Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Directdr.com redirect popup


  • This topic is locked This topic is locked
18 replies to this topic

#1 whatazoo

whatazoo

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:07 PM

Posted 07 March 2010 - 05:41 PM

I must have picked something up this weekend, as my browser has a popup now, that starts with directdr.com then redirects to various other sites. It happens about every third or fourth time opening a browser. I have an HP Pavillion, running Windows XP Professional, SP3. I have Kaspersky Antivirus with current database update, scanning finds nothing. I ran MalwareBytes with up-to-date database, nothing found on full scan. I have attached the DDS and Attach.txt files. My computer crashed towards the end (I think) of the GMER scan per the Prep Guide. I saw a brief blue screen and it restarted automatically. I am not going to run the GMER again unless instructed to do so. I have a HiJackThis log if needed.

Thanks in advance,
Stephanie

Attached Files


Edited by whatazoo, 07 March 2010 - 05:42 PM.


BC AdBot (Login to Remove)

 


#2 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:08:07 PM

Posted 10 March 2010 - 04:15 PM

Hello and and Welcome to Bleepingcomputer

Please note we are very busy, so if I don't hear from you within 5 days the topic will be closed, If you have since resolved your issues I
would appreciate if you would let me no so I can close this topic.

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)


  1. Please download GMER from one of the following locations, and save it to your desktop:
    • Main Mirror
      This version will download a randomly named file (Recommended)
    • Zip Mirror
      This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  2. Disconnect from the Internet and close all running programs, as this process may crash your computer.
  3. Temporarily disable any real-time active protection so your security program drivers will not conflict with gmer's driver.
  4. Double click on Gmer to run it.
  5. Allow the gmer.sys driver to load if asked.
  6. You may see a rootkit warning window, If you do, click No.
  7. Untick the following boxes on the right side of the Gmer screen.
    Sections
    IAT/EAT
    Files
    Show All
  8. Click on and wait for the scan to finish.
  9. If you see a rootkit warning window, click OK.
  10. Push and save the logfile to your desktop.
  11. Copy and Paste the contents of that file in your next post.



Then please post back here with the following:
  • log.txt
  • info.txt
  • Gmer log

Thanks

unite.jpg


#3 whatazoo

whatazoo
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:07 PM

Posted 10 March 2010 - 10:33 PM

Thank you for your reply. I am still having the problem. I have attached the 3 logs that you requested.

Thank you
Stephanie

Attached Files

  • Attached File  log.txt   31.08KB   6 downloads
  • Attached File  info.txt   47.79KB   8 downloads
  • Attached File  gmer.log   12.29KB   6 downloads


#4 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:08:07 PM

Posted 11 March 2010 - 06:10 PM

Hi Stephanie,

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed, click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

unite.jpg


#5 whatazoo

whatazoo
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:07 PM

Posted 11 March 2010 - 09:09 PM

Attached is the combofix.txt. Hopefully once my computer restarted (before the log was made), and my antivirus restarted along with it, it didn't mess anything up.
thanks
Stephanie

Attached Files



#6 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:08:07 PM

Posted 12 March 2010 - 03:03 PM

When replying with any logs please paste them into the topic rather than attaching them, thanks.

Download and Run FlashDisinfector
  • Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: Flash_Disinfector will create a hidden file named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder. It will help protect your drives from future infection.



We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
    Under the Custom Scans/Fixes box at the bottom, paste in the following bold text.
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %SYSTEMDRIVE%\*.exe
    netsvcs
    msconfig
    /md5start
    proquota.exe
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    /md5stop
    CREATERESTOREPOINT

  5. Push the button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

unite.jpg


#7 whatazoo

whatazoo
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:07 PM

Posted 12 March 2010 - 06:46 PM

Sorry about the attachments. I'll try to keep it correct.

OTL.txt
OTL logfile created on: 3/12/2010 4:09:29 PM - Run 1
OTL by OldTimer - Version 3.1.37.0 Folder = C:\Documents and Settings\Stephanie.STEPH\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

959.00 Mb Total Physical Memory | 486.00 Mb Available Physical Memory | 51.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 63.99 Gb Total Space | 14.87 Gb Free Space | 23.23% Space Free | Partition Type: NTFS
Drive D: | 9.51 Gb Total Space | 1.40 Gb Free Space | 14.68% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
Drive F: | 232.88 Gb Total Space | 14.54 Gb Free Space | 6.24% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: STEPH
Current User Name: Stephanie
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/03/12 16:07:55 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Stephanie.STEPH\Desktop\OTL.exe
PRC - [2010/02/12 17:04:48 | 000,300,656 | ---- | M] (Speedbit Ltd.) -- F:\Program Files\DAP\SpeedBit Video Accelerator\VideoAcceleratorService.exe
PRC - [2010/02/12 17:04:48 | 000,140,920 | ---- | M] (Speedbit Ltd.) -- F:\Program Files\DAP\SpeedBit Video Accelerator\VideoAcceleratorEngine.exe
PRC - [2010/02/12 17:00:16 | 002,803,200 | ---- | M] (SpeedBit Ltd.) -- F:\Program Files\DAP\DAP.exe
PRC - [2010/01/04 11:36:28 | 002,893,624 | ---- | M] (Mozy, Inc.) -- C:\Program Files\MozyHome\mozystat.exe
PRC - [2009/10/20 19:39:28 | 000,340,456 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
PRC - [2008/10/31 13:23:06 | 000,045,056 | ---- | M] (The Nielsen Company) -- C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe
PRC - [2008/10/17 15:41:04 | 000,185,872 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/31 12:21:20 | 003,286,352 | ---- | M] (Webshots.com) -- C:\Program Files\Webshots\Webshots.scr
PRC - [2006/11/02 20:40:12 | 000,174,656 | ---- | M] () -- C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
PRC - [2004/06/15 13:29:42 | 000,380,928 | ---- | M] (RealVNC Ltd.) -- C:\Program Files\RealVNC\VNC4\winvnc4.exe
PRC - [2003/05/15 01:19:50 | 000,217,193 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
PRC - [2003/05/07 12:21:00 | 001,413,184 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2002/03/18 04:00:57 | 000,188,416 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
PRC - [2001/01/10 16:15:08 | 000,094,208 | ---- | M] () -- C:\QUICKENW\qagent.exe
PRC - [2000/05/31 13:20:34 | 000,065,024 | ---- | M] (Marimba Inc.) -- C:\WINDOWS\system32\mrtMngr.exe


========== Modules (SafeList) ==========

MOD - [2010/03/12 16:07:55 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Stephanie.STEPH\Desktop\OTL.exe
MOD - [2009/08/21 12:43:50 | 000,151,552 | ---- | M] (The Nielsen Company) -- C:\Program Files\NetRatingsNetSight\NetSight\meter4\nphooks.dll
MOD - [2009/08/21 12:37:30 | 000,225,280 | ---- | M] (The Nielsen Company) -- C:\Program Files\NetRatingsNetSight\NetSight\meter4\nscore.dll
MOD - [2009/08/21 12:35:30 | 000,348,160 | ---- | M] () -- C:\Program Files\NetRatingsNetSight\NetSight\meter4\communication.dll
MOD - [2009/08/13 17:57:52 | 000,212,992 | ---- | M] () -- C:\Program Files\NetRatingsNetSight\NetSight\nsmmc.dll
MOD - [2005/10/14 20:57:46 | 000,499,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\NetRatingsNetSight\NetSight\meter4\msvcp71.dll
MOD - [2005/10/14 20:57:46 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Program Files\NetRatingsNetSight\NetSight\meter4\msvcr71.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (CLTNetCnService)
SRV - [2010/02/12 17:04:48 | 000,300,656 | ---- | M] (Speedbit Ltd.) [Auto | Running] -- F:\Program Files\DAP\SpeedBit Video Accelerator\VideoAcceleratorService.exe -- (VideoAcceleratorService)
SRV - [2009/11/24 12:43:00 | 000,078,104 | ---- | M] (iWin Inc.) [Disabled | Stopped] -- C:\Program Files\iWin Games\iWinTrusted.exe -- (iWinTrusted)
SRV - [2009/10/20 19:39:28 | 000,340,456 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe -- (AVP)
SRV - [2009/07/20 11:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2008/08/18 11:22:44 | 000,382,320 | ---- | M] (SupportSoft, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\supportsoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2008/01/08 11:02:16 | 001,213,728 | ---- | M] (SupportSoft, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe -- (sprtlisten)
SRV - [2006/11/02 20:40:12 | 000,174,656 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Protexis\License Service\PSIService.exe -- (ProtexisLicensing)
SRV - [2006/05/08 10:49:02 | 000,098,304 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Disabled | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe -- (AddFiltr)
SRV - [2004/06/15 13:29:42 | 000,380,928 | ---- | M] (RealVNC Ltd.) [Auto | Running] -- C:\Program Files\RealVNC\VNC4\WinVNC4.exe -- (WinVNC4)
SRV - [2003/05/07 12:21:00 | 001,413,184 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)


========== Driver Services (SafeList) ==========

DRV - [2010/01/26 06:55:42 | 000,315,408 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2009/10/14 20:18:34 | 000,036,880 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\klbg.sys -- (klbg)
DRV - [2009/10/02 18:39:44 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009/09/14 13:42:46 | 000,032,272 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
DRV - [2009/09/01 14:29:50 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1)
DRV - [2009/08/21 12:51:16 | 000,009,088 | ---- | M] (The Nielsen Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nielgfx.sys -- (NielGfx)
DRV - [2009/08/21 12:50:40 | 000,024,192 | ---- | M] (The Nielsen Company) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nielprt.sys -- (nielprt)
DRV - [2009/08/21 12:50:10 | 000,015,360 | ---- | M] (The Nielsen Company) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\nnrnstdi.sys -- (nnrnstdi)
DRV - [2009/08/21 12:44:56 | 000,009,088 | ---- | M] (The Nielsen Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\km_filter.sys -- (km_filter)
DRV - [2009/06/17 09:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/06/17 09:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2008/12/18 22:44:00 | 000,028,816 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2008/12/18 22:43:18 | 000,010,384 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2008/10/23 00:58:36 | 001,391,104 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2008/07/24 19:09:33 | 000,102,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2008/05/08 07:02:52 | 000,203,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rmcast.sys -- (RMCAST)
DRV - [2008/04/28 19:22:10 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2008/04/13 11:39:44 | 000,092,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mqac.sys -- (MQAC)
DRV - [2008/04/13 11:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 11:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 09:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/03/28 00:14:00 | 000,224,672 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2007/12/06 22:12:00 | 000,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mcstrm.sys -- (MCSTRM)
DRV - [2007/11/01 07:26:36 | 000,989,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007/11/01 07:25:32 | 000,211,456 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2007/11/01 07:25:22 | 000,731,520 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007/06/08 16:02:04 | 000,019,640 | ---- | M] (SonicWALL Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SSLDrv.sys -- (SSLDrv)
DRV - [2007/01/15 16:18:30 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2006/09/27 16:10:00 | 003,694,656 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2006/07/26 21:44:42 | 000,581,632 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAud.sys -- (HdAudAddService)
DRV - [2006/07/01 21:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/06/06 13:39:56 | 000,061,952 | ---- | M] (Ricoh) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\5U870CAP.sys -- (5U870CAP_VID_1262&PID_25FD)
DRV - [2006/05/12 13:05:02 | 000,057,320 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006/03/05 22:49:36 | 000,011,136 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2006/03/02 17:31:04 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/03/02 17:31:02 | 000,034,176 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006/01/26 23:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\nvatabus.sys -- (nvatabus)
DRV - [2006/01/26 23:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2005/12/19 15:02:36 | 000,060,572 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2005/12/19 15:02:36 | 000,028,449 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2005/11/15 21:28:32 | 000,028,928 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/10/31 19:08:00 | 000,308,992 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/10/31 18:54:50 | 000,051,584 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/10/13 02:07:12 | 000,874,240 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2005/09/19 14:24:20 | 000,005,760 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2005/09/19 14:23:52 | 000,007,808 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2004/08/03 23:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/05/07 12:22:16 | 000,268,874 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2003/05/01 12:26:34 | 000,005,220 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2003/03/03 13:08:56 | 000,176,896 | ---- | M] (Zone Labs Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2002/08/26 16:09:42 | 000,138,916 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2001/08/17 22:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 22:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 22:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 22:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 22:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 21:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 21:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 21:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 21:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 21:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 21:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 21:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 21:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 21:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 21:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2000/05/31 13:20:34 | 000,034,712 | ---- | M] (Marimba, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\MrtRate.sys -- (mrtRate)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.myway.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/10/17 15:41:28 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2010/03/11 18:44:50 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O2 - BHO: (Big Fish Games Toolbar) - {C7C9FC25-88B0-4682-9C9F-2608E9117647} - C:\Program Files\BfgBar\bfg.dll ()
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O2 - BHO: (DAPIELoader Class) - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - F:\Program Files\DAP\dapieloader.dll (SpeedBit Ltd.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKLM\..\Toolbar: (Big Fish Games Toolbar) - {C7C9FC25-88B0-4682-9C9F-2608E9117647} - C:\Program Files\BfgBar\bfg.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\CHDAudPropShortcut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe (HP)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (Macrovision Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [MegaPanel] C:\Program Files\ACNielsen\Homescan Internet Transporter\HSTrans.exe (ACNielsen)
O4 - HKLM..\Run: [MsmqIntCert] C:\WINDOWS\System32\mqrt.dll (Microsoft Corporation)
O4 - HKLM..\Run: [NielsenOnline] C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe (The Nielsen Company)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [QAGENT] C:\QUICKENW\qagent.exe ()
O4 - HKLM..\Run: [RecGuard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [DownloadAccelerator] F:\Program Files\DAP\DAP.EXE (SpeedBit Ltd.)
O4 - HKCU..\Run: [DW6] C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe (The Weather Channel Interactive, Inc.)
O4 - HKCU..\Run: [SpeedBitVideoAccelerator] F:\Program Files\DAP\SpeedBit Video Accelerator\VideoAccelerator.exe (Speedbit Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\StartUp\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\StartUp\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\StartUp\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\StartUp\MozyHome Status.lnk = C:\Program Files\MozyHome\mozystat.exe (Mozy, Inc.)
O4 - Startup: C:\Documents and Settings\Stephanie.STEPH\Start Menu\Programs\StartUp\Webshots.lnk = C:\Program Files\Webshots\Launcher.exe (Webshots.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Clean Traces - F:\Program Files\DAP\Privacy Package\dapcleanerie.htm ()
O8 - Extra context menu item: &Download with &DAP - F:\Program Files\DAP\dapextie.htm ()
O8 - Extra context menu item: Download &all with DAP - F:\Program Files\DAP\dapextie2.htm ()
O9 - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - F:\Program Files\DAP\SpeedBit Video Accelerator\sblsp.dll (Speedbit Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - F:\Program Files\DAP\SpeedBit Video Accelerator\sblsp.dll (Speedbit Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - F:\Program Files\DAP\SpeedBit Video Accelerator\sblsp.dll (Speedbit Ltd.)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} http://h50203.www5.hp.com/HPISWeb/Customer...DataManager.CAB (Hewlett-Packard Online Support Services)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {44C1E3A2-B594-401C-B27A-D1B4476E4797} https://69.145.158.26/XTSAC.cab (XTSAC Control)
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} http://apps.corel.com/nos_dl_manager_dev/p...IEGetPlugin.ocx (get_atlcom Class)
O16 - DPF: {5E92F538-B50B-46C5-9C5F-C6EECED3F6C6} http://www.infospace.com/mypoints.main/tba...pointsSetup.exe (Reg Error: Key error.)
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab (HpProductDetection Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1241353972984 (MUWebControl Class)
O16 - DPF: {6EEFD7B1-B26C-440D-B55A-1EC677189F30} https://69.145.158.26/NELX.cab (NELaunchCtrl Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/inst...tDetection2.cab (GMNRev Class)
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} https://69.145.158.26/msrdp.cab (Microsoft RDP Client Control (redist))
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinner.com/games/shared/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {C82BB209-F528-46F9-96D5-69DEF7260916} http://www.worldwinner.com/games/v45/mysterypi/mysterypi.cab (MysteryPI Control)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.10
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Stephanie.STEPH\Application Data\Webshots\The Webshots Desktop\Webshots Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Stephanie.STEPH\Application Data\Webshots\The Webshots Desktop\Webshots Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/03/12 15:53:51 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 22:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2010/03/12 15:53:54 | 000,000,000 | RHSD | M] - D:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2010/03/12 15:53:53 | 000,000,000 | RHSD | M] - F:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2006/09/15 00:12:56 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - Services: "AddFiltr"
MsConfig - Services: "Bonjour Service"
MsConfig - Services: "SupportSoft RemoteAssist"
MsConfig - Services: "sprtlisten"
MsConfig - Services: "idsvc"
MsConfig - Services: "iWinTrusted"
MsConfig - Services: "iPod Service"
MsConfig - Services: "Apple Mobile Device"
MsConfig - StartUpFolder: C:^Documents and Settings^Stephanie.STEPH^Start Menu^Programs^StartUp^Vongo Tray.lnk - C:\Program Files\Vongo\Tray.exe - (Starz)
MsConfig - StartUpReg: LightScribe Control Panel - hkey= - key= - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
MsConfig - StartUpReg: QuickCare - hkey= - key= - C:\Program Files\Qwest\Quickcare\bin\sprtcmd.exe (SupportSoft, Inc.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (64742581833039872)

========== Files/Folders - Created Within 30 Days ==========

[2010/03/12 16:07:48 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Stephanie.STEPH\Desktop\OTL.exe
[2010/03/12 15:53:51 | 000,000,000 | RHSD | C] -- C:\autorun.inf
[2010/03/11 19:51:53 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/03/11 18:15:46 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/03/11 18:12:30 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/03/11 18:12:30 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/03/11 18:12:30 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/03/11 18:12:30 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/03/11 18:12:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/03/11 18:12:05 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010/03/11 18:11:31 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/03/10 20:08:59 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010/03/10 20:08:57 | 000,000,000 | ---D | C] -- C:\rsit
[2010/03/10 01:42:56 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2010/03/07 11:41:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stephanie.STEPH\Desktop\gmer
[2010/03/05 17:19:21 | 000,000,000 | ---D | C] -- C:\Program Files\HijackThis
[2010/03/05 15:47:31 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/03/05 07:07:49 | 000,000,000 | ---D | C] -- C:\Convert to DVD
[2010/03/04 18:49:34 | 001,184,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wvc1dmod.dll
[2010/03/04 18:49:34 | 000,626,688 | ---- | C] (On2.com) -- C:\WINDOWS\System32\vp7vfw.dll
[2010/03/04 18:49:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stephanie.STEPH\Application Data\Malwarebytes
[2010/03/04 18:48:54 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/04 18:48:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/03/04 18:48:51 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/04 18:48:51 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/02/27 15:43:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2010/02/27 15:40:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stephanie.STEPH\Application Data\WinBatch
[2010/02/27 15:34:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stephanie.STEPH\Local Settings\Application Data\MicroVision Applications
[2010/02/27 11:21:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2010/02/27 08:32:19 | 000,000,000 | ---D | C] -- F:\Stephanie's Documents\ConvertXToDVD
[2010/02/27 08:29:12 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Stephanie.STEPH\Application Data\pcouffin.sys
[2010/02/27 08:29:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stephanie.STEPH\Application Data\Vso
[2010/02/27 08:29:12 | 000,000,000 | ---D | C] -- F:\Stephanie's Documents\PcSetup
[2010/02/27 08:28:50 | 000,217,127 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\drv43260.dll
[2010/02/27 08:28:50 | 000,208,935 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\drv33260.dll
[2010/02/27 08:28:50 | 000,102,439 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\sipr3260.dll
[2010/02/27 08:28:49 | 000,176,165 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\drv23260.dll
[2010/02/27 08:28:49 | 000,065,602 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\cook3260.dll
[2010/02/27 08:28:46 | 000,000,000 | ---D | C] -- C:\Program Files\VSO
[2010/02/23 06:39:27 | 000,000,000 | --SD | C] -- F:\Stephanie's Documents\My DVDs
[2010/02/19 19:55:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\blg
[2010/02/17 19:44:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stephanie.STEPH\Application Data\WinRAR
[2010/02/17 18:21:08 | 000,000,000 | ---D | C] -- C:\Program Files\JDownloader
[2010/02/14 17:06:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2010/02/14 17:06:06 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2010/02/14 17:05:46 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2010/02/14 16:44:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTEMP
[2010/02/14 12:29:39 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/02/14 11:31:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2010/02/13 12:48:28 | 000,000,000 | ---D | C] -- F:\Stephanie's Documents\BigTimeGames
[2010/02/13 09:37:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stephanie.STEPH\Application Data\RobinsonCrusoe
[2010/02/12 17:00:22 | 000,000,000 | ---D | C] -- F:\Stephanie's Documents\My DAP Downloads
[2010/02/12 17:00:14 | 000,172,032 | ---- | C] (Jin Hui E-mail: jinhui@jcomsoft.com Web: http://www.jcomsoft.com) -- C:\WINDOWS\System32\AniGIF.ocx
[2010/02/12 06:37:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stephanie.STEPH\Local Settings\Application Data\RapidShare
[2009/11/25 21:44:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\iWin
[2009/10/06 19:11:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/10/06 19:10:17 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/08/01 05:44:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/06/10 20:44:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\SupportSoft
[2009/05/29 17:17:24 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/02/06 17:50:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2008/05/29 08:51:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2005/09/24 08:49:16 | 000,012,288 | ---- | C] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\Fonts\RandFont.dll
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/03/12 16:07:55 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Stephanie.STEPH\Desktop\OTL.exe
[2010/03/12 16:04:07 | 000,001,179 | ---- | M] () -- C:\hpqp.ini
[2010/03/12 16:04:04 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/12 16:03:15 | 000,170,123 | ---- | M] () -- C:\logfile
[2010/03/12 16:02:57 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2010/03/12 16:02:56 | 000,000,039 | ---- | M] () -- C:\XP_TV.ini
[2010/03/12 16:02:55 | 000,051,048 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/03/12 16:02:52 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/12 16:02:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/12 16:02:45 | 1005,170,688 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/12 16:01:09 | 010,747,904 | -H-- | M] () -- C:\Documents and Settings\Stephanie.STEPH\NTUSER.DAT
[2010/03/12 16:01:09 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Stephanie.STEPH\ntuser.ini
[2010/03/12 15:49:40 | 000,132,597 | ---- | M] () -- C:\Documents and Settings\Stephanie.STEPH\Desktop\Flash_Disinfector.exe
[2010/03/12 10:39:36 | 001,636,856 | -H-- | M] () -- C:\Documents and Settings\Stephanie.STEPH\Local Settings\Application Data\IconCache.db
[2010/03/12 10:39:06 | 000,142,848 | ---- | M] () -- C:\Documents and Settings\Stephanie.STEPH\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/11 18:48:49 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/03/11 18:44:50 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/03/11 18:15:54 | 000,000,293 | RHS- | M] () -- C:\boot.ini
[2010/03/11 18:06:25 | 003,887,822 | R--- | M] () -- C:\Documents and Settings\Stephanie.STEPH\Desktop\ComboFix.exe
[2010/03/11 17:32:43 | 000,001,189 | ---- | M] () -- C:\Documents and Settings\Stephanie.STEPH\Application Data\vso_ts_preview.xml
[2010/03/11 06:09:39 | 000,001,768 | -H-- | M] () -- F:\Stephanie's Documents\Default.rdp
[2010/03/10 21:44:09 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/03/10 20:22:43 | 000,455,776 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/10 20:22:42 | 000,538,332 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/10 20:22:42 | 000,075,724 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/10 20:05:37 | 000,000,650 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/03/10 20:00:21 | 000,781,909 | ---- | M] () -- C:\Documents and Settings\Stephanie.STEPH\Desktop\RSIT.exe
[2010/03/07 11:36:48 | 000,524,288 | ---- | M] () -- C:\Documents and Settings\Stephanie.STEPH\Desktop\dds.scr
[2010/03/07 11:33:31 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Stephanie.STEPH\defogger_reenable
[2010/03/07 11:32:25 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Stephanie.STEPH\Desktop\Defogger.exe
[2010/03/07 09:15:19 | 000,000,525 | ---- | M] () -- C:\Documents and Settings\Stephanie.STEPH\Desktop\Shortcut to HijackThis.lnk
[2010/03/07 07:30:11 | 000,000,562 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI
[2010/03/06 18:25:49 | 000,019,968 | ---- | M] () -- F:\Stephanie's Documents\401 Day 4 7.doc
[2010/03/06 15:17:29 | 000,000,676 | ---- | M] () -- C:\Documents and Settings\Stephanie.STEPH\Start Menu\Programs\StartUp\Webshots.lnk
[2010/03/05 15:53:20 | 001,337,472 | ---- | M] () -- F:\Stephanie's Documents\cc_20100305_155300.reg
[2010/03/04 18:58:15 | 000,099,584 | ---- | M] () -- C:\WINDOWS\System32\drivers\kav_nvata.sys
[2010/03/04 18:50:00 | 000,047,360 | ---- | M] (VSO Software) -- C:\Documents and Settings\Stephanie.STEPH\Application Data\pcouffin.sys
[2010/03/04 18:50:00 | 000,007,887 | ---- | M] () -- C:\Documents and Settings\Stephanie.STEPH\Application Data\pcouffin.cat
[2010/03/04 18:50:00 | 000,001,144 | ---- | M] () -- C:\Documents and Settings\Stephanie.STEPH\Application Data\pcouffin.inf
[2010/03/01 22:36:14 | 000,005,406 | ---- | M] () -- C:\WINDOWS\mozy.blk
[2010/03/01 22:36:14 | 000,003,402 | ---- | M] () -- C:\WINDOWS\mozy.flt
[2010/02/27 15:55:07 | 008,180,736 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2010/02/27 15:55:07 | 004,041,728 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2010/02/27 15:21:37 | 000,376,056 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/02/24 06:15:13 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/02/17 10:07:36 | 000,000,426 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI
[2010/02/17 06:29:00 | 000,072,080 | ---- | M] () -- C:\Documents and Settings\Stephanie.STEPH\g2mdlhlpx.exe
[2010/02/12 17:00:14 | 000,172,032 | ---- | M] (Jin Hui E-mail: jinhui@jcomsoft.com Web: http://www.jcomsoft.com) -- C:\WINDOWS\System32\AniGIF.ocx
[2010/02/11 03:01:55 | 002,005,144 | ---- | M] () -- C:\WINDOWS\iis6.BAK
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/12 15:49:35 | 000,132,597 | ---- | C] () -- C:\Documents and Settings\Stephanie.STEPH\Desktop\Flash_Disinfector.exe
[2010/03/11 18:15:54 | 000,000,223 | ---- | C] () -- C:\Boot.bak
[2010/03/11 18:15:48 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/03/11 18:12:30 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/03/11 18:12:30 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/03/11 18:12:30 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/03/11 18:12:30 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/03/11 18:12:30 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/03/11 18:03:53 | 003,887,822 | R--- | C] () -- C:\Documents and Settings\Stephanie.STEPH\Desktop\ComboFix.exe
[2010/03/10 18:57:44 | 000,781,909 | ---- | C] () -- C:\Documents and Settings\Stephanie.STEPH\Desktop\RSIT.exe
[2010/03/07 11:36:42 | 000,524,288 | ---- | C] () -- C:\Documents and Settings\Stephanie.STEPH\Desktop\dds.scr
[2010/03/07 11:33:31 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Stephanie.STEPH\defogger_reenable
[2010/03/07 11:32:28 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Stephanie.STEPH\Desktop\Defogger.exe
[2010/03/07 09:15:19 | 000,000,525 | ---- | C] () -- C:\Documents and Settings\Stephanie.STEPH\Desktop\Shortcut to HijackThis.lnk
[2010/03/05 22:01:02 | 000,019,968 | ---- | C] () -- F:\Stephanie's Documents\401 Day 4 7.doc
[2010/03/05 15:53:06 | 001,337,472 | ---- | C] () -- F:\Stephanie's Documents\cc_20100305_155300.reg
[2010/03/04 18:31:02 | 000,099,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\kav_nvata.sys
[2010/02/27 08:30:42 | 000,001,189 | ---- | C] () -- C:\Documents and Settings\Stephanie.STEPH\Application Data\vso_ts_preview.xml
[2010/02/27 08:29:24 | 000,000,034 | ---- | C] () -- C:\Documents and Settings\Stephanie.STEPH\Application Data\pcouffin.log
[2010/02/27 08:29:12 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Stephanie.STEPH\Application Data\pcouffin.cat
[2010/02/27 08:29:12 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Stephanie.STEPH\Application Data\pcouffin.inf
[2010/02/06 20:19:08 | 000,000,562 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2009/11/26 12:06:22 | 000,000,426 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2009/11/11 21:07:10 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Stephanie.STEPH\Application Data\seed.log
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/07/07 20:15:47 | 000,005,084 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ypkpiykb.yyr
[2009/07/07 20:13:48 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2009/04/30 16:50:39 | 000,000,138 | ---- | C] () -- C:\Documents and Settings\Stephanie.STEPH\Local Settings\Application Data\fusioncache.dat
[2009/04/30 16:50:39 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Stephanie.STEPH\Local Settings\Application Data\DSwitch.txt
[2009/04/30 16:50:39 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Stephanie.STEPH\Local Settings\Application Data\AtStart.txt
[2009/04/30 16:50:38 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Stephanie.STEPH\Local Settings\Application Data\QSwitch.txt
[2009/03/26 19:09:52 | 000,038,475 | ---- | C] () -- C:\Documents and Settings\Stephanie.STEPH\Application Data\Comma Separated Values (Windows).ADR
[2009/01/31 16:29:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PhantomOfVenice.INI
[2008/11/14 18:25:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Game.INI
[2008/10/17 15:42:11 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/03/02 13:25:26 | 000,034,816 | ---- | C] () -- C:\WINDOWS\System32\~bwcrc32.dll
[2008/02/28 14:30:08 | 000,008,520 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2008/01/14 16:47:06 | 000,099,712 | ---- | C] () -- C:\WINDOWS\HPBroker.dll
[2007/12/13 07:00:58 | 000,000,022 | ---- | C] () -- C:\Documents and Settings\Stephanie.STEPH\Local Settings\Application Data\kodakpcd.ini
[2007/11/10 09:37:44 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\7466BC9E27.sys
[2007/11/09 21:51:11 | 000,002,828 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2007/10/22 19:32:04 | 000,127,042 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2007/10/18 18:38:27 | 000,000,028 | ---- | C] () -- C:\WINDOWS\ICOA.INI
[2007/10/18 18:38:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QFN.ini
[2007/10/18 18:38:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QDQICK.ini
[2007/10/17 20:33:45 | 000,000,027 | ---- | C] () -- C:\WINDOWS\SmartAudio.INI
[2007/10/17 18:24:25 | 000,000,110 | ---- | C] () -- C:\WINDOWS\System32\ftdiun2k.ini
[2007/10/17 17:01:14 | 000,000,052 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2007/10/16 18:25:06 | 000,142,848 | ---- | C] () -- C:\Documents and Settings\Stephanie.STEPH\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/10/16 18:25:06 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Stephanie.STEPH\Local Settings\Application Data\FnF4.txt
[2006/09/15 01:51:20 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/09/15 01:39:49 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/09/15 01:34:35 | 000,028,836 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/05/10 14:51:00 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/05/10 14:03:42 | 000,000,680 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2006/05/10 14:01:12 | 000,000,059 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/05/10 13:57:30 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/04/26 12:48:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/04/26 12:48:00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/04/26 12:48:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/04/26 12:48:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/04/26 12:48:00 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2005/12/02 11:09:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/05/05 19:06:32 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2004/09/16 13:24:26 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[2008/04/13 17:12:00 | 001,384,479 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msvbvm60.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:AGP440.sys
[2004/08/04 14:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/08/22 06:12:06 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/08/22 06:12:06 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 07:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys
[2004/08/04 14:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/08/22 06:12:06 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/08/22 06:12:06 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 06:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\ERDNT\cache\eventlog.dll

< MD5 for: IASTOR.SYS >
[2005/10/13 02:07:12 | 000,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\SWSetup\HDD\iastor.sys
[2005/10/13 02:07:12 | 000,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\WINDOWS\system32\drivers\iaStor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: NVATA.SYS >
[2006/01/26 17:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) MD5=3AC5EEDD35B7437D53960F3998BFA462 -- C:\SWSetup\Chipset\IDE\Win2K\sata_ide\nvata.sys
[2006/01/26 17:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) MD5=3AC5EEDD35B7437D53960F3998BFA462 -- C:\SWSetup\Chipset\IDE\WinXP\sata_ide\nvata.sys
[2006/01/26 17:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) MD5=3AC5EEDD35B7437D53960F3998BFA462 -- C:\SWSetup\Chipset\nvata.sys
[2006/01/26 23:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) MD5=3AC5EEDD35B7437D53960F3998BFA462 -- C:\SWSetup\SP33411\IDE\Win2K\sata_ide\nvata.sys
[2006/01/26 23:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) MD5=3AC5EEDD35B7437D53960F3998BFA462 -- C:\SWSetup\SP33411\IDE\WinXP\sata_ide\nvata.sys
[2006/01/26 23:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) MD5=3AC5EEDD35B7437D53960F3998BFA462 -- C:\SWSetup\SP33411\nvata.sys
[2006/01/26 23:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) MD5=3AC5EEDD35B7437D53960F3998BFA462 -- C:\WINDOWS\system32\drivers\nvata.sys

< MD5 for: NVATABUS.SYS >
[2006/01/26 17:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) MD5=3AC5EEDD35B7437D53960F3998BFA462 -- C:\SWSetup\Chipset\IDE\Win2K\sataraid\nvatabus.sys
[2006/01/26 17:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) MD5=3AC5EEDD35B7437D53960F3998BFA462 -- C:\SWSetup\Chipset\IDE\WinXP\sataraid\nvatabus.sys
[2006/01/26 17:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) MD5=3AC5EEDD35B7437D53960F3998BFA462 -- C:\SWSetup\Chipset\nvatabus.sys
[2006/01/26 23:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) MD5=3AC5EEDD35B7437D53960F3998BFA462 -- C:\SWSetup\SP33411\IDE\Win2K\sataraid\nvatabus.sys
[2006/01/26 23:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) MD5=3AC5EEDD35B7437D53960F3998BFA462 -- C:\SWSetup\SP33411\IDE\WinXP\sataraid\nvatabus.sys
[2006/01/26 23:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) MD5=3AC5EEDD35B7437D53960F3998BFA462 -- C:\SWSetup\SP33411\nvatabus.sys
[2006/01/26 23:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) MD5=3AC5EEDD35B7437D53960F3998BFA462 -- C:\WINDOWS\system32\drivers\nvatabus.sys

< MD5 for: PROQUOTA.EXE >
[2004/08/04 14:00:00 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=4D9D45A4370E0C2AD00C362B7118E2A4 -- C:\WINDOWS\$NtServicePackUninstall$\proquota.exe
[2008/04/13 17:12:32 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=F6465A2EEF75468988A4FCF124148FA8 -- C:\WINDOWS\ServicePackFiles\i386\proquota.exe
[2008/04/13 17:12:32 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=F6465A2EEF75468988A4FCF124148FA8 -- C:\WINDOWS\system32\proquota.exe

< MD5 for: SCECLI.DLL >
[2004/08/04 14:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3C282BEA
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:17BBEBBB
@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A9DDC4C9
@Alternate Data Stream - 97 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1D317030
@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C5AE4E07
@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8247A199
@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8BA6C9F8
@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:21622A66
@Alternate Data Stream - 94 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:538B96B5
@Alternate Data Stream - 237 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:70E897B5
@Alternate Data Stream - 234 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0E22C5DB
@Alternate Data Stream - 231 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:270A3983
@Alternate Data Stream - 229 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0EC7A545
@Alternate Data Stream - 226 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9F38BF31
@Alternate Data Stream - 222 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:639F0420
@Alternate Data Stream - 219 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:97C4F81F
@Alternate Data Stream - 218 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A31B5E9B
@Alternate Data Stream - 218 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:90865A6D
@Alternate Data Stream - 218 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:710F4DBF
@Alternate Data Stream - 218 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:569CEE83
@Alternate Data Stream - 218 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2BC498A4
@Alternate Data Stream - 217 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C22674B6
@Alternate Data Stream - 217 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:537E6E55
@Alternate Data Stream - 216 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:71004506
@Alternate Data Stream - 216 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:108D3361
@Alternate Data Stream - 215 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FC2D0F32
@Alternate Data Stream - 215 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E5294695
@Alternate Data Stream - 215 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5FFC2819
@Alternate Data Stream - 215 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:32A82570
@Alternate Data Stream - 214 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D055FC10
@Alternate Data Stream - 214 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8F4E260C
@Alternate Data Stream - 214 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8E7F155B
@Alternate Data Stream - 214 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:737160C1
@Alternate Data Stream - 214 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:27D1368B
@Alternate Data Stream - 213 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A56D6987
@Alternate Data Stream - 213 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:89A5891E
@Alternate Data Stream - 213 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5AE33054
@Alternate Data Stream - 212 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C0DFB793
@Alternate Data Stream - 211 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FDDD8917
@Alternate Data Stream - 211 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:260575F1
@Alternate Data Stream - 210 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D48500F8
@Alternate Data Stream - 210 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C86B29EB
@Alternate Data Stream - 210 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:61AF2B29
@Alternate Data Stream - 209 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F1DEA771
@Alternate Data Stream - 209 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CF61CE5A
@Alternate Data Stream - 209 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1F7A10DD
@Alternate Data Stream - 208 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D507B5A8
@Alternate Data Stream - 208 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:996104FC
@Alternate Data Stream - 207 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8DB31C20
@Alternate Data Stream - 206 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:24FECE50
@Alternate Data Stream - 206 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1AC933DC
@Alternate Data Stream - 204 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E51234A9
@Alternate Data Stream - 204 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:708BB0FA
@Alternate Data Stream - 204 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:53DF59D1
@Alternate Data Stream - 203 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0AC32449
@Alternate Data Stream - 202 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F84B8DB5
@Alternate Data Stream - 202 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:51F17BB8
@Alternate Data Stream - 202 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3D36932D
@Alternate Data Stream - 200 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FACB65E7
@Alternate Data Stream - 200 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:09064307
@Alternate Data Stream - 199 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F1175E1D
@Alternate Data Stream - 199 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EF4FB3C5
@Alternate Data Stream - 199 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:93F3E4C9
@Alternate Data Stream - 199 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:90D89144
@Alternate Data Stream - 198 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1B927722
@Alternate Data Stream - 197 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BF2E2F0E
@Alternate Data Stream - 197 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:99A29126
@Alternate Data Stream - 197 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:957E9765
@Alternate Data Stream - 197 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:918B7566
@Alternate Data Stream - 197 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3E06C78F
@Alternate Data Stream - 196 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EEB25EAE
@Alternate Data Stream - 196 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EAFDF1CF
@Alternate Data Stream - 196 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:43301D1D
@Alternate Data Stream - 196 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3C5ABDC7
@Alternate Data Stream - 195 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EC0A74A1
@Alternate Data Stream - 195 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:78E0DF72
@Alternate Data Stream - 195 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4911BB5C
@Alternate Data Stream - 194 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B91EDB04
@Alternate Data Stream - 193 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0EB1DE
@Alternate Data Stream - 193 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A2907225
@Alternate Data Stream - 193 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4673E9EA
@Alternate Data Stream - 192 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A745DB5D
@Alternate Data Stream - 191 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ED810E46
@Alternate Data Stream - 191 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C07A6A6B
@Alternate Data Stream - 191 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7A0EFE63
@Alternate Data Stream - 191 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:43982D5E
@Alternate Data Stream - 190 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B904C348
@Alternate Data Stream - 190 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A6116FBB
@Alternate Data Stream - 190 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:85C3B823
@Alternate Data Stream - 189 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FC8FFA4E
@Alternate Data Stream - 189 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:92A815D8
@Alternate Data Stream - 189 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5E9B629B
@Alternate Data Stream - 181 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5BC73C48
@Alternate Data Stream - 166 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4A77A28B
@Alternate Data Stream - 165 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BEB6D0B2
@Alternate Data Stream - 160 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D31BE97C
@Alternate Data Stream - 154 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4573A78F
@Alternate Data Stream - 154 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:409A775B
@Alternate Data Stream - 149 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:123A86B5
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DC21D414
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:68EF6203
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EDC744FB
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E7B4296D
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2495D97A
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C72A744C
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6F19AC49
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4AA3DAA3
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E732B44B
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ADE67221
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AA45298E
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:89C28CF6
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7E082023
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:61B54B15
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0F38B460
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:988216DA
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1AD90C3
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A3B8F70C
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:870649A4
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FED25C29
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7FCB9D0D
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:25249477
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:04CE8640
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E895790F
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B37E855B
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:80F63EC3
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6017A808
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5E413CD6
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6F0B6A5A
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:596E2371
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3D186293
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EF5B3572
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A167A0BB
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6C5F84F1
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7FD903D7
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:341C1FBD
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:177313FB
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1181620C
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FC4EA67C
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F8435088
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A3251D01
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:700B9342
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:36FFA2FB
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:26FBC1F9
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:067F588D
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:41289DF0
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:33DB8278
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0CFA7D7D
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EB42AC3C
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E80802C7
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D390A6A7
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A7596EAE
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:89CF6F9C
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:55F44B88
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5025C6E4
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4C528C86
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A9662AE0
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9E3E060F
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:88698068
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:55374FBA
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2871B698
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:225CD7D5
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ED2998F5
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EC2762B9
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BA05E0C4
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A58B27C9
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7B2BB690
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5EF1AD34
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3FD496E1
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:38B32B54
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:13EF4AF6
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:08D8BB20
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EA10407C
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DB77E2C4
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8F067037
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8DF68137
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6E86D926
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:59C113EC
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:072F1F69
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EB40BC91
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B8384DB6
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AB7A26C6
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A02025CE
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1B7E2022
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D8F9D810
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D2397415
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BDD9C638
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6352F3F9
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C6EBC69
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:598E0FFA
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:405D842B
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3AB8D21A
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:275AA066
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DA9A5EA8
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:71612023
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6AF67671
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:55BB2521
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:237E4B91
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DE47A3DA
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CC4C59B4
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:96C9689F
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7C4DF735
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7C412B92
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5F1019FF
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:33EA030E
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2B1EA607
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F45F3031
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E1D6C864
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C0A9D0E7
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6FE17A89
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:63CFD724
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1F67CD26
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EC2381A4
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C10635F6
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0D278FB5
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07241935
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E91ADC66
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC3B090
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D92485C9
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A6CDBCAC
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7A0FEE87
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:102394C6
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D2D4B33E
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AA60673F
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A561576B
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8401B6D5
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7AA6FC81
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6F1F66C0
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:090FB735
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:00D5EBC2
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BC38C00C
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:42509EA1
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3313A48D
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:14750D76
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0DAD93FF
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F67AAFC5
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E3CEEC4C
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB16385F
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B845F669
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:40D8F125
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C8E82994
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:51E1A4D8
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3B812EE0
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E32966C0
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:55E1514E
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:551BED5F
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:614F17D3
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0F38F234
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BB3CECA4
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6710EF08
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4FE30352
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D226A81A
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A7DA2BCD
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9ACB70D7
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:561B1D2B
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1C6CB897
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D0668210
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B6FD7157
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:89C6F032
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D74B6CF5
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7881FECE
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:69AF9D20
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:98AE08EA
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:67C320D1
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3473F385
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:12D2EB9C
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F2AF86D9
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A07E3E9D
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6444B424
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4FE42FFC
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3118E26B
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C90483D2
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A3750BE5
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:60A4BB64
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:538A9F02
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DE6EED8B
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BDAA2587
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:52641FBE
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:31106FCB
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EE39C93C
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1A8BB29B
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:17D88661
< End of report >

Extras.txt

OTL Extras logfile created on: 3/12/2010 4:09:29 PM - Run 1
OTL by OldTimer - Version 3.1.37.0 Folder = C:\Documents and Settings\Stephanie.STEPH\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

959.00 Mb Total Physical Memory | 486.00 Mb Available Physical Memory | 51.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 63.99 Gb Total Space | 14.87 Gb Free Space | 23.23% Space Free | Partition Type: NTFS
Drive D: | 9.51 Gb Total Space | 1.40 Gb Free Space | 14.68% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
Drive F: | 232.88 Gb Total Space | 14.54 Gb Free Space | 6.24% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: STEPH
Current User Name: Stephanie
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"" =

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"10243:TCP" = 10243:TCP:LocalSubNet:Disabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Disabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Disabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Disabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Disabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Disabled:Windows Media Player Network Sharing Service
"8013:TCP" = 8013:TCP:*:Enabled:time.gov
"58834:TCP" = 58834:TCP:*:Disabled:PandoRest Listening Port

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"" =
"C:\Program Files\Vongo\VongoService.exe" = C:\Program Files\Vongo\VongoService.exe:*:enabled:VongoService -- (Starz Entertainment Group LLC)
"C:\Program Files\Qwest\QuickConnect\QuickConnect.exe" = C:\Program Files\Qwest\QuickConnect\QuickConnect.exe:*:Enabled:QuickConnect -- (Qwest Communications International Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- (Eastman Kodak Company)
"C:\Program Files\RealVNC\VNC4\winvnc4.exe" = C:\Program Files\RealVNC\VNC4\winvnc4.exe:*:Enabled:winvnc4 -- (RealVNC Ltd.)
"C:\Program Files\bfgclient\bfgclient.exe" = C:\Program Files\bfgclient\bfgclient.exe:*:Enabled:Play My Games -- ()
"C:\Program Files\bfgclient\bfggameservices.exe" = C:\Program Files\bfgclient\bfggameservices.exe:*:Enabled:bfggameservices.exe -- ()
"C:\Program Files\bfgclient\bfgprocess.exe" = C:\Program Files\bfgclient\bfgprocess.exe:*:Enabled:bfgprocess.exe -- ()
"C:\Program Files\Qwest\QuickConnect\QuickConnect.exe" = C:\Program Files\Qwest\QuickConnect\QuickConnect.exe:*:Enabled:QuickConnect -- (Qwest Communications International Inc.)
"C:\Program Files\ACNielsen\Homescan Internet Transporter\HSTrans.exe" = C:\Program Files\ACNielsen\Homescan Internet Transporter\HSTrans.exe:LocalSubNet:Enabled:Homescan Internet Transporter -- (ACNielsen)
"C:\Program Files\iWin Games\iWinGames.exe" = C:\Program Files\iWin Games\iWinGames.exe:*:Enabled:iWin Games application. -- (iWin Inc.)
"C:\Program Files\iWin Games\WebUpdater.exe" = C:\Program Files\iWin Games\WebUpdater.exe:*:Enabled:iWin Games updater. -- ()
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"F:\Program Files\DAP\DAP.exe" = F:\Program Files\DAP\DAP.exe:*:Enabled:Download Accelerator Plus (DAP) -- (SpeedBit Ltd.)
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic Data Module
"{09D8492A-C8E2-421E-927D-46800FB327A3}" = Wireless Home Network Setup
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1CB34CE9-0E6B-493F-BB66-3425E5DF76E5}" = CP_CalendarTemplates1
"{1E26327C-5168-43B3-BEC1-4E3AA945C711}" = QuickConnect
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"{23B35809-5E4A-4F14-8332-1CDEDDFAC089}" = CP_Package_Variety2
"{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}" = Destinations
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java™ 6 Update 17
"{2A548002-9042-4083-A270-B67473DE1073}" = SkinsHP1
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{32A72502-BC2C-4C39-ACEA-BC3D463F0697}" = EN
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.10 A1
"{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36D620AD-EEBA-4973-BA86-0C9AE6396620}" = OptionalContentQFolder
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{3FE0CFAB-584A-4AA5-B8CD-C32284CFA308}" = RandMap
"{4041C245-7099-4C96-9738-5EBC23827B3C}" = BufferChm
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}" = HP Wireless Assistant 2.00 G2
"{432C3720-37BF-4BD7-8E49-F38E090246D0}" = CR2
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 2.3
"{47D2103B-FD51-4017-9C20-DD408B17D726}" = Office 2003 Trial Assistant
"{494D17B5-3369-4905-8C4B-80C972C5E0FF}" = CP_Panorama1Config
"{4998FF95-709A-430A-B104-92A009ABB848}" = QuickConnect
"{4DA4012B-39AF-48c2-B23B-A4D570D233A6}" = cp_LightScribeConfig
"{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}" = FontNav
"{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}" = CP_Package_Variety1
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{54C8FE84-89C4-40E8-976C-439EB0729BD6}" = CardRd81
"{54F0998F-73C8-4b51-8286-FE903C231BED}" = cp_PosterPrintConfig
"{5624C000-B109-11D4-9DB4-00E0290FCAC5}" = VPN Client
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{63218538-4A69-497F-8455-904261B0E9E4}" = CorelDRAW Graphics Suite X3
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{6815FCDD-401D-481E-BA88-31B4754C2B46}" = Macromedia Flash Player 8
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{766633B3-1AFA-44B6-A3FC-1DE991CD9C52}" = CP_Package_Basic1
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79F8E1D4-36C1-439C-95FA-F695050B5B07}" = Sonic_PrimoSDK
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7F10292C-A190-4176-A665-A1ED3478DF86}" = LightScribe System Software
"{80AE27BA-B0ED-4288-A8B9-D8194BCF4115}" = cp_UpdateProjectsConfig
"{8180DC57-B9CC-4C0C-8334-B357B67BCF6B}" = Movavi Video Converter 8
"{838A1BC9-95CA-4880-9BE3-2A7D23600A2B}" = Macromedia Shockwave Player
"{869C3062-4745-4949-B6C9-98AF24D89030}" = PhotoGallery
"{86B77B5A-B157-6386-37B0-DB2494DEEAFF}" = MozyHome Remote Backup
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{91E30409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{92BF38A8-5616-4209-87A3-D910B45A1D98}" = Homescan Internet Transporter
"{943B6738-4801-4982-90EC-0442EF7AEB16}" = Kaspersky Anti-Virus 2010
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9692FD03-6662-4E62-B08C-30DFF51651E1}" = Actiontec Gateway
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D4ABB0C-F60B-44A6-956C-A4A63D5495C9}" = CueTour
"{A01FC76F-CC09-4658-9E37-5C2F635EE708}" = TourSetup
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A63E18AC-B504-4045-AFE6-A279BBABB988}" = Qwest QuickAssist Desktop Tools
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic Audio Module
"{AC76BA86-1033-0000-BA7E-000000000001}" = Adobe Acrobat 6.0 Standard
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.4
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{AEF7A12C-CD9B-4773-8AD1-6916138CA7EA}" = SmartAudio
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B11E71BA-498C-42D4-9F1A-9D7A89D9DA61}" = CP_AtenaShokunin1Config
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic Copy Module
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B57F2FF0-5A25-4332-B503-4592B370C02F}" = CP_Package_Variety3
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{BBD3BF67-5B89-4CBB-BA58-5818ED5F3290}" = cp_OnlineProjectsConfig
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{C94E45B0-6AA6-4FB9-9AAE-22085F631880}" = VBA
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.0.10.324
"{DB7E00C9-6DEF-489A-8112-D8F81614F45A}" = Vongo
"{E276E05A-FFE8-485B-A005-42E76EA72AC4}" = HP User Guides 0032
"{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}" = tooltips
"{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}" = kgcbase
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FB09F05F-85C6-4205-B28D-5BF071D276C3}" = muvee autoProducer 5.0
"{FC8D25A7-FF1B-41BB-BB3B-9A06C0A60AE0}" = InstantShareDevices
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"53F13DB4D9611FD63BE580F06F0729BF236ABE68" = Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"9E140F48C9836B9B78539C08FB2B17146BDB3F65" = Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (04/28/2006 1.3.1.0)
"Adobe AIR" = Adobe AIR
"Adobe Atmosphere Player" = Adobe Atmosphere Player for Acrobat and Adobe Reader
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"BFG-10 Days To Save the World - The Adventures of Diana Salinger" = 10 Days To Save the World: The Adventures of Diana Salinger
"BFG-1912 - Titanic Mystery" = 1912: Titanic Mystery
"BFG-3 Days - Zoo Mystery" = 3 Days: Zoo Mystery
"BFG-4 Elements" = 4 Elements
"BFG-7 Artifacts" = 7 Artifacts
"BFG-7 Wonders II" = 7 Wonders II
"BFG-Abra Academy" = Abra Academy (remove only)
"BFG-Adventures of Robinson Crusoe" = Adventures of Robinson Crusoe
"BFG-Agatha Christie - Dead Man's Folly" = Agatha Christie: Dead Man's Folly
"BFG-Agatha Christie - Death on the Nile" = Agatha Christie - Death on the Nile
"BFG-Agatha Christie - Peril at End House" = Agatha Christie: Peril at End House
"BFG-Age Of Oracles - Taras Journey" = Age Of Oracles: Tara`s Journey
"BFG-AGON - The London Scene" = AGON - The London Scene
"BFG-Alabama Smith in the Quest of Fate" = Alabama Smith in the Quest of Fate
"BFG-Alchemist's Apprentice" = Alchemist's Apprentice
"BFG-Alexandra Fortune - Mystery of the Lunar Archipelago" = Alexandra Fortune: Mystery of the Lunar Archipelago
"BFG-Amazing Adventures - Around the World" = Amazing Adventures: Around the World
"BFG-Amazing Adventures - The Caribbean Secret" = Amazing Adventures: The Caribbean Secret
"BFG-Amazing Adventures - The Lost Tomb" = Amazing Adventures: The Lost Tomb
"BFG-Ancient Quest of Saqqarah" = Ancient Quest of Saqqarah
"BFG-Angela Young 2 - Escape the Dreamscape" = Angela Young 2: Escape the Dreamscape
"BFG-Angela Young's Dream Adventure" = Angela Young's Dream Adventure
"BFG-Apple Pie" = Apple Pie
"BFG-Around the World in 80 Days" = Around the World in 80 Days
"BFG-Atlantis Quest" = Atlantis Quest
"BFG-Autumn's Treasures - The Jade Coin" = Autumn's Treasures: The Jade Coin
"BFG-Azada" = Azada &reg;
"BFG-Azada - Ancient Magic" = Azada: Ancient Magic
"BFG-Azkend" = Azkend
"BfgBar" = Big Fish Games Toolbar 2.0
"BFG-Becky Brogan - The Mystery of Meane Manor" = Becky Brogan: The Mystery of Meane Manor
"BFG-Between the Worlds" = Between the Worlds
"BFG-Big City Adventure - New York City" = Big City Adventure: New York City
"BFG-Big City Adventure - San Francisco" = Big City Adventure - San Francisco
"BFG-Big City Adventure - Sydney Australia" = Big City Adventure: Sydney, Australia
"BFG-Big Kahuna Reef" = Big Kahuna Reef (remove only)
"BFG-Big Kahuna Reef 2 - Chain Reaction" = Big Kahuna Reef 2 - Chain Reaction
"BFG-Broken Hearts - A Soldier's Duty" = Broken Hearts: A Soldier's Duty
"BFG-Build-a-lot" = Build-a-lot
"BFG-Build-a-lot 2 - Town of the Year" = Build-a-lot 2: Town of the Year
"BFG-Build-a-lot 3 - Passport to Europe" = Build-a-lot 3: Passport to Europe
"BFG-Build-a-Lot 4 - Power Source" = Build-a-Lot 4: Power Source
"BFGC" = Big Fish Games: Game Manager
"BFG-Cajun Cop - The French Quarter Caper" = Cajun Cop: The French Quarter Caper
"BFG-Cassandra's Journey - The Legacy of Nostradamus" = Cassandra's Journey: The Legacy of Nostradamus
"BFG-Cassandra's Journey 2 - The Fifth Sun of Nostradamus" = Cassandra's Journey 2: The Fifth Sun of Nostradamus
"BFG-Cate West - The Vanishing Files" = Cate West: The Vanishing Files
"BFG-Cate West - The Velvet Keys" = Cate West: The Velvet Keys
"BFG-CSI - NY" = CSI: NY
"BFG-Curse of the Pharaoh - Napoleon's Secret" = Curse of the Pharaoh: Napoleon's Secret
"BFG-Curse of the Pharaoh - Tears of Sekhmet" = Curse of the Pharaoh: Tears of Sekhmet
"BFG-Danger Next Door - Miss Teri Tale's Adventure" = Danger Next Door: Miss Teri Tale's Adventure
"BFG-Dark Tales - Edgar Allan Poe`s Murders in the Rue Morgue" = Dark Tales: Edgar Allan Poe`s Murders in the Rue Morgue
"BFG-Defenders of Law - The Rosendale File" = Defenders of Law: The Rosendale File
"BFG-Delaware St. John - The Curse of Midnight Manor" = Delaware St. John - The Curse of Midnight Manor
"BFG-Delaware St. John - The Town with No Name" = Delaware St. John: The Town with No Name
"BFG-Department 42 - The Mystery of the Nine" = Department 42: The Mystery of the Nine
"BFG-DinerTown - Detective Agency" = DinerTown: Detective Agency
"BFG-Discovery - A Seek and Find Adventure" = Discovery! A Seek and Find Adventure
"BFG-Drawn - The Painted Tower" = Drawn: The Painted Tower
"BFG-Dream Chronicles" = Dream Chronicles
"BFG-Dream Chronicles - The Chosen Child" = Dream Chronicles: The Chosen Child
"BFG-Dream Chronicles 2 - The Eternal Maze" = Dream Chronicles 2: The Eternal Maze
"BFG-Dream Sleuth" = Dream Sleuth
"BFG-Echoes of the Past - Royal House of Stone" = Echoes of the Past: Royal House of Stone
"BFG-Enlightenus" = Enlightenus
"BFG-Escape Rosecliff Island" = Escape Rosecliff Island
"BFG-Escape the Museum" = Escape the Museum
"BFG-Escape the Museum 2" = Escape the Museum 2
"BFG-Fairway Solitaire" = Fairway Solitaire
"BFG-Find Your Own Way Home" = Find Your Own Way Home
"BFG-Fishdom" = Fishdom
"BFG-Fishdom - Frosty Splash" = Fishdom: Frosty Splash
"BFG-Flower Paradise" = Flower Paradise
"BFG-Flux Family Secrets - The Ripple Effect" = Flux Family Secrets: The Ripple Effect
"BFG-G.H.O.S.T Chronicles - Phantom of the Renaissance Faire" = G.H.O.S.T Chronicles: Phantom of the Renaissance Faire
"BFG-Gardenscapes" = Gardenscapes
"BFG-Ghost in the Sheet" = Ghost in the Sheet (remove only)
"BFG-Ghost Town Mysteries - Bodie" = Ghost Town Mysteries: Bodie
"BFG-Great Secrets - Da Vinci" = Great Secrets: Da Vinci
"BFG-Haunted Hotel" = Haunted Hotel
"BFG-Haunted Hotel II - Believe the Lies" = Haunted Hotel II: Believe the Lies
"BFG-Herods Lost Tomb" = National Geographic presents: Herod's Lost Tomb
"BFG-Hidden Expedition - Amazon" = Hidden Expedition: Amazon
"BFG-Hidden Expedition - Devils Triangle" = Hidden Expedition &reg; - Devil's Triangle
"BFG-Hidden Expedition - Everest" = Hidden Expedition: Everest
"BFG-Hidden Expedition - Titanic" = Hidden Expedition: Titanic
"BFG-Hidden in Time - Mirror Mirror" = Hidden in Time: Mirror Mirror
"BFG-Hidden Magic" = Hidden Magic
"BFG-Hidden Mysteries - Buckingham Palace" = Hidden Mysteries: Buckingham Palace
"BFG-Hidden Mysteries - Civil War" = Hidden Mysteries - Civil War
"BFG-Hidden Object of Desire" = Harlequin Presents : Hidden Object of Desire
"BFG-Hidden Secrets - The Nightmare" = Hidden Secrets: The Nightmare
"BFG-Hidden Wonders of the Depths" = Hidden Wonders of the Depths
"BFG-Hidden Wonders of the Depths 2" = Hidden Wonders of the Depths 2
"BFG-Hidden World of Art 2 - Undercover Art Agent" = Hidden World of Art 2: Undercover Art Agent
"BFG-Hide & Secret 3 - Pharaoh's Quest" = Hide & Secret 3: Pharaoh's Quest
"BFG-Hide and Secret" = Hide and Secret
"BFG-Hide and Secret 2 - Cliffhanger Castle" = Hide & Secret 2: Cliffhanger Castle
"BFG-Hostile Makeover" = Hostile Makeover
"BFG-Insaniquarium! Deluxe" = Insaniquarium! Deluxe
"BFG-Insider Tales - Stolen Venus" = Insider Tales: Stolen Venus
"BFG-Insider Tales - The Secret of Casanova" = Insider Tales: The Secret of Casanova
"BFG-Insider Tales - Vanished in Rome" = Insider Tales: Vanished in Rome
"BFG-James Patterson Women's Murder Club - A Darker Shade of Grey" = James Patterson Women's Murder Club: A Darker Shade of Grey
"BFG-James Patterson's Women's Murder Club - Death in Scarlet" = James Patterson's Women's Murder Club: Death in Scarlet
"BFG-James Patterson's Women's Murder Club - Twice in a Blue Moon" = James Patterson's Women's Murder Club: Twice in a Blue Moon
"BFG-Jane Angel - Templar Mystery" = Jane Angel: Templar Mystery
"BFG-Jewel Craft" = Jewel Craft
"BFG-Jewel Quest" = Support Version - JQ
"BFG-Jewel Quest II" = Support Version - JQ2
"BFG-Jewel Quest Mysteries - Curse of the Emerald Tear" = Jewel Quest Mysteries: Curse of the Emerald Tear
"BFG-Jewel Quest Mysteries - Trail of the Midnight Heart" = Jewel Quest Mysteries: Trail of the Midnight Heart
"BFG-Jigs@w Puzzle 2" = Jigs@w Puzzle 2 (remove only)
"BFG-Law & Order - The Vengeful Heart" = Law & Order - The Vengeful Heart
"BFG-Law & Order Criminal Intent 2 - Dark Obsession" = Law & Order Criminal Intent 2 - Dark Obsession
"BFG-Lost City of Z - Special Edition" = Lost City of Z: Special Edition
"BFG-Lost in the City" = Lost in the City
"BFG-Lost Realms - Legacy of the Sun Princess" = Lost Realms: Legacy of the Sun Princess
"BFG-Lost Realms - The Curse of Babylon" = Lost Realms: The Curse of Babylon
"BFG-Lost Secrets - Bermuda Triangle" = Lost Secrets: Bermuda Triangle
"BFG-Lost Secrets - Caribbean Explorer Secrets of the Sea" = Lost Secrets: Caribbean Explorer Secrets of the Sea
"BFG-Luxor Adventures" = Luxor Adventures
"BFG-Magic Academy" = Magic Academy
"BFG-Magic Academy II" = Magic Academy II
"BFG-Magic Encyclopedia - Moon Light" = Magic Encyclopedia: Moon Light
"BFG-Mah Jong Quest" = Support Version MJQ
"BFG-Margrave Manor 2 - The Lost Ship" = Margrave Manor 2: The Lost Ship
"BFG-Masters of Mystery - Blood of Betrayal" = Masters of Mystery: Blood of Betrayal
"BFG-Masters of Mystery - Crime of Fashion" = Masters of Mystery - Crime of Fashion
"BFG-Midnight Mysteries - The Edgar Allan Poe Conspiracy" = Midnight Mysteries: The Edgar Allan Poe Conspiracy
"BFG-Miss Teri Tale" = Miss Teri Tale
"BFG-Miss Teri Tale - Vote 4 Me" = Miss Teri Tale: Vote 4 Me
"BFG-Mr. Biscuits - The Case of the Ocean Pearl" = Mr. Biscuits: The Case of the Ocean Pearl
"BFG-Murder She Wrote" = Murder, She Wrote
"BFG-Musaic Box" = Musaic Box
"BFG-Mushroom Age" = Mushroom Age
"BFG-Mystery Age - The Imperial Staff" = Mystery Age: The Imperial Staff
"BFG-Mystery Case Files - Huntsville" = Mystery Case Files: Huntsville
"BFG-Mystery Case Files - Madame Fate" = Mystery Case Files: Madame Fate (remove only)
"BFG-Mystery Case Files - Prime Suspects" = Mystery Case Files: Prime Suspects
"BFG-Mystery Case Files - Ravenhearst" = Mystery Case Files: Ravenhearst &reg;
"BFG-Mystery Case Files - Return to Ravenhearst" = Mystery Case Files: Return to Ravenhearst
"BFG-Mystery Chronicles - Murder Among Friends" = Mystery Chronicles: Murder Among Friends
"BFG-Mystery in London" = Mystery in London
"BFG-Mystery Legends - Sleepy Hollow" = Mystery Legends: Sleepy Hollow
"BFG-Mystery Masterpiece - The Moonstone" = Mystery Masterpiece: The Moonstone
"BFG-Mystery of Cleopatra" = Mystery of Cleopatra
"BFG-Mystery of Shark Island" = Mystery of Shark Island
"BFG-Mystery of Unicorn Castle" = Mystery of Unicorn Castle
"BFG-Mystery P.I. - Lost in Los Angeles" = Mystery P.I.: Lost in Los Angeles
"BFG-Mystery P.I. - The Lottery Ticket" = Mystery P.I. - The Lottery Ticket (remove only)
"BFG-Mystery P.I. - The Vegas Heist" = Mystery P.I.: The Vegas Heist
"BFG-Mystery PI - The New York Fortune" = Mystery P.I.: The New York Fortune
"BFG-Mystery Solitaire - Secret Island" = Mystery Solitaire: Secret Island (remove only)
"BFG-Mystery Stories - Island of Hope" = Mystery Stories: Island of Hope
"BFG-Mystic Diary - Lost Brother" = Mystic Diary: Lost Brother
"BFG-Nat Geo Adventure - Ghost Fleet" = Nat Geo Adventure: Ghost Fleet
"BFG-Natalie Brooks - Mystery at Hillcrest High" = Natalie Brooks: Mystery at Hillcrest High
"BFG-Natalie Brooks - Secrets of Treasure House" = Natalie Brooks: Secrets of Treasure House
"BFG-Natalie Brooks - The Treasures of the Lost Kingdom" = Natalie Brooks: The Treasures of the Lost Kingdom
"BFG-Pahelika - Secret Legends" = Pahelika: Secret Legends
"BFG-Pantheon" = Pantheon
"BFG-Pirateville" = Pirateville
"BFG-Plumeboom - The First Chapter" = Plumeboom: The First Chapter
"BFG-Princess Isabella - A Witch's Curse" = Princess Isabella: A Witch's Curse
"BFG-Private Eye - Greatest Unsolved Mysteries" = Private Eye: Greatest Unsolved Mysteries
"BFG-PuppetShow - Mystery of Joyville" = PuppetShow: Mystery of Joyville
"BFG-Rangy Lil's Wild West Adventure" = Rangy Lil's Wild West Adventure
"BFG-Real Crimes - Jack the Ripper" = Real Crimes: Jack the Ripper
"BFG-Real Crimes - The Unicorn Killer" = Real Crimes: The Unicorn Killer
"BFG-Redrum" = Redrum
"BFG-Reincarnations - Awakening" = Reincarnations: Awakening
"BFG-Restoring Rhonda" = Restoring Rhonda
"BFG-Righteous Kill" = Righteous Kill
"BFG-Righteous Kill 2 - Revenge of the Poet Killer" = Righteous Kill 2: Revenge of the Poet Killer
"BFG-Romance of Rome" = Romance of Rome
"BFG-Rooms - The Main Building" = Rooms: The Main Building
"BFG-Samantha Swift - Mystery From Atlantis" = Samantha Swift: Mystery From Atlantis
"BFG-Samantha Swift and the Golden Touch" = Samantha Swift and the Golden Touch
"BFG-Samantha Swift and the Hidden Roses of Athena" = Samantha Swift and the Hidden Roses of Athena
"BFG-Save Our Spirit" = Save Our Spirit
"BFG-Scrapbook Paige" = Scrapbook Paige
"BFG-Season of Mystery - The Cherry Blossom Murders" = Season of Mystery: The Cherry Blossom Murders
"BFG-She is a Shadow" = She is a Shadow
"BFG-Sherlock Holmes - The Mystery of the Persian Carpet" = Sherlock Holmes: The Mystery of the Persian Carpet
"BFG-Sherlock Holmes - The Secret of the Silver Earring" = Sherlock Holmes - The Secret of the Silver Earring
"BFG-Slingo Mystery - Who's Gold" = Slingo Mystery: Who's Gold
"BFG-Slingo Quest" = Slingo Quest (remove only)
"BFG-Sprill and Ritchie - Adventures in Time" = Sprill and Ritchie: Adventures in Time
"BFG-Steve The Sheriff" = Steve The Sheriff
"BFG-Steve the Sheriff - The Case of the Missing Thing" = Steve the Sheriff 2: The Case of the Missing Thing
"BFG-Strange Cases - The Tarot Card Mystery" = Strange Cases: The Tarot Card Mystery
"BFG-Superior Save" = Superior Save
"BFG-The Count of Monte Cristo" = The Count of Monte Cristo
"BFG-The Dark Hills of Cherai" = The Dark Hills of Cherai
"BFG-The Dracula Files" = The Dracula Files
"BFG-The Enchanting Islands" = The Enchanting Islands
"BFG-The History Channel Lost Worlds" = The History Channel Lost Worlds
"BFG-The Lost Inca Prophecy" = The Lost Inca Prophecy
"BFG-The Magician's Handbook II - BlackLore" = The Magician's Handbook II: BlackLore
"BFG-The Mirror Mysteries" = The Mirror Mysteries
"BFG-The Mystery of the Crystal Portal" = The Mystery of the Crystal Portal
"BFG-The Mystery of the Mary Celeste" = The Mystery of the Mary Celeste
"BFG-The Otherside - Realm of Eons" = The Otherside: Realm of Eons
"BFG-The Return of Monte Cristo" = The Return of Monte Cristo
"BFG-The Rise of Atlantis" = The Rise of Atlantis
"BFG-The Scruffs" = The Scruffs
"BFG-The Secret of Margrave Manor" = The Secret of Margrave Manor
"BFG-The Serpent of Isis" = The Serpent of Isis
"BFG-The Spirit of Wandering - The Legend" = The Spirit of Wandering: The Legend
"BFG-The Sultans Labyrinth" = The Sultan's Labyrinth
"BFG-The Three Musketeers" = The Three Musketeers
"BFG-The Tudors" = The Tudors
"BFG-Trapped - The Abduction" = Trapped: The Abduction
"BFG-Treasure Masters" = Treasure Masters
"BFG-Treasure Seekers - The Enchanted Canvases" = Treasure Seekers: The Enchanted Canvases
"BFG-Treasure Seekers - Visions of Gold" = Treasure Seekers: Visions of Gold
"BFG-Trial of the Gods - Ariadnes Fate" = Trial of the Gods: Ariadne's Fate
"BFG-Tri-Peaks 2 - Quest for the Ruby Ring" = Tri-Peaks 2: Quest for the Ruby Ring
"BFG-Valerie Porter and the Scarlet Scandal" = Valerie Porter and the Scarlet Scandal
"BFG-Vampire Saga - Pandora's Box" = Vampire Saga: Pandora's Box
"BFG-Venice Mystery" = Venice Mystery
"BFG-Veronica Rivers - Portals to the Unknown" = Veronica Rivers: Portals to the Unknown
"BFG-Wild West Quest" = Wild West Quest
"BFG-Wild West Quest 2" = Wild West Quest 2
"BFG-Yard Sale Hidden Treasures - Lucky Junction" = Yard Sale Hidden Treasures: Lucky Junction
"BFG-Yard Sale Hidden Treasures - Sunnyville" = Yard Sale Hidden Treasures: Sunnyville
"BFG-Yard Sale Junkie" = Yard Sale Junkie
"BFG-Youda Legend - The Curse of the Amsterdam Diamond" = Youda Legend: The Curse of the Amsterdam Diamond
"BFG-Youda Legend - The Golden Bird of Paradise" = Youda Legend: The Golden Bird of Paradise
"BFG-Zulu's Zoo" = Zulu's Zoo
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
"CCleaner" = CCleaner
"CNXT_HDAUDIO" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_VENICE_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Download Accelerator Plus (DAP)" = Download Accelerator Plus (DAP)
"Dream Day Anniversary_is1" = Dream Day Anniversary
"Free RAR Extract Frog" = Free RAR Extract Frog
"FTDICOMM" = FTDI USB Serial Converter Drivers
"HijackThis" = HijackThis 1.99.1
"Hoyle Puzzle & Board Games 2009" = Hoyle Puzzle & Board Games 2009
"hp deskjet 5550 series" = hp deskjet 5550 series (Remove only)
"hp deskjet 5550 series_Driver" = hp deskjet 5550 series
"HP Game Console" = HP Game Console and games
"HP Imaging Device Functions" = HP Imaging Device Functions 6.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.0
"hp print screen utility" = hp print screen utility
"HP Rhapsody" = HP Rhapsody
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"InstallWIX_{943B6738-4801-4982-90EC-0442EF7AEB16}" = Kaspersky Anti-Virus 2010
"iWinArcade" = iWin Games (remove only)
"JDownloader" = JDownloader
"Jewel Quest Solitaire" = Jewel Quest Solitaire (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NetSight" = Nielsen//NetRatings
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Paradise Quest Beta_is1" = Paradise Quest Beta
"Quicken 2001 Deluxe" = Quicken 2001 Deluxe
"QwestQuickCare_is1" = Qwest Quickcare 2.5
"RealPlayer 6.0" = RealPlayer
"RealVNC_is1" = VNC 4.0
"Return to Mysterious Island" = Return to Mysterious Island (remove only)
"Rhapsody" = Rhapsody
"SpeedBit Video Accelerator" = SpeedBit Video Accelerator
"SUPER " = SUPER Version 2009.bld.36 (June 10, 2009)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"The Weather Channel Desktop 6" = The Weather Channel Desktop 6
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Webshots Desktop_is1" = Webshots Desktop
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 4.5.0.452

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/27/2010 5:38:01 PM | Computer Name = STEPH | Source = Application Error | ID = 1000
Description = Faulting application stax.exe, version 2.0.0.38, faulting module dwwin.dll,
version 2.1.411.0, fault address 0x000eae22.

Error - 2/27/2010 6:26:34 PM | Computer Name = STEPH | Source = Application Error | ID = 1000
Description = Faulting application stax.exe, version 2.0.0.38, faulting module dwwin.dll,
version 2.1.411.0, fault address 0x000eae22.

Error - 2/27/2010 6:29:30 PM | Computer Name = STEPH | Source = Application Error | ID = 1001
Description = Fault bucket 215160310.

Error - 2/27/2010 6:31:48 PM | Computer Name = STEPH | Source = Application Error | ID = 1000
Description = Faulting application stax.exe, version 2.0.0.38, faulting module dwwin.dll,
version 2.1.411.0, fault address 0x000eae22.

Error - 2/28/2010 6:47:18 PM | Computer Name = STEPH | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x06d6ceb0.

Error - 2/28/2010 6:47:28 PM | Computer Name = STEPH | Source = Application Error | ID = 1001
Description = Fault bucket 244485087.

Error - 3/5/2010 4:08:00 PM | Computer Name = STEPH | Source = Application Hang | ID = 1002
Description = Hanging application FreeRARExtractFrog.exe, version 0.0.0.0, hang
module hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/7/2010 1:09:42 AM | Computer Name = STEPH | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module shell32.dll, version 6.0.2900.5622, fault address 0x00033503.

Error - 3/8/2010 12:27:34 AM | Computer Name = STEPH | Source = Microsoft Office 11 | ID = 1000
Description = Faulting application outlook.exe, version 11.0.8312.0, stamp 4a403990,
faulting module outllib.dll, version 11.0.8313.0, stamp 4a793cc5, debug? 0, fault
address 0x002afbd3.

Error - 3/10/2010 10:31:37 PM | Computer Name = STEPH | Source = Application Hang | ID = 1002
Description = Hanging application DAP.exe, version 9.3.0.5, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 3/11/2010 10:13:24 PM | Computer Name = STEPH | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 3/11/2010 10:14:08 PM | Computer Name = STEPH | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AliIde IntelIde nvatabus Pcmcia ViaIde

Error - 3/11/2010 10:24:52 PM | Computer Name = STEPH | Source = Service Control Manager | ID = 7034
Description = The VNC Server Version 4 service terminated unexpectedly. It has
done this 1 time(s).

Error - 3/12/2010 6:34:01 PM | Computer Name = STEPH | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 3/12/2010 6:34:01 PM | Computer Name = STEPH | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 3/12/2010 6:34:46 PM | Computer Name = STEPH | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AliIde IntelIde nvatabus Pcmcia ViaIde

Error - 3/12/2010 6:35:19 PM | Computer Name = STEPH | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the NVSvc service.

Error - 3/12/2010 7:03:04 PM | Computer Name = STEPH | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 3/12/2010 7:03:04 PM | Computer Name = STEPH | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 3/12/2010 7:03:45 PM | Computer Name = STEPH | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AliIde IntelIde nvatabus Pcmcia ViaIde


< End of report >


#8 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:08:07 PM

Posted 13 March 2010 - 04:16 PM

Hi Stephanie,

Can you tell me if you are still getting redirected?

  • Go to Start >> Run
  • Copy and paste the following command line into the Run box, then click OK.
cmd /c mbr -t& start mbr.log
  • A file called mbr.log will pop up please post the contents in your reply.



Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    CODE
    :OTL
    SRV - File not found [Disabled | Stopped] -- -- (CLTNetCnService)
    O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
    O16 - DPF: {5E92F538-B50B-46C5-9C5F-C6EECED3F6C6} http://www.infospace.com/mypoints.main/tba...pointsSetup.exe (Reg Error: Key error.)
    O16 - DPF: {6EEFD7B1-B26C-440D-B55A-1EC677189F30} https://69.145.158.26/NELX.cab (NELaunchCtrl Class)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
    O16 - DPF: {C82BB209-F528-46F9-96D5-69DEF7260916} http://www.worldwinner.com/games/v45/mysterypi/mysterypi.cab (MysteryPI Control)
    @Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3C282BEA
    @Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:17BBEBBB
    @Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A9DDC4C9
    @Alternate Data Stream - 97 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1D317030
    @Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C5AE4E07
    @Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8247A199
    @Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8BA6C9F8
    @Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:21622A66
    @Alternate Data Stream - 94 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:538B96B5
    @Alternate Data Stream - 237 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:70E897B5
    @Alternate Data Stream - 234 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0E22C5DB
    @Alternate Data Stream - 231 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:270A3983
    @Alternate Data Stream - 229 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0EC7A545
    @Alternate Data Stream - 226 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9F38BF31
    @Alternate Data Stream - 222 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:639F0420
    @Alternate Data Stream - 219 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:97C4F81F
    @Alternate Data Stream - 218 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A31B5E9B
    @Alternate Data Stream - 218 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:90865A6D
    @Alternate Data Stream - 218 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:710F4DBF
    @Alternate Data Stream - 218 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:569CEE83
    @Alternate Data Stream - 218 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2BC498A4
    @Alternate Data Stream - 217 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C22674B6
    @Alternate Data Stream - 217 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:537E6E55
    @Alternate Data Stream - 216 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:71004506
    @Alternate Data Stream - 216 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:108D3361
    @Alternate Data Stream - 215 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FC2D0F32
    @Alternate Data Stream - 215 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E5294695
    @Alternate Data Stream - 215 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5FFC2819
    @Alternate Data Stream - 215 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:32A82570
    @Alternate Data Stream - 214 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D055FC10
    @Alternate Data Stream - 214 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8F4E260C
    @Alternate Data Stream - 214 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8E7F155B
    @Alternate Data Stream - 214 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:737160C1
    @Alternate Data Stream - 214 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:27D1368B
    @Alternate Data Stream - 213 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A56D6987
    @Alternate Data Stream - 213 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:89A5891E
    @Alternate Data Stream - 213 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5AE33054
    @Alternate Data Stream - 212 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C0DFB793
    @Alternate Data Stream - 211 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FDDD8917
    @Alternate Data Stream - 211 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:260575F1
    @Alternate Data Stream - 210 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D48500F8
    @Alternate Data Stream - 210 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C86B29EB
    @Alternate Data Stream - 210 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:61AF2B29
    @Alternate Data Stream - 209 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F1DEA771
    @Alternate Data Stream - 209 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CF61CE5A
    @Alternate Data Stream - 209 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1F7A10DD
    @Alternate Data Stream - 208 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D507B5A8
    @Alternate Data Stream - 208 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:996104FC
    @Alternate Data Stream - 207 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8DB31C20
    @Alternate Data Stream - 206 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:24FECE50
    @Alternate Data Stream - 206 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1AC933DC
    @Alternate Data Stream - 204 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E51234A9
    @Alternate Data Stream - 204 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:708BB0FA
    @Alternate Data Stream - 204 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:53DF59D1
    @Alternate Data Stream - 203 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0AC32449
    @Alternate Data Stream - 202 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F84B8DB5
    @Alternate Data Stream - 202 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:51F17BB8
    @Alternate Data Stream - 202 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3D36932D
    @Alternate Data Stream - 200 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FACB65E7
    @Alternate Data Stream - 200 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:09064307
    @Alternate Data Stream - 199 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F1175E1D
    @Alternate Data Stream - 199 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EF4FB3C5
    @Alternate Data Stream - 199 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:93F3E4C9
    @Alternate Data Stream - 199 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:90D89144
    @Alternate Data Stream - 198 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1B927722
    @Alternate Data Stream - 197 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BF2E2F0E
    @Alternate Data Stream - 197 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:99A29126
    @Alternate Data Stream - 197 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:957E9765
    @Alternate Data Stream - 197 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:918B7566
    @Alternate Data Stream - 197 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3E06C78F
    @Alternate Data Stream - 196 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EEB25EAE
    @Alternate Data Stream - 196 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EAFDF1CF
    @Alternate Data Stream - 196 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:43301D1D
    @Alternate Data Stream - 196 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3C5ABDC7
    @Alternate Data Stream - 195 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EC0A74A1
    @Alternate Data Stream - 195 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:78E0DF72
    @Alternate Data Stream - 195 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4911BB5C
    @Alternate Data Stream - 194 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B91EDB04
    @Alternate Data Stream - 193 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0EB1DE
    @Alternate Data Stream - 193 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A2907225
    @Alternate Data Stream - 193 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4673E9EA
    @Alternate Data Stream - 192 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A745DB5D
    @Alternate Data Stream - 191 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ED810E46
    @Alternate Data Stream - 191 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C07A6A6B
    @Alternate Data Stream - 191 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7A0EFE63
    @Alternate Data Stream - 191 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:43982D5E
    @Alternate Data Stream - 190 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B904C348
    @Alternate Data Stream - 190 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A6116FBB
    @Alternate Data Stream - 190 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:85C3B823
    @Alternate Data Stream - 189 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FC8FFA4E
    @Alternate Data Stream - 189 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:92A815D8
    @Alternate Data Stream - 189 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5E9B629B
    @Alternate Data Stream - 181 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5BC73C48
    @Alternate Data Stream - 166 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4A77A28B
    @Alternate Data Stream - 165 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BEB6D0B2
    @Alternate Data Stream - 160 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D31BE97C
    @Alternate Data Stream - 154 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4573A78F
    @Alternate Data Stream - 154 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:409A775B
    @Alternate Data Stream - 149 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:123A86B5
    @Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DC21D414
    @Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:68EF6203
    @Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EDC744FB
    @Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E7B4296D
    @Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2495D97A
    @Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C72A744C
    @Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6F19AC49
    @Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4AA3DAA3
    @Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E732B44B
    @Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ADE67221
    @Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AA45298E
    @Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:89C28CF6
    @Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7E082023
    @Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:61B54B15
    @Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0F38B460
    @Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:988216DA
    @Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1AD90C3
    @Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A3B8F70C
    @Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:870649A4
    @Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FED25C29
    @Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7FCB9D0D
    @Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:25249477
    @Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:04CE8640
    @Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E895790F
    @Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B37E855B
    @Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:80F63EC3
    @Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6017A808
    @Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5E413CD6
    @Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6F0B6A5A
    @Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:596E2371
    @Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3D186293
    @Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EF5B3572
    @Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A167A0BB
    @Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6C5F84F1
    @Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7FD903D7
    @Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:341C1FBD
    @Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:177313FB
    @Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1181620C
    @Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FC4EA67C
    @Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F8435088
    @Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A3251D01
    @Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:700B9342
    @Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:36FFA2FB
    @Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:26FBC1F9
    @Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:067F588D
    @Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:41289DF0
    @Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:33DB8278
    @Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0CFA7D7D
    @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EB42AC3C
    @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E80802C7
    @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D390A6A7
    @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A7596EAE
    @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:89CF6F9C
    @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:55F44B88
    @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5025C6E4
    @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4C528C86
    @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A9662AE0
    @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9E3E060F
    @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:88698068
    @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:55374FBA
    @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2871B698
    @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:225CD7D5
    @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ED2998F5
    @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EC2762B9
    @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BA05E0C4
    @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A58B27C9
    @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7B2BB690
    @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5EF1AD34
    @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3FD496E1
    @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:38B32B54
    @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:13EF4AF6
    @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:08D8BB20
    @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EA10407C
    @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DB77E2C4
    @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8F067037
    @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8DF68137
    @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6E86D926
    @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:59C113EC
    @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:072F1F69
    @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EB40BC91
    @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B8384DB6
    @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AB7A26C6
    @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A02025CE
    @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1B7E2022
    @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D8F9D810
    @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D2397415
    @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BDD9C638
    @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6352F3F9
    @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C6EBC69
    @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:598E0FFA
    @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:405D842B
    @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3AB8D21A
    @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:275AA066
    @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DA9A5EA8
    @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:71612023
    @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6AF67671
    @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:55BB2521
    @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:237E4B91
    @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DE47A3DA
    @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CC4C59B4
    @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:96C9689F
    @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7C4DF735
    @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7C412B92
    @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5F1019FF
    @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:33EA030E
    @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2B1EA607
    @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F45F3031
    @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E1D6C864
    @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C0A9D0E7
    @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6FE17A89
    @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:63CFD724
    @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1F67CD26
    @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EC2381A4
    @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C10635F6
    @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0D278FB5
    @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07241935
    @Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E91ADC66
    @Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC3B090
    @Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D92485C9
    @Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A6CDBCAC
    @Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7A0FEE87
    @Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:102394C6
    @Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D2D4B33E
    @Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AA60673F
    @Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A561576B
    @Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8401B6D5
    @Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7AA6FC81
    @Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6F1F66C0
    @Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:090FB735
    @Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:00D5EBC2
    @Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BC38C00C
    @Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:42509EA1
    @Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3313A48D
    @Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:14750D76
    @Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0DAD93FF
    @Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F67AAFC5
    @Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E3CEEC4C
    @Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB16385F
    @Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B845F669
    @Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:40D8F125
    @Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C8E82994
    @Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:51E1A4D8
    @Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3B812EE0
    @Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E32966C0
    @Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:55E1514E
    @Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:551BED5F
    @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:614F17D3
    @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0F38F234
    @Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BB3CECA4
    @Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6710EF08
    @Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4FE30352
    @Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D226A81A
    @Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A7DA2BCD
    @Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9ACB70D7
    @Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:561B1D2B
    @Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1C6CB897
    @Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D0668210
    @Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B6FD7157
    @Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:89C6F032
    @Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D74B6CF5
    @Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7881FECE
    @Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:69AF9D20
    @Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:98AE08EA
    @Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:67C320D1
    @Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3473F385
    @Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:12D2EB9C
    @Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F2AF86D9
    @Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A07E3E9D
    @Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6444B424
    @Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4FE42FFC
    @Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3118E26B
    @Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C90483D2
    @Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A3750BE5
    @Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:60A4BB64
    @Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:538A9F02
    @Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DE6EED8B
    @Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BDAA2587
    @Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:52641FBE
    @Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:31106FCB
    @Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EE39C93C
    @Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1A8BB29B
    @Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:17D88661
    :Reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallOverride"=dword:00000000
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
    "DisableMonitoring"=dword:00000000
    :Commands
    [purity]
    [emptytemp]
    [emptyflash]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • You will get a log that shows the results of the fix. Please post it.


Then please post back here with the following logs:
  • mbr.log
  • OTL results

Thanks

unite.jpg


#9 whatazoo

whatazoo
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:07 PM

Posted 13 March 2010 - 05:41 PM

Thanks for the reply - yes, still getting the redirect (both before and after I did the cmd MBR... and the OTL...). Only about every 4th time or so.

Thanks in advance,
Stephanie

MBR log
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: error reading MBR
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x864F9826]<<
kernel: MBR read successfully


OTL log
All processes killed
========== OTL ==========
Service CLTNetCnService stopped successfully!
Service CLTNetCnService deleted successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.
Starting removal of ActiveX control {5E92F538-B50B-46C5-9C5F-C6EECED3F6C6}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{5E92F538-B50B-46C5-9C5F-C6EECED3F6C6}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{5E92F538-B50B-46C5-9C5F-C6EECED3F6C6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5E92F538-B50B-46C5-9C5F-C6EECED3F6C6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5E92F538-B50B-46C5-9C5F-C6EECED3F6C6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5E92F538-B50B-46C5-9C5F-C6EECED3F6C6}\ not found.
Starting removal of ActiveX control {6EEFD7B1-B26C-440D-B55A-1EC677189F30}
C:\WINDOWS\Downloaded Program Files\NELaunchX.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{6EEFD7B1-B26C-440D-B55A-1EC677189F30}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6EEFD7B1-B26C-440D-B55A-1EC677189F30}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6EEFD7B1-B26C-440D-B55A-1EC677189F30}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6EEFD7B1-B26C-440D-B55A-1EC677189F30}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
File oft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab not found.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
Starting removal of ActiveX control {C82BB209-F528-46F9-96D5-69DEF7260916}
C:\WINDOWS\Downloaded Program Files\mysterypi.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{C82BB209-F528-46F9-96D5-69DEF7260916}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C82BB209-F528-46F9-96D5-69DEF7260916}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{C82BB209-F528-46F9-96D5-69DEF7260916}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C82BB209-F528-46F9-96D5-69DEF7260916}\ not found.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:3C282BEA deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:17BBEBBB deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A9DDC4C9 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:1D317030 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:C5AE4E07 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:8247A199 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:8BA6C9F8 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:21622A66 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:538B96B5 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:70E897B5 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:0E22C5DB deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:270A3983 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:0EC7A545 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:9F38BF31 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:639F0420 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:97C4F81F deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A31B5E9B deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:90865A6D deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:710F4DBF deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:569CEE83 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:2BC498A4 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:C22674B6 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:537E6E55 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:71004506 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:108D3361 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:FC2D0F32 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:E5294695 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5FFC2819 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:32A82570 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D055FC10 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:8F4E260C deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:8E7F155B deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:737160C1 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:27D1368B deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A56D6987 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:89A5891E deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5AE33054 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:C0DFB793 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:FDDD8917 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:260575F1 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D48500F8 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:C86B29EB deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:61AF2B29 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:F1DEA771 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:CF61CE5A deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:1F7A10DD deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D507B5A8 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:996104FC deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:8DB31C20 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:24FECE50 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:1AC933DC deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:E51234A9 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:708BB0FA deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:53DF59D1 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:0AC32449 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:F84B8DB5 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:51F17BB8 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:3D36932D deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:FACB65E7 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:09064307 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:F1175E1D deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:EF4FB3C5 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:93F3E4C9 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:90D89144 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:1B927722 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:BF2E2F0E deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:99A29126 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:957E9765 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:918B7566 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:3E06C78F deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:EEB25EAE deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:EAFDF1CF deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:43301D1D deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:3C5ABDC7 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:EC0A74A1 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:78E0DF72 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:4911BB5C deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:B91EDB04 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:CB0EB1DE deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A2907225 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:4673E9EA deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A745DB5D deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:ED810E46 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:C07A6A6B deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:7A0EFE63 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:43982D5E deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:B904C348 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A6116FBB deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:85C3B823 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:FC8FFA4E deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:92A815D8 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5E9B629B deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5BC73C48 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:4A77A28B deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:BEB6D0B2 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D31BE97C deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:4573A78F deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:409A775B deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:123A86B5 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:DC21D414 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:68EF6203 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:EDC744FB deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:E7B4296D deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:2495D97A deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:C72A744C deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:6F19AC49 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:4AA3DAA3 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:E732B44B deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:ADE67221 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:AA45298E deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:89C28CF6 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:7E082023 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:61B54B15 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:0F38B460 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:988216DA deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D1AD90C3 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A3B8F70C deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:870649A4 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:FED25C29 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:7FCB9D0D deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:25249477 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:04CE8640 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:E895790F deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:B37E855B deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:80F63EC3 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:6017A808 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5E413CD6 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:6F0B6A5A deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:596E2371 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:3D186293 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:EF5B3572 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A167A0BB deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:6C5F84F1 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:7FD903D7 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:341C1FBD deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:177313FB deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:1181620C deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:FC4EA67C deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:F8435088 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A3251D01 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:700B9342 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:36FFA2FB deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:26FBC1F9 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:067F588D deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:41289DF0 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:33DB8278 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:0CFA7D7D deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:EB42AC3C deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:E80802C7 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D390A6A7 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A7596EAE deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:89CF6F9C deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:55F44B88 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5025C6E4 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:4C528C86 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A9662AE0 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:9E3E060F deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:88698068 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:55374FBA deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:2871B698 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:225CD7D5 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:ED2998F5 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:EC2762B9 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:BA05E0C4 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A58B27C9 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:7B2BB690 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5EF1AD34 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:3FD496E1 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:38B32B54 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:13EF4AF6 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:08D8BB20 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:EA10407C deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:DB77E2C4 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:8F067037 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:8DF68137 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:6E86D926 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:59C113EC deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:072F1F69 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:EB40BC91 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:B8384DB6 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:AB7A26C6 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A02025CE deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:1B7E2022 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D8F9D810 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D2397415 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:BDD9C638 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:6352F3F9 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5C6EBC69 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:598E0FFA deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:405D842B deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:3AB8D21A deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:275AA066 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:DA9A5EA8 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:71612023 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:6AF67671 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:55BB2521 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:237E4B91 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:DE47A3DA deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:CC4C59B4 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:96C9689F deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:7C4DF735 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:7C412B92 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5F1019FF deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:33EA030E deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:2B1EA607 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:F45F3031 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:E1D6C864 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:C0A9D0E7 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:6FE17A89 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:63CFD724 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:1F67CD26 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:EC2381A4 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:C10635F6 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:0D278FB5 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:07241935 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:E91ADC66 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:DFC3B090 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D92485C9 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A6CDBCAC deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:7A0FEE87 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:102394C6 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D2D4B33E deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:AA60673F deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A561576B deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:8401B6D5 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:7AA6FC81 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:6F1F66C0 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:090FB735 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:00D5EBC2 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:BC38C00C deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:42509EA1 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:3313A48D deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:14750D76 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:0DAD93FF deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:F67AAFC5 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:E3CEEC4C deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:CB16385F deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:B845F669 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:40D8F125 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:C8E82994 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:51E1A4D8 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:3B812EE0 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:E32966C0 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:55E1514E deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:551BED5F deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:614F17D3 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:0F38F234 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:BB3CECA4 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:6710EF08 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:4FE30352 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D226A81A deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A7DA2BCD deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:9ACB70D7 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:561B1D2B deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:1C6CB897 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D0668210 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:B6FD7157 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:89C6F032 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D74B6CF5 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:7881FECE deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:69AF9D20 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:98AE08EA deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:67C320D1 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:3473F385 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:12D2EB9C deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:F2AF86D9 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A07E3E9D deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:6444B424 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:4FE42FFC deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:3118E26B deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:C90483D2 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A3750BE5 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:60A4BB64 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:538A9F02 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:DE6EED8B deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:BDAA2587 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:52641FBE deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:31106FCB deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:EE39C93C deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:1A8BB29B deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:17D88661 deleted successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"FirewallOverride"|dword:00000000 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\\"DisableMonitoring"|dword:00000000 /E : value set successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 16786 bytes

User: Stephanie.STEPH
->Temp folder emptied: 298532 bytes
->Temporary Internet Files folder emptied: 132841501 bytes
->Java cache emptied: 103249994 bytes
->Google Chrome cache emptied: 8120210 bytes
->Flash cache emptied: 1622277 bytes

User: y

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 180707 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 235.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: Stephanie.STEPH
->Flash cache emptied: 0 bytes

User: y

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.1.37.0 log created on 03132010_152533

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


#10 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:08:07 PM

Posted 14 March 2010 - 12:04 PM

Ok lets try this.
  • Go to Kaspersky and Download TDSSKiller.zip.
  • Extract the contents of TDSSKiller.zip to your Desktop.
  • Double click on TDSSKiller.exe to run it.
  • If it finds something and asks you what to do, follow the instructions to type in "delete".
  • When done, a log file should be created on your C: drive called TDSSKiller.txt please post this log in your next reply.

unite.jpg


#11 whatazoo

whatazoo
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:07 PM

Posted 14 March 2010 - 05:30 PM

Nothing to delete, no log. I tried to paste a copy of the screen, but I can't. Here is what it says:

TDSS rootkit removing tool. Kaspersky Lab. 2010
version 2.2.8 Mar 10 2010 15:53:20

Scanning Services...

Scanning Kernel memory ...
Driver "nvata" infected by TDSS rootkit!
File "C:\WINDOWS\system32\DRIVERS\nvata.sys" infected by TDSS rootkit ... cure failed

Completed

Results:
Memory objected infected / cured / cured on reboot: 1 / 0 / 0
Registry objects infected / cured / cured on reboot: 0 / 0 / 0
File objects infected / cured / cured on reboot: 1 / 0 / 0

Press any key to continue...


I restarted and ran the tool again and got the same message.
Stephanie

#12 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:08:07 PM

Posted 14 March 2010 - 06:52 PM

Please try this instead, if this doesn't work we will do a manual removal.

This scanner won't produce a log so if it finds anything please note it down and post in in your reply.

Please download Hitman Pro 3.5 and save it to your Desktop.

Double click HitmanPro35.exe and select run.
Click Next then accept the licence agreement and click Next again.
Hitman Pro will now scan your computer.
If it finds anything in the scan results click Next.
You will then be asked for product activation, select Activate free licence then ok.
Click Next and if asked to delete on reboot, click Next again then Reboot.

unite.jpg


#13 whatazoo

whatazoo
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:07 PM

Posted 14 March 2010 - 07:29 PM

I worked (at least so far so good...).

Here is what Hitman found:
nvata.sys (delete)
c:\windows\system32\drivers

Suspicious (do not delete)
MPCDx.ax
RLAPEDec.ax
RLMPCDec.ax
These were potentially malicious, all under C:\Windows\system32

It scanned on reboot and only found the 3.
Stephanie

#14 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:08:07 PM

Posted 15 March 2010 - 12:32 PM

Them 3 files look like false positives to me, but lets get them checked to be sure

Please click this link-->Virustotal
When the Virustotal page has finished loading, click the Browse button and navigate to the following file and click Submit.

C:\Windows\system32\MPCDx.ax
C:\Windows\system32\RLAPEDec.ax
C:\Windows\system32\RLMPCDec.ax

Please post back with the link to the scan results, in your next post.
If Virustotal is busy, try the same at Jotti: http://virusscan.jotti.org/


Then please run a new OTL scan and post the fresh log, also please let me know if you are still having any problems.

Thanks

unite.jpg


#15 whatazoo

whatazoo
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:07 PM

Posted 16 March 2010 - 06:55 PM

I have had no more problems since the last fix. Here are the logs you requested.

Filename: MPCDx.ax
Status: Scan finished. 1 out of 21 scanners reported malware.
Scan taken on: Mon 16 Nov 2009 08:36:26 (CET) Permalink

Filename: RLAPEDec.ax
Status: Scan finished. 0 out of 21 scanners reported malware.
Scan taken on: Mon 12 Oct 2009 22:07:34 (CET)

Filename: RLMPCDec.ax
Status: Scan finished. 0 out of 21 scanners reported malware.
Scan taken on: Tue 14 Jul 2009 11:26:41 (CET)

OTL logfile created on: 3/16/2010 5:45:30 PM - Run 2
OTL by OldTimer - Version 3.1.37.0 Folder = C:\Documents and Settings\Stephanie.STEPH\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

959.00 Mb Total Physical Memory | 258.00 Mb Available Physical Memory | 27.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 63.99 Gb Total Space | 5.67 Gb Free Space | 8.86% Space Free | Partition Type: NTFS
Drive D: | 9.51 Gb Total Space | 1.40 Gb Free Space | 14.68% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
Drive F: | 232.88 Gb Total Space | 20.40 Gb Free Space | 8.76% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: STEPH
Current User Name: Stephanie
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/03/13 15:27:14 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Stephanie.STEPH\Desktop\OTL.exe
PRC - [2010/02/12 18:04:48 | 001,611,368 | ---- | M] (Speedbit Ltd.) -- F:\Program Files\DAP\SpeedBit Video Accelerator\VideoAccelerator.exe
PRC - [2010/02/12 18:04:48 | 000,300,656 | ---- | M] (Speedbit Ltd.) -- F:\Program Files\DAP\SpeedBit Video Accelerator\VideoAcceleratorService.exe
PRC - [2010/02/12 18:04:48 | 000,140,920 | ---- | M] (Speedbit Ltd.) -- F:\Program Files\DAP\SpeedBit Video Accelerator\VideoAcceleratorEngine.exe
PRC - [2010/02/12 18:00:16 | 002,803,200 | ---- | M] (SpeedBit Ltd.) -- F:\Program Files\DAP\DAP.exe
PRC - [2010/01/04 12:36:28 | 002,893,624 | ---- | M] (Mozy, Inc.) -- C:\Program Files\MozyHome\mozystat.exe
PRC - [2009/10/20 20:39:28 | 000,340,456 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
PRC - [2009/10/20 20:34:38 | 000,207,376 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtblfs.exe
PRC - [2009/10/08 13:13:52 | 000,818,288 | ---- | M] (The Weather Channel Interactive, Inc.) -- C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
PRC - [2009/08/05 11:37:58 | 012,313,432 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
PRC - [2009/07/20 12:30:50 | 000,813,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2009/07/10 12:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2009/06/22 21:23:38 | 000,196,424 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
PRC - [2008/10/31 14:23:06 | 000,045,056 | ---- | M] (The Nielsen Company) -- C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe
PRC - [2008/10/17 16:41:04 | 000,185,872 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/19 05:33:46 | 000,282,624 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
PRC - [2007/08/31 13:21:20 | 003,286,352 | ---- | M] (Webshots.com) -- C:\Program Files\Webshots\Webshots.scr
PRC - [2006/11/02 21:40:12 | 000,174,656 | ---- | M] () -- C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
PRC - [2006/05/11 14:30:42 | 002,064,384 | ---- | M] (ACNielsen) -- C:\Program Files\ACNielsen\Homescan Internet Transporter\HSTrans.exe
PRC - [2003/05/15 02:19:50 | 000,217,193 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
PRC - [2003/05/07 13:21:00 | 001,413,184 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2002/03/18 05:00:57 | 000,188,416 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
PRC - [2001/01/10 17:15:08 | 000,094,208 | ---- | M] () -- C:\QUICKENW\qagent.exe
PRC - [2000/05/31 14:20:34 | 000,065,024 | ---- | M] (Marimba Inc.) -- C:\WINDOWS\system32\mrtMngr.exe


========== Modules (SafeList) ==========

MOD - [2010/03/13 15:27:14 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Stephanie.STEPH\Desktop\OTL.exe
MOD - [2009/08/21 13:43:50 | 000,151,552 | ---- | M] (The Nielsen Company) -- C:\Program Files\NetRatingsNetSight\NetSight\meter4\nphooks.dll
MOD - [2009/08/21 13:37:30 | 000,225,280 | ---- | M] (The Nielsen Company) -- C:\Program Files\NetRatingsNetSight\NetSight\meter4\nscore.dll
MOD - [2009/08/21 13:35:30 | 000,348,160 | ---- | M] () -- C:\Program Files\NetRatingsNetSight\NetSight\meter4\communication.dll
MOD - [2009/08/13 18:57:52 | 000,212,992 | ---- | M] () -- C:\Program Files\NetRatingsNetSight\NetSight\nsmmc.dll
MOD - [2009/07/20 12:29:06 | 000,045,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\lgscroll.dll
MOD - [2009/07/20 12:25:22 | 000,064,016 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\GameHook.dll
MOD - [2009/07/12 02:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
MOD - [2005/10/14 21:57:46 | 000,499,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\NetRatingsNetSight\NetSight\meter4\msvcp71.dll
MOD - [2005/10/14 21:57:46 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Program Files\NetRatingsNetSight\NetSight\meter4\msvcr71.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/02/12 18:04:48 | 000,300,656 | ---- | M] (Speedbit Ltd.) [Auto | Running] -- F:\Program Files\DAP\SpeedBit Video Accelerator\VideoAcceleratorService.exe -- (VideoAcceleratorService)
SRV - [2009/11/24 13:43:00 | 000,078,104 | ---- | M] (iWin Inc.) [Disabled | Stopped] -- C:\Program Files\iWin Games\iWinTrusted.exe -- (iWinTrusted)
SRV - [2009/10/20 20:39:28 | 000,340,456 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe -- (AVP)
SRV - [2009/07/20 12:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2008/08/18 12:22:44 | 000,382,320 | ---- | M] (SupportSoft, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\supportsoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2008/01/08 12:02:16 | 001,213,728 | ---- | M] (SupportSoft, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe -- (sprtlisten)
SRV - [2006/11/02 21:40:12 | 000,174,656 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Protexis\License Service\PSIService.exe -- (ProtexisLicensing)
SRV - [2006/05/08 11:49:02 | 000,098,304 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Disabled | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe -- (AddFiltr)
SRV - [2004/06/15 14:29:42 | 000,380,928 | ---- | M] (RealVNC Ltd.) [Disabled | Stopped] -- C:\Program Files\RealVNC\VNC4\WinVNC4.exe -- (WinVNC4)
SRV - [2003/05/07 13:21:00 | 001,413,184 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)


========== Driver Services (SafeList) ==========

DRV - [2010/03/14 18:16:55 | 000,099,584 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2010/01/26 07:55:42 | 000,315,408 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2009/10/14 21:18:34 | 000,036,880 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\klbg.sys -- (klbg)
DRV - [2009/10/02 19:39:44 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009/09/14 14:42:46 | 000,032,272 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
DRV - [2009/09/01 15:29:50 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1)
DRV - [2009/08/21 13:51:16 | 000,009,088 | ---- | M] (The Nielsen Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nielgfx.sys -- (NielGfx)
DRV - [2009/08/21 13:50:40 | 000,024,192 | ---- | M] (The Nielsen Company) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nielprt.sys -- (nielprt)
DRV - [2009/08/21 13:50:10 | 000,015,360 | ---- | M] (The Nielsen Company) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\nnrnstdi.sys -- (nnrnstdi)
DRV - [2009/08/21 13:44:56 | 000,009,088 | ---- | M] (The Nielsen Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\km_filter.sys -- (km_filter)
DRV - [2009/06/17 10:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/06/17 10:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2008/12/18 23:44:00 | 000,028,816 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2008/12/18 23:43:18 | 000,010,384 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2008/10/23 01:58:36 | 001,391,104 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2008/07/24 20:09:33 | 000,102,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2008/05/08 08:02:52 | 000,203,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rmcast.sys -- (RMCAST)
DRV - [2008/04/28 20:22:10 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2008/04/13 12:39:44 | 000,092,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mqac.sys -- (MQAC)
DRV - [2008/04/13 12:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 12:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 10:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/03/28 01:14:00 | 000,224,672 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2007/12/06 23:12:00 | 000,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mcstrm.sys -- (MCSTRM)
DRV - [2007/11/01 08:26:36 | 000,989,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007/11/01 08:25:32 | 000,211,456 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2007/11/01 08:25:22 | 000,731,520 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007/06/08 17:02:04 | 000,019,640 | ---- | M] (SonicWALL Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SSLDrv.sys -- (SSLDrv)
DRV - [2007/01/15 17:18:30 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2006/09/27 17:10:00 | 003,694,656 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2006/07/26 22:44:42 | 000,581,632 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAud.sys -- (HdAudAddService)
DRV - [2006/07/01 22:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/06/06 14:39:56 | 000,061,952 | ---- | M] (Ricoh) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\5U870CAP.sys -- (5U870CAP_VID_1262&PID_25FD)
DRV - [2006/05/12 14:05:02 | 000,057,320 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006/03/05 23:49:36 | 000,011,136 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2006/03/02 18:31:04 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/03/02 18:31:02 | 000,034,176 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006/01/27 00:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\nvatabus.sys -- (nvatabus)
DRV - [2005/12/19 16:02:36 | 000,060,572 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2005/12/19 16:02:36 | 000,028,449 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2005/11/15 22:28:32 | 000,028,928 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/10/31 20:08:00 | 000,308,992 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/10/31 19:54:50 | 000,051,584 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/10/13 03:07:12 | 000,874,240 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2005/09/19 15:24:20 | 000,005,760 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2005/09/19 15:23:52 | 000,007,808 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2004/08/04 00:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/05/07 13:22:16 | 000,268,874 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2003/05/01 13:26:34 | 000,005,220 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2003/03/03 14:08:56 | 000,176,896 | ---- | M] (Zone Labs Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2002/08/26 17:09:42 | 000,138,916 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2001/08/17 23:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 23:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 23:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 23:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 23:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 22:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 22:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 22:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 22:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 22:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 22:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 22:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 22:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 22:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 22:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2000/05/31 14:20:34 | 000,034,712 | ---- | M] (Marimba, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\MrtRate.sys -- (mrtRate)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.myway.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/10/17 16:41:28 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2010/03/11 19:44:50 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O2 - BHO: (Big Fish Games Toolbar) - {C7C9FC25-88B0-4682-9C9F-2608E9117647} - C:\Program Files\BfgBar\bfg.dll ()
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O2 - BHO: (DAPIELoader Class) - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - F:\Program Files\DAP\dapieloader.dll (SpeedBit Ltd.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKLM\..\Toolbar: (Big Fish Games Toolbar) - {C7C9FC25-88B0-4682-9C9F-2608E9117647} - C:\Program Files\BfgBar\bfg.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\CHDAudPropShortcut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe (HP)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (Macrovision Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [MegaPanel] C:\Program Files\ACNielsen\Homescan Internet Transporter\HSTrans.exe (ACNielsen)
O4 - HKLM..\Run: [MsmqIntCert] C:\WINDOWS\System32\mqrt.dll (Microsoft Corporation)
O4 - HKLM..\Run: [NielsenOnline] C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe (The Nielsen Company)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [QAGENT] C:\QUICKENW\qagent.exe ()
O4 - HKLM..\Run: [RecGuard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [DownloadAccelerator] F:\Program Files\DAP\DAP.EXE (SpeedBit Ltd.)
O4 - HKCU..\Run: [DW6] C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe (The Weather Channel Interactive, Inc.)
O4 - HKCU..\Run: [SpeedBitVideoAccelerator] F:\Program Files\DAP\SpeedBit Video Accelerator\VideoAccelerator.exe (Speedbit Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\StartUp\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\StartUp\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\StartUp\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\StartUp\MozyHome Status.lnk = C:\Program Files\MozyHome\mozystat.exe (Mozy, Inc.)
O4 - Startup: C:\Documents and Settings\Stephanie.STEPH\Start Menu\Programs\StartUp\Webshots.lnk = C:\Program Files\Webshots\Launcher.exe (Webshots.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Clean Traces - F:\Program Files\DAP\Privacy Package\dapcleanerie.htm ()
O8 - Extra context menu item: &Download with &DAP - F:\Program Files\DAP\dapextie.htm ()
O8 - Extra context menu item: Download &all with DAP - F:\Program Files\DAP\dapextie2.htm ()
O9 - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - F:\Program Files\DAP\SpeedBit Video Accelerator\sblsp.dll (Speedbit Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - F:\Program Files\DAP\SpeedBit Video Accelerator\sblsp.dll (Speedbit Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - F:\Program Files\DAP\SpeedBit Video Accelerator\sblsp.dll (Speedbit Ltd.)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} http://h50203.www5.hp.com/HPISWeb/Customer...DataManager.CAB (Hewlett-Packard Online Support Services)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {44C1E3A2-B594-401C-B27A-D1B4476E4797} https://69.145.158.26/XTSAC.cab (XTSAC Control)
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} http://apps.corel.com/nos_dl_manager_dev/p...IEGetPlugin.ocx (get_atlcom Class)
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab (HpProductDetection Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1241353972984 (MUWebControl Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/inst...tDetection2.cab (GMNRev Class)
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} https://69.145.158.26/msrdp.cab (Microsoft RDP Client Control (redist))
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinner.com/games/shared/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.10
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Stephanie.STEPH\Application Data\Webshots\The Webshots Desktop\Webshots Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Stephanie.STEPH\Application Data\Webshots\The Webshots Desktop\Webshots Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/03/12 16:53:51 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 22:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2010/03/12 15:53:54 | 000,000,000 | RHSD | M] - D:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2010/03/12 16:53:53 | 000,000,000 | RHSD | M] - F:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/03/15 21:07:06 | 000,000,000 | ---D | C] -- C:\aaReady to be Burned
[2010/03/14 21:35:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\custom matrices
[2010/03/14 21:35:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\QuickTime
[2010/03/14 21:35:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\C2MP
[2010/03/14 18:01:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/03/14 18:01:32 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2010/03/14 16:06:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stephanie.STEPH\Desktop\tdsskiller
[2010/03/14 07:40:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DefaultDirName
[2010/03/13 16:25:33 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/03/13 15:27:05 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Stephanie.STEPH\Desktop\OTL.exe
[2010/03/12 16:53:51 | 000,000,000 | RHSD | C] -- C:\autorun.inf
[2010/03/11 20:51:53 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/03/11 19:15:46 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/03/11 19:12:30 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/03/11 19:12:30 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/03/11 19:12:30 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/03/11 19:12:30 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/03/11 19:12:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/03/11 19:12:05 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010/03/11 19:11:31 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/03/10 21:08:59 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010/03/10 21:08:57 | 000,000,000 | ---D | C] -- C:\rsit
[2010/03/10 02:42:56 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2010/03/05 18:19:21 | 000,000,000 | ---D | C] -- C:\Program Files\HijackThis
[2010/03/05 16:47:31 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/03/05 08:07:49 | 000,000,000 | ---D | C] -- C:\Convert to DVD
[2010/03/04 19:49:34 | 001,184,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wvc1dmod.dll
[2010/03/04 19:49:34 | 000,626,688 | ---- | C] (On2.com) -- C:\WINDOWS\System32\vp7vfw.dll
[2010/03/04 19:49:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stephanie.STEPH\Application Data\Malwarebytes
[2010/03/04 19:48:54 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/04 19:48:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/03/04 19:48:51 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/04 19:48:51 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/02/27 16:43:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2010/02/27 16:40:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stephanie.STEPH\Application Data\WinBatch
[2010/02/27 16:34:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stephanie.STEPH\Local Settings\Application Data\MicroVision Applications
[2010/02/27 12:21:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2010/02/27 09:32:19 | 000,000,000 | ---D | C] -- F:\Stephanie's Documents\ConvertXToDVD
[2010/02/27 09:29:12 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Stephanie.STEPH\Application Data\pcouffin.sys
[2010/02/27 09:29:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stephanie.STEPH\Application Data\Vso
[2010/02/27 09:29:12 | 000,000,000 | ---D | C] -- F:\Stephanie's Documents\PcSetup
[2010/02/27 09:28:50 | 000,217,127 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\drv43260.dll
[2010/02/27 09:28:50 | 000,208,935 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\drv33260.dll
[2010/02/27 09:28:50 | 000,102,439 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\sipr3260.dll
[2010/02/27 09:28:49 | 000,176,165 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\drv23260.dll
[2010/02/27 09:28:49 | 000,065,602 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\cook3260.dll
[2010/02/27 09:28:46 | 000,000,000 | ---D | C] -- C:\Program Files\VSO
[2010/02/23 07:39:27 | 000,000,000 | --SD | C] -- F:\Stephanie's Documents\My DVDs
[2010/02/19 20:55:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\blg
[2010/02/17 20:44:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stephanie.STEPH\Application Data\WinRAR
[2010/02/17 19:21:08 | 000,000,000 | ---D | C] -- C:\Program Files\JDownloader
[2010/02/14 18:06:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2010/02/14 18:06:06 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2010/02/14 18:05:46 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2009/11/25 22:44:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\iWin
[2009/10/06 20:11:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/10/06 20:10:17 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/08/01 06:44:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/06/10 21:44:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\SupportSoft
[2009/05/29 18:17:24 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/02/06 18:50:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2008/05/29 09:51:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2005/09/24 09:49:16 | 000,012,288 | ---- | C] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\Fonts\RandFont.dll

========== Files - Modified Within 30 Days ==========

[2010/03/16 17:34:02 | 000,015,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/03/16 17:33:36 | 000,001,179 | ---- | M] () -- C:\hpqp.ini
[2010/03/16 17:33:35 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/16 17:32:55 | 000,172,099 | ---- | M] () -- C:\logfile
[2010/03/16 17:32:37 | 000,000,039 | ---- | M] () -- C:\XP_TV.ini
[2010/03/16 17:32:36 | 000,051,048 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/03/16 17:32:34 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2010/03/16 17:32:31 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/16 17:32:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/16 17:32:25 | 1005,170,688 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/16 13:21:27 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Stephanie.STEPH\ntuser.ini
[2010/03/16 13:21:26 | 010,747,904 | -H-- | M] () -- C:\Documents and Settings\Stephanie.STEPH\NTUSER.DAT
[2010/03/16 13:17:46 | 000,183,808 | ---- | M] () -- C:\Documents and Settings\Stephanie.STEPH\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/16 13:05:37 | 000,001,189 | ---- | M] () -- C:\Documents and Settings\Stephanie.STEPH\Application Data\vso_ts_preview.xml
[2010/03/14 21:06:35 | 000,455,802 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/14 21:06:35 | 000,075,750 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/14 21:06:34 | 000,540,792 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/14 20:59:43 | 002,184,944 | -H-- | M] () -- C:\Documents and Settings\Stephanie.STEPH\Local Settings\Application Data\IconCache.db
[2010/03/14 18:16:55 | 000,099,584 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\drivers\nvata.sys
[2010/03/14 18:12:57 | 000,000,370 | ---- | M] () -- C:\WINDOWS\System32\.crusader
[2010/03/14 16:10:39 | 000,048,128 | ---- | M] () -- F:\Stephanie's Documents\tdss results.doc
[2010/03/14 16:06:28 | 000,155,752 | ---- | M] () -- C:\Documents and Settings\Stephanie.STEPH\Desktop\tdsskiller.zip
[2010/03/13 15:27:14 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Stephanie.STEPH\Desktop\OTL.exe
[2010/03/13 14:29:33 | 000,000,562 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI
[2010/03/12 18:56:31 | 000,000,650 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/03/12 18:56:31 | 000,000,293 | RHS- | M] () -- C:\boot.ini
[2010/03/12 18:56:31 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/03/11 19:44:50 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/03/11 07:09:39 | 000,001,768 | -H-- | M] () -- F:\Stephanie's Documents\Default.rdp
[2010/03/10 22:44:09 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/03/07 12:33:31 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Stephanie.STEPH\defogger_reenable
[2010/03/07 12:32:25 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Stephanie.STEPH\Desktop\Defogger.exe
[2010/03/07 10:15:19 | 000,000,525 | ---- | M] () -- C:\Documents and Settings\Stephanie.STEPH\Desktop\Shortcut to HijackThis.lnk
[2010/03/06 19:25:49 | 000,019,968 | ---- | M] () -- F:\Stephanie's Documents\401 Day 4 7.doc
[2010/03/06 16:17:29 | 000,000,676 | ---- | M] () -- C:\Documents and Settings\Stephanie.STEPH\Start Menu\Programs\StartUp\Webshots.lnk
[2010/03/05 16:53:20 | 001,337,472 | ---- | M] () -- F:\Stephanie's Documents\cc_20100305_155300.reg
[2010/03/04 19:58:15 | 000,099,584 | ---- | M] () -- C:\WINDOWS\System32\drivers\kav_nvata.sys
[2010/03/04 19:50:00 | 000,047,360 | ---- | M] (VSO Software) -- C:\Documents and Settings\Stephanie.STEPH\Application Data\pcouffin.sys
[2010/03/04 19:50:00 | 000,007,887 | ---- | M] () -- C:\Documents and Settings\Stephanie.STEPH\Application Data\pcouffin.cat
[2010/03/04 19:50:00 | 000,001,144 | ---- | M] () -- C:\Documents and Settings\Stephanie.STEPH\Application Data\pcouffin.inf
[2010/03/02 18:00:00 | 004,555,278 | ---- | M] () -- C:\WINDOWS\System32\libavcodec.dll
[2010/03/02 18:00:00 | 003,672,064 | ---- | M] () -- C:\WINDOWS\System32\ffdshow.ax
[2010/03/02 18:00:00 | 001,449,935 | ---- | M] () -- C:\WINDOWS\System32\ffmpegmt.dll
[2010/03/02 18:00:00 | 000,882,688 | ---- | M] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/03/02 18:00:00 | 000,877,385 | ---- | M] () -- C:\WINDOWS\System32\ff_x264.dll
[2010/03/02 18:00:00 | 000,556,491 | ---- | M] () -- C:\WINDOWS\System32\libmplayer.dll
[2010/03/02 18:00:00 | 000,336,384 | ---- | M] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2010/03/02 18:00:00 | 000,324,096 | ---- | M] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2010/03/02 18:00:00 | 000,248,320 | ---- | M] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
[2010/03/02 18:00:00 | 000,216,576 | ---- | M] () -- C:\WINDOWS\System32\ff_libdts.dll
[2010/03/02 18:00:00 | 000,169,984 | ---- | M] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2010/03/02 18:00:00 | 000,151,552 | ---- | M] () -- C:\WINDOWS\System32\ff_libmad.dll
[2010/03/02 18:00:00 | 000,145,408 | ---- | M] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2010/03/02 18:00:00 | 000,121,856 | ---- | M] () -- C:\WINDOWS\System32\ff_liba52.dll
[2010/03/02 18:00:00 | 000,116,736 | ---- | M] () -- C:\WINDOWS\System32\ff_tremor.dll
[2010/03/02 18:00:00 | 000,100,864 | ---- | M] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2010/03/02 18:00:00 | 000,097,792 | ---- | M] () -- C:\WINDOWS\System32\ff_unrar.dll
[2010/03/02 18:00:00 | 000,085,504 | ---- | M] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/03/01 23:36:14 | 000,005,406 | ---- | M] () -- C:\WINDOWS\mozy.blk
[2010/03/01 23:36:14 | 000,003,402 | ---- | M] () -- C:\WINDOWS\mozy.flt
[2010/02/27 16:55:07 | 008,180,736 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2010/02/27 16:55:07 | 004,041,728 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2010/02/27 16:21:37 | 000,376,056 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/02/24 07:15:13 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/02/17 11:07:36 | 000,000,426 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI
[2010/02/17 07:29:00 | 000,072,080 | ---- | M] () -- C:\Documents and Settings\Stephanie.STEPH\g2mdlhlpx.exe

========== Files Created - No Company Name ==========

[2010/03/14 18:12:57 | 000,000,370 | ---- | C] () -- C:\WINDOWS\System32\.crusader
[2010/03/14 18:01:58 | 000,015,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/03/14 16:10:38 | 000,048,128 | ---- | C] () -- F:\Stephanie's Documents\tdss results.doc
[2010/03/14 16:06:45 | 000,155,752 | ---- | C] () -- C:\Documents and Settings\Stephanie.STEPH\Desktop\tdsskiller.zip
[2010/03/11 19:15:54 | 000,000,223 | ---- | C] () -- C:\Boot.bak
[2010/03/11 19:15:48 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/03/11 19:12:30 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/03/11 19:12:30 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/03/11 19:12:30 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/03/11 19:12:30 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/03/11 19:12:30 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/03/07 12:33:31 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Stephanie.STEPH\defogger_reenable
[2010/03/07 12:32:28 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Stephanie.STEPH\Desktop\Defogger.exe
[2010/03/07 10:15:19 | 000,000,525 | ---- | C] () -- C:\Documents and Settings\Stephanie.STEPH\Desktop\Shortcut to HijackThis.lnk
[2010/03/05 23:01:02 | 000,019,968 | ---- | C] () -- F:\Stephanie's Documents\401 Day 4 7.doc
[2010/03/05 16:53:06 | 001,337,472 | ---- | C] () -- F:\Stephanie's Documents\cc_20100305_155300.reg
[2010/03/04 19:31:02 | 000,099,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\kav_nvata.sys
[2010/03/02 18:00:00 | 004,555,278 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2010/03/02 18:00:00 | 003,672,064 | ---- | C] () -- C:\WINDOWS\System32\ffdshow.ax
[2010/03/02 18:00:00 | 001,449,935 | ---- | C] () -- C:\WINDOWS\System32\ffmpegmt.dll
[2010/03/02 18:00:00 | 000,882,688 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/03/02 18:00:00 | 000,877,385 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2010/03/02 18:00:00 | 000,556,491 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2010/03/02 18:00:00 | 000,336,384 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2010/03/02 18:00:00 | 000,324,096 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2010/03/02 18:00:00 | 000,248,320 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
[2010/03/02 18:00:00 | 000,216,576 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2010/03/02 18:00:00 | 000,169,984 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2010/03/02 18:00:00 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2010/03/02 18:00:00 | 000,145,408 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2010/03/02 18:00:00 | 000,121,856 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2010/03/02 18:00:00 | 000,116,736 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll
[2010/03/02 18:00:00 | 000,100,864 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2010/03/02 18:00:00 | 000,097,792 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2010/03/02 18:00:00 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/02/27 09:30:42 | 000,001,189 | ---- | C] () -- C:\Documents and Settings\Stephanie.STEPH\Application Data\vso_ts_preview.xml
[2010/02/27 09:29:24 | 000,000,034 | ---- | C] () -- C:\Documents and Settings\Stephanie.STEPH\Application Data\pcouffin.log
[2010/02/27 09:29:12 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Stephanie.STEPH\Application Data\pcouffin.cat
[2010/02/27 09:29:12 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Stephanie.STEPH\Application Data\pcouffin.inf
[2010/02/06 21:19:08 | 000,000,562 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2009/11/26 13:06:22 | 000,000,426 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2009/11/14 12:37:08 | 000,154,112 | ---- | C] () -- C:\WINDOWS\System32\ts.dll
[2009/11/14 12:33:38 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll
[2009/11/14 12:11:50 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\avss.dll
[2009/11/14 12:11:42 | 000,150,016 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll
[2009/11/14 12:11:42 | 000,141,824 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll
[2009/11/14 12:11:40 | 000,123,392 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll
[2009/11/14 12:11:40 | 000,109,568 | ---- | C] () -- C:\WINDOWS\System32\avi.dll
[2009/11/14 12:11:38 | 000,097,792 | ---- | C] () -- C:\WINDOWS\System32\avs.dll
[2009/11/14 12:11:32 | 000,080,384 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll
[2009/11/14 12:11:32 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll
[2009/11/11 22:07:10 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Stephanie.STEPH\Application Data\seed.log
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/07/07 21:15:47 | 000,005,084 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ypkpiykb.yyr
[2009/07/07 21:13:48 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2009/06/07 10:24:04 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/04/30 17:50:39 | 000,000,138 | ---- | C] () -- C:\Documents and Settings\Stephanie.STEPH\Local Settings\Application Data\fusioncache.dat
[2009/04/30 17:50:39 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Stephanie.STEPH\Local Settings\Application Data\DSwitch.txt
[2009/04/30 17:50:39 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Stephanie.STEPH\Local Settings\Application Data\AtStart.txt
[2009/04/30 17:50:38 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Stephanie.STEPH\Local Settings\Application Data\QSwitch.txt
[2009/03/26 20:09:52 | 000,038,475 | ---- | C] () -- C:\Documents and Settings\Stephanie.STEPH\Application Data\Comma Separated Values (Windows).ADR
[2009/01/31 17:29:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PhantomOfVenice.INI
[2009/01/10 16:15:44 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\mmfinfo.dll
[2008/11/14 19:25:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Game.INI
[2008/11/06 10:37:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/10/17 16:42:11 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/03/02 14:25:26 | 000,034,816 | ---- | C] () -- C:\WINDOWS\System32\~bwcrc32.dll
[2008/02/28 15:30:08 | 000,008,520 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2008/01/14 17:47:06 | 000,099,712 | ---- | C] () -- C:\WINDOWS\HPBroker.dll
[2007/12/13 08:00:58 | 000,000,022 | ---- | C] () -- C:\Documents and Settings\Stephanie.STEPH\Local Settings\Application Data\kodakpcd.ini
[2007/11/10 10:37:44 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\7466BC9E27.sys
[2007/10/22 20:32:04 | 000,127,042 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2007/10/18 19:38:27 | 000,000,028 | ---- | C] () -- C:\WINDOWS\ICOA.INI
[2007/10/18 19:38:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QFN.ini
[2007/10/18 19:38:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QDQICK.ini
[2007/10/17 21:33:45 | 000,000,027 | ---- | C] () -- C:\WINDOWS\SmartAudio.INI
[2007/10/17 19:24:25 | 000,000,110 | ---- | C] () -- C:\WINDOWS\System32\ftdiun2k.ini
[2007/10/17 18:01:14 | 000,000,052 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2007/10/16 19:25:06 | 000,183,808 | ---- | C] () -- C:\Documents and Settings\Stephanie.STEPH\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/10/16 19:25:06 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Stephanie.STEPH\Local Settings\Application Data\FnF4.txt
[2007/10/13 03:30:20 | 000,000,137 | ---- | C] () -- C:\WINDOWS\System32\Registration.ini
[2006/09/15 02:51:20 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/09/15 02:39:49 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/09/15 02:34:35 | 000,028,836 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/05/10 15:51:00 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/05/10 15:03:42 | 000,000,680 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2006/05/10 15:01:12 | 000,000,059 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/05/10 14:57:30 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/04/26 13:48:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/04/26 13:48:00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/04/26 13:48:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/04/26 13:48:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/04/26 13:48:00 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2005/12/02 12:09:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/05/05 20:06:32 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2004/09/16 14:24:26 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 198 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E66FFABE
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D74B6CF5
< End of report >





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users