODE
    @echo off
    cd\
    cd windows
    cd system32
    mbr.exe -t
    start mbr.log
  7. Next, select File --> Save As, change file type to All Files (*.*), and save it as fixme.bat in your c:\ folder.
  8. Open your c:\folder and double-click on fixme.bat. A logfile will open (C:\windows\system32\mbr.log). Please paste the contents in your next reply.






Step 3

We need to run Profiles by noahdfear.
  1. Download Profiles and save it to your desktop.
  2. Double-click profiles.exe and post the resulting log into your reply.



Step 4

In your reply, please post:
  • Combofix log from Step 1.
  • Both logs from Step 2.
  • The profiles log from Step 3.
  • A fresh OTL report with the customs scans as before in this post.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#7 lisa5

lisa5
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:08:03 AM

Posted 25 February 2010 - 09:30 AM

Thanks again for the help I think I got everthing right below is all the logs that came up


Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
kernel: MBR read successfully
user & kernel MBR OK
copy of MBR has been found in sector 0x012A050FC
malicious code @ sector 0x012A050FF !
PE file found in sector at 0x012A05115 !


Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
kernel: MBR read successfully
user & kernel MBR OK
copy of MBR has been found in sector 0x012A050FC
malicious code @ sector 0x012A050FF !
PE file found in sector at 0x012A05115 !




HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
DefaultUserProfile REG_SZ Default User
AllUsersProfile REG_SZ All Users

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18
ProfileImagePath REG_EXPAND_SZ %systemroot%\system32\config\systemprofile

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\LocalService

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\NetworkService

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3923066532-3476145575-110521125-1006
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\Dominic

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3923066532-3476145575-110521125-1007
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\Lisa

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3923066532-3476145575-110521125-1008
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\Josahua

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3923066532-3476145575-110521125-1009
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\Myranda

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3923066532-3476145575-110521125-1010
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\HelpAssistant.DIRTMCGIRT

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3923066532-3476145575-110521125-1011
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\HelpAssistant.DIRTMCGIRT.000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3923066532-3476145575-110521125-1012
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\HelpAssistant.DIRTMCGIRT.001

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3923066532-3476145575-110521125-1013
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\HelpAssistant.DIRTMCGIRT.002

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3923066532-3476145575-110521125-1014
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\HelpAssistant.DIRTMCGIRT.003

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3923066532-3476145575-110521125-1015
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\HelpAssistant.DIRTMCGIRT.004

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3923066532-3476145575-110521125-1016
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\HelpAssistant.DIRTMCGIRT.005

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3923066532-3476145575-110521125-1017
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\HelpAssistant.DIRTMCGIRT.006

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3923066532-3476145575-110521125-1018
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\HelpAssistant.DIRTMCGIRT.007

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3923066532-3476145575-110521125-1019
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\HelpAssistant.DIRTMCGIRT.008

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3923066532-3476145575-110521125-1020
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\HelpAssistant.DIRTMCGIRT.009

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3923066532-3476145575-110521125-1021
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\HelpAssistant.DIRTMCGIRT.010

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3923066532-3476145575-110521125-1022
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\HelpAssistant.DIRTMCGIRT.011

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3923066532-3476145575-110521125-1023
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\HelpAssistant.DIRTMCGIRT.012

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3923066532-3476145575-110521125-500
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\Administrator

SystemRoot REG_SZ C:\WINDOWS







OTL logfile created on: 2/25/2010 8:38:18 AM - Run 2
OTL by OldTimer - Version 3.1.30.1 Folder = C:\Documents and Settings\Lisa\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.00 Mb Total Physical Memory | 451.00 Mb Available Physical Memory | 47.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.33 Gb Total Space | 103.33 Gb Free Space | 71.60% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DIRTMCGIRT
Current User Name: Lisa
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/02/23 22:20:07 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lisa\Desktop\OTL.exe
PRC - [2010/01/21 14:12:42 | 000,078,104 | ---- | M] (iWin Inc.) -- C:\Program Files\iWin Games\iWinTrusted.exe
PRC - [2009/12/12 08:06:37 | 002,043,160 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2009/10/11 04:17:35 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/08/26 07:21:16 | 000,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/08/26 07:21:15 | 000,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2009/08/26 07:21:12 | 000,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2009/08/26 07:21:11 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
PRC - [2009/08/26 07:21:03 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2009/07/01 23:12:46 | 000,623,960 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
PRC - [2009/05/21 09:55:32 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2008/08/13 17:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/05/10 06:15:28 | 000,282,624 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
PRC - [2008/04/13 19:12:41 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/19 20:16:29 | 001,247,600 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2007/06/18 14:10:32 | 000,271,360 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
PRC - [2007/06/15 15:55:00 | 000,300,544 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2007/05/04 05:19:15 | 000,160,832 | ---- | M] (Siber Systems) -- C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2006/08/28 22:57:12 | 000,395,776 | ---- | M] (Gteko Ltd.) -- C:\Program Files\Dell Support\DSAgnt.exe
PRC - [2006/08/23 20:12:44 | 000,155,715 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2006/08/15 11:00:20 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2006/07/25 18:03:42 | 000,100,032 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2005/10/05 04:12:00 | 000,094,208 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe
PRC - [2004/04/07 13:07:32 | 001,135,728 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
PRC - [2003/10/29 03:06:00 | 000,024,576 | R--- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2003/09/16 05:19:24 | 000,237,568 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PRC - [2003/08/04 17:28:18 | 000,049,152 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\hpwuSchd.exe
PRC - [1999/12/12 12:01:00 | 000,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTSVCCDA.EXE


========== Modules (SafeList) ==========

MOD - [2010/02/23 22:20:07 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lisa\Desktop\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - [2010/01/21 14:12:42 | 000,078,104 | ---- | M] (iWin Inc.) [Auto | Running] -- C:\Program Files\iWin Games\iWinTrusted.exe -- (iWinTrusted)
SRV - [2009/10/11 04:17:35 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/08/26 07:21:11 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc)
SRV - [2009/08/26 07:21:03 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2008/08/13 17:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2007/09/19 20:16:29 | 001,247,600 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2007/06/15 15:55:00 | 000,300,544 | ---- | M] (Nokia.) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2006/08/23 20:12:44 | 000,155,715 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2006/07/25 18:03:42 | 002,119,360 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate)
SRV - [2006/07/25 18:03:42 | 000,100,032 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2004/10/22 03:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/04/07 13:07:32 | 001,135,728 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS)
SRV - [2004/01/05 02:30:14 | 000,065,795 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\hpzipm12.exe -- (Pml Driver HPZ12)
SRV - [2003/07/28 13:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [1999/12/12 12:01:00 | 000,044,032 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\WINDOWS\system32\CTSVCCDA.EXE -- (Creative Service for CDROM Access)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirec...amp;gc=1&q=


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3923066532-3476145575-110521125-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com/
IE - HKU\S-1-5-21-3923066532-3476145575-110521125-1007\S-1-5-21-3923066532-3476145575-110521125-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2008/05/11 11:52:15 | 000,000,734 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems)
O3 - HKU\S-1-5-21-3923066532-3476145575-110521125-1007\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\S-1-5-21-3923066532-3476145575-110521125-1007\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [ISUSPM Startup] c:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe (Nokia)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKU\.DEFAULT..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.)
O4 - HKU\S-1-5-18..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.)
O4 - HKU\S-1-5-21-3923066532-3476145575-110521125-1007..\Run: [DellSupport] C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\S-1-5-21-3923066532-3476145575-110521125-1007..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKU\S-1-5-21-3923066532-3476145575-110521125-1007..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (Macrovision Corporation)
O4 - HKU\S-1-5-21-3923066532-3476145575-110521125-1007..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKU\S-1-5-21-3923066532-3476145575-110521125-1007..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated)
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe (Research In Motion Limited)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3923066532-3476145575-110521125-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3923066532-3476145575-110521125-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-3923066532-3476145575-110521125-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-3923066532-3476145575-110521125-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3923066532-3476145575-110521125-1007_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-3923066532-3476145575-110521125-1007\..Trusted Domains: pogo.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-3923066532-3476145575-110521125-1007\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} http://www.worldwinner.com/games/v47/scrab...rabblecubes.cab (ScrabbleCubes Control)
O16 - DPF: {038E2507-7A48-41E2-94AD-7F23D199AF4E} http://www.worldwinner.com/games/v54/zengems/zengems.cab (ZenGems Control)
O16 - DPF: {04063354-A10E-4427-A1EC-F3CC81587BC6} http://www.worldwinner.com/games/v41/mines/mines.cab (Mines Control)
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab (MSN Games – Matchmaking)
O16 - DPF: {0B195D55-0AB4-48C7-828F-34BE10BA4266} http://www.worldwinner.com/games/v53/dealo...ealornodeal.cab (DealOrNoDeal Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {18C3FD15-74F6-4280-9C98-3590C966B7B8} http://www.worldwinner.com/games/v47/skillgam/skillgam.cab (SkillGam Control)
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} http://www.worldwinner.com/games/v47/share...GamesLoader.cab (FunGamesLoader Object)
O16 - DPF: {1D082E71-DF20-4AAF-863B-596428C49874} http://www.worldwinner.com/games/v50/tpir/tpir.cab (TPIR Control)
O16 - DPF: {2C153C75-8476-434B-B3C3-57B63A3D1939} http://www.worldwinner.com/games/v48/brickout/brickout.cab (Brickout Control)
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} http://www.pogo.com/cdl/launcher/PogoWebLa...erInstaller.CAB (PogoWebLauncher Control)
O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} http://www.worldwinner.com/games/v50/pool/pool.cab (Pool Control)
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab (MSN Games – Buddy Invite)
O16 - DPF: {3D3DBC64-0D21-4EA4-94EE-86D6D9B31C0C} http://www.worldwinner.com/games/v45/moneylist/moneylist.cab (MoneyList Control)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www2.snapfish.com/SnapfishActivia.cab (Snapfish Activia)
O16 - DPF: {41D1977F-4161-4720-800F-EA4903983A38} http://www.worldwinner.com/games/v43/jigsaw/jigsaw.cab (Jigsaw Genius Control)
O16 - DPF: {42FDC231-A411-45F8-B8B6-3B5026111DA8} http://www.worldwinner.com/games/v47/solit...litairerush.cab (SolitaireRush Control)
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab (MSN Games – Game Chat)
O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} http://www.worldwinner.com/games/v63/bjattack/bja.cab (BJA Control)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase1140.cab (Windows Live Safety Center Base Module)
O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} http://www.worldwinner.com/games/v51/bejeweled/bejeweled.cab (Bejeweled Control)
O16 - DPF: {61900274-3323-4446-BDCD-91548D32AF1B} http://www.worldwinner.com/games/v56/spide...ersolitaire.cab (SpiderSolitaire Control)
O16 - DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} http://www.worldwinner.com/games/v49/blockwerx/blockwerx.cab (Blockwerx Control)
O16 - DPF: {64CD313F-F079-4D93-959F-4D28B5519449} http://www.worldwinner.com/games/v56/jeopardy/jeopardy.cab (Jeopardy Control)
O16 - DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} http://www.worldwinner.com/games/v41/freecell/freecell.cab (FreeCell Control)
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} https://www.taxsimple.org/tsweb/msrdp.cab (Microsoft RDP Client Control (redist))
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} http://zone.msn.com/bingame/amun/default/mjolauncher.cab (MJLauncherCtrl Class)
O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} http://zone.msn.com/bingame/zpagames/GAME_UNO1.cab60096.cab (UnoCtrl Class)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinner.com/games/shared/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FA2192F-B95D-40E3-898F-8D7ABB8E00D0} http://clubgames.pogo.com/online2/pogop/ma...mesLauncher.cab (SpinTop Games Launcher)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} http://www.worldwinner.com/games/v46/wordmojo/wordmojo.cab (WordMojo Control)
O16 - DPF: {95A311CD-EC8E-452A-BCEC-B844EB616D03} http://www.worldwinner.com/games/v51/bejew...eweledtwist.cab (BejeweledTwist Control)
O16 - DPF: {97438FE9-D361-4279-BA82-98CC0877A717} http://www.worldwinner.com/games/v57/cubis/cubis.cab (Cubis Control)
O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} http://www.worldwinner.com/games/v46/sol/sol.cab (Sol Control)
O16 - DPF: {A021A215-6CDC-44B4-8C16-90491CED9605} http://www.worldwinner.com/games/v68/clue/clue.cab (Clue Control)
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} http://www.worldwinner.com/games/v57/wof/wof.cab (WoF Control)
O16 - DPF: {A91FB93D-7561-4524-8484-5C27C8FA8D42} http://www.worldwinner.com/games/v50/luxor/luxor.cab (WwLuxor Control)
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} http://www.worldwinner.com/games/v67/swapit/swapit.cab (SwapIt Control)
O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} http://www.worldwinner.com/games/v41/hangman/hangman.cab (Hangman Control)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/...k.cab102118.cab (MSN Games - Installer)
O16 - DPF: {BA35B9B8-DE9E-47C9-AFA7-3C77E3DDFD39} http://www.worldwinner.com/games/v46/monopoly/monopoly.cab (Monopoly Control)
O16 - DPF: {BA94245D-2AA0-4953-9D9F-B0EE4CC02C43} http://www.worldwinner.com/games/v42/tilecity/tilecity.cab (Tilecity Control)
O16 - DPF: {BB637307-92FA-47EC-B3F7-6969078673CC} http://www.worldwinner.com/games/v45/royal/royal.cab (Royal Control)
O16 - DPF: {BCF9A64D-1440-4404-863C-F5DF2B99F798} http://zone.msn.com/bingame/zpagames/zpa_catan.cab55579.cab (MSN Games - Catan Online)
O16 - DPF: {C5326A4D-E9AA-40AD-A09A-E74304D86B47} http://www.worldwinner.com/games/v52/dinerdash/dinerdash.cab (DinerDash Control)
O16 - DPF: {C82BB209-F528-46F9-96D5-69DEF7260916} http://www.worldwinner.com/games/v45/mysterypi/mysterypi.cab (MysteryPI Control)
O16 - DPF: {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} http://www.worldwinner.com/games/v43/paint/paint.cab (Paint Control)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} http://www.worldwinner.com/games/v47/famil.../familyfeud.cab (FamilyFeud Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} http://download.games.yahoo.com/games/web_...outLauncher.cab (SproutLauncherCtrl Class)
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} http://zone.msn.com/bingame/cnma/default/ct.cab (TikGames Online Control)
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} http://zone.msn.com/binframework/v10/StProxy.cab55579.cab (MSN Games – Game Communicator)
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} http://zone.msn.com/bingame/dash/default/D...sh.1.0.0.94.cab (CPlayFirstDinerDashControl Object)
O16 - DPF: {E12EB891-D000-421B-A8ED-EDE1BDCA14A0} http://www.worldwinner.com/games/v44/golfsol/golfsol.cab (GolfSol Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} http://www.worldwinner.com/games/v47/wwspades/wwspades.cab (WWSpades Control)
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} http://zone.msn.com/bingame/zpagames/ZPA_B...on.cab64162.cab (MSN Games – Backgammon)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.66.208.2 208.66.208.3
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\Lisa\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Lisa\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 05:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2005/08/16 05:22:48 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpReg: ISUSPM - hkey= - key= - C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (Macrovision Corporation)
MsConfig - StartUpReg: ISUSScheduler - hkey= - key= - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
MsConfig - StartUpReg: nwiz - hkey= - key= - File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {1BC46932-21B2-4130-86E0-B4EB4F7A7A7B} - Microsoft .NET Framework 1.0 Hotfix (KB887998)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.3
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.3
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {407408d4-94ed-4d86-ab69-a7f649d112ee} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {BDE0FA43-6952-4BA8-8C58-09AF690F88E1} - Microsoft .NET Framework 1.0 Hotfix (KB930494)
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E8EA5BD6-D931-4001-ABF6-81BAA500360A} - Microsoft .NET Framework 1.0 Hotfix (KB953295)
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EA29D410-CE41-4953-A862-2DE706A1DAD7} - Microsoft .NET Framework 1.0 Service Pack 3
ActiveX: {FDC11A6F-17D1-48f9-9EA3-9051954BAA24} - .NET Framework
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: KB910393 - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\EasyCDBlock.inf,PerUserInstall

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.LEAD - LCODCCMP.DLL File not found
Drivers32: wave - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16891891626803200)

========== Files/Folders - Created Within 14 Days ==========

[2010/02/25 08:37:32 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/02/25 07:04:46 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/02/25 07:01:18 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/02/25 07:01:18 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/02/25 07:01:18 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/02/25 07:01:18 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/02/25 07:01:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/02/25 07:01:01 | 000,000,000 | ---D | C] -- C:\lisa5CF
[2010/02/25 07:00:08 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/02/23 22:20:05 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Lisa\Desktop\OTL.exe
[2010/02/22 21:20:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lisa\Desktop\RootRepeal
[2010/02/20 13:33:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lisa\Desktop\gmer
[2010/02/19 08:32:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lisa\Application Data\Quirky Games
[2010/02/13 20:55:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2010/02/12 18:52:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/02/12 17:38:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Research In Motion
[2010/02/12 17:38:22 | 000,000,000 | ---D | C] -- C:\Program Files\Research In Motion
[2010/02/12 15:54:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Roxio
[2008/05/11 16:31:36 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2008/05/11 16:31:36 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2008/05/11 16:31:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2008/05/11 16:31:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/02/25 08:35:55 | 000,147,832 | ---- | M] () -- C:\Documents and Settings\Lisa\Desktop\profiles.exe
[2010/02/25 08:34:37 | 000,000,066 | ---- | M] () -- C:\fixme.bat
[2010/02/25 08:30:44 | 056,241,522 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/02/25 08:30:11 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/25 08:29:57 | 000,000,256 | ---- | M] () -- C:\WINDOWS\System32\pool.bin
[2010/02/25 08:28:15 | 000,081,191 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/02/25 08:27:56 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/25 08:27:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/25 08:27:44 | 1005,047,808 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/25 08:26:56 | 004,194,304 | -H-- | M] () -- C:\Documents and Settings\Lisa\NTUSER.DAT
[2010/02/25 08:26:30 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Lisa\ntuser.ini
[2010/02/25 08:25:02 | 000,077,312 | ---- | M] () -- C:\WINDOWS\System32\mbr.exe
[2010/02/25 08:18:26 | 000,412,056 | ---- | M] () -- C:\Documents and Settings\Lisa\Desktop\HelpAsst_mebroot_fix.exe
[2010/02/25 07:56:31 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/02/25 07:04:56 | 000,000,279 | RHS- | M] () -- C:\boot.ini
[2010/02/25 06:55:29 | 003,872,167 | R--- | M] () -- C:\Documents and Settings\Lisa\Desktop\lisa5CF.exe
[2010/02/25 06:35:02 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/02/23 22:20:07 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lisa\Desktop\OTL.exe
[2010/02/22 21:25:51 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Lisa\Desktop\settings.dat
[2010/02/22 21:25:01 | 000,464,491 | ---- | M] () -- C:\Documents and Settings\Lisa\Desktop\RootRepeal.zip
[2010/02/21 12:55:27 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/02/20 13:33:01 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Lisa\Desktop\gmer.zip
[2010/02/20 13:26:29 | 000,524,288 | ---- | M] () -- C:\Documents and Settings\Lisa\Desktop\dds.scr
[2010/02/20 13:22:57 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Lisa\defogger_reenable
[2010/02/15 15:41:05 | 001,583,464 | -H-- | M] () -- C:\Documents and Settings\Lisa\Local Settings\Application Data\IconCache.db
[2010/02/13 20:55:40 | 000,000,901 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\BlackBerry Media Sync.lnk
[2010/02/12 19:25:20 | 000,000,973 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/02/12 19:25:20 | 000,000,209 | ---- | M] () -- C:\Boot.bak
[2010/02/12 18:04:59 | 000,001,741 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Desktop Manager.lnk
[2010/02/12 18:04:59 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Desktop Manager.lnk
[2010/02/12 17:16:55 | 000,273,376 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/25 08:35:55 | 000,147,832 | ---- | C] () -- C:\Documents and Settings\Lisa\Desktop\profiles.exe
[2010/02/25 08:34:37 | 000,000,066 | ---- | C] () -- C:\fixme.bat
[2010/02/25 08:25:02 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\mbr.exe
[2010/02/25 08:18:24 | 000,412,056 | ---- | C] () -- C:\Documents and Settings\Lisa\Desktop\HelpAsst_mebroot_fix.exe
[2010/02/25 07:04:56 | 000,000,209 | ---- | C] () -- C:\Boot.bak
[2010/02/25 07:04:49 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/02/25 07:01:18 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/02/25 07:01:18 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/02/25 07:01:18 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/02/25 07:01:18 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/02/25 07:01:18 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/02/25 06:55:31 | 003,872,167 | R--- | C] () -- C:\Documents and Settings\Lisa\Desktop\lisa5CF.exe
[2010/02/24 06:27:34 | 1005,047,808 | -HS- | C] () -- C:\hiberfil.sys
[2010/02/22 21:27:47 | 000,464,491 | ---- | C] () -- C:\Documents and Settings\Lisa\Desktop\RootRepeal.zip
[2010/02/22 21:25:51 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Lisa\Desktop\settings.dat
[2010/02/20 13:32:58 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Lisa\Desktop\gmer.zip
[2010/02/20 13:26:26 | 000,524,288 | ---- | C] () -- C:\Documents and Settings\Lisa\Desktop\dds.scr
[2010/02/20 13:22:57 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Lisa\defogger_reenable
[2010/02/13 20:55:40 | 000,000,901 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\BlackBerry Media Sync.lnk
[2010/02/12 18:04:59 | 000,001,741 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Desktop Manager.lnk
[2010/02/12 18:04:59 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Desktop Manager.lnk
[2009/10/16 05:23:58 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/02/03 19:20:58 | 000,000,051 | ---- | C] () -- C:\WINDOWS\iTouch.ini
[2008/05/12 06:16:57 | 000,083,008 | ---- | C] () -- C:\WINDOWS\System32\iehcptca.dll
[2008/05/12 05:55:37 | 000,083,008 | ---- | C] () -- C:\WINDOWS\System32\bmfyfdva.dll
[2008/05/11 17:48:30 | 000,083,024 | ---- | C] () -- C:\WINDOWS\System32\unxqmyjm.dll
[2008/05/06 05:52:39 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Lisa\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/03/25 06:54:47 | 000,000,000 | ---- | C] () -- C:\Program Files\temp01
[2008/02/09 17:24:09 | 000,013,467 | ---- | C] () -- C:\Documents and Settings\Lisa\Application Data\NMM-MetaData.db
[2007/05/09 11:44:30 | 000,001,552 | ---- | C] () -- C:\Documents and Settings\Lisa\Application Data\wklnhst.dat
[2007/04/15 08:38:49 | 000,002,516 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2007/04/15 08:38:49 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\92F4BEDB8D.sys
[2007/03/29 22:00:40 | 000,203,264 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[2007/01/28 15:42:04 | 000,000,774 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2006/12/25 13:44:23 | 000,000,047 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/12/16 17:03:09 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Lisa\Local Settings\Application Data\fusioncache.dat
[2006/12/10 00:38:13 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/12/10 00:31:36 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/12/10 00:27:24 | 000,000,541 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/12/09 23:57:16 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/12/09 23:57:16 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/12/09 23:57:16 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/12/09 23:57:16 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/12/09 23:57:16 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/12/09 23:57:16 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/12/09 23:57:14 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/12/09 23:57:02 | 000,000,394 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/10 09:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/16 05:37:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/05 15:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/01/05 02:30:18 | 000,565,248 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2008/03/11 07:16:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\3 Blokes Studios
[2008/03/30 07:59:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Astar Games
[2009/02/04 12:22:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2009/11/05 08:36:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\blg
[2009/06/06 06:21:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\cupcakecafe
[2009/08/04 03:17:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Escape From Paradise
[2009/04/27 07:26:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy-PizzaParty
[2009/02/12 07:56:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy2
[2009/09/17 12:33:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy3
[2010/01/14 13:28:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy3_America
[2008/06/30 06:41:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreshGames
[2009/02/17 08:36:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fugazo
[2007/05/11 11:17:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FunGames
[2009/06/24 11:01:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse
[2008/04/11 14:00:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Go Go Gourmet
[2009/07/30 02:05:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GoBit Games
[2007/11/24 08:52:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gogii
[2009/06/12 08:27:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gogii Games
[2009/09/19 06:34:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HipSoft
[2009/01/01 08:29:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hot Lava Games
[2009/05/11 07:34:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2009/11/24 09:01:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Islands
[2009/08/09 05:45:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin
[2008/12/31 09:48:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Iwin Ashtons Family Resort
[2009/02/04 05:19:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin Games
[2007/05/01 07:44:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JollyBear
[2010/01/01 06:52:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kristanix Games
[2007/09/17 11:11:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Leapfrog
[2009/07/19 07:40:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lifetime
[2008/06/25 06:51:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ludia
[2009/06/02 09:46:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Mean Hamster
[2007/11/24 13:32:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2007/04/04 08:49:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9
[2008/12/05 08:42:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NevoSoft Games
[2009/05/11 07:39:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia
[2008/09/17 07:35:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oberon Games
[2007/09/06 11:08:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2009/09/16 07:30:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2007/09/22 13:59:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2008/12/11 11:17:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Questtracers
[2010/02/13 20:55:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2009/12/09 08:35:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\rionix
[2007/05/04 05:20:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2009/10/21 05:06:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2007/11/23 14:33:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpinTop Games
[2009/02/10 09:41:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SugarGames
[2009/10/21 11:14:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SuperRanch
[2008/01/31 16:24:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2010/02/19 08:30:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/01/25 09:39:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TheRace_dev
[2010/01/11 11:00:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UClick
[2008/01/12 11:04:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Valusoft
[2010/02/25 06:47:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/11/23 17:01:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VirtualFarm
[2009/08/14 12:59:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildWestQuest2
[2009/09/29 07:28:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\XLab
[2008/05/12 06:21:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YAHOO
[2007/08/28 12:24:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2009/02/11 13:03:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dominic\Application Data\Azureus
[2007/01/20 19:25:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dominic\Application Data\Leadertech
[2008/04/16 20:15:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dominic\Application Data\LimeWire
[2007/10/27 11:07:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dominic\Application Data\Nokia
[2008/07/29 21:41:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dominic\Application Data\Nokia Multimedia Player
[2008/05/09 22:23:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dominic\Application Data\PC Suite
[2008/09/19 15:08:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dominic\Application Data\PlayFirst
[2010/01/31 20:00:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dominic\Application Data\Research In Motion
[2008/08/25 15:29:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dominic\Application Data\Skinux
[2007/09/06 13:26:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dominic\Application Data\Template
[2007/07/08 13:59:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dominic\Application Data\Viewpoint
[2007/05/29 05:31:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josahua\Application Data\Leadertech
[2008/11/03 12:41:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josahua\Application Data\Nokia
[2008/01/04 14:53:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josahua\Application Data\Nokia Multimedia Player
[2007/11/26 15:18:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josahua\Application Data\PC Suite
[2009/03/25 13:34:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josahua\Application Data\PlayFirst
[2010/02/13 20:55:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josahua\Application Data\Research In Motion
[2008/01/20 18:45:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josahua\Application Data\SecondLife
[2008/08/25 11:09:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josahua\Application Data\Skinux
[2008/10/08 12:09:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josahua\Application Data\Viewpoint
[2007/11/22 07:28:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\Abra Academy2
[2008/07/19 07:52:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\Alawar
[2008/10/13 07:30:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\AlterLab
[2008/07/22 05:45:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\Amaranth Games
[2008/09/05 07:22:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\BeachPartyCraze
[2009/04/25 11:40:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\Big Fish Games
[2009/12/31 13:58:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\BlamGames
[2009/11/05 08:36:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\blg
[2009/09/15 13:37:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\Boolat Games
[2009/02/10 08:40:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\Boomzap
[2009/07/26 17:51:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\Camel101
[2009/06/14 06:35:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\Cat's Eye Games
[2007/02/13 08:16:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\Chicken Chase
[2009/03/07 13:04:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\EleFun Games
[2009/05/31 06:50:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\Enchanted Katya
[2008/08/24 07:14:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\FarmerJane
[2008/11/07 11:14:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\FirstColony
[2009/07/16 05:55:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\Friday's games
[2009/03/12 12:17:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\funkitron
[2009/07/10 06:07:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\Gaijin Ent
[2008/07/30 06:53:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\GameHouse
[2008/12/04 08:26:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\GameInvest
[2008/11/12 08:28:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\Gamelab
[2009/11/04 11:26:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\GamesCafe
[2008/08/27 08:12:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\Go-Go Gourmet Chef of the Year
[2009/06/12 08:27:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\Gogii Games
[2009/06/12 07:36:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\GOL_byHasbro
[2007/12/16 11:34:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\Home Sweet Home
[2009/06/01 07:54:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\HuruBeachParty
[2008/05/28 07:13:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\ITTNord
[2009/08/09 05:45:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\iWin
[2009/07/10 03:53:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\Iwin Ashtons Family Resort
[2009/07/18 05:57:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\Iwin JanesZOO
[2007/12/19 08:59:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\iWinArcade
[2008/08/31 06:26:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\iWin_DressUpRush
[2009/02/19 06:50:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\iWin_JanesRealty
[2008/08/23 05:02:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\IWin_Janes_Realty
[2007/09/25 09:29:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\Jane s Hotel
[2009/07/31 06:17:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\Jane s Hotel Family Hero
[2009/08/14 06:08:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\Jetsetter
[2006/12/16 17:25:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\Leadertech
[2008/06/25 06:51:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\Ludia
[2007/03/21 08:09:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\Magic Academy
[2008/02/17 06:33:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\Magic Seeds
[2009/06/02 09:46:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\Mean Hamster
[2009/07/20 07:12:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\Meridian93
[2007/07/18 06:00:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\My Games
[2008/11/25 07:47:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\MysteryStudio
[2008/05/08 08:03:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\Nokia
[2008/02/11 17:52:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\Nokia Multimedia Player
[2008/09/17 07:35:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\Oberon Games
[2007/05/31 09:26:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\Ohana Games
[2007/09/06 13:38:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\PC Suite
[2009/07/26 06:38:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\Peace Craft
[2008/10/24 07:29:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\PetShowCraze
[2010/01/15 06:44:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\Pi Eye Games
[2009/08/14 07:19:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\Pirateville
[2009/10/21 07:27:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\PlayFirst
[2009/02/09 16:38:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\Playrix Entertainment
[2008/11/29 07:59:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\Pogo Games
[2009/12/25 09:18:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\Purple Patch Games
[2010/02/19 08:32:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\Quirky Games
[2010/01/15 17:36:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\Research In Motion
[2009/01/25 07:45:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\Restorer
[2009/11/29 05:36:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\RobinsonCrusoeIW
[2007/06/20 09:24:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\Sandlot Games
[2008/01/01 08:45:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\SecondLife
[2009/06/04 05:25:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\Shape games
[2008/08/25 05:58:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\Skinux
[2008/04/11 13:11:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\Snapfish
[2008/03/11 17:08:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\SprillBermudeEng
[2009/09/29 07:45:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\Sudden Games LLC
[2009/01/09 08:34:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\SulusGames
[2007/12/03 10:38:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\Teggo
[2007/05/09 11:44:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\Template
[2010/01/15 05:55:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\TheFixerUpper
[2010/01/10 12:54:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\Twintale Entertainment
[2010/01/11 11:00:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\UClick
[2008/01/12 11:04:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\Valusoft
[2007/05/23 18:15:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\Viewpoint
[2008/07/01 04:26:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\ViquaSoft
[2009/12/08 09:27:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\YoudaGames
[2007/01/19 08:59:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Myranda\Application Data\Leadertech
[2007/09/06 16:37:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Myranda\Application Data\PC Suite
[2008/08/02 21:23:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Myranda\Application Data\PlayFirst
[2010/01/16 00:56:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Myranda\Application Data\Research In Motion
[2008/08/25 18:54:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Myranda\Application Data\Skinux

========== Purity Check ==========



========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[2008/04/13 19:11:51 | 001,267,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\comsvcs.dll
[2009/03/08 03:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009/03/08 03:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[6 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/10 06:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys
[2004/08/10 06:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/11/09 08:12:31 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/11/09 08:12:31 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\i386\AGP440.SYS
[2004/08/04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/10 06:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2004/08/10 06:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/11/09 08:12:31 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/11/09 08:12:31 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\i386\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/10 06:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\i386\eventlog.dll
[2004/08/10 06:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/10 06:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\i386\netlogon.dll
[2004/08/10 06:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: NVATABUS.SYS >
[2006/08/05 15:00:40 | 000,105,344 | ---- | M] (NVIDIA Corporation) MD5=75562456AA672BB5FE56D3C64C6D1C7D -- C:\drivers\storage\r133282\nvatabus.sys
[2006/08/05 15:00:40 | 000,105,344 | ---- | M] (NVIDIA Corporation) MD5=75562456AA672BB5FE56D3C64C6D1C7D -- C:\i386\nvatabus.sys
[2006/08/05 15:00:40 | 000,105,344 | ---- | M] (NVIDIA Corporation) MD5=75562456AA672BB5FE56D3C64C6D1C7D -- C:\WINDOWS\system32\drivers\nvatabus.sys

< MD5 for: SCECLI.DLL >
[2004/08/10 06:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\i386\scecli.dll
[2004/08/10 06:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DE77CFA8
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7377F1F0
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:47417312
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:30261F39
@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5D2A2F0A
@Alternate Data Stream - 97 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C3B5FCD5
@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AA004D25
@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:98AE08EA
@Alternate Data Stream - 221 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FF9C44FE
@Alternate Data Stream - 218 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1B9E79B3
@Alternate Data Stream - 217 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D31BE97C
@Alternate Data Stream - 211 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0FEE2B
@Alternate Data Stream - 211 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:80B291A7
@Alternate Data Stream - 210 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:453190EC
@Alternate Data Stream - 207 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D2A5A561
@Alternate Data Stream - 200 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:70E897B5
@Alternate Data Stream - 197 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:260575F1
@Alternate Data Stream - 195 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BE7C4A02
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E031F3E0
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D667795F
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:75C2528D
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:71D079CF
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2974B0EE
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AA341DB1
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A636021B
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:81F54BD5
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:72739815
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EB79041A
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AF2F4B57
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0FEBD921
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9CAC5FE6
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8CD95DE0
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C5DF7C58
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9F222B60
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D8F9D810
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7198E1D2
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:16EC8A23
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EBB0F1B8
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C04C48D4
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:80D975A5
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:600AE553
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CA3AE363
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C901CAC2
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B0CCE303
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7318DDBB
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:891DBAFE
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:03460648
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FDFD169D
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C76BA037
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B9B2111D
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4001342B
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:15E80018
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9B7E8561
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3DBE30A1
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5EB551C8
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E21D3CA0
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B8AA1353
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:980E793B
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:588B60C7
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D3EC24B3
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C8E29393
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:38D7EDFD
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1A15C0AF
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C3CB23B4
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9D6A0800
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:698B483C
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5313B881
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4BD41AB7
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:31F2397C
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:257AC7F8
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1F0F3115
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1AC0C8F5
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:175A5CD9
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:09B77012
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C058FCE5
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:95C6C67C
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6DA18708
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:64D6413B
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07A0D262
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FFBCBDB7
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F6C4647E
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8BCF4DE2
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8643C5BE
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:15769D8A
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E7B6FAF9
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D30E46DD
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B0FAC520
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A65DC98A
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7E22C00F
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2AB14A6F
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2A2493EF
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:294A5F28
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:28616E30
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:03C75FD1
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1713795
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D09AEE3D
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8B51CAAE
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:737EACFF
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6E1F359F
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5635DE41
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:53384F1D
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:51EFAA18
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:434C6E35
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:353FE71F
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:353B2FF9
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:331DC9FF
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:12796943
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D8669B93
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CE3C36B2
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B6DD2C7E
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:831F2C78
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:78B923B2
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6A4D7243
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:65756BF8
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:25BA2318
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1841A803
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B3EC7D1
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AED4FFF5
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:949483BD
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:887EAE14
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:77CF9481
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5FC8527A
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4FBA7D5F
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4E2EA264
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4C49306C
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:22C51F97
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0EECBA6F
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E0290D16
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DC2110AD
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CE480C3E
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:87638BB9
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7B403ABD
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:554C6431
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2AF596C6
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D8DB81DC
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D5DFA607
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AC9D1415
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:99B66030
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8AC21D46
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8543BABC
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7CC608E0
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4F636E25
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:43E95997
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:09D6487A
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05E95A33
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B203B914
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A1CD17F9
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C8FE79B
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5854B349
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4E6B8D68
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4A463A25
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:42F46912
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:13E7A9FC
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0F55D468
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F7A93447
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F43B7E8F
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E46A89F4
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C7B98566
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BF1E33F2
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BDCD8531
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9F2B366E
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:99963C1E
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7867C00C
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:530B6B9E
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:385BC52C
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:24641E0D
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E80EB80C
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B243260B
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AA60673F
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8CCDAB14
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:89C2A42C
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7807E31A
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:081F773D
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FF333535
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F4F720BA
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E11ABA64
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ADE16379
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A6346EE9
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9485E512
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8DD623B3
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7B212553
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:18897B1D
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FFA87584
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EA701346
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E27E39D4
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:925FD91A
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7B8643BF
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:748520A2
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:63DBE157
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:56C17A93
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4CF61E54
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FEEEFFAD
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ADD788AD
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8CF19C1B
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:340E7CCA
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FE53E4F7
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EB3AF287
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BBE07C18
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AEC895D8
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8EEDCEA2
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:706B1B92
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:649ABDC5
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1B565D04
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D3306355
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6F54246A
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E0C8C69E
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7F835A58
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6BF0805F
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5BB2BD38
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:54272E15
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:38FFC456
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:376AEA88
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CE87230
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C90C4DBA
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:33AFD01D
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0A6D6CB4
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CDCE26D3
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:93CEB973
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:81653DC8
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:567FC9C2
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E868CDC2
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E1982A23
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9E3E060F
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:59D05D9A
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CE6885F1
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6520B0F3
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A1693604
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AA37E770
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:957E9765
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3E06C78F
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D7DA89B1
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1195DB2
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9AB56A06
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:94F67F32
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:451F9341
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:439E3411
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4072646B
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3857ABB7
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0860D6D6
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:89C6F032
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6BD304B9
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:68F81F4B
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:44688298
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9EF92A1A
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:69FD6BF0
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:429EC15A
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:33611CFB
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:592D7272
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:538B96B5
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DA50D64F
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D630D1F5
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:34B7238D
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:32BD974D
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:241FA548
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EF71CAB5
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:877DEA57
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:75E82066
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E412AAF2
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BCFEBC21
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3EA10C5C
< End of report >









Attached Files

  • Attached File  log.txt   24.59KB   9 downloads


#8 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:03 AM

Posted 25 February 2010 - 09:37 PM

Hello, lisa5.
OK...we're making progress, I think. Time to get rid of Help Assistant leftovers...then we'll deal with the other infections present.



Step 1

Install ERUNT
This tool will create a complete backup of your registry. After every reboot, a new backup is created to ensure we have a safety net after each step. Do not delete these backups until we are finished.
  • Please download erunt-setup.exe to your desktop.
  • Double click erunt-setup.exe. Follow the prompts and allow ERUNT to be installed with the settings at default. If you do not want a Desktop icon, feel free to uncheck that. When asked if you want to create an ERUNT entry in the startup folder, answer Yes. You can delete the installation file after use.
  • Erunt will open when the installation is finished. Check all items to be backed up in the default location and click OK.

You can find a complete guide to using the program here:
http://www.larshederer.homepage.t-online.de/erunt/erunt.txt

When we are finished with fixing your computer (I will make it clear when we are), you can uninstall ERUNT through Add/Remove Programs. The backups will be stored at C:\WINDOWS\erdnt, and will not be deleted when ERUNT is uninstalled.



Step 2
  1. Please open Notepad.
  2. Copy and paste the text in the box below into Notepad, excluding the word code.
    CODE
    @ECHO OFF
    reg delete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3923066532-3476145575-110521125-1010" /f
    reg delete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3923066532-3476145575-110521125-1011" /f
    reg delete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3923066532-3476145575-110521125-1012" /f
    reg delete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3923066532-3476145575-110521125-1013" /f
    reg delete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3923066532-3476145575-110521125-1014" /f
    reg delete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3923066532-3476145575-110521125-1015" /f
    reg delete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3923066532-3476145575-110521125-1016" /f
    reg delete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3923066532-3476145575-110521125-1017" /f
    reg delete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3923066532-3476145575-110521125-1018" /f
    reg delete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3923066532-3476145575-110521125-1019" /f
    reg delete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3923066532-3476145575-110521125-1020" /f
    reg delete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3923066532-3476145575-110521125-1021" /f
    reg delete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3923066532-3476145575-110521125-1022" /f
    reg delete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3923066532-3476145575-110521125-1023" /f
    attrib -s -h -r C:\docume~\HelpAssistant.DIRTMCGIRT\* /s /d
    del /s/q C:\docume~\HelpAssistant.DIRTMCGIRT\*.*
    rmdir /s/q C:\docume~\HelpAssistant.DIRTMCGIRT
    attrib -s -h -r C:\docume~\HelpAssistant.DIRTMCGIRT.000\* /s /d
    del /s/q C:\docume~\HelpAssistant.DIRTMCGIRT.000\*.*
    rmdir /s/q C:\docume~\HelpAssistant.DIRTMCGIRT.000
    attrib -s -h -r C:\docume~\HelpAssistant.DIRTMCGIRT.001\* /s /d
    del /s/q C:\docume~\HelpAssistant.DIRTMCGIRT.001\*.*
    rmdir /s/q C:\docume~\HelpAssistant.DIRTMCGIRT.001
    attrib -s -h -r C:\docume~\HelpAssistant.DIRTMCGIRT.002\* /s /d
    del /s/q C:\docume~\HelpAssistant.DIRTMCGIRT.002\*.*
    rmdir /s/q C:\docume~\HelpAssistant.DIRTMCGIRT.002
    attrib -s -h -r C:\docume~\HelpAssistant.DIRTMCGIRT.003\* /s /d
    del /s/q C:\docume~\HelpAssistant.DIRTMCGIRT.003\*.*
    rmdir /s/q C:\docume~\HelpAssistant.DIRTMCGIRT.003
    attrib -s -h -r C:\docume~\HelpAssistant.DIRTMCGIRT.004\* /s /d
    del /s/q C:\docume~\HelpAssistant.DIRTMCGIRT.004\*.*
    rmdir /s/q C:\docume~\HelpAssistant.DIRTMCGIRT.004
    attrib -s -h -r C:\docume~\HelpAssistant.DIRTMCGIRT.005\* /s /d
    del /s/q C:\docume~\HelpAssistant.DIRTMCGIRT.005\*.*
    rmdir /s/q C:\docume~\HelpAssistant.DIRTMCGIRT.005
    attrib -s -h -r C:\docume~\HelpAssistant.DIRTMCGIRT.006\* /s /d
    del /s/q C:\docume~\HelpAssistant.DIRTMCGIRT.006\*.*
    rmdir /s/q C:\docume~\HelpAssistant.DIRTMCGIRT.006
    attrib -s -h -r C:\docume~\HelpAssistant.DIRTMCGIRT.007\* /s /d
    del /s/q C:\docume~\HelpAssistant.DIRTMCGIRT.007\*.*
    rmdir /s/q C:\docume~\HelpAssistant.DIRTMCGIRT.007
    attrib -s -h -r C:\docume~\HelpAssistant.DIRTMCGIRT.008\* /s /d
    del /s/q C:\docume~\HelpAssistant.DIRTMCGIRT.008\*.*
    rmdir /s/q C:\docume~\HelpAssistant.DIRTMCGIRT.008
    attrib -s -h -r C:\docume~\HelpAssistant.DIRTMCGIRT.009\* /s /d
    del /s/q C:\docume~\HelpAssistant.DIRTMCGIRT.009\*.*
    rmdir /s/q C:\docume~\HelpAssistant.DIRTMCGIRT.009
    attrib -s -h -r C:\docume~\HelpAssistant.DIRTMCGIRT.010\* /s /d
    del /s/q C:\docume~\HelpAssistant.DIRTMCGIRT.010\*.*
    rmdir /s/q C:\docume~\HelpAssistant.DIRTMCGIRT.010
    attrib -s -h -r C:\docume~\HelpAssistant.DIRTMCGIRT.011\* /s /d
    del /s/q C:\docume~\HelpAssistant.DIRTMCGIRT.011\*.*
    rmdir /s/q C:\docume~\HelpAssistant.DIRTMCGIRT.011
    attrib -s -h -r C:\docume~\HelpAssistant.DIRTMCGIRT.012\* /s /d
    del /s/q C:\docume~\HelpAssistant.DIRTMCGIRT.012\*.*
    rmdir /s/q C:\docume~\HelpAssistant.DIRTMCGIRT.012

    This fix is custom made for this user's computer.
  3. Select File-->Save As
  4. Select File as Type: All Types (*.*)
  5. Save it to your desktop as fixme.bat
  6. Double-click fixme.bat on your desktop to run the fix.
  7. A window will briefly pop up then close.
  8. A log will open, please copy and paste it into your response.



Step 3

We need to run Profiles by noahdfear.
  1. Download Profiles and save it to your desktop.
  2. Double-click profiles.exe and post the resulting log into your reply.



Step 4

Please post the profiles log in your reply. Please also post an updated OTL Log as in this post.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#9 lisa5

lisa5
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:08:03 AM

Posted 25 February 2010 - 10:34 PM

Does step 2 take awhile or is itkinda quick for the log to come up?

#10 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:03 AM

Posted 25 February 2010 - 10:52 PM

old canned speech....no log with that one. sorry to keep you waiting. once the window closes, you're good to go.

Edited by etavares, 25 February 2010 - 10:52 PM.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#11 lisa5

lisa5
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:08:03 AM

Posted 26 February 2010 - 12:09 PM


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
DefaultUserProfile REG_SZ Default User
AllUsersProfile REG_SZ All Users

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18
ProfileImagePath REG_EXPAND_SZ %systemroot%\system32\config\systemprofile

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\LocalService

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\NetworkService

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3923066532-3476145575-110521125-1006
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\Dominic

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3923066532-3476145575-110521125-1007
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\Lisa

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3923066532-3476145575-110521125-1008
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\Josahua

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3923066532-3476145575-110521125-1009
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\Myranda

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3923066532-3476145575-110521125-500
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\Administrator

SystemRoot REG_SZ C:\WINDOWS

Attached Files

  • Attached File  OTL.Txt   194.2KB   2 downloads


#12 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:03 AM

Posted 26 February 2010 - 05:09 PM

Hello, lisa5.
OK, looks like we're purged of Help Assistant profiles....they should not be regenerating. Let me know if you see another pop up. How is everything else running?

Now...we need to get rid of other malware files. The good news is that nothing appears to be active right now. We'll also empty your temp files...make sure you pull anything out of the recycle bin that you may want to keep. There is some suspicious activity in your temp folders and it will also make the virus scan we're going to do quicker since we won't waste time scanning bad files.

If everything looks good after this, we'll close some security holes and clean up our mess.




Step 1

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

QUOTE
File::
c:\windows\system32\fccddecY.dll
c:\windows\system32\lSstCcfe.ini2
c:\windows\system32\ppqAbccf.ini2
c:\windows\system32\sBbISrqr.ini2
c:\windows\system32\SttAyyay.ini2
c:\windows\system32\Yceddccf.ini2
C:\WINDOWS\System32\iehcptca.dll
C:\WINDOWS\System32\bmfyfdva.dll
C:\WINDOWS\System32\unxqmyjm.dll
C:\WINDOWS\System32\bydkqjmq.ini
C:\Documents and Settings\Lisa\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\Program Files\temp01
C:\WINDOWS\System32\CddbCdda.dll
DDS::
BHO: {f0131487-39e4-4b68-b78a-034e545a8627} - c:\windows\system32\fccddecY.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
Reg::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 0


Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.



Step 2

Please download TFC by OldTimer and save it to your desktop.
alternate download link
  • Save any unsaved work. TFC will close ALL open programs including your browser!
  • Double-click on TFC.exe to run it. If you are using Vista or Windows 7, right-click on the file and choose Run As Administrator.
  • Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
  • Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.
Step 3

I'd like us to scan your machine with ESET OnlineScan
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push
Step 4

In your reply, please post:
  • Combofix log from Step 1
  • TFC log from Step 2
  • ESET log from step 3 (if no threats found, just let me know
  • A fresh OTL log after all of the above, just hit the quick scan button
etavares

Edited by etavares, 26 February 2010 - 05:11 PM.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#13 lisa5

lisa5
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:08:03 AM

Posted 26 February 2010 - 09:37 PM

First let me say thank you very much for all your help smile.gif without the help assistant things are alot better. I could not find the TFC log...the others are here.

Attached Files



#14 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:03 AM

Posted 27 February 2010 - 06:38 AM

Hello, lisa5.

Great to hear it's looking better on you rend. Looks like we still have some leftovers. Overall, the ESET scan was not too bad...it showed a lot of quarantined files with MBAM, files we've quarantined ourselves, and leftovers in your system restore points. We'll be clearing system restore and our quarantines at the end. It did show that HelpAssistant folders were still there, so we'll delete them a different way. Finally, there were 2 MP3s that were infected that were removed.

If this looks good, we'll work on closing a few security holes next.

Also, please copy and paste the OTL log directly into your reply. It's formatted for that and it's easier for me to work through it. Thanks!



Step 1

We need run an OTL Script
  1. Please download OTL from one of the following mirrors if you do not still have it.
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Paste the following code under the Custom Scans/Fixes box at the bottom. Do not include the word "Code".
    CODE
    :Files
    C:\Documents and Settings\HelpAssistant.DIRTMCGIRT\
    C:\Documents and Settings\HelpAssistant.DIRTMCGIRT.000\
    C:\Documents and Settings\HelpAssistant.DIRTMCGIRT.001\
    C:\Documents and Settings\HelpAssistant.DIRTMCGIRT.002\
    C:\Documents and Settings\HelpAssistant.DIRTMCGIRT.003\
    C:\Documents and Settings\HelpAssistant.DIRTMCGIRT.004\
    C:\Documents and Settings\HelpAssistant.DIRTMCGIRT.005\
    C:\Documents and Settings\HelpAssistant.DIRTMCGIRT.006\
    C:\Documents and Settings\HelpAssistant.DIRTMCGIRT.007\
    C:\Documents and Settings\HelpAssistant.DIRTMCGIRT.008\
    C:\Documents and Settings\HelpAssistant.DIRTMCGIRT.009\
    C:\Documents and Settings\HelpAssistant.DIRTMCGIRT.010\
    C:\Documents and Settings\HelpAssistant.DIRTMCGIRT.011\
    C:\Documents and Settings\HelpAssistant.DIRTMCGIRT.012\
    C:\fixme.bat
    :OTL
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=10607&gct=&gc=1&q=
    O3 - HKU\S-1-5-21-3923066532-3476145575-110521125-1007\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
    @Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DE77CFA8
    @Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7377F1F0
    @Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:47417312
    @Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:30261F39
    @Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5D2A2F0A
    @Alternate Data Stream - 97 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C3B5FCD5
    @Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AA004D25
    @Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:98AE08EA
    @Alternate Data Stream - 221 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FF9C44FE
    @Alternate Data Stream - 218 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1B9E79B3
    @Alternate Data Stream - 217 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D31BE97C
    @Alternate Data Stream - 211 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0FEE2B
    @Alternate Data Stream - 211 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:80B291A7
    @Alternate Data Stream - 210 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:453190EC
    @Alternate Data Stream - 207 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D2A5A561
    @Alternate Data Stream - 200 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:70E897B5
    @Alternate Data Stream - 197 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:260575F1
    @Alternate Data Stream - 195 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BE7C4A02
    @Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E031F3E0
    @Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D667795F
    @Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:75C2528D
    @Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:71D079CF
    @Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2974B0EE
    @Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AA341DB1
    @Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A636021B
    @Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:81F54BD5
    @Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:72739815
    @Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EB79041A
    @Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AF2F4B57
    @Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0FEBD921
    @Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9CAC5FE6
    @Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8CD95DE0
    @Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C5DF7C58
    @Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9F222B60
    @Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D8F9D810
    @Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7198E1D2
    @Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:16EC8A23
    @Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EBB0F1B8
    @Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C04C48D4
    @Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:80D975A5
    @Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:600AE553
    @Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CA3AE363
    @Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C901CAC2
    @Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B0CCE303
    @Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7318DDBB
    @Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:891DBAFE
    @Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:03460648
    @Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FDFD169D
    @Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C76BA037
    @Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B9B2111D
    @Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4001342B
    @Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:15E80018
    @Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9B7E8561
    @Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3DBE30A1
    @Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5EB551C8
    @Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E21D3CA0
    @Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B8AA1353
    @Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:980E793B
    @Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:588B60C7
    @Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D3EC24B3
    @Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C8E29393
    @Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:38D7EDFD
    @Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1A15C0AF
    @Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C3CB23B4
    @Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9D6A0800
    @Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:698B483C
    @Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5313B881
    @Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4BD41AB7
    @Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:31F2397C
    @Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:257AC7F8
    @Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1F0F3115
    @Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1AC0C8F5
    @Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:175A5CD9
    @Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:09B77012
    @Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C058FCE5
    @Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:95C6C67C
    @Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6DA18708
    @Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:64D6413B
    @Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07A0D262
    @Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FFBCBDB7
    @Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F6C4647E
    @Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8BCF4DE2
    @Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8643C5BE
    @Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:15769D8A
    @Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E7B6FAF9
    @Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D30E46DD
    @Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B0FAC520
    @Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A65DC98A
    @Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7E22C00F
    @Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2AB14A6F
    @Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2A2493EF
    @Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:294A5F28
    @Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:28616E30
    @Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:03C75FD1
    @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1713795
    @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D09AEE3D
    @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8B51CAAE
    @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:737EACFF
    @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6E1F359F
    @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5635DE41
    @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:53384F1D
    @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:51EFAA18
    @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:434C6E35
    @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:353FE71F
    @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:353B2FF9
    @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:331DC9FF
    @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:12796943
    @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D8669B93
    @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CE3C36B2
    @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B6DD2C7E
    @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:831F2C78
    @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:78B923B2
    @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6A4D7243
    @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:65756BF8
    @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:25BA2318
    @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1841A803
    @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B3EC7D1
    @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AED4FFF5
    @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:949483BD
    @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:887EAE14
    @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:77CF9481
    @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5FC8527A
    @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4FBA7D5F
    @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4E2EA264
    @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4C49306C
    @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:22C51F97
    @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0EECBA6F
    @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E0290D16
    @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DC2110AD
    @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CE480C3E
    @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:87638BB9
    @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7B403ABD
    @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:554C6431
    @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2AF596C6
    @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D8DB81DC
    @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D5DFA607
    @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AC9D1415
    @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:99B66030
    @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8AC21D46
    @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8543BABC
    @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7CC608E0
    @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4F636E25
    @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:43E95997
    @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:09D6487A
    @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05E95A33
    @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B203B914
    @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A1CD17F9
    @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C8FE79B
    @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5854B349
    @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4E6B8D68
    @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4A463A25
    @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:42F46912
    @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:13E7A9FC
    @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0F55D468
    @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F7A93447
    @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F43B7E8F
    @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E46A89F4
    @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C7B98566
    @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BF1E33F2
    @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BDCD8531
    @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9F2B366E
    @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:99963C1E
    @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7867C00C
    @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:530B6B9E
    @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:385BC52C
    @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:24641E0D
    @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E80EB80C
    @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B243260B
    @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AA60673F
    @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8CCDAB14
    @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:89C2A42C
    @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7807E31A
    @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:081F773D
    @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FF333535
    @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F4F720BA
    @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E11ABA64
    @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ADE16379
    @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A6346EE9
    @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9485E512
    @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8DD623B3
    @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7B212553
    @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:18897B1D
    @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FFA87584
    @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EA701346
    @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E27E39D4
    @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:925FD91A
    @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7B8643BF
    @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:748520A2
    @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:63DBE157
    @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:56C17A93
    @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4CF61E54
    @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FEEEFFAD
    @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ADD788AD
    @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8CF19C1B
    @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:340E7CCA
    @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FE53E4F7
    @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EB3AF287
    @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BBE07C18
    @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AEC895D8
    @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8EEDCEA2
    @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:706B1B92
    @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:649ABDC5
    @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1B565D04
    @Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D3306355
    @Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6F54246A
    @Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E0C8C69E
    @Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7F835A58
    @Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6BF0805F
    @Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5BB2BD38
    @Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:54272E15
    @Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:38FFC456
    @Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:376AEA88
    @Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CE87230
    @Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C90C4DBA
    @Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:33AFD01D
    @Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0A6D6CB4
    @Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CDCE26D3
    @Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:93CEB973
    @Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:81653DC8
    @Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:567FC9C2
    @Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E868CDC2
    @Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E1982A23
    @Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9E3E060F
    @Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:59D05D9A
    @Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CE6885F1
    @Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6520B0F3
    @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A1693604
    @Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AA37E770
    @Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:957E9765
    @Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3E06C78F
    @Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D7DA89B1
    @Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1195DB2
    @Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9AB56A06
    @Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:94F67F32
    @Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:451F9341
    @Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:439E3411
    @Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4072646B
    @Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3857ABB7
    @Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0860D6D6
    @Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:89C6F032
    @Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6BD304B9
    @Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:68F81F4B
    @Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:44688298
    @Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9EF92A1A
    @Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:69FD6BF0
    @Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:429EC15A
    @Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:33611CFB
    @Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:592D7272
    @Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:538B96B5
    @Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DA50D64F
    @Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D630D1F5
    @Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:34B7238D
    @Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:32BD974D
    @Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:241FA548
    @Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EF71CAB5
    @Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:877DEA57
    @Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:75E82066
    @Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E412AAF2
    @Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BCFEBC21
    @Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3EA10C5C
    :Commands
    [EmptyTemp]
  5. Click the Run Fix button at the top.
  6. let the program run unhindered and reboot when it is done.
  7. You will get a log when it is done, please post that in your reply.
  8. Please then create a new OTL report....
  9. Click the "Scan All Users" checkbox.
  10. Push the button.
  11. Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
Step 2

In your reply, please post the OTL log from Step 1, and then the scan in OTL at the end of STep 1 and paste that in your reply as well.

Thanks!

etavares

Edited by etavares, 27 February 2010 - 06:39 AM.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#15 lisa5

lisa5
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:08:03 AM

Posted 27 February 2010 - 11:15 AM

I tried to copy and paste from step 1 but the computer just gets hung up every time I try to paste ,I have let it go for as long as 1 hour plus, so I attached it and it will not let me, so I am not sure what to do , also all of this will clean up all users not just me?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users