Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google and yahoo search redirect windows xp64bit


  • This topic is locked This topic is locked
22 replies to this topic

#1 berighteous

berighteous

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:18 PM

Posted 03 June 2010 - 11:34 PM

Hi!
I had a thread on am I infected, and the person helping me told me to start a thread here.

My google and yahoo searches are being redirected to who knows where. When I do a google search and click on a link it sits for about 20-25 seconds and then redirects me to somewhere completely unrelated to whatever I was clicking on.

Whenever I click on a google or yahoo link it sits there saying "waiting for " whatever for like 15 seconds or more and then redirects to who knows where.
If I right click on the link and copy and paste the link into the browser it takes me right where it's supposed to go.

Clicking on this same link from a google search page:
hxxp://www.imdb.com/name/nm0000232/

has taken me to:
hxxp://www.aawaterjet.com/

hxxp://www.upliftsearch.com/?keyword=stone&aid=1893&cid=1692&subid=38628

hxxp://search.us.b00kmarks.com/view.php?q=what%20is%20health&f=613&affiliate=50406-38450

hxxp://www.superpages.com/bp/Pine-Bush-NY/David-J-Gros-Contracting-L2114561024.htm?lbp=1&PGID=midas112.8083.1275379860242.2099268102&bidType=CLIK&TR=1

hxxp://tridentityshield.com/products/free-trial.php?utm_source=LookSmart&utm_medium=plm&utm_campaign=Credit+Reporting&utm_extra=dim1/Credit+Reporting//dim2/Exact&utm_term=credit+bureaus

I'm running Windows XP Pro 64-bit. Redirects happen in both IE and firefox. Sometimes firefox crashes clicking on a link. Google Chrome and Safari seem to not be redirected, but I don't usually use those browsers. I usually run firefox.

He suggested I run defogger, which I did, but I'm still being redirected.


I read the preparation guide but I don't have any logs because DDS doesn't work on Windows XP Pro 64 and GMER didn't find anything.

dds said "this tool does not support your operating system." Again, I'm running Windows XP pro 64-bit.

when I ran gmer berfore (and now) the
system
sections
IAT/EAT
Devices
Modules
Processes
Threads
Libraries
are grayed out and unchecked.



This is frustrating. Thanx for your help

Edited by Orange Blossom, 04 June 2010 - 04:06 PM.
Deactivate links. ~ OB


BC AdBot (Login to Remove)

 


#2 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:04:18 AM

Posted 06 June 2010 - 01:34 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE



Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#3 berighteous

berighteous
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:18 PM

Posted 06 June 2010 - 02:32 PM

As I said before in my first post:

DDS doesn't run on Win XP 64 bit. Gmer gave me nothing, no log. it found nothing. I already did this and I thought I explained it fairly completely, including screen shots...
Can you please help me?

Edited by berighteous, 06 June 2010 - 04:05 PM.


#4 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:04:18 AM

Posted 08 June 2010 - 01:13 PM

Hello, berighteous
Welcome to the Bleeping Computer Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems.

If you do not make a reply in 4-5 days, we will have to close your topic.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.
  • Please set your system to show all files.
    Click Start, open My Computer, select the Tools menu and click Folder Options.
    Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
    Uncheck: Hide file extensions for known file types
    Uncheck the Hide protected operating system files (recommended) option.
    Click Yes to confirm.




  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemdrive%\*.sys /90 /md5
  5. Push the Quick Scan button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#5 berighteous

berighteous
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:18 PM

Posted 08 June 2010 - 07:49 PM

OTL logfile created on: 6/8/2010 6:39:17 PM - Run 1
OTL by OldTimer - Version 3.2.5.3 Folder = C:\Documents and Settings\Administrator\Desktop
64bit-Windows Server 2003 Service Pack 2 (Version = 5.2.3790) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 6.00 Gb Available Physical Memory | 72.00% Memory free
16.00 Gb Paging File | 9.00 Gb Available in Paging File | 60.00% Paging File free
Paging file location(s): c:\pagefile.sys 8191 15000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 107.42 Gb Total Space | 0.86 Gb Free Space | 0.80% Space Free | Partition Type: NTFS
Drive D: | 107.42 Gb Total Space | 28.35 Gb Free Space | 26.40% Space Free | Partition Type: NTFS
Drive E: | 250.91 Gb Total Space | 23.50 Gb Free Space | 9.37% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 980.45 Mb Total Space | 780.10 Mb Free Space | 79.57% Space Free | Partition Type: FAT32
Drive M: | 100.59 Gb Total Space | 2.38 Gb Free Space | 2.37% Space Free | Partition Type: NTFS
Drive N: | 100.59 Gb Total Space | 16.03 Gb Free Space | 15.94% Space Free | Partition Type: NTFS
Drive O: | 31.69 Gb Total Space | 1.82 Gb Free Space | 5.73% Space Free | Partition Type: FAT32
Drive P: | 298.09 Gb Total Space | 47.77 Gb Free Space | 16.02% Space Free | Partition Type: NTFS
Drive Q: | 465.75 Gb Total Space | 35.64 Gb Free Space | 7.65% Space Free | Partition Type: NTFS
Drive R: | 298.09 Gb Total Space | 48.92 Gb Free Space | 16.41% Space Free | Partition Type: NTFS
Drive S: | 465.76 Gb Total Space | 49.75 Gb Free Space | 10.68% Space Free | Partition Type: NTFS

Computer Name: PHENOM
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/06/08 18:38:11 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2010/06/02 18:50:58 | 001,144,104 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/06/02 08:48:18 | 002,065,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgtray.exe
PRC - [2010/05/29 13:34:24 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/05/22 23:21:30 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
PRC - [2010/05/20 12:56:44 | 000,943,600 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2010/04/23 05:39:00 | 000,136,616 | ---- | M] () -- C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe
PRC - [2010/04/04 00:39:37 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
PRC - [2010/04/02 22:05:28 | 003,359,600 | ---- | M] (MediaMall Technologies, Inc.) -- C:\Program Files (x86)\MediaMall\MediaMallServer.exe
PRC - [2009/05/26 21:06:32 | 004,351,216 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2009/04/18 15:30:57 | 000,079,360 | ---- | M] (Autodesk) -- C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
PRC - [2009/03/10 13:11:36 | 000,869,696 | ---- | M] (PC Tools Software) -- C:\Program Files (x86)\PC Tools Disk Suite\DSService.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/03/04 19:12:52 | 000,884,736 | ---- | M] (Live365) -- C:\Program Files (x86)\Live365\Radio365\Radio365TrayAgent.exe
PRC - [2009/02/02 11:27:17 | 000,474,112 | ---- | M] (Irfan Skiljan) -- C:\Program Files (x86)\IrfanView\i_view32.exe
PRC - [2009/01/07 17:16:03 | 000,655,624 | ---- | M] (Acresso Software Inc.) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2008/09/28 17:04:27 | 000,066,872 | ---- | M] () -- C:\WINDOWS\SysWOW64\PnkBstrA.exe
PRC - [2008/08/09 07:43:00 | 002,530,968 | ---- | M] (Just Great Software) -- C:\Program Files (x86)\JGsoft\EditPadLite\EditPadLite.exe
PRC - [2008/06/29 16:01:01 | 000,052,168 | ---- | M] (Elaborate Bytes AG) -- C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
PRC - [2008/04/09 16:01:56 | 000,505,208 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe Premiere Pro CS3\Adobe Premiere Pro.exe
PRC - [2008/03/31 19:54:06 | 000,507,904 | ---- | M] (Orb Networks) -- C:\Program Files (x86)\Winamp Remote\bin\OrbTray.exe
PRC - [2008/03/10 00:08:42 | 000,065,536 | ---- | M] () -- C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_64server.exe
PRC - [2008/01/29 20:19:32 | 000,073,728 | ---- | M] (Orb Networks, Inc.) -- C:\Program Files (x86)\Winamp Remote\bin\Orb.exe
PRC - [2007/10/19 13:18:48 | 000,113,176 | ---- | M] (Logitech Inc.) -- c:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
PRC - [2007/08/23 15:05:18 | 000,045,056 | ---- | M] () -- C:\Program Files (x86)\MagicTune Premium\MagicTuneEngine.exe
PRC - [2007/08/02 15:19:24 | 002,297,856 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files (x86)\RALINK\Common\RaUI.exe
PRC - [2007/05/30 02:52:10 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe Premiere Pro CS3\PhotoshopServer.exe
PRC - [2007/02/18 06:00:00 | 001,681,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
PRC - [2007/01/04 20:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2007/01/04 15:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
PRC - [2006/08/11 12:15:36 | 000,200,704 | ---- | M] (InterVideo Inc.) -- C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe
PRC - [2006/03/30 10:15:44 | 000,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files (x86)\Canon\CAL\CALMAIN.exe


========== Modules (SafeList) ==========

MOD - [2010/06/08 18:38:11 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
MOD - [2010/05/22 23:23:07 | 000,040,960 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
MOD - [2010/05/22 23:21:37 | 000,499,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\msvcp71.dll
MOD - [2010/05/22 23:21:37 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\msvcr71.dll
MOD - [2007/10/19 13:19:10 | 000,109,080 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrcInj.dll
MOD - [2007/02/18 06:00:00 | 000,797,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\comres.dll
MOD - [2007/02/18 06:00:00 | 000,273,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\comdlg32.dll
MOD - [2007/02/18 06:00:00 | 000,178,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\wbem\framedyn.dll
MOD - [2007/02/18 06:00:00 | 000,177,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\MSCTFIME.IME
MOD - [2007/02/18 06:00:00 | 000,098,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\msscript.ocx
MOD - [2007/02/16 23:58:24 | 001,051,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\wow64_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.3790.3959_x-ww_5FA17F4E\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/04/28 09:23:07 | 000,120,832 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (SASCORE)
SRV:64bit: - [2009/01/07 17:22:54 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2008/03/10 00:08:42 | 000,065,536 | ---- | M] () [Auto | Running] -- C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_64server.exe -- (mi-raysat_3dsMax2009_64)
SRV:64bit: - [2007/10/19 13:20:42 | 000,171,032 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV:64bit: - [2007/10/19 13:18:36 | 000,182,296 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
SRV:64bit: - [2007/10/19 13:17:04 | 000,255,000 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVCSer64.exe -- (LVCOMSer)
SRV - [2010/04/23 05:39:00 | 000,136,616 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe -- (AODService)
SRV - [2010/04/04 00:39:37 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/04/02 22:05:28 | 003,359,600 | ---- | M] (MediaMall Technologies, Inc.) [Auto | Running] -- C:\Program Files (x86)\MediaMall\MediaMallServer.exe -- (MediaMall Server)
SRV - [2010/02/25 15:11:04 | 000,856,064 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\TVersity\Media Server\MediaServer.exe -- (TVersityMediaServer)
SRV - [2009/04/18 15:30:57 | 000,079,360 | ---- | M] (Autodesk) [Auto | Running] -- C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2009/03/10 13:11:36 | 000,869,696 | ---- | M] (PC Tools Software) [Auto | Running] -- C:\Program Files (x86)\PC Tools Disk Suite\DSService.exe -- (DiskSuiteService)
SRV - [2009/02/03 22:05:00 | 000,663,552 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\SysWOW64\ati2saag.exe -- (ATI Smart)
SRV - [2009/01/07 17:16:03 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/11/04 11:48:10 | 000,288,112 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
SRV - [2008/09/28 17:04:27 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\WINDOWS\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2008/07/25 10:13:48 | 000,093,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2008/07/25 10:13:44 | 000,046,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\aspnet_state.exe -- (aspnet_state)
SRV - [2008/06/24 20:57:28 | 000,605,464 | ---- | M] (Seagate) [Auto | Running] -- C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe -- (SgtSch2Svc)
SRV - [2008/01/04 15:44:16 | 000,394,608 | ---- | M] (SupportSoft, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\supportsoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2007/08/23 15:05:18 | 000,045,056 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\MagicTune Premium\MagicTuneEngine.exe -- (MagicTuneEngine)
SRV - [2007/03/20 16:41:24 | 000,153,792 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3)
SRV - [2007/02/18 06:00:00 | 000,162,816 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\iasrecst.dll -- (IASJet)
SRV - [2007/02/18 06:00:00 | 000,077,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc)
SRV - [2007/01/04 20:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2007/01/04 15:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/10/18 20:05:24 | 000,913,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc)
SRV - [2006/08/11 12:15:36 | 000,200,704 | ---- | M] (InterVideo Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe -- (Capture Device Service)
SRV - [2006/03/30 10:15:44 | 000,096,341 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files (x86)\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2005/11/17 15:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/02/17 12:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2010/02/17 12:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV - [2010/05/29 13:34:27 | 000,000,006 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Mozilla Firefox\update.locale -- (Update)
DRV - [2010/05/09 09:00:32 | 000,019,952 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys -- (RivaTuner64)
DRV - [2010/04/23 05:38:48 | 000,052,352 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys -- (AODDriver2)
DRV - [2009/02/17 13:29:53 | 000,024,072 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2009/01/12 18:24:49 | 000,086,584 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SysWOW64\Drivers\adfs.sys -- (adfs)
DRV - [2008/06/26 05:06:39 | 000,093,128 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\WINDOWS\SysWOW64\ElbyCDIO.dll -- (ElbyCDIO)
DRV - [2007/09/06 14:54:52 | 000,012,928 | ---- | M] (Samsung Electronics, Inc. ) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\MTictwl.sys -- (NCPro)
DRV - [2007/09/06 14:54:52 | 000,012,928 | ---- | M] (Samsung Electronics, Inc. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\Drivers\MTiCtwl.sys -- (MagicTune)
DRV - [2007/02/18 06:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\SysWOW64\mnmdd.dll -- (mnmdd)
DRV - [2007/02/07 12:27:46 | 000,014,104 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | System | Running] -- C:\WINDOWS\SysWOW64\speedfan.sys -- (speedfan)
DRV - [2005/11/09 04:41:52 | 000,007,870 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\SysWOW64\rt61.cat -- (RT61)
DRV - [2005/05/25 09:39:14 | 000,007,168 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\RMClock\RTCore64.sys -- (RTCore64)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL LLC.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL LLC.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query="
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.drudgereport.com/"
FF - prefs.js..extensions.enabledItems: activegs@freetoolsassociation.com:3.0.213
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.825
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.23
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.4
FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query="


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG9\Firefox [2010/06/02 10:12:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/05/22 23:23:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/05/29 13:34:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/05/29 13:34:40 | 000,000,000 | ---D | M]

[2008/09/08 23:07:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2010/06/07 13:44:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\g6jc335s.default\extensions
[2010/06/03 23:06:14 | 000,000,000 | ---D | M] (FlashGot) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\g6jc335s.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2010/04/26 19:11:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\g6jc335s.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/26 19:11:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\g6jc335s.default\extensions\activegs@freetoolsassociation.com
[2010/06/07 13:44:07 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2008/09/19 15:55:32 | 000,479,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugins\msvcm80.dll
[2008/09/19 15:55:32 | 000,548,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugins\msvcp80.dll
[2008/09/19 15:55:32 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugins\msvcr80.dll
[2008/09/03 18:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npbittorrent.dll
[2009/04/20 14:25:54 | 000,072,960 | ---- | M] (Foxit Software Company) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2007/04/16 11:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\plugins\npViewpoint.dll

Hosts file not found
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O3 - HKLM\..\Toolbar: (ReGet Bar) - {17939A30-18E2-471E-9D3A-56DD725F1215} - C:\Program Files (x86)\ReGet Software\ReGet Deluxe\IEBar.dll File not found
O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Foxit Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL LLC.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VirtualCloneDrive] C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
O4 - HKCU..\Run: [] File not found
O4 - HKCU..\Run: [Aim6] File not found
O4 - HKCU..\Run: [cdloader] C:\Documents and Settings\Administrator\Application Data\mjusbsp\cdloader2.exe (magicJack L.P.)
O4 - HKCU..\Run: [EA Core] C:\Program Files (x86)\Electronic Arts\EADM\Core.exe File not found
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Orb] C:\Program Files (x86)\Winamp Remote\bin\OrbTray.exe (Orb Networks)
O4 - HKCU..\Run: [Radio365Agent] C:\Program Files (x86)\Live365\Radio365\Radio365TrayAgent.exe (Live365)
O4 - HKCU..\Run: [Search Protection] C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk = C:\Program Files (x86)\RALINK\Common\RaUI.exe (Ralink Technology, Corp.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\setup.exe (magicJack L.P.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O8:64bit: - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8:64bit: - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8:64bit: - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9:64bit: - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra Button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL LLC.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O15 - HKCU\..Trusted Domains: magicjack.com ([my] https in Trusted sites)
O15 - HKCU\..Trusted Domains: talk4free.com ([reg] https in Trusted sites)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} http://chat.bresnan.com/sdccommon/download/tgctlcm.cab (Support.com Configuration Class)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.srtest.com/srl_bin/sysreqlab3.cab (System Requirements Lab Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1220928006546 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 69.144.49.30 69.146.17.2 69.144.49.29
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\SysNative\wiascr.dll File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UIHost - (%SystemRoot%\system32\logonui.exe) - C:\WINDOWS\SysNative\logonui.exe File not found
O20:64bit: - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: System - (lsass.exe) - File not found
O20:64bit: - Winlogon\Notify\AtiExtEvent: DllName - Reg Error: Value error. - File not found
O20:64bit: - Winlogon\Notify\avgrsstarter: DllName - Reg Error: Value error. - File not found
O20:64bit: - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - File not found
O20:64bit: - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - File not found
O20:64bit: - Winlogon\Notify\cscdll: DllName - cscdll.dll - File not found
O20:64bit: - Winlogon\Notify\dimsntfy: DllName - dimsntfy.dll - File not found
O20:64bit: - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found
O20:64bit: - Winlogon\Notify\Schedule: DllName - wlnotify.dll - File not found
O20:64bit: - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - File not found
O20:64bit: - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - File not found
O20:64bit: - Winlogon\Notify\termsrv: DllName - Reg Error: Value error. - File not found
O20:64bit: - Winlogon\Notify\WB: DllName - Reg Error: Value error. - C:\Program Files (x86)\Stardock\Object Desktop\WindowBlinds\WbSrv.dll (Stardock Corporation)
O20:64bit: - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\AtiExtEvent: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\avgrsstarter: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - File not found
O20 - Winlogon\Notify\termsrv: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\WB: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\WBSrv: DllName - C:\Program Files (x86)\Stardock\Object Desktop\WindowBlinds\WBSrv.dll - C:\Program Files (x86)\Stardock\Object Desktop\WindowBlinds\WbSrv.dll (Stardock Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - File not found
O21:64bit: - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\SysNative\stobject.dll File not found
O21:64bit: - SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\SysNative\upnpui.dll File not found
O21:64bit: - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\SysNative\WPDShServiceObj.dll File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - File not found
O28 - HKLM ShellExecuteHooks: {16664848-0E00-11D2-8059-000000000000} - Reg Error: Key error. File not found
O30:64bit: - LSA: Authentication Packages - (C:\\WINDOWS\\system32\\awtrPijH) - File not found
O30:64bit: - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\SysWow64\relog_ap.dll (Acronis)
O30 - LSA: Authentication Packages - (C:\\WINDOWS\\system32\\awtrPijH) - File not found
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\SysWow64\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/09/08 20:02:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/06/10 15:42:20 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/07/28 15:08:34 | 000,004,671 | ---- | M] () - D:\Autounattend.xml -- [ NTFS ]
O33 - MountPoints2\{0302d81b-f44a-11de-8fd0-0018f8ab06a4}\Shell - "" = AutoRun
O33 - MountPoints2\{0302d81b-f44a-11de-8fd0-0018f8ab06a4}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0302d81b-f44a-11de-8fd0-0018f8ab06a4}\Shell\AutoRun\command - "" = T:\WD SmartWare.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: Ias - C:\WINDOWS\SysWOW64\ias [2008/09/08 13:46:20 | 000,000,000 | ---D | M]

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 90 Days ==========

[2010/06/08 18:38:11 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/06/07 02:20:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Gosu
[2010/06/02 11:22:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\100SSCAM
[2010/05/31 21:57:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010/05/31 15:32:08 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/05/29 11:02:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/05/29 11:02:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
[2010/05/29 11:00:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SASCORE
[2010/05/29 11:00:43 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/05/27 19:47:41 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IECompatCache
[2010/05/27 19:44:41 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\PrivacIE
[2010/05/27 16:59:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2010/05/27 16:58:59 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\SysWow64\drivers\mbamswissarmy.sys
[2010/05/27 16:58:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/05/27 16:58:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/05/27 15:11:26 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IETldCache
[2010/05/27 15:01:00 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/05/27 13:56:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\MnF_13in1
[2010/05/25 22:57:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Windows Server
[2010/05/25 22:49:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Elaborate Bytes
[2010/05/25 22:48:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\gs
[2010/05/25 22:48:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\KaraokeDX
[2010/05/25 22:48:19 | 001,258,928 | ---- | C] (Spesoft Ltd) -- C:\WINDOWS\SysWow64\sysperxg.dll
[2010/05/25 22:48:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GameEx
[2010/05/25 22:46:12 | 018,804,032 | ---- | C] (Spesoft ) -- C:\Documents and Settings\Administrator\Desktop\106.GameExSetup.exe
[2010/05/25 16:56:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Visual Pinball
[2010/05/25 16:36:38 | 000,000,000 | ---D | C] -- C:\Games
[2010/05/25 16:27:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Future Pinball
[2010/05/25 14:40:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\PCHealth
[2010/05/22 23:22:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared
[2010/05/20 23:19:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pcsx2
[2010/05/17 19:42:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Facebook
[2010/05/15 23:34:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\ios 249
[2010/05/14 19:48:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\boob
[2010/05/09 09:00:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
[2010/05/09 08:59:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Guru3D.com
[2010/05/07 20:02:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATITool
[2010/05/07 11:05:43 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2010/05/07 11:03:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DivX
[2010/05/04 23:11:09 | 000,089,600 | ---- | C] (dnSoft Research Group ) -- C:\Documents and Settings\Administrator\Desktop\xntimer.exe
[2010/05/03 10:08:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ATI
[2010/05/03 02:16:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\simscore mod
[2010/04/28 17:49:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\orthos_exe_20060420
[2010/04/28 17:48:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RMClock
[2010/04/26 16:04:42 | 000,353,592 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\SysWow64\DivXControlPanelApplet.cpl
[2010/04/20 00:11:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\sims no cd
[2010/04/17 20:22:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Electronic Arts
[2010/04/15 21:27:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\tversity
[2010/04/15 21:17:02 | 000,060,273 | ---- | C] (Open Source Software community project) -- C:\WINDOWS\SysWow64\pthreadGC2.dll
[2010/04/15 21:16:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TVersity Codec Pack
[2010/04/15 21:15:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TVersity
[2010/04/14 22:39:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2010/04/14 22:38:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\TV-Websites
[2010/04/14 22:38:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MediaMall
[2010/04/14 22:38:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ffdshowEx
[2010/04/14 22:38:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MediaMall
[2010/04/14 22:01:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Recorded TV
[2010/04/14 22:01:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Recorded Audio
[2010/04/14 21:35:29 | 008,875,514 | ---- | C] (Orb Networks) -- C:\Documents and Settings\Administrator\Desktop\winampremote.exe
[2010/04/14 21:35:24 | 008,875,514 | ---- | C] (Orb Networks) -- C:\Documents and Settings\Administrator\Desktop\winampremote.exe.part
[2010/04/05 22:05:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\TaxCut
[2010/04/05 22:02:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDF995
[2010/04/05 22:02:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HRBlock2009
[2010/04/05 22:02:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\HRBlock
[2010/04/05 22:00:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TaxCut
[2010/04/04 00:41:07 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/04/04 00:38:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/04/03 20:53:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\simstuff
[2010/04/03 14:02:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Bret Rand
[2010/03/28 15:22:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Walmart MP3 Music Downloads
[2010/03/28 15:22:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Walmart MP3 Music Downloads
[2010/03/27 21:19:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\MTS_Delphy_1040635_MonkeyBars
[2010/03/22 19:34:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\The_Sims_3_v1.2.7_Update-RazorDOX
[2010/03/19 18:05:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Template
[2010/03/16 16:13:55 | 000,000,000 | ---D | C] -- C:\temp
[2010/03/16 12:26:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Magic Jack crap
[2010/03/16 11:52:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\digieffects
[2010/03/14 18:29:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\sims3 stuff
[2010/03/13 20:23:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI
[2010/03/13 20:19:33 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2010/03/13 20:19:28 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2010/03/11 12:37:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\exPressit
[10 C:\WINDOWS\SysWow64\*.tmp files -> C:\WINDOWS\SysWow64\*.tmp -> ]
[10 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/06/08 18:38:11 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/06/08 18:19:00 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1865067173-612216720-2012268356-500UA.job
[2010/06/08 17:07:38 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\prvlcl.dat
[2010/06/08 15:19:54 | 000,002,389 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Google Chrome.lnk
[2010/06/08 11:47:18 | 000,000,314 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1865067173-612216720-2012268356-500.job
[2010/06/08 11:47:18 | 000,000,306 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1865067173-612216720-2012268356-500.job
[2010/06/08 00:19:00 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1865067173-612216720-2012268356-500Core.job
[2010/06/07 19:30:10 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/07 19:30:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/07 14:14:56 | 000,000,949 | ---- | M] () -- C:\WINDOWS\SysWow64\tversity.cookies
[2010/06/06 13:28:20 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\wi7ot1ul.exe
[2010/06/06 13:27:11 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\dds.scr
[2010/06/06 09:09:44 | 000,001,562 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\DivX Movies.lnk
[2010/06/06 09:09:29 | 000,000,852 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Player.lnk
[2010/06/06 09:09:14 | 000,000,892 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Converter.lnk
[2010/06/05 14:57:01 | 015,466,496 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010/06/04 17:35:40 | 000,086,037 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\pizza.jpg
[2010/06/04 16:01:06 | 000,000,013 | ---- | M] () -- C:\WINDOWS\SysWow64\WinSys32.crc
[2010/06/04 09:45:58 | 000,000,026 | ---- | M] () -- C:\WINDOWS\Zone.Identifier
[2010/06/04 02:35:26 | 000,079,872 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/02 10:10:42 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/06/01 21:43:00 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/06/01 19:25:16 | 000,021,474 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\gmer.jpg
[2010/06/01 19:12:17 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Administrator\defogger_reenable
[2010/06/01 19:10:28 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Defogger.exe
[2010/06/01 11:17:12 | 000,049,314 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\wendyorder.jpg
[2010/05/31 22:54:15 | 000,000,907 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Cinema Craft Encoder Basic.lnk
[2010/05/31 22:34:05 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\tw987cp5.exe
[2010/05/31 21:57:46 | 000,000,970 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/05/31 21:57:01 | 003,764,218 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2010/05/31 20:16:23 | 030,424,605 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Office 2007 All In One Desk Reference for Dummies.pdf
[2010/05/31 19:27:45 | 000,185,340 | -H-- | M] () -- C:\WINDOWS\SysWow64\mlfcache.dat
[2010/05/31 18:57:48 | 000,002,223 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2010/05/29 11:00:44 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/05/27 16:59:01 | 000,000,771 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/27 12:39:19 | 000,015,450 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\second paper- mike's edit.docx
[2010/05/26 22:45:22 | 000,016,331 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\second paper.docx
[2010/05/25 22:49:40 | 000,000,990 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Virtual CloneDrive.lnk
[2010/05/25 22:48:35 | 000,272,784 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/05/25 22:35:02 | 018,804,787 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\106.GameExSetup.rar
[2010/05/25 16:57:08 | 000,001,743 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\VPinball_9_0_2.lnk
[2010/05/25 16:57:08 | 000,001,701 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\VPinball.lnk
[2010/05/25 16:57:07 | 000,001,831 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\vpforums.org.lnk
[2010/05/25 16:56:28 | 007,775,314 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\VPInstaller_1_0_3.exe
[2010/05/25 16:36:43 | 000,000,675 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Future Pinball.lnk
[2010/05/25 12:44:47 | 000,624,146 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\VPinball907.zip
[2010/05/25 12:42:29 | 017,530,367 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\GameEx.v9.83.rar
[2010/05/25 01:05:00 | 000,000,349 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\PCLECHAL.INI
[2010/05/23 21:45:10 | 000,046,806 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\science classes.std
[2010/05/22 23:23:09 | 000,000,777 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer SP.lnk
[2010/05/22 23:21:37 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\WINDOWS\SysWow64\pncrt.dll
[2010/05/19 20:21:04 | 000,120,087 | -H-- | M] () -- C:\Documents and Settings\Administrator\Desktop\mvstcdxx.lst
[2010/05/15 00:00:03 | 000,087,552 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\memorial number stickers.zdl
[2010/05/14 09:49:23 | 000,524,288 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\dvd399.bin
[2010/05/10 21:21:18 | 000,561,548 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\UG-E_PANSCN01_v1_5_10-13-08.pdf
[2010/05/08 01:04:24 | 1047,476,224 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\the princess bride.avi
[2010/05/07 20:02:38 | 000,000,761 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\ATITool.lnk
[2010/05/06 20:46:20 | 000,000,219 | ---- | M] () -- C:\WINDOWS\SysWow64\lsprst7.tgz
[2010/05/06 20:46:20 | 000,000,205 | ---- | M] () -- C:\WINDOWS\SysWow64\lsprst7.dll
[2010/05/06 20:46:20 | 000,000,087 | ---- | M] () -- C:\WINDOWS\SysWow64\ssprs.tgz
[2010/05/06 20:46:20 | 000,000,073 | ---- | M] () -- C:\WINDOWS\SysWow64\ssprs.dll
[2010/05/06 20:46:19 | 000,000,021 | ---- | M] () -- C:\WINDOWS\SurCode.INI
[2010/05/04 23:11:09 | 000,089,600 | ---- | M] (dnSoft Research Group ) -- C:\Documents and Settings\Administrator\Desktop\xntimer.exe
[2010/05/03 14:10:13 | 004,075,597 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\MTS_AD85_1089954_Tunable_Core_3.2.1.rar
[2010/05/03 03:26:47 | 000,001,879 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AMD OverDrive.lnk
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\SysWow64\drivers\mbamswissarmy.sys
[2010/04/28 18:16:23 | 000,000,168 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\hwmonitorw.ini
[2010/04/28 17:48:21 | 000,000,809 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\RightMark CPU Clock Utility.lnk
[2010/04/27 12:09:06 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\GJ Biol & Chem 2009 10 taping info by date .xls
[2010/04/26 16:04:42 | 000,353,592 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\SysWow64\DivXControlPanelApplet.cpl
[2010/04/19 11:54:53 | 000,002,006 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\EA Download Manager.lnk
[2010/04/17 20:20:43 | 000,001,937 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\The Sims™ 3 World Adventures.lnk
[2010/04/17 20:04:02 | 000,001,777 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\The Sims™ 3.lnk
[2010/04/15 21:17:03 | 000,002,062 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\TVersity.lnk
[2010/04/14 22:38:35 | 000,001,875 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PlayOn.lnk
[2010/04/14 22:12:56 | 001,228,854 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\OrbError.bmp
[2010/04/14 21:59:42 | 000,001,759 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Winamp Remote.lnk
[2010/04/14 21:48:44 | 008,875,514 | ---- | M] (Orb Networks) -- C:\Documents and Settings\Administrator\Desktop\winampremote.exe
[2010/04/14 21:48:42 | 008,875,514 | ---- | M] (Orb Networks) -- C:\Documents and Settings\Administrator\Desktop\winampremote.exe.part
[2010/04/12 16:57:41 | 000,277,979 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\3GIRLS.pdf
[2010/04/12 16:57:41 | 000,033,280 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\mikado Save the date.doc
[2010/04/11 22:53:44 | 000,135,680 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\wendysgiftshop sales2009.xls
[2010/04/11 03:47:49 | 000,138,240 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\wendysgiftshop sales2008.xls
[2010/04/05 22:03:50 | 000,001,769 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\H&R Block 2009.lnk
[2010/04/04 00:40:41 | 000,001,594 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2010/04/03 19:56:43 | 000,010,694 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\fire.smod
[2010/04/01 03:34:28 | 000,020,862 | ---- | M] () -- C:\WINDOWS\atiogl.xml
[2010/03/31 11:34:55 | 000,249,393 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\robert bobby v turner memorial.std
[2010/03/30 22:03:31 | 000,001,679 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/03/29 14:18:17 | 000,000,166 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\wklnhst.dat
[2010/03/29 14:18:16 | 000,010,752 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\031810 spreadsheet.xlr
[2010/03/28 15:22:27 | 000,001,182 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Walmart MP3 Music Downloads.lnk
[2010/03/25 18:16:02 | 000,001,093 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\magicJack.lnk
[2010/03/18 22:14:39 | 005,657,066 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\EX-F1.pdf
[2010/03/18 11:08:15 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Contacts.doc
[2010/03/18 10:35:18 | 000,023,040 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\nami invoice 031810.doc
[2010/03/17 19:46:17 | 000,172,831 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Nami psa label.std
[2010/03/16 11:16:31 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/03/11 13:19:31 | 000,001,577 | -H-- | M] () -- C:\mvstcdxx.lst
[10 C:\WINDOWS\SysWow64\*.tmp files -> C:\WINDOWS\SysWow64\*.tmp -> ]
[10 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/06 13:28:20 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\wi7ot1ul.exe
[2010/06/04 17:35:40 | 000,086,037 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\pizza.jpg
[2010/06/04 09:45:58 | 000,000,026 | ---- | C] () -- C:\WINDOWS\Zone.Identifier
[2010/06/01 19:25:16 | 000,021,474 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\gmer.jpg
[2010/06/01 19:15:11 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\dds.scr
[2010/06/01 19:12:17 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\defogger_reenable
[2010/06/01 19:10:27 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Defogger.exe
[2010/06/01 11:17:12 | 000,049,314 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\wendyorder.jpg
[2010/05/31 22:54:15 | 000,000,907 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Cinema Craft Encoder Basic.lnk
[2010/05/31 22:34:04 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\tw987cp5.exe
[2010/05/31 20:12:53 | 030,424,605 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Office 2007 All In One Desk Reference for Dummies.pdf
[2010/05/29 11:00:44 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/05/27 16:59:01 | 000,000,771 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/26 23:44:18 | 000,015,450 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\second paper- mike's edit.docx
[2010/05/26 21:35:12 | 000,016,331 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\second paper.docx
[2010/05/25 22:49:40 | 000,000,990 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Virtual CloneDrive.lnk
[2010/05/25 22:29:57 | 018,804,787 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\106.GameExSetup.rar
[2010/05/25 16:57:08 | 000,001,743 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\VPinball_9_0_2.lnk
[2010/05/25 16:57:08 | 000,001,701 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\VPinball.lnk
[2010/05/25 16:57:07 | 000,001,831 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\vpforums.org.lnk
[2010/05/25 16:56:04 | 007,775,314 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\VPInstaller_1_0_3.exe
[2010/05/25 16:36:43 | 000,000,675 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Future Pinball.lnk
[2010/05/25 12:44:47 | 000,624,146 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\VPinball907.zip
[2010/05/25 12:39:12 | 017,530,367 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\GameEx.v9.83.rar
[2010/05/22 23:23:10 | 000,000,314 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1865067173-612216720-2012268356-500.job
[2010/05/22 23:23:10 | 000,000,306 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1865067173-612216720-2012268356-500.job
[2010/05/22 23:23:09 | 000,000,777 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer SP.lnk
[2010/05/19 20:21:04 | 000,120,087 | -H-- | C] () -- C:\Documents and Settings\Administrator\Desktop\mvstcdxx.lst
[2010/05/15 00:00:02 | 000,087,552 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\memorial number stickers.zdl
[2010/05/14 09:49:23 | 000,524,288 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\dvd399.bin
[2010/05/10 21:21:14 | 000,561,548 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\UG-E_PANSCN01_v1_5_10-13-08.pdf
[2010/05/08 00:00:57 | 1047,476,224 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\the princess bride.avi
[2010/05/07 20:02:38 | 000,000,761 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\ATITool.lnk
[2010/05/07 11:06:23 | 000,001,562 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\DivX Movies.lnk
[2010/05/07 11:06:03 | 000,000,852 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Player.lnk
[2010/05/07 11:05:38 | 000,000,892 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Converter.lnk
[2010/05/03 14:09:37 | 004,075,597 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\MTS_AD85_1089954_Tunable_Core_3.2.1.rar
[2010/05/03 03:26:47 | 000,001,879 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AMD OverDrive.lnk
[2010/04/28 17:48:21 | 000,000,809 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\RightMark CPU Clock Utility.lnk
[2010/04/28 00:02:50 | 000,000,168 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\hwmonitorw.ini
[2010/04/19 11:54:53 | 000,002,006 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\EA Download Manager.lnk
[2010/04/18 17:40:45 | 000,528,544 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/04/17 20:20:43 | 000,001,937 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\The Sims™ 3 World Adventures.lnk
[2010/04/17 20:04:02 | 000,001,777 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\The Sims™ 3.lnk
[2010/04/15 21:17:42 | 000,000,949 | ---- | C] () -- C:\WINDOWS\SysWow64\tversity.cookies
[2010/04/15 21:17:03 | 000,002,062 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\TVersity.lnk
[2010/04/15 21:17:02 | 000,007,680 | ---- | C] () -- C:\WINDOWS\SysWow64\ff_vfw.dll
[2010/04/15 21:17:02 | 000,000,547 | ---- | C] () -- C:\WINDOWS\SysWow64\ff_vfw.dll.manifest
[2010/04/14 22:38:35 | 000,001,875 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PlayOn.lnk
[2010/04/14 22:11:40 | 001,228,854 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\OrbError.bmp
[2010/04/14 21:59:42 | 000,001,759 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Winamp Remote.lnk
[2010/04/13 02:02:46 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\prvlcl.dat
[2010/04/12 16:57:41 | 000,277,979 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\3GIRLS.pdf
[2010/04/12 16:57:41 | 000,033,280 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\mikado Save the date.doc
[2010/04/11 19:44:33 | 000,102,901 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Charles Packard 2008 Tax Return.T08
[2010/04/10 21:57:40 | 000,138,240 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\wendysgiftshop sales2008.xls
[2010/04/10 21:57:19 | 000,135,680 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\wendysgiftshop sales2009.xls
[2010/04/06 19:58:52 | 000,001,990 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\hacks.ini
[2010/04/05 22:03:50 | 000,001,769 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\H&R Block 2009.lnk
[2010/04/04 00:40:41 | 000,001,594 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2010/04/03 12:27:31 | 000,010,694 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\fire.smod
[2010/03/31 11:34:42 | 000,249,393 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\robert bobby v turner memorial.std
[2010/03/30 22:03:31 | 000,001,679 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/03/28 15:22:27 | 000,001,182 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Walmart MP3 Music Downloads.lnk
[2010/03/25 18:16:02 | 000,001,093 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\magicJack.lnk
[2010/03/19 19:19:14 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\031810 spreadsheet.xlr
[2010/03/19 18:05:32 | 000,000,166 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\wklnhst.dat
[2010/03/18 22:14:07 | 005,657,066 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\EX-F1.pdf
[2010/03/18 11:08:15 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Contacts.doc
[2010/03/18 10:06:53 | 000,023,040 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\nami invoice 031810.doc
[2010/03/11 13:19:31 | 000,001,577 | -H-- | C] () -- C:\mvstcdxx.lst
[2009/11/26 17:13:12 | 001,278,464 | ---- | C] () -- C:\WINDOWS\SysWow64\quartz.dll
[2009/11/22 01:39:05 | 000,027,648 | ---- | C] () -- C:\WINDOWS\SysWow64\AVSredirect.dll
[2009/10/17 15:31:57 | 000,829,781 | ---- | C] () -- C:\WINDOWS\SysWow64\xvidcore.dll
[2009/06/24 14:21:32 | 000,000,432 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/06/11 13:30:03 | 000,151,552 | ---- | C] () -- C:\WINDOWS\SysWow64\nvRegDev.dll
[2009/04/29 22:14:17 | 000,120,200 | ---- | C] () -- C:\WINDOWS\SysWow64\DLLDEV32i.dll
[2009/04/29 22:13:57 | 000,007,119 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2009/04/17 15:51:37 | 000,000,229 | ---- | C] () -- C:\WINDOWS\ABC_mru.ini
[2009/01/12 19:04:05 | 000,000,021 | ---- | C] () -- C:\WINDOWS\SurCode.INI
[2008/11/08 10:53:37 | 000,001,025 | ---- | C] () -- C:\WINDOWS\SysWow64\sysprs7.dll
[2008/11/08 10:53:37 | 000,001,025 | ---- | C] () -- C:\WINDOWS\SysWow64\clauth2.dll
[2008/11/08 10:53:37 | 000,001,025 | ---- | C] () -- C:\WINDOWS\SysWow64\clauth1.dll
[2008/11/08 10:53:37 | 000,000,073 | ---- | C] () -- C:\WINDOWS\SysWow64\ssprs.dll
[2008/11/08 10:53:36 | 000,000,205 | ---- | C] () -- C:\WINDOWS\SysWow64\lsprst7.dll
[2008/10/22 17:06:29 | 000,000,067 | ---- | C] () -- C:\WINDOWS\My Video Converter.INI
[2008/10/20 20:09:36 | 000,164,352 | ---- | C] () -- C:\WINDOWS\SysWow64\unrar.dll
[2008/10/20 20:09:35 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2008/10/10 15:00:05 | 000,034,308 | ---- | C] () -- C:\WINDOWS\SysWow64\BASSMOD.dll
[2008/10/02 01:50:30 | 000,061,440 | ---- | C] () -- C:\WINDOWS\SysWow64\cdTextCtl.dll
[2008/09/30 14:32:12 | 000,000,890 | ---- | C] () -- C:\WINDOWS\SysWow64\WLAN.INI
[2008/09/30 14:06:00 | 000,094,208 | ---- | C] () -- C:\WINDOWS\SysWow64\GTW32N50.dll
[2008/09/30 13:17:29 | 000,000,026 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2008/09/30 01:28:10 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/09/25 20:44:09 | 000,494,557 | ---- | C] () -- C:\WINDOWS\SysWow64\dxgi.dll
[2008/09/25 20:44:09 | 000,025,037 | ---- | C] () -- C:\WINDOWS\SysWow64\Nucleus.dll
[2008/09/25 20:44:08 | 000,519,912 | ---- | C] () -- C:\WINDOWS\SysWow64\d3dx10d_33.dll
[2008/09/25 20:44:07 | 000,566,624 | ---- | C] () -- C:\WINDOWS\SysWow64\d3d10.dll
[2008/09/09 00:57:01 | 000,058,792 | ---- | C] () -- C:\WINDOWS\SysWow64\wbload.dll
[2008/09/09 00:14:36 | 002,463,976 | ---- | C] () -- C:\WINDOWS\SysWow64\NPSWF32.dll
[2008/09/08 22:02:31 | 000,564,564 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\SysWow64\AgCPanelTraditionalChinese.dll
[2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\SysWow64\AgCPanelSwedish.dll
[2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\SysWow64\AgCPanelSpanish.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\SysWow64\AgCPanelSimplifiedChinese.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\SysWow64\AgCPanelPortugese.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\SysWow64\AgCPanelKorean.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\SysWow64\AgCPanelJapanese.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\SysWow64\AgCPanelGerman.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\SysWow64\AgCPanelFrench.dll
[2007/02/18 06:00:00 | 000,733,696 | ---- | C] () -- C:\WINDOWS\SysWow64\qedwipes.dll
[2007/02/18 06:00:00 | 000,512,512 | ---- | C] () -- C:\WINDOWS\SysWow64\qedit.dll
[2007/02/18 06:00:00 | 000,498,742 | ---- | C] () -- C:\WINDOWS\SysWow64\dxmasf.dll
[2007/02/18 06:00:00 | 000,396,288 | ---- | C] () -- C:\WINDOWS\SysWow64\encdec.dll
[2007/02/18 06:00:00 | 000,385,536 | ---- | C] () -- C:\WINDOWS\SysWow64\qdvd.dll
[2007/02/18 06:00:00 | 000,355,112 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2007/02/18 06:00:00 | 000,279,040 | ---- | C] () -- C:\WINDOWS\SysWow64\qdv.dll
[2007/02/18 06:00:00 | 000,276,992 | ---- | C] () -- C:\WINDOWS\SysWow64\sbe.dll
[2007/02/18 06:00:00 | 000,199,168 | ---- | C] () -- C:\WINDOWS\SysWow64\ir32_32.dll
[2007/02/18 06:00:00 | 000,192,512 | ---- | C] () -- C:\WINDOWS\SysWow64\qcap.dll
[2007/02/18 06:00:00 | 000,114,688 | ---- | C] () -- C:\WINDOWS\SysWow64\msencode.dll
[2007/02/18 06:00:00 | 000,072,704 | ---- | C] () -- C:\WINDOWS\SysWow64\amstream.dll
[2007/02/18 06:00:00 | 000,062,464 | ---- | C] () -- C:\WINDOWS\SysWow64\mciqtz32.dll
[2007/02/18 06:00:00 | 000,061,440 | ---- | C] () -- C:\WINDOWS\SysWow64\devenum.dll
[2007/02/18 06:00:00 | 000,016,896 | ---- | C] () -- C:\WINDOWS\SysWow64\tsd32.dll
[2007/02/18 06:00:00 | 000,014,336 | ---- | C] () -- C:\WINDOWS\SysWow64\msdmo.dll
[2007/02/18 06:00:00 | 000,004,126 | ---- | C] () -- C:\WINDOWS\SysWow64\msdxmlc.dll
[2005/07/08 22:07:46 | 000,007,168 | ---- | C] () -- C:\WINDOWS\SysWow64\dfscacm.dll
[2005/07/08 22:07:44 | 000,005,632 | ---- | C] () -- C:\WINDOWS\SysWow64\dfsc.dll
[2002/03/16 18:00:00 | 000,007,420 | ---- | C] () -- C:\WINDOWS\UA000071.DLL

========== LOP Check ==========

[2008/09/24 19:32:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\acccore
[2009/04/18 15:34:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Autodesk
[2010/01/19 01:15:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Azureus
[2008/12/05 16:43:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\BitTorrent
[2009/09/26 23:11:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Coby Media Manager
[2009/06/10 23:59:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DJS Sims
[2009/05/03 19:05:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DNA
[2009/11/22 01:15:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Elecard
[2010/05/17 19:42:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Facebook
[2009/04/20 14:26:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Foxit
[2009/03/03 23:35:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\FreeStone Group
[2009/02/08 04:00:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\funkitron
[2009/10/17 15:31:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GetRightToGo
[2008/10/11 18:44:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GlobalSCAPE
[2008/12/05 21:35:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ImgBurn
[2008/11/18 19:14:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\InterVideo
[2008/11/04 12:27:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\JGsoft
[2008/11/15 14:30:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Laplink
[2009/04/29 22:36:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\MAGIX
[2008/10/22 19:04:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\MainConcept
[2010/03/25 18:16:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mjusbsp
[2009/04/16 23:11:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mootools
[2008/11/25 00:09:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\NewsLeecher
[2008/10/10 15:03:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Publish Providers
[2010/04/12 10:42:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ReGet Software
[2008/09/24 21:45:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\River Past G5
[2009/09/16 19:34:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Sony
[2008/09/24 22:55:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Sony Setup
[2010/04/05 22:05:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TaxCut
[2010/03/19 18:05:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Template
[2009/07/01 10:50:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Thinstall
[2008/10/08 02:04:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Viewpoint
[2010/01/10 21:35:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Vso
[2008/10/03 23:36:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Walgreens
[2009/11/19 18:14:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\XnView
[2008/09/24 19:32:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2009/06/19 20:41:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM Toolbar
[2009/04/18 15:33:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2008/10/02 01:30:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avery
[2010/05/27 15:11:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2008/09/26 02:01:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2009/08/02 21:00:29 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2009/07/27 17:24:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Codemasters
[2010/04/19 11:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2010/01/16 17:23:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\explauncher
[2008/10/11 18:46:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GlobalSCAPE
[2010/06/07 02:20:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gosu
[2008/09/24 23:01:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2009/04/29 22:34:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MAGIX
[2010/06/07 02:20:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MediaMall
[2008/11/08 10:53:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Minnetonka Audio Software
[2010/04/14 22:01:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OrbNetworks
[2010/01/16 21:29:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Paragon
[2009/11/22 23:50:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2009/11/22 23:45:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio Plus
[2009/11/22 23:50:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio Ultimate Collection
[2008/09/30 16:04:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ralink Driver
[2009/11/12 02:44:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Redirected
[2008/09/24 21:52:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\River Past G5
[2010/05/29 11:00:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SASCORE
[2009/02/25 23:24:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2009/05/18 01:14:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2009/11/19 02:06:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2009/11/22 23:45:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Studio 14
[2010/04/05 22:00:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TaxCut
[2008/10/02 07:09:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2010/03/09 20:07:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/11/15 13:55:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2009/06/19 20:41:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/11/10 18:04:45 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}
[2008/09/09 16:22:40 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{8227D5D4-E2F9-4B81-98FA-54E4E78F5238}
[2008/10/28 04:07:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\Defrag Job #00.job
[2010/06/07 12:19:00 | 000,032,370 | ---- | M] () -- C:\WINDOWS\Tasks\SchedLgU.Txt

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2007/02/18 06:00:00 | 011,678,589 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\amd64\sp2.cab:AGP440.sys

< MD5 for: ATAPI.SYS >
[2007/02/18 06:00:00 | 011,678,589 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\amd64\sp2.cab:atapi.sys

< MD5 for: NETLOGON.DLL >
[2007/02/18 06:00:00 | 000,430,592 | ---- | M] (Microsoft Corporation) MD5=451564B8F22461D90CF8ED3945637845 -- C:\WINDOWS\SysWOW64\netlogon.dll
[2007/02/18 06:00:00 | 000,430,592 | ---- | M] (Microsoft Corporation) MD5=451564B8F22461D90CF8ED3945637845 -- C:\WINDOWS\SysWOW64\netlogon.dll

< MD5 for: SCECLI.DLL >
[2007/02/18 06:00:00 | 000,188,928 | ---- | M] (Microsoft Corporation) MD5=E7B7FD7D8907DADED4928E922608887F -- C:\WINDOWS\SysWOW64\scecli.dll
[2007/02/18 06:00:00 | 000,188,928 | ---- | M] (Microsoft Corporation) MD5=E7B7FD7D8907DADED4928E922608887F -- C:\WINDOWS\SysWOW64\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 04:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\SysWOW64\dxtmsft.dll
[2009/03/08 04:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\SysWOW64\dxtrans.dll
[10 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemdrive%\*.sys /90 /md5 >
[2010/06/07 19:29:58 | 4293,918,719 | -HS- | M] () Unable to obtain MD5 -- C:\pagefile.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 487 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
@Alternate Data Stream - 197 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:556BBACC
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9E00596C
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:61A065F2
< End of report >

========================================================

OTL Extras logfile created on: 6/8/2010 6:39:17 PM - Run 1
OTL by OldTimer - Version 3.2.5.3 Folder = C:\Documents and Settings\Administrator\Desktop
64bit-Windows Server 2003 Service Pack 2 (Version = 5.2.3790) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 6.00 Gb Available Physical Memory | 72.00% Memory free
16.00 Gb Paging File | 9.00 Gb Available in Paging File | 60.00% Paging File free
Paging file location(s): c:\pagefile.sys 8191 15000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 107.42 Gb Total Space | 0.86 Gb Free Space | 0.80% Space Free | Partition Type: NTFS
Drive D: | 107.42 Gb Total Space | 28.35 Gb Free Space | 26.40% Space Free | Partition Type: NTFS
Drive E: | 250.91 Gb Total Space | 23.50 Gb Free Space | 9.37% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 980.45 Mb Total Space | 780.10 Mb Free Space | 79.57% Space Free | Partition Type: FAT32
Drive M: | 100.59 Gb Total Space | 2.38 Gb Free Space | 2.37% Space Free | Partition Type: NTFS
Drive N: | 100.59 Gb Total Space | 16.03 Gb Free Space | 15.94% Space Free | Partition Type: NTFS
Drive O: | 31.69 Gb Total Space | 1.82 Gb Free Space | 5.73% Space Free | Partition Type: FAT32
Drive P: | 298.09 Gb Total Space | 47.77 Gb Free Space | 16.02% Space Free | Partition Type: NTFS
Drive Q: | 465.75 Gb Total Space | 35.64 Gb Free Space | 7.65% Space Free | Partition Type: NTFS
Drive R: | 298.09 Gb Total Space | 48.92 Gb Free Space | 16.41% Space Free | Partition Type: NTFS
Drive S: | 465.76 Gb Total Space | 49.75 Gb Free Space | 10.68% Space Free | Partition Type: NTFS

Computer Name: PHENOM
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.txt[@ = txtfile] -- C:\Program Files (x86)\JGsoft\EditPadLite\EditPadLite.exe (Just Great Software)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.txt [@ = txtfile] -- C:\Program Files (x86)\JGsoft\EditPadLite\EditPadLite.exe (Just Great Software)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 File not found
InternetShortcut [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" %* File not found
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- "C:\Program Files (x86)\JGsoft\EditPadLite\EditPadLite.exe" "%1" (Just Great Software)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with XnView] -- "C:\Program Files (x86)\XnView\xnview.exe" "%1" (XnView, http://www.xnview.com)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [TVersity] -- "C:\Program Files (x86)\TVersity\Media Server\GUILaunch.exe" -type "folder" -url "%1" -title "" -tags "" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
InternetShortcut [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" %*
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- "C:\Program Files (x86)\JGsoft\EditPadLite\EditPadLite.exe" "%1" (Just Great Software)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with XnView] -- "C:\Program Files (x86)\XnView\xnview.exe" "%1" (XnView, http://www.xnview.com)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [TVersity] -- "C:\Program Files (x86)\TVersity\Media Server\GUILaunch.exe" -type "folder" -url "%1" -title "" -tags "" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3703:TCP" = 3703:TCP:*:Enabled:Adobe Version Cue CS4 Server
"3704:TCP" = 3704:TCP:*:Enabled:Adobe Version Cue CS4 Server
"50900:TCP" = 50900:TCP:*:Enabled:Adobe Version Cue CS3 Server
"50901:TCP" = 50901:TCP:*:Enabled:Adobe Version Cue CS3 Server
"50985:TCP" = 50985:TCP:*:Enabled:vuze
"50985:UDP" = 50985:UDP:*:Enabled:vuze
"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4
"51000:TCP" = 51000:TCP:*:Enabled:Adobe Version Cue CS4 Server
"51001:TCP" = 51001:TCP:*:Enabled:Adobe Version Cue CS4 Server
"5060:UDP" = 5060:UDP:*:Enabled:magicJack5060
"5070:UDP" = 5070:UDP:*:Enabled:magicJack5070

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- File not found
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- File not found
"C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe" = C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:*:Enabled:Adobe Version Cue CS3 Server -- (Adobe Systems Incorporated)
"C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files (x86)\Common Files\AOL\Loader\aolload.exe" = C:\Program Files (x86)\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files (x86)\AIM6\aim6.exe" = C:\Program Files (x86)\AIM6\aim6.exe:*:Enabled:AIM -- (AOL LLC)
"C:\Program Files (x86)\Vuze\Azureus.exe" = C:\Program Files (x86)\Vuze\Azureus.exe:*:Enabled:Azureus -- (Azureus Inc)
"C:\Program Files (x86)\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe" = C:\Program Files (x86)\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:*:Enabled:Crysis_32 -- (Crytek GmbH)
"C:\Program Files (x86)\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe" = C:\Program Files (x86)\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32 -- (Crytek GmbH)
"C:\Program Files (x86)\Electronic Arts\Crytek\Crysis\Bin64\Crysis.exe" = C:\Program Files (x86)\Electronic Arts\Crytek\Crysis\Bin64\Crysis.exe:*:Enabled:Crysis_64 -- (Sony DADC Austria AG)
"C:\Program Files (x86)\Electronic Arts\Crytek\Crysis\Bin64\CrysisDedicatedServer.exe" = C:\Program Files (x86)\Electronic Arts\Crytek\Crysis\Bin64\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_64 -- (Crytek GmbH)
"C:\WINDOWS\SysWOW64\ftp.exe" = C:\WINDOWS\SysWOW64\ftp.exe:*:Enabled:File Transfer Program -- (Microsoft Corporation)
"C:\Program Files (x86)\GlobalSCAPE\CuteFTP 8 Professional\ftpte.exe" = C:\Program Files (x86)\GlobalSCAPE\CuteFTP 8 Professional\ftpte.exe:*:Enabled:FTP Transfer Engine -- (GlobalSCAPE, Inc.)
"C:\Program Files (x86)\DNA\btdna.exe" = C:\Program Files (x86)\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.)
"C:\Program Files (x86)\BitTorrent\bittorrent.exe" = C:\Program Files (x86)\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
"C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe" = C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe:*:Enabled:Adobe Version Cue CS4 Server -- (Adobe Systems Incorporated)
"C:\Program Files\Autodesk\3ds Max 2009\3dsmax.exe" = C:\Program Files\Autodesk\3ds Max 2009\3dsmax.exe:*:Enabled:Autodesk 3ds Max 2009 64-bit -- (Autodesk, Inc.)
"C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" = C:\Program Files (x86)\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager -- File not found
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" = C:\Program Files (x86)\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Documents and Settings\Administrator\Desktop\Keygen.YouTube.Robot.exe" = C:\Documents and Settings\Administrator\Desktop\Keygen.YouTube.Robot.exe:*:Disabled:Keygen.YouTube.Robot -- File not found
"C:\WINDOWS\SysWOW64\PnkBstrA.exe" = C:\WINDOWS\SysWOW64\PnkBstrA.exe:*:Enabled:PnkBstrA -- ()
"C:\WINDOWS\SysWOW64\PnkBstrB.exe" = C:\WINDOWS\SysWOW64\PnkBstrB.exe:*:Enabled:PnkBstrB -- ()
"C:\Program Files (x86)\Pinnacle\Studio 14\Programs\RM.exe" = C:\Program Files (x86)\Pinnacle\Studio 14\Programs\RM.exe:*:Enabled:Render Manager -- (Pinnacle Systems)
"C:\Program Files (x86)\Pinnacle\Studio 14\Programs\Studio.exe" = C:\Program Files (x86)\Pinnacle\Studio 14\Programs\Studio.exe:*:Enabled:Studio -- (Pinnacle Systems)
"C:\Program Files (x86)\Pinnacle\Studio 14\Programs\umi.exe" = C:\Program Files (x86)\Pinnacle\Studio 14\Programs\umi.exe:*:Enabled:umi -- (Pinnacle Systems)
"C:\Documents and Settings\Administrator\Application Data\mjusbsp\magicJack.exe" = C:\Documents and Settings\Administrator\Application Data\mjusbsp\magicJack.exe:*:Enabled:magicJack -- (magicJack L.P.)
"C:\Program Files (x86)\AVG\AVG9\avgupd.exe" = C:\Program Files (x86)\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files (x86)\AVG\AVG9\avgnsa.exe" = C:\Program Files (x86)\AVG\AVG9\avgnsa.exe:*:Enabled:avgnsa.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files (x86)\Winamp Remote\bin\Orb.exe" = C:\Program Files (x86)\Winamp Remote\bin\Orb.exe:*:Enabled:Orb -- (Orb Networks, Inc.)
"C:\Program Files (x86)\Winamp Remote\bin\OrbTray.exe" = C:\Program Files (x86)\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray -- (Orb Networks)
"C:\Program Files (x86)\Winamp Remote\bin\OrbStreamerClient.exe" = C:\Program Files (x86)\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client -- (Orb Networks)
"C:\Program Files (x86)\TVersity\Media Server\MediaServer.exe" = C:\Program Files (x86)\TVersity\Media Server\MediaServer.exe:*:Enabled:TVersity Media Server -- ()
"C:\Program Files (x86)\Real\RealPlayer\realplay.exe" = C:\Program Files (x86)\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files (x86)\InterVideo\DVD8\WinDVD.exe" = C:\Program Files (x86)\InterVideo\DVD8\WinDVD.exe:*:Enabled:WinDVD -- (InterVideo Inc.)
"C:\Program Files (x86)\MediaMall\MediaMallServer.exe" = C:\Program Files (x86)\MediaMall\MediaMallServer.exe:*:Enabled:MediaMall Server -- (MediaMall Technologies, Inc.)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- File not found
"C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe" = C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:*:Enabled:Adobe Version Cue CS3 Server -- (Adobe Systems Incorporated)
"C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files (x86)\Common Files\AOL\Loader\aolload.exe" = C:\Program Files (x86)\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files (x86)\AIM6\aim6.exe" = C:\Program Files (x86)\AIM6\aim6.exe:*:Enabled:AIM -- (AOL LLC)
"C:\Program Files (x86)\Vuze\Azureus.exe" = C:\Program Files (x86)\Vuze\Azureus.exe:*:Enabled:Azureus -- (Azureus Inc)
"C:\Program Files (x86)\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe" = C:\Program Files (x86)\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:*:Enabled:Crysis_32 -- (Crytek GmbH)
"C:\Program Files (x86)\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe" = C:\Program Files (x86)\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32 -- (Crytek GmbH)
"C:\Program Files (x86)\Electronic Arts\Crytek\Crysis\Bin64\Crysis.exe" = C:\Program Files (x86)\Electronic Arts\Crytek\Crysis\Bin64\Crysis.exe:*:Enabled:Crysis_64 -- (Sony DADC Austria AG)
"C:\Program Files (x86)\Electronic Arts\Crytek\Crysis\Bin64\CrysisDedicatedServer.exe" = C:\Program Files (x86)\Electronic Arts\Crytek\Crysis\Bin64\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_64 -- (Crytek GmbH)
"C:\WINDOWS\SysWOW64\ftp.exe" = C:\WINDOWS\SysWOW64\ftp.exe:*:Enabled:File Transfer Program -- (Microsoft Corporation)
"C:\Program Files (x86)\GlobalSCAPE\CuteFTP 8 Professional\ftpte.exe" = C:\Program Files (x86)\GlobalSCAPE\CuteFTP 8 Professional\ftpte.exe:*:Enabled:FTP Transfer Engine -- (GlobalSCAPE, Inc.)
"C:\Program Files (x86)\DNA\btdna.exe" = C:\Program Files (x86)\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.)
"C:\Program Files (x86)\BitTorrent\bittorrent.exe" = C:\Program Files (x86)\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
"C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe" = C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe:*:Enabled:Adobe Version Cue CS4 Server -- (Adobe Systems Incorporated)
"C:\Program Files\Autodesk\3ds Max 2009\3dsmax.exe" = C:\Program Files\Autodesk\3ds Max 2009\3dsmax.exe:*:Enabled:Autodesk 3ds Max 2009 64-bit -- (Autodesk, Inc.)
"C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" = C:\Program Files (x86)\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager -- File not found
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" = C:\Program Files (x86)\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Documents and Settings\Administrator\Desktop\Keygen.YouTube.Robot.exe" = C:\Documents and Settings\Administrator\Desktop\Keygen.YouTube.Robot.exe:*:Disabled:Keygen.YouTube.Robot -- File not found
"C:\WINDOWS\SysWOW64\PnkBstrA.exe" = C:\WINDOWS\SysWOW64\PnkBstrA.exe:*:Enabled:PnkBstrA -- ()
"C:\WINDOWS\SysWOW64\PnkBstrB.exe" = C:\WINDOWS\SysWOW64\PnkBstrB.exe:*:Enabled:PnkBstrB -- ()
"C:\Program Files (x86)\Pinnacle\Studio 14\Programs\RM.exe" = C:\Program Files (x86)\Pinnacle\Studio 14\Programs\RM.exe:*:Enabled:Render Manager -- (Pinnacle Systems)
"C:\Program Files (x86)\Pinnacle\Studio 14\Programs\Studio.exe" = C:\Program Files (x86)\Pinnacle\Studio 14\Programs\Studio.exe:*:Enabled:Studio -- (Pinnacle Systems)
"C:\Program Files (x86)\Pinnacle\Studio 14\Programs\umi.exe" = C:\Program Files (x86)\Pinnacle\Studio 14\Programs\umi.exe:*:Enabled:umi -- (Pinnacle Systems)
"C:\Documents and Settings\Administrator\Application Data\mjusbsp\magicJack.exe" = C:\Documents and Settings\Administrator\Application Data\mjusbsp\magicJack.exe:*:Enabled:magicJack -- (magicJack L.P.)
"C:\Program Files (x86)\AVG\AVG9\avgupd.exe" = C:\Program Files (x86)\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files (x86)\AVG\AVG9\avgnsa.exe" = C:\Program Files (x86)\AVG\AVG9\avgnsa.exe:*:Enabled:avgnsa.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files (x86)\Winamp Remote\bin\Orb.exe" = C:\Program Files (x86)\Winamp Remote\bin\Orb.exe:*:Enabled:Orb -- (Orb Networks, Inc.)
"C:\Program Files (x86)\Winamp Remote\bin\OrbTray.exe" = C:\Program Files (x86)\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray -- (Orb Networks)
"C:\Program Files (x86)\Winamp Remote\bin\OrbStreamerClient.exe" = C:\Program Files (x86)\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client -- (Orb Networks)
"C:\Program Files (x86)\TVersity\Media Server\MediaServer.exe" = C:\Program Files (x86)\TVersity\Media Server\MediaServer.exe:*:Enabled:TVersity Media Server -- ()
"C:\Program Files (x86)\Real\RealPlayer\realplay.exe" = C:\Program Files (x86)\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files (x86)\InterVideo\DVD8\WinDVD.exe" = C:\Program Files (x86)\InterVideo\DVD8\WinDVD.exe:*:Enabled:WinDVD -- (InterVideo Inc.)
"C:\Program Files (x86)\MediaMall\MediaMallServer.exe" = C:\Program Files (x86)\MediaMall\MediaMallServer.exe:*:Enabled:MediaMall Server -- (MediaMall Technologies, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP620_series" = Canon MP620 series MP Drivers
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{47E5588F-C3A0-11DE-9857-005056C00008}" = Paragon Partition Manager™ 2010 Free Edition
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
"{6DE721A5-5E89-4D74-994C-652BB3C0672E}" = Pinnacle Video Driver
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{857A474F-2485-BC1B-168C-BD396012C30E}" = ATI Catalyst Install Manager
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{A9513BBC-73B4-4856-BF83-0166523ABF09}" = 64 Bit HP CIO Components Installer
"{AD483998-2E9A-4405-83FF-6E503AF49CBB}" = Microsoft Virtual PC 2007 SP1
"{AF2CB1FE-FD46-4D85-8C63-5C46E825E177}" = Logitech QuickCam
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BF071B7B-3640-2300-FDB2-7302D5D44EE4}" = ccc-utility64
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB6508F6-EC50-4829-A2C6-02990EFF0059}" = Windows Media Encoder 9 Series x64 Edition
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D10AB8DE-0ED1-4152-A247-FB89CF1435D5}" = HP Deskjet D2500 Printer Driver Software 11.0 Rel .3
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"{EC2280DF-BBAF-0409-9359-BCCD15545FFB}" = Autodesk 3ds Max 2009 64-bit
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F7855754-13F5-426B-B090-5875FAFF1B20}" = Windows Presentation Foundation x64
"3D Photo Browser (x64 bits)" = 3D Photo Browser 10.03
"FBX Plugin 2009.0 for Max 2009 64" = FBX Plugin 2009.0 for Max 2009 64
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"LameACM" = Lame ACM MP3 Codec
"lvdrivers_11.50" = Logitech QuickCam Driver Package
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows x64
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Video Cleaner Pro" = River Past Video Cleaner Pro
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WETCable" = Windows Easy Transfer
"WIC" = Windows Imaging Component
"Windows Media Encoder 9" = Windows Media Encoder 9 Series x64 Edition
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"winusb0100" = Microsoft WinUsb 1.0
"WMFDist11-64" = Windows Media Format 11 runtime
"WMFDist64" = Windows Media Format 9.5 Runtime x64 Edition
"wmp11-64" = Windows Media Player 11
"WMSTypeLib64" = Windows Media Services Typelib Redist
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"ZMBV" = Zip Motion Block Video codec (Remove Only)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis®
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{004685F7-9FB6-4789-812F-59ABB34A55AF}" = Adobe Setup
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{021C4C4F-C93C-4425-BFFD-C2D16776BFAE}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{0327FA9D-975C-448C-A086-577D57BB25B8}" = Adobe Soundbooth CS3 Codecs
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0B561CF4-0C7D-4745-AF53-161E24E44F87}" = Adobe CS4 Italian Speech Analysis Models
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0E2B767B-EA6A-489B-BF83-8083FE1DB661}" = Pcsx2 0.9.6
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{14F70205-1940-4000-88C7-BE799A6B2CAD}" = Adobe Soundbooth CS4
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}" = Adobe After Effects CS3 Presets
"{195E0ABA-2B19-DD75-3ACD-11C6C3586C15}" = ccc-core-static
"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
"{1D273D91-D7D5-4036-8B84-EB4615FF5F81}" = SmartSound Sonicfire Pro 5
"{1D58229F-C505-45CA-8223-F35F3A34B963}" = Adobe Version Cue CS3 Server {ko_KR}
"{1E35B0A3-B93D-6D60-000D-0A95ABFB0029}" = Catalyst Control Center HydraVision Full
"{1FD653A8-9CFA-4392-B89C-CCDB114DE442}" = Adobe CS4 Spanish Speech Analysis Models
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
"{23F79416-CAD1-41BF-99A3-040F6C814AAA}" = NVIDIA Photoshop Plug-ins
"{2487D1AE-A0E0-CFFB-E7EA-D3475174FDC0}" = Catalyst Control Center InstallProxy
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{24EBAFD3-966D-2050-7167-A5DA8F2D5A03}" = Catalyst Control Center Graphics Full New
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 11
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
"{29B4772D-59E6-EE4E-C81E-6BFF9F82A12B}" = Catalyst Control Center Localization All
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2CB88C56-1329-A9CC-C9AA-C8EC4E0C1D26}" = Catalyst Control Center Graphics Previews Common
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{4458C442-7376-4CF9-AF58-E8CEA6722363}" = Adobe Setup
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{485ACF57-F364-440A-8496-E1E81C8FA1AA}" = Adobe Premiere Pro CS3 Third Party Content
"{48E9A4FB-17C6-4B14-BC9D-D83AF2A4059A}" = Adobe CS4 Korean Speech Analysis Models
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4945DFA0-BFC4-0257-047A-F0021B27B50A}" = CCC Help German
"{4DDC3BED-CC68-44AA-B435-D727B620CA5B}" = Linksys Wireless-G PCI Adapter
"{4EAF566E-1712-433C-A1C2-7517845107CC}" = DVD Architect Pro 5.0
"{4ED7D297-58F7-45C3-A9BA-A7CD6FA0D373}_is1" = SureThing CD Labeler Deluxe 5
"{4F213D2A-B942-4611-AEE5-49F9D42D0A2F}" = Adobe CS4 International English Speech Analysis Models
"{4FB0015C-CF46-40AD-A493-856A115AED45}" = Catalyst Control Center Core Implementation
"{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}" = Adobe Premiere Pro CS3 Functional Content
"{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}" = InterVideo DeviceService
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{53A19323-917A-4822-B27E-A57D1EF6E9FC}" = H&R Block Deluxe + Efile + State 2009
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{54B2EAD9-A110-43F7-B010-2859A1BD2AFE}" = Adobe Encore CS3
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{556EEE74-6788-4292-8252-8B17E2C7952A}" = Photosynth 2.0.1403.12
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}" = Adobe Premiere Pro CS3
"{5DA6F06A-B389-407B-BF8C-1548767914D8}" = ATI Problem Report Wizard
"{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}" = GameSpy Comrade
"{5FCCD531-1B38-4A94-924C-127F722F1033}" = Nero 8
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{617FB6CE-81C7-908F-4873-D340ED9750CD}" = CCC Help Italian
"{61933A31-A387-4D74-B319-9A15306471C3}" = MainConcept MPEG Pro 4.0
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63DAD698-7FB0-4094-BDD5-342AB1763D11}" = Crysis® Tournament Map Pack
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{64887FC8-F0AD-42B5-B052-3E52D64CA4B3}" = Visual Communicator Bin Files
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{65734AEC-7CCC-44E4-BB1A-3A3258DED50A}" = PlayOn
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FB248E-690D-434F-94A7-248D5F1ECD70}" = AMD OverDrive
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A731356-4835-4C6A-B83B-E402191665F8}" = SkinStudio
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6EC0BE33-4BDF-419B-AFC3-40E06BCEA536}" = Coby Media Manager
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{70E3A868-C269-4E6D-B225-862AADF7D0AF}" = Adobe Creative Suite 4 Production Premium
"{71F6DF7D-B639-4FAD-BA93-E6DF267AA44D}" = DesignPro 5.4 Limited Edition
"{7236B969-6A18-42DD-ADE4-BBA2604F34C8}" = DJ_SF_03_D2500_Software_Min
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7353BAE6-5E49-46C4-A9B5-8A269A313789}" = Crysis WARHEAD®
"{7406DF60-016D-476B-A2C7-55D997592047}" = Adobe OnLocation CS4
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
"{7ACFB90E-8FD0-4397-AD3A-5195412623A3}" = Adobe Help Viewer CS3
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7BB40A22-8D98-43F9-A08A-E7EFF5AB1324}" = Camtasia Studio 5
"{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3
"{7C9AD221-994C-45B2-B46D-26F5735158CF}" = Sony Vegas Pro 8.0
"{7DFC1012-D346-46CE-B03E-FF79125AE029}" = Adobe Fireworks CS3
"{7E4B7FD9-4ECE-4298-A910-3160B7918059}" = CryEngine®2 Sandbox™2
"{7ECEF10B-F1C2-4FD5-861F-A3FCB4653304}" = Adobe After Effects CS3 Third Party Content
"{7F8D4C4E-EC31-4B5A-9DB6-1D74AD1209DA}" = Visual Communicator Studio
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{84BBFA13-C40E-4287-85EF-E8B1034451AA}" = Windows Media Encoder 9 Series SDK
"{8718DC03-D066-4957-94E5-50C3C5042E8E}" = Adobe Creative Suite 3 Master Collection
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{87791AF4-4D4C-43DC-97BF-05EEEE5187F2}" = e-Sword
"{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}" = ATI AVIVO Codecs
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{8DE910B1-26CB-72D5-B254-8AC604459F61}" = CCC Help French
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Ralink RT2860 Wireless LAN Card
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_PROPLUS_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{91F34319-08DE-457a-99C0-0BCDFAC145B9}" = CuteFTP 8 Professional
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{9455959E-D588-EFAE-329C-F66CC797F32A}" = Adobe Media Player
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}" = AGEIA PhysX v7.11.13
"{95FCBE85-EF01-B471-394C-F29003AB1253}" = Catalyst Control Center Graphics Full Existing
"{99DE0D86-DE12-F889-F35D-6CBACA2FC32A}" = CCC Help Spanish
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A7C4EAC-6E38-42E3-85AA-408874A803DE}" = Adobe CS4 German Speech Analysis Models
"{9AACCD0F-2734-4E8C-8C24-2702D4506E93}" = Adobe CS4 French Speech Analysis Models
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9FE52820-ED39-43FA-93E8-E77191A0A3CD}_is1" = Wii Game Studio v1.0
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A502A400-0CEF-42E6-BC7B-39B249703CFC}" = MainConcept DV Codec
"{A67BB21E-D419-45BB-AB86-7D87D14BBCE2}" = Safari
"{A6B23EFA-6590-482C-A11F-5ACE1B91F5B9}" = Adobe Soundbooth CS3
"{AADD1C8F-D59F-4D55-A726-768C71A205A8}" = Pinnacle Studio 14
"{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional
"{AD3891EA-5731-4AEA-8B9D-D9AE5F92542A}" = HP Print Diagnostic Utility
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B095B0A4-50A5-46D7-9988-D038FEB040C0}" = Adobe Encore CS4 Library
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
"{B27901FA-F157-4049-B1EC-BC43890A1DCC}" = Active@ File Recovery
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2C45229-65A0-4738-B9CB-C5A41634FBB1}" = 2d3 SteadyMove for Adobe Premiere Pro 2.0
"{B35FDD04-48FD-4D3D-B0EB-088C5137CD42}" = Adobe CS4 Japanese Speech Analysis Models
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B7351D5A-0895-F6E1-1841-B38D4AEF158E}" = Catalyst Control Center Graphics Light
"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3
"{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"{B8B7A4D8-80E1-4DAE-BD33-7FD535BA3931}" = Adobe Encore CS3 Codecs
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = The Sims™ 3 World Adventures
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C43E4B9C-14C8-4EB0-998B-85211B6EDD61}" = Seagate DiscWizard
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{C78F108A-91AE-454D-9895-3FC7FF75D35A}" = SmartSound Quicktracks for Premiere
"{C8192E26-0615-809D-5621-638221E617CE}" = CCC Help English
"{C84D19CE-FA3B-4CA0-A75C-16AB49927BAD}" = Sony Sound Forge Audio Studio 9.0
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{CA842D69-22DB-456E-95C7-A5C92593C7C4}" = Adobe Setup
"{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3
"{CC4A73BF-938E-4C19-A553-853C035C9BA1}" = LightScribe System Software 1.10.13.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
"{D5A9DA4B-E4F9-FB49-017D-769FC540F1F0}" = EA Download Manager UI
"{D5CC4DB1-A066-4220-B168-24A0BBDE676B}" = H&R Block Colorado 2009
"{D5F59BE9-3355-8B31-62F9-DAF044436EB3}" = CCC Help Portuguese
"{D6044256-A309-43B5-9833-D3FAFE2AD24D}" = MagicTune Premium
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{DDBC8703-AA18-491F-97BE-98D4543A901B}" = PCsync
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E907A385-B00D-4D03-8B16-B64F10938CE6}" = Adobe Ultra CS3
"{E96B0085-6659-486b-A221-5042A042728D}" = Toolbox
"{EA0B63C1-E579-43DD-A5F7-0DA5E9092554}" = CryEngine®2 Sandbox™2
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EB0202F7-016A-410C-ADE4-40F848CCC661}" = Adobe After Effects CS3
"{ED5C391D-6A2B-4067-899F-B14DB8B4C0F5}" = ccc-core-preinstall
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F5C372A1-40F3-49DA-A049-F75CDE9177DC}" = Pinnacle Studio Ultimate Collection Plugins
"{F600CCF3-9C88-4A22-B0B4-DDA82E997118}" = Adobe After Effects CS4 Template Projects & Footage
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FAB1F336-1B7C-4057-A7BC-2922CD82A781}" = Ralink Wireless LAN
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FC2C7405-BC58-4E11-8F51-29671BEAC06B}" = Natural Color Pro
"{FC9E08AA-CD59-4C59-BEF9-87E05B9E37D7}" = Adobe Contribute CS3
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FD6EE1AB-79FB-4AEC-87F4-0369D59F3A9A}" = BresnanClientSetup
"3D Object Converter for Windows 4.40" = 3D Object Converter for Windows 4.40
"Academy of Magic" = GameHouse Games Collection: Academy of Magic
"Adobe Acrobat 8 Professional" = Adobe Acrobat 8.2.2 Professional
"Adobe Acrobat 8 Professional_822" = Adobe Acrobat 8.2.2 - CPSID_53952
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_3675c95c239b992d5d0ee8fce969b9e" = Adobe After Effects CS3 Third Party Content
"Adobe_36ac9dc8c9a94feb9e5886810012e78" = Adobe Creative Suite 4 Production Premium
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_4dcfd9b7e901b57f81f667144603236" = Add or Remove Adobe Creative Suite 3 Master Collection
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Advanced Batch Converter" = Advanced Batch Converter
"Adventure Inlay" = GameHouse Games Collection: Adventure Inlay
"Adventure Inlay - Safari Edition" = GameHouse Games Collection: Adventure Inlay - Safari Edition
"AIM Toolbar" = AIM Toolbar
"AIM_6" = AIM 6
"Air Strike 3D" = GameHouse Games Collection: Air Strike 3D
"Alarm_is1" = Alarm 2.0.4
"Alien Sky" = GameHouse Games Collection: Alien Sky
"Aloha Solitaire" = GameHouse Games Collection: Aloha Solitaire
"Aloha TriPeaks" = GameHouse Games Collection: Aloha TriPeaks
"amd dragon platform technology" = amd dragon platform technology Screen Saver
"AnalogX Vocal Remover" = AnalogX Vocal Remover
"Ancient Tri-Jong" = GameHouse Games Collection: Ancient Tri-Jong
"Ancient Tripeaks" = GameHouse Games Collection: Ancient Tripeaks
"Ask Toolbar_is1" = Foxit Toolbar
"Astrobatics" = GameHouse Games Collection: Astrobatics
"ATITool" = ATITool Overclocking Utility
"Atlantis" = GameHouse Games Collection: Atlantis
"Atomaders" = GameHouse Games Collection: Atomaders
"AVG9Uninstall" = AVG Free 9.0
"AviSynth" = AviSynth 2.5
"Bejeweled 2" = GameHouse Games Collection: Bejeweled 2
"Bewitched" = GameHouse Games Collection: Bewitched
"BFGC" = Big Fish Games Client
"BFG-Virtual Villagers - The Lost Children" = Virtual Villagers: The Lost Children
"Big Kahuna Reef" = GameHouse Games Collection: Big Kahuna Reef
"Boggle Supreme" = GameHouse Games Collection: Boggle Supreme
"Bounce Out Blitz" = GameHouse Games Collection: Bounce Out Blitz
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"Casino Island To Go" = GameHouse Games Collection: Casino Island To Go
"cfhd" = CineForm HD CODEC
"Chainz" = GameHouse Games Collection: Chainz
"Chainz 2: Relinked" = GameHouse Games Collection: Chainz 2 - Relinked
"Charm Solitaire" = GameHouse Games Collection: Charm Solitaire
"Charm Tale" = GameHouse Games Collection: Charm Tale
"Chicktionary" = GameHouse Games Collection: Chicktionary
"Chuzzle Deluxe" = GameHouse Games Collection: Chuzzle Deluxe
"Cinema Craft Encoder Basic" = Cinema Craft Encoder Basic
"Cinema Craft Encoder Basic for Adobe Premiere" = Cinema Craft Encoder Basic for Adobe Premiere
"Click'N Design 3D (V5)" = Click'N Design 3D (V5)
"CoffeeCup HTML Editor 2008" = CoffeeCup HTML Editor 2008
"Collapse! Crunch" = GameHouse Games Collection: Collapse! Crunch
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"Combo Chaos!" = GameHouse Games Collection: Combo Chaos!
"Crysis WARHEAD®" = Crysis WARHEAD®
"Crystal Path" = GameHouse Games Collection: Crystal Path
"Cubis Gold 2" = GameHouse Games Collection: Cubis Gold 2
"DebugMode FrameServer" = DebugMode FrameServer
"devkitProUpdater" = devkitProUpdater 1.5.0
"Digby's Donuts" = GameHouse Games Collection: Digby's Donuts
"Digital Video Repair" = Digital Video Repair 1.0
"Diner Dash" = GameHouse Games Collection: Diner Dash
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"E.M. PowerPoint Video Converter_is1" = E.M. PowerPoint Video Converter 2.20
"EA Download Manager" = EA Download Manager
"EditPad Lite" = Just Great Software EditPad Lite 6.4.3
"Elecard Converter Studio AVC HD Edition 3.3.90909 Demo" = Elecard Converter Studio AVC HD Edition Demo
"EOS Utility" = Canon Utilities EOS Utility
"Evochron" = Evochron
"Evochron Legends_is1" = Evochron Legends
"Evochron Renegades" = Evochron Renegades
"Feeding Frenzy" = GameHouse Games Collection: Feeding Frenzy
"ffdshow_is1" = ffdshow [rev 1723] [2007-12-24]
"Fiber Twig" = GameHouse Games Collection: Fiber Twig
"File Renamer - Basic" = File Renamer - Basic
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition
"Five Card Deluxe" = GameHouse Games Collection: Five Card Deluxe
"Flip Words" = GameHouse Games Collection: Flip Words
"Flying Leo" = GameHouse Games Collection: Flying Leo
"FontPage_is1" = FontPage 3.0.2
"Fortune Tiles Gold" = GameHouse Games Collection: Fortune Tiles Gold
"Foxit Reader" = Foxit Reader
"Fraps" = Fraps
"Fresco Wizard" = GameHouse Games Collection: Fresco Wizard
"Future Pinball_is1" = Future Pinball
"GameEx_is1" = GameEx 10.17
"GameHouse Sudoku" = GameHouse Games Collection: GameHouse Sudoku
"Gearz" = GameHouse Games Collection: Gearz
"Granny in Paradise" = GameHouse Games Collection: Granny in Paradise
"Graphic Converter 2003" = Graphic Converter 2003
"Graphics Converter Pro v6.9x" = Graphics Converter Pro v6.9x
"Gutterball" = GameHouse Games Collection: Gutterball
"Gutterball 2" = GameHouse Games Collection: Gutterball 2
"Hamsterball" = GameHouse Games Collection: Hamsterball
"HandyAvi_is1" = HandyAvi 4.3
"Hello!" = GameHouse Games Collection: Hello!
"Holiday Express" = GameHouse Games Collection: Holiday Express
"Iggle Pop!" = GameHouse Games Collection: Iggle Pop!
"ImgBurn" = ImgBurn
"Incadia" = GameHouse Games Collection: Incadia
"Incredible Ink" = GameHouse Games Collection: Incredible Ink
"Insaniquarium Deluxe" = GameHouse Games Collection: Insaniquarium Deluxe
"Inspector Parker" = GameHouse Games Collection: Inspector Parker
"InstallShield_{1D273D91-D7D5-4036-8B84-EB4615FF5F81}" = SmartSound Sonicfire Pro 5
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"InstallShield_{61933A31-A387-4D74-B319-9A15306471C3}" = MainConcept MPEG Pro 4.0
"InstallShield_{71F6DF7D-B639-4FAD-BA93-E6DF267AA44D}" = DesignPro 5.4 Limited Edition
"InstallShield_{A502A400-0CEF-42E6-BC7B-39B249703CFC}" = MainConcept DV Codec
"InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"InstallShield_{C78F108A-91AE-454D-9895-3FC7FF75D35A}" = SmartSound Quicktracks for Premiere
"InstallShield_{E907A385-B00D-4D03-8B16-B64F10938CE6}" = Adobe Ultra CS3
"Invadazoid" = GameHouse Games Collection: Invadazoid
"IrfanView" = IrfanView (remove only)
"Jewel Quest" = GameHouse Games Collection: Jewel Quest
"Joboshare DVD Ripper Platinum" = Joboshare DVD Ripper Platinum
"Karaoke-DX" = Karaoke for DirectX (remove only)
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.1.7 (Standard)
"Knoll Light Factory EZ Studio" = Knoll Light Factory EZ Studio
"Lemonade Tycoon" = GameHouse Games Collection: Lemonade Tycoon
"Luxor" = GameHouse Games Collection: Luxor
"Mad Caps" = GameHouse Games Collection: Mad Caps
"Magic Ball 2" = GameHouse Games Collection: Magic Ball 2
"Magic Ball 2 - New Worlds" = GameHouse Games Collection: Magic Ball 2 - New Worlds
"Magic Ball Deluxe" = GameHouse Games Collection: Magic Ball
"Magic Bullet Editors 2.0 Vegas" = Magic Bullet Editors 2.0 Vegas
"Magic Bullet Looks Studio" = Magic Bullet Looks Studio
"Magic DVD Copier_is1" = Magic DVD Copier Version 4.9.3
"Magic Inlay" = GameHouse Games Collection: Magic Inlay
"Magic Vines" = GameHouse Games Collection: Magic Vines
"MAGIX 3D Maker D" = MAGIX 3D Maker (embeded)
"MAGIX Screenshare D" = MAGIX Screenshare 4.3.6.1987 (D)
"MAGIX Video Pro X D" = MAGIX Video Pro X 8.0.0.78 (D)
"MAGIX Xtreme Foto Designer 6 D" = MAGIX Xtreme Foto Designer 6 6.0.25.0 (D)
"Mah Jong Adventures" = GameHouse Games Collection: Mah Jong Adventures
"Mah Jong Medley" = GameHouse Games Collection: Mah Jong Medley
"Mah Jong Quest" = GameHouse Games Collection: Mah Jong Quest
"Mahjong Garden To Go" = GameHouse Games Collection: Mahjong Garden To Go
"Mahjong Towers Eternity" = GameHouse Games Collection: Mahjong Towers Eternity
"MainConcept MPEG Pro HD" = MainConcept MPEG Pro HD
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Maui Wowee" = GameHouse Games Collection: Maui Wowee
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MWSnap 3" = MWSnap 3
"NewsLeecher_is1" = NewsLeecher v3.9 Beta 8
"Noise Reduction Plug-In 2.0" = Sonic Foundry Noise Reduction Plug-In 2.0a
"OpenAL" = OpenAL
"Orb" = Winamp Remote
"PC Tools Disk Suite_is1" = PC Tools Disk Suite 1.0
"Phlinx To Go" = GameHouse Games Collection: Phlinx To Go
"Pin High Country Club Golf" = GameHouse Games Collection: Pin High Country Club Golf
"Pizza Frenzy" = GameHouse Games Collection: Pizza Frenzy
"Platypus" = GameHouse Games Collection: Platypus
"PluginPac" = DebugMode PluginPac (remove only)
"Poker Superstars" = GameHouse Games Collection: Poker Superstars
"PowerISO" = PowerISO
"Premiere AVS Plugin" = PremiereAVSPlugin 1.91
"PROPLUS" = Microsoft Office Professional Plus 2007
"PunkBusterSvc" = PunkBuster Services
"Puzzle Express" = GameHouse Games Collection: Puzzle Express
"Puzzle Inlay" = GameHouse Games Collection: Puzzle Inlay
"Puzzle Solitaire" = GameHouse Games Collection: Puzzle Solitaire
"QBz" = GameHouse Games Collection: QBz
"quick3D 3.0 Viewer_is1" = quick3D 3.0 Viewer
"quick3D Viewer [shareware] 1" = quick3D Viewer [shareware]
"QuickPar" = QuickPar 0.9
"Radio365 2.1" = Radio365 2.1
"RAR Password Cracker" = RAR Password Cracker 4.12
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"Reader's Digest Super Word Power" = GameHouse Games Collection: Reader's Digest Super Word Power
"RealPlayer 12.0" = RealPlayer
"Red Giant ToonIt Studio" = Red Giant ToonIt Studio
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"Revo Uninstaller" = Revo Uninstaller 1.83
"Ricochet" = GameHouse Games Collection: Ricochet
"Ricochet Lost Worlds" = GameHouse Games Collection: Ricochet Lost Worlds
"Ricochet Lost Worlds: Recharged" = GameHouse Games Collection: Ricochet Lost Worlds - Recharged
"RivaTuner" = RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
"Roller Rush" = GameHouse Games Collection: Roller Rush
"Saints & Sinners Bingo" = GameHouse Games Collection: Saints & Sinners Bingo
"SCRABBLE" = GameHouse Games Collection: SCRABBLE
"Shape Shifter" = GameHouse Games Collection: Shape Shifter
"SkinStudio" = SkinStudio
"Slingo Deluxe" = GameHouse Games Collection: Slingo Deluxe
"Smart Data Recovery_is1" = Smart Data Recovery v4.1
"SMPlayer_is1" = SMPlayer 0.6.6
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SpeedFan" = SpeedFan (remove only)
"Spelvin" = GameHouse Games Collection: Spelvin
"Splash" = GameHouse Games Collection: Splash
"Spring Sprang Sprung" = GameHouse Games Collection: Spring Sprang Sprung
"StartMenuLSTRemover" = StartMenuLSTRemover
"SUPER ©" = SUPER © Version 2010.bld.37 (Jan 2, 2010)
"Super 5-Line Slots" = GameHouse Games Collection: Super 5-Line Slots
"Super Blackjack!" = GameHouse Games Collection: Super Blackjack!
"Super Bounce Out!" = GameHouse Games Collection: Super Bounce Out!
"Super Candy Cruncher" = GameHouse Games Collection: Super Candy Cruncher
"Super Collapse!" = GameHouse Games Collection: Super Collapse!
"Super Collapse! II" = GameHouse Games Collection: Super Collapse! II
"Super Collapse! II Platinum" = GameHouse Games Collection: Super Collapse! II Platinum
"Super Fruit Frolic" = GameHouse Games Collection: Super Fruit Frolic
"Super GameHouse Solitaire Vol. 1" = GameHouse Games Collection: Super GameHouse Solitaire Vol. 1
"Super GameHouse Solitaire Vol. 2" = GameHouse Games Collection: Super GameHouse Solitaire Vol. 2
"Super GameHouse Solitaire Vol. 3" = GameHouse Games Collection: Super GameHouse Solitaire Vol. 3
"Super Gem Drop" = GameHouse Games Collection: Super Gem Drop
"Super Glinx!" = GameHouse Games Collection: Super Glinx!
"Super Letter Linker" = GameHouse Games Collection: Super Letter Linker
"Super Mah Jong Solitaire" = GameHouse Games Collection: Super Mah Jong Solitaire
"Super Nisqually" = GameHouse Games Collection: Super Nisqually
"Super PileUp!" = GameHouse Games Collection: Super PileUp!
"Super Pool" = GameHouse Games Collection: Super Pool
"Super Pop & Drop!" = GameHouse Games Collection: Super Pop & Drop!
"Super Rumble Cube" = GameHouse Games Collection: Super Rumble Cube
"Super SpongeBob Collapse!" = GameHouse Games Collection: Super SpongeBob Collapse!
"Super TextTwist" = GameHouse Games Collection: Super TextTwist
"Super WHATword" = GameHouse Games Collection: Super WHATword
"Super Wild Wild Words" = GameHouse Games Collection: Super Wild Wild Words
"SuperResolution plugin_is1" = SuperResolution plugin 1.0.2
"SystemRequirementsLab" = System Requirements Lab
"Tap a Jam" = GameHouse Games Collection: Tap a Jam
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"Ten Pin Championship Bowling Pro" = GameHouse Games Collection: Ten Pin Championship Bowling Pro
"Tennis Titans" = GameHouse Games Collection: Tennis Titans
"Tradewinds 2" = GameHouse Games Collection: Tradewinds 2
"Trapcode 3DStroke Studio" = Trapcode 3DStroke Studio
"Trapcode Particular Studio" = Trapcode Particular Studio
"Trapcode Shine Studio" = Trapcode Shine Studio
"Trivia Machine" = GameHouse Games Collection: Trivia Machine
"Tropical Swaps" = GameHouse Games Collection: Tropical Swaps
"TS3 Install Helper Monkey" = TS3 Install Helper Monkey
"Tumblebugs" = GameHouse Games Collection: Tumblebugs
"Turtle Bay" = GameHouse Games Collection: Turtle Bay
"TVersity Codec Pack" = TVersity Codec Pack 1.2
"TVersity Media Server" = TVersity Media Server 1.8 Beta
"Twistingo" = GameHouse Games Collection: Twistingo
"Ultimate Dominoes" = GameHouse Games Collection: Ultimate Dominoes
"UltimateDefrag 2008" = UltimateDefrag 2008
"Varmintz Deluxe" = GameHouse Games Collection: Varmintz Deluxe
"Video Card Stability Test" = Video Card Stability Test
"ViewpointMediaPlayer" = Viewpoint Media Player
"VirtualCloneDrive" = VirtualCloneDrive
"Visual Pinball" = Visual Pinball VPInstaller 1.0.3
"VLC media player" = VLC media player 0.9.9
"Vuze" = Vuze
"Walls of Jericho, The" = GameHouse Games Collection: Walls of Jericho, The
"Walmart MP3 Music Downloads" = Walmart MP3 Music Downloads
"Wheel of Fortune" = GameHouse Games Collection: Wheel of Fortune
"Winamp" = Winamp
"Winamp Toolbar" = Winamp Toolbar
"WindowBlinds" = WindowBlinds
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinRAR archiver" = WinRAR archiver
"Word Jolt" = GameHouse Games Collection: Word Jolt
"Word Slinger" = GameHouse Games Collection: Word Slinger
"WordJong To Go" = GameHouse Games Collection: WordJong To Go
"XnView_is1" = XnView 1.96
"Yahoo! Messenger" = Yahoo! Messenger
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"Zuma Deluxe" = GameHouse Games Collection: Zuma Deluxe

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA
"Facebook Plug-In" = Facebook Plug-In
"FreeTrack v2.2.0.279" = FreeTrack v2.2.0.279
"Google Chrome" = Google Chrome
"ReGetDx" = ReGet Deluxe

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/29/2010 1:32:17 PM | Computer Name = PHENOM | Source = VSS | ID = 8211
Description =

Error - 5/29/2010 2:52:29 PM | Computer Name = PHENOM | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.1.3726, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 5/29/2010 3:41:01 PM | Computer Name = PHENOM | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.2.3743, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 5/31/2010 10:21:35 PM | Computer Name = PHENOM | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.2.3743, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 6/1/2010 1:00:58 AM | Computer Name = PHENOM | Source = VSS | ID = 8211
Description =

Error - 6/1/2010 1:03:23 AM | Computer Name = PHENOM | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 8007043C from line 44 of d:\nt\com\complus\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 6/1/2010 1:38:03 AM | Computer Name = PHENOM | Source = VSS | ID = 8211
Description =

Error - 6/5/2010 4:51:46 AM | Computer Name = PHENOM | Source = Application Error | ID = 1000
Description = Faulting application realupgrade.exe, version 1.0.2.110, faulting
module ntdll.dll, version 5.2.3790.4455, fault address 0x0004f053.

Error - 6/7/2010 2:11:32 PM | Computer Name = PHENOM | Source = Application Error | ID = 1000
Description = Faulting application realupgrade.exe, version 1.0.2.110, faulting
module ntdll.dll, version 5.2.3790.4455, fault address 0x0004f053.

Error - 6/8/2010 2:12:12 AM | Computer Name = PHENOM | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.2.3743, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ OSession Events ]
Error - 6/24/2009 3:55:25 PM | Computer Name = PHENOM | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 6
seconds with 0 seconds of active time. This session ended with a crash.

Error - 6/24/2009 3:55:37 PM | Computer Name = PHENOM | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 7
seconds with 0 seconds of active time. This session ended with a crash.

Error - 6/24/2009 3:55:48 PM | Computer Name = PHENOM | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.

Error - 6/24/2009 3:55:54 PM | Computer Name = PHENOM | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.

Error - 6/24/2009 3:56:01 PM | Computer Name = PHENOM | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 4
seconds with 0 seconds of active time. This session ended with a crash.

Error - 6/24/2009 3:56:20 PM | Computer Name = PHENOM | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 15
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 6/8/2010 8:47:16 PM | Computer Name = PHENOM | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\drivers\MTiCtwl.sys has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 6/8/2010 8:47:16 PM | Computer Name = PHENOM | Source = Service Control Manager | ID = 7000
Description = The MagicTune service failed to start due to the following error:
%%1275

Error - 6/8/2010 8:47:16 PM | Computer Name = PHENOM | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\drivers\MTiCtwl.sys has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 6/8/2010 8:47:17 PM | Computer Name = PHENOM | Source = Service Control Manager | ID = 7000
Description = The MagicTune service failed to start due to the following error:
%%1275

Error - 6/8/2010 8:47:17 PM | Computer Name = PHENOM | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\drivers\MTiCtwl.sys has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 6/8/2010 8:47:17 PM | Computer Name = PHENOM | Source = Service Control Manager | ID = 7000
Description = The MagicTune service failed to start due to the following error:
%%1275

Error - 6/8/2010 8:47:17 PM | Computer Name = PHENOM | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\drivers\MTiCtwl.sys has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 6/8/2010 8:47:18 PM | Computer Name = PHENOM | Source = Service Control Manager | ID = 7000
Description = The MagicTune service failed to start due to the following error:
%%1275

Error - 6/8/2010 8:47:18 PM | Computer Name = PHENOM | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\drivers\MTiCtwl.sys has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 6/8/2010 8:47:18 PM | Computer Name = PHENOM | Source = Service Control Manager | ID = 7000
Description = The MagicTune service failed to start due to the following error:
%%1275


< End of report >



#6 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:04:18 AM

Posted 11 June 2010 - 04:29 PM

Hi,


We need to disable Spybot S&D's "TeaTimer"
TeaTimer works by preventing ANY changes to the system. It will attempt to undo any fixes we run, because it blocks these fixes from running.

In order to safeguard your system from problems that can be brought on by a half finished fix, we need to disable TeaTimer. We can reenable it when we're done if you like.
  1. Open SpyBot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.
  2. If prompted with a legal dialog, accept the warning.
  3. Click and then on "Advanced Mode"
  4. You may be presented with a warning dialog. If so, press
  5. Click on
  6. Click on
  7. Uncheck this checkbox:
  8. Close/Exit Spybot Search and Destroy





Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.




PLease post back with a fresh OTL logfile.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#7 berighteous

berighteous
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:18 PM

Posted 11 June 2010 - 08:10 PM

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4190

Windows 5.2.3790 Service Pack 2
Internet Explorer 8.0.6001.18702

6/11/2010 7:08:56 PM
mbam-log-2010-06-11 (19-08-56).txt

Scan type: Quick scan
Objects scanned: 126934
Time elapsed: 4 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Administrator\Local Settings\Temp\1C5.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\1F7.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.

==================otl log===============================
OTL logfile created on: 6/11/2010 7:37:06 PM - Run 2
OTL by OldTimer - Version 3.2.5.3 Folder = C:\Documents and Settings\Administrator\Desktop
64bit-Windows Server 2003 Service Pack 2 (Version = 5.2.3790) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 7.00 Gb Available Physical Memory | 84.00% Memory free
16.00 Gb Paging File | 14.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): c:\pagefile.sys 8191 15000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 107.42 Gb Total Space | 1.68 Gb Free Space | 1.57% Space Free | Partition Type: NTFS
Drive D: | 107.42 Gb Total Space | 28.31 Gb Free Space | 26.36% Space Free | Partition Type: NTFS
Drive E: | 250.91 Gb Total Space | 23.46 Gb Free Space | 9.35% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive M: | 100.59 Gb Total Space | 2.38 Gb Free Space | 2.37% Space Free | Partition Type: NTFS
Drive N: | 100.59 Gb Total Space | 16.03 Gb Free Space | 15.94% Space Free | Partition Type: NTFS
Drive O: | 31.69 Gb Total Space | 1.82 Gb Free Space | 5.73% Space Free | Partition Type: FAT32
Drive P: | 298.09 Gb Total Space | 47.77 Gb Free Space | 16.02% Space Free | Partition Type: NTFS
Drive Q: | 465.75 Gb Total Space | 35.64 Gb Free Space | 7.65% Space Free | Partition Type: NTFS
Drive R: | 298.09 Gb Total Space | 48.92 Gb Free Space | 16.41% Space Free | Partition Type: NTFS
Drive S: | 465.76 Gb Total Space | 46.94 Gb Free Space | 10.08% Space Free | Partition Type: NTFS

Computer Name: PHENOM
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/06/08 18:38:11 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2010/06/02 18:50:58 | 001,144,104 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/06/02 08:48:18 | 002,065,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgtray.exe
PRC - [2010/05/29 13:34:24 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/05/22 23:21:30 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
PRC - [2010/04/23 05:39:00 | 000,136,616 | ---- | M] () -- C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe
PRC - [2010/04/04 00:39:37 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
PRC - [2010/04/02 22:05:28 | 003,359,600 | ---- | M] (MediaMall Technologies, Inc.) -- C:\Program Files (x86)\MediaMall\MediaMallServer.exe
PRC - [2010/02/25 15:11:04 | 000,856,064 | ---- | M] () -- C:\Program Files (x86)\TVersity\Media Server\MediaServer.exe
PRC - [2009/04/18 15:30:57 | 000,079,360 | ---- | M] (Autodesk) -- C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
PRC - [2009/03/10 13:11:36 | 000,869,696 | ---- | M] (PC Tools Software) -- C:\Program Files (x86)\PC Tools Disk Suite\DSService.exe
PRC - [2009/03/04 19:12:52 | 000,884,736 | ---- | M] (Live365) -- C:\Program Files (x86)\Live365\Radio365\Radio365TrayAgent.exe
PRC - [2008/09/28 17:04:27 | 000,066,872 | ---- | M] () -- C:\WINDOWS\SysWOW64\PnkBstrA.exe
PRC - [2008/06/29 16:01:01 | 000,052,168 | ---- | M] (Elaborate Bytes AG) -- C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
PRC - [2008/03/31 19:54:06 | 000,507,904 | ---- | M] (Orb Networks) -- C:\Program Files (x86)\Winamp Remote\bin\OrbTray.exe
PRC - [2008/03/10 00:08:42 | 000,065,536 | ---- | M] () -- C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_64server.exe
PRC - [2008/01/29 20:19:32 | 000,073,728 | ---- | M] (Orb Networks, Inc.) -- C:\Program Files (x86)\Winamp Remote\bin\Orb.exe
PRC - [2007/10/19 13:18:48 | 000,113,176 | ---- | M] (Logitech Inc.) -- c:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
PRC - [2007/08/23 15:05:18 | 000,045,056 | ---- | M] () -- C:\Program Files (x86)\MagicTune Premium\MagicTuneEngine.exe
PRC - [2007/08/02 15:19:24 | 002,297,856 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files (x86)\RALINK\Common\RaUI.exe
PRC - [2007/02/18 06:00:00 | 001,681,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
PRC - [2007/01/04 20:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2007/01/04 15:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
PRC - [2006/08/11 12:15:36 | 000,200,704 | ---- | M] (InterVideo Inc.) -- C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe
PRC - [2006/03/30 10:15:44 | 000,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files (x86)\Canon\CAL\CALMAIN.exe


========== Modules (SafeList) ==========

MOD - [2010/06/08 18:38:11 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
MOD - [2010/05/22 23:23:07 | 000,040,960 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
MOD - [2010/05/22 23:21:37 | 000,499,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\msvcp71.dll
MOD - [2010/05/22 23:21:37 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\msvcr71.dll
MOD - [2007/10/19 13:19:10 | 000,109,080 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrcInj.dll
MOD - [2007/02/18 06:00:00 | 000,797,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\comres.dll
MOD - [2007/02/18 06:00:00 | 000,273,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\comdlg32.dll
MOD - [2007/02/18 06:00:00 | 000,178,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\wbem\framedyn.dll
MOD - [2007/02/18 06:00:00 | 000,177,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\MSCTFIME.IME
MOD - [2007/02/18 06:00:00 | 000,098,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\msscript.ocx
MOD - [2007/02/16 23:58:24 | 001,051,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\wow64_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.3790.3959_x-ww_5FA17F4E\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/04/28 09:23:07 | 000,120,832 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (SASCORE)
SRV:64bit: - [2009/01/07 17:22:54 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2008/03/10 00:08:42 | 000,065,536 | ---- | M] () [Auto | Running] -- C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_64server.exe -- (mi-raysat_3dsMax2009_64)
SRV:64bit: - [2007/10/19 13:20:42 | 000,171,032 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV:64bit: - [2007/10/19 13:18:36 | 000,182,296 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
SRV:64bit: - [2007/10/19 13:17:04 | 000,255,000 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVCSer64.exe -- (LVCOMSer)
SRV - [2010/04/23 05:39:00 | 000,136,616 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe -- (AODService)
SRV - [2010/04/04 00:39:37 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/04/02 22:05:28 | 003,359,600 | ---- | M] (MediaMall Technologies, Inc.) [Auto | Running] -- C:\Program Files (x86)\MediaMall\MediaMallServer.exe -- (MediaMall Server)
SRV - [2010/02/25 15:11:04 | 000,856,064 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\TVersity\Media Server\MediaServer.exe -- (TVersityMediaServer)
SRV - [2009/04/18 15:30:57 | 000,079,360 | ---- | M] (Autodesk) [Auto | Running] -- C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2009/03/10 13:11:36 | 000,869,696 | ---- | M] (PC Tools Software) [Auto | Running] -- C:\Program Files (x86)\PC Tools Disk Suite\DSService.exe -- (DiskSuiteService)
SRV - [2009/02/03 22:05:00 | 000,663,552 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\SysWOW64\ati2saag.exe -- (ATI Smart)
SRV - [2009/01/07 17:16:03 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/11/04 11:48:10 | 000,288,112 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
SRV - [2008/09/28 17:04:27 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\WINDOWS\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2008/07/25 10:13:48 | 000,093,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2008/07/25 10:13:44 | 000,046,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\aspnet_state.exe -- (aspnet_state)
SRV - [2008/06/24 20:57:28 | 000,605,464 | ---- | M] (Seagate) [Auto | Running] -- C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe -- (SgtSch2Svc)
SRV - [2008/01/04 15:44:16 | 000,394,608 | ---- | M] (SupportSoft, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\supportsoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2007/08/23 15:05:18 | 000,045,056 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\MagicTune Premium\MagicTuneEngine.exe -- (MagicTuneEngine)
SRV - [2007/03/20 16:41:24 | 000,153,792 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3)
SRV - [2007/02/18 06:00:00 | 000,162,816 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\iasrecst.dll -- (IASJet)
SRV - [2007/02/18 06:00:00 | 000,077,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc)
SRV - [2007/01/04 20:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2007/01/04 15:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/10/18 20:05:24 | 000,913,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc)
SRV - [2006/08/11 12:15:36 | 000,200,704 | ---- | M] (InterVideo Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe -- (Capture Device Service)
SRV - [2006/03/30 10:15:44 | 000,096,341 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files (x86)\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2005/11/17 15:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/02/17 12:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2010/02/17 12:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV - [2010/05/09 09:00:32 | 000,019,952 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys -- (RivaTuner64)
DRV - [2010/04/23 05:38:48 | 000,052,352 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys -- (AODDriver2)
DRV - [2009/02/17 13:29:53 | 000,024,072 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2009/01/12 18:24:49 | 000,086,584 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SysWOW64\Drivers\adfs.sys -- (adfs)
DRV - [2008/06/26 05:06:39 | 000,093,128 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\WINDOWS\SysWOW64\ElbyCDIO.dll -- (ElbyCDIO)
DRV - [2007/09/06 14:54:52 | 000,012,928 | ---- | M] (Samsung Electronics, Inc. ) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\MTictwl.sys -- (NCPro)
DRV - [2007/09/06 14:54:52 | 000,012,928 | ---- | M] (Samsung Electronics, Inc. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\Drivers\MTiCtwl.sys -- (MagicTune)
DRV - [2007/02/18 06:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\SysWOW64\mnmdd.dll -- (mnmdd)
DRV - [2007/02/07 12:27:46 | 000,014,104 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | System | Running] -- C:\WINDOWS\SysWOW64\speedfan.sys -- (speedfan)
DRV - [2005/11/09 04:41:52 | 000,007,870 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\SysWOW64\rt61.cat -- (RT61)
DRV - [2005/05/25 09:39:14 | 000,007,168 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\RMClock\RTCore64.sys -- (RTCore64)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL LLC.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL LLC.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query="
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.drudgereport.com/"
FF - prefs.js..extensions.enabledItems: activegs@freetoolsassociation.com:3.0.213
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.825
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.23
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.4
FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query="


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG9\Firefox [2010/06/02 10:12:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/05/22 23:23:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/05/29 13:34:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/05/29 13:34:40 | 000,000,000 | ---D | M]

[2008/09/08 23:07:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2010/06/10 20:05:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\g6jc335s.default\extensions
[2010/06/03 23:06:14 | 000,000,000 | ---D | M] (FlashGot) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\g6jc335s.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2010/04/26 19:11:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\g6jc335s.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/26 19:11:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\g6jc335s.default\extensions\activegs@freetoolsassociation.com
[2010/06/11 00:22:16 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2008/09/19 15:55:32 | 000,479,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugins\msvcm80.dll
[2008/09/19 15:55:32 | 000,548,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugins\msvcp80.dll
[2008/09/19 15:55:32 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugins\msvcr80.dll
[2008/09/03 18:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npbittorrent.dll
[2009/04/20 14:25:54 | 000,072,960 | ---- | M] (Foxit Software Company) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2007/04/16 11:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\plugins\npViewpoint.dll

Hosts file not found
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O3 - HKLM\..\Toolbar: (ReGet Bar) - {17939A30-18E2-471E-9D3A-56DD725F1215} - C:\Program Files (x86)\ReGet Software\ReGet Deluxe\IEBar.dll File not found
O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Foxit Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL LLC.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VirtualCloneDrive] C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
O4 - HKCU..\Run: [] File not found
O4 - HKCU..\Run: [Aim6] File not found
O4 - HKCU..\Run: [cdloader] C:\Documents and Settings\Administrator\Application Data\mjusbsp\cdloader2.exe (magicJack L.P.)
O4 - HKCU..\Run: [EA Core] C:\Program Files (x86)\Electronic Arts\EADM\Core.exe File not found
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Orb] C:\Program Files (x86)\Winamp Remote\bin\OrbTray.exe (Orb Networks)
O4 - HKCU..\Run: [Radio365Agent] C:\Program Files (x86)\Live365\Radio365\Radio365TrayAgent.exe (Live365)
O4 - HKCU..\Run: [Search Protection] C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe File not found
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk = C:\Program Files (x86)\RALINK\Common\RaUI.exe (Ralink Technology, Corp.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\setup.exe (magicJack L.P.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O8:64bit: - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8:64bit: - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8:64bit: - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9:64bit: - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra Button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL LLC.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O15 - HKCU\..Trusted Domains: magicjack.com ([my] https in Trusted sites)
O15 - HKCU\..Trusted Domains: talk4free.com ([reg] https in Trusted sites)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} http://chat.bresnan.com/sdccommon/download/tgctlcm.cab (Support.com Configuration Class)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.srtest.com/srl_bin/sysreqlab3.cab (System Requirements Lab Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1220928006546 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 69.144.49.30 69.146.17.2 69.144.49.29
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\SysNative\wiascr.dll File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UIHost - (%SystemRoot%\system32\logonui.exe) - C:\WINDOWS\SysNative\logonui.exe File not found
O20:64bit: - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: System - (lsass.exe) - File not found
O20:64bit: - Winlogon\Notify\AtiExtEvent: DllName - Reg Error: Value error. - File not found
O20:64bit: - Winlogon\Notify\avgrsstarter: DllName - Reg Error: Value error. - File not found
O20:64bit: - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - File not found
O20:64bit: - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - File not found
O20:64bit: - Winlogon\Notify\cscdll: DllName - cscdll.dll - File not found
O20:64bit: - Winlogon\Notify\dimsntfy: DllName - dimsntfy.dll - File not found
O20:64bit: - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found
O20:64bit: - Winlogon\Notify\Schedule: DllName - wlnotify.dll - File not found
O20:64bit: - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - File not found
O20:64bit: - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - File not found
O20:64bit: - Winlogon\Notify\termsrv: DllName - Reg Error: Value error. - File not found
O20:64bit: - Winlogon\Notify\WB: DllName - Reg Error: Value error. - C:\Program Files (x86)\Stardock\Object Desktop\WindowBlinds\WbSrv.dll (Stardock Corporation)
O20:64bit: - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\AtiExtEvent: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\avgrsstarter: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - File not found
O20 - Winlogon\Notify\termsrv: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\WB: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\WBSrv: DllName - C:\Program Files (x86)\Stardock\Object Desktop\WindowBlinds\WBSrv.dll - C:\Program Files (x86)\Stardock\Object Desktop\WindowBlinds\WbSrv.dll (Stardock Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - File not found
O21:64bit: - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\SysNative\stobject.dll File not found
O21:64bit: - SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\SysNative\upnpui.dll File not found
O21:64bit: - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\SysNative\WPDShServiceObj.dll File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - File not found
O28 - HKLM ShellExecuteHooks: {16664848-0E00-11D2-8059-000000000000} - Reg Error: Key error. File not found
O30:64bit: - LSA: Authentication Packages - (C:\\WINDOWS\\system32\\awtrPijH) - File not found
O30:64bit: - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\SysWow64\relog_ap.dll (Acronis)
O30 - LSA: Authentication Packages - (C:\\WINDOWS\\system32\\awtrPijH) - File not found
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\SysWow64\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/09/08 20:02:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/06/10 15:42:20 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/07/28 15:08:34 | 000,004,671 | ---- | M] () - D:\Autounattend.xml -- [ NTFS ]
O33 - MountPoints2\{0302d81b-f44a-11de-8fd0-0018f8ab06a4}\Shell - "" = AutoRun
O33 - MountPoints2\{0302d81b-f44a-11de-8fd0-0018f8ab06a4}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0302d81b-f44a-11de-8fd0-0018f8ab06a4}\Shell\AutoRun\command - "" = T:\WD SmartWare.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: Ias - C:\WINDOWS\SysWOW64\ias [2008/09/08 13:46:20 | 000,000,000 | ---D | M]

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 90 Days ==========

[2010/06/11 19:17:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Gosu
[2010/06/08 18:38:11 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/06/02 11:22:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\100SSCAM
[2010/05/31 21:57:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010/05/31 15:32:08 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/05/29 11:02:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/05/29 11:02:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
[2010/05/29 11:00:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SASCORE
[2010/05/29 11:00:43 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/05/27 19:47:41 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IECompatCache
[2010/05/27 19:44:41 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\PrivacIE
[2010/05/27 16:59:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2010/05/27 16:58:59 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\SysWow64\drivers\mbamswissarmy.sys
[2010/05/27 16:58:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/05/27 16:58:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/05/27 15:11:26 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IETldCache
[2010/05/27 15:01:00 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/05/27 13:56:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\MnF_13in1
[2010/05/25 22:57:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Windows Server
[2010/05/25 22:49:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Elaborate Bytes
[2010/05/25 22:48:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\gs
[2010/05/25 22:48:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\KaraokeDX
[2010/05/25 22:48:19 | 001,258,928 | ---- | C] (Spesoft Ltd) -- C:\WINDOWS\SysWow64\sysperxg.dll
[2010/05/25 22:48:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GameEx
[2010/05/25 22:46:12 | 018,804,032 | ---- | C] (Spesoft ) -- C:\Documents and Settings\Administrator\Desktop\106.GameExSetup.exe
[2010/05/25 16:56:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Visual Pinball
[2010/05/25 16:36:38 | 000,000,000 | ---D | C] -- C:\Games
[2010/05/25 16:27:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Future Pinball
[2010/05/25 14:40:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\PCHealth
[2010/05/22 23:22:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared
[2010/05/20 23:19:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pcsx2
[2010/05/17 19:42:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Facebook
[2010/05/15 23:34:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\ios 249
[2010/05/14 19:48:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\boob
[2010/05/09 09:00:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
[2010/05/09 08:59:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Guru3D.com
[2010/05/07 20:02:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATITool
[2010/05/07 11:05:43 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2010/05/07 11:03:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DivX
[2010/05/04 23:11:09 | 000,089,600 | ---- | C] (dnSoft Research Group ) -- C:\Documents and Settings\Administrator\Desktop\xntimer.exe
[2010/05/03 10:08:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ATI
[2010/05/03 02:16:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\simscore mod
[2010/04/28 17:49:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\orthos_exe_20060420
[2010/04/28 17:48:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RMClock
[2010/04/26 16:04:42 | 000,353,592 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\SysWow64\DivXControlPanelApplet.cpl
[2010/04/20 00:11:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\sims no cd
[2010/04/17 20:22:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Electronic Arts
[2010/04/15 21:27:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\tversity
[2010/04/15 21:17:02 | 000,060,273 | ---- | C] (Open Source Software community project) -- C:\WINDOWS\SysWow64\pthreadGC2.dll
[2010/04/15 21:16:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TVersity Codec Pack
[2010/04/15 21:15:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TVersity
[2010/04/14 22:39:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2010/04/14 22:38:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\TV-Websites
[2010/04/14 22:38:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MediaMall
[2010/04/14 22:38:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ffdshowEx
[2010/04/14 22:38:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MediaMall
[2010/04/14 22:01:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Recorded TV
[2010/04/14 22:01:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Recorded Audio
[2010/04/14 21:35:29 | 008,875,514 | ---- | C] (Orb Networks) -- C:\Documents and Settings\Administrator\Desktop\winampremote.exe
[2010/04/14 21:35:24 | 008,875,514 | ---- | C] (Orb Networks) -- C:\Documents and Settings\Administrator\Desktop\winampremote.exe.part
[2010/04/05 22:05:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\TaxCut
[2010/04/05 22:02:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDF995
[2010/04/05 22:02:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HRBlock2009
[2010/04/05 22:02:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\HRBlock
[2010/04/05 22:00:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TaxCut
[2010/04/04 00:41:07 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/04/04 00:38:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/04/03 20:53:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\simstuff
[2010/04/03 14:02:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Bret Rand
[2010/03/28 15:22:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Walmart MP3 Music Downloads
[2010/03/28 15:22:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Walmart MP3 Music Downloads
[2010/03/27 21:19:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\MTS_Delphy_1040635_MonkeyBars
[2010/03/22 19:34:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\The_Sims_3_v1.2.7_Update-RazorDOX
[2010/03/19 18:05:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Template
[2010/03/16 16:13:55 | 000,000,000 | ---D | C] -- C:\temp
[2010/03/16 12:26:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Magic Jack crap
[2010/03/16 11:52:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\digieffects
[2010/03/14 18:29:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\sims3 stuff
[2010/03/13 20:23:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI
[2010/03/13 20:19:33 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2010/03/13 20:19:28 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[10 C:\WINDOWS\SysWow64\*.tmp files -> C:\WINDOWS\SysWow64\*.tmp -> ]
[10 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/06/11 19:19:14 | 000,000,306 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1865067173-612216720-2012268356-500.job
[2010/06/11 19:19:00 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1865067173-612216720-2012268356-500UA.job
[2010/06/11 19:17:37 | 000,000,949 | ---- | M] () -- C:\WINDOWS\SysWow64\tversity.cookies
[2010/06/11 19:16:40 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/11 19:16:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/11 19:14:37 | 015,466,496 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010/06/11 19:14:29 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/06/11 11:12:43 | 000,000,314 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1865067173-612216720-2012268356-500.job
[2010/06/11 01:14:52 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\prvlcl.dat
[2010/06/11 00:19:00 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1865067173-612216720-2012268356-500Core.job
[2010/06/10 19:45:56 | 000,024,101 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\The book that has impacted me the most in this class is Courage and Calling.docx
[2010/06/10 16:46:52 | 000,030,208 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/10 00:02:48 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/06/09 22:21:06 | 000,042,432 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\all the same.mp3.sfk
[2010/06/09 22:21:02 | 001,968,486 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\all the same.mp3
[2010/06/09 22:20:53 | 000,046,136 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\all the same.sfk
[2010/06/09 22:19:48 | 023,591,416 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\all the same.wav
[2010/06/08 21:55:14 | 000,001,866 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2010/06/08 21:43:00 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/06/08 20:49:57 | 000,030,716 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\ad.jpg
[2010/06/08 18:38:11 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/06/08 15:19:54 | 000,002,389 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Google Chrome.lnk
[2010/06/06 13:28:20 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\wi7ot1ul.exe
[2010/06/06 13:27:11 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\dds.scr
[2010/06/06 09:09:44 | 000,001,562 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\DivX Movies.lnk
[2010/06/06 09:09:29 | 000,000,852 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Player.lnk
[2010/06/06 09:09:14 | 000,000,892 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Converter.lnk
[2010/06/04 16:01:06 | 000,000,013 | ---- | M] () -- C:\WINDOWS\SysWow64\WinSys32.crc
[2010/06/04 09:45:58 | 000,000,026 | ---- | M] () -- C:\WINDOWS\Zone.Identifier
[2010/06/01 19:25:16 | 000,021,474 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\gmer.jpg
[2010/06/01 19:12:17 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Administrator\defogger_reenable
[2010/06/01 19:10:28 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Defogger.exe
[2010/06/01 11:17:12 | 000,049,314 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\wendyorder.jpg
[2010/05/31 22:54:15 | 000,000,907 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Cinema Craft Encoder Basic.lnk
[2010/05/31 22:34:05 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\tw987cp5.exe
[2010/05/31 21:57:46 | 000,000,970 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/05/31 21:57:01 | 003,764,218 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2010/05/31 20:16:23 | 030,424,605 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Office 2007 All In One Desk Reference for Dummies.pdf
[2010/05/31 19:27:45 | 000,185,340 | -H-- | M] () -- C:\WINDOWS\SysWow64\mlfcache.dat
[2010/05/29 11:00:44 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/05/27 16:59:01 | 000,000,771 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/27 12:39:19 | 000,015,450 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\second paper- mike's edit.docx
[2010/05/26 22:45:22 | 000,016,331 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\second paper.docx
[2010/05/25 22:49:40 | 000,000,990 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Virtual CloneDrive.lnk
[2010/05/25 22:48:35 | 000,272,784 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/05/25 22:35:02 | 018,804,787 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\106.GameExSetup.rar
[2010/05/25 16:57:08 | 000,001,743 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\VPinball_9_0_2.lnk
[2010/05/25 16:57:08 | 000,001,701 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\VPinball.lnk
[2010/05/25 16:57:07 | 000,001,831 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\vpforums.org.lnk
[2010/05/25 16:56:28 | 007,775,314 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\VPInstaller_1_0_3.exe
[2010/05/25 16:36:43 | 000,000,675 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Future Pinball.lnk
[2010/05/25 12:44:47 | 000,624,146 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\VPinball907.zip
[2010/05/25 12:42:29 | 017,530,367 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\GameEx.v9.83.rar
[2010/05/25 01:05:00 | 000,000,349 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\PCLECHAL.INI
[2010/05/23 21:45:10 | 000,046,806 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\science classes.std
[2010/05/22 23:23:09 | 000,000,777 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer SP.lnk
[2010/05/22 23:21:37 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\WINDOWS\SysWow64\pncrt.dll
[2010/05/19 20:21:04 | 000,120,087 | -H-- | M] () -- C:\Documents and Settings\Administrator\Desktop\mvstcdxx.lst
[2010/05/15 00:00:03 | 000,087,552 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\memorial number stickers.zdl
[2010/05/14 09:49:23 | 000,524,288 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\dvd399.bin
[2010/05/10 21:21:18 | 000,561,548 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\UG-E_PANSCN01_v1_5_10-13-08.pdf
[2010/05/08 01:04:24 | 1047,476,224 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\the princess bride.avi
[2010/05/07 20:02:38 | 000,000,761 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\ATITool.lnk
[2010/05/06 20:46:20 | 000,000,219 | ---- | M] () -- C:\WINDOWS\SysWow64\lsprst7.tgz
[2010/05/06 20:46:20 | 000,000,205 | ---- | M] () -- C:\WINDOWS\SysWow64\lsprst7.dll
[2010/05/06 20:46:20 | 000,000,087 | ---- | M] () -- C:\WINDOWS\SysWow64\ssprs.tgz
[2010/05/06 20:46:20 | 000,000,073 | ---- | M] () -- C:\WINDOWS\SysWow64\ssprs.dll
[2010/05/06 20:46:19 | 000,000,021 | ---- | M] () -- C:\WINDOWS\SurCode.INI
[2010/05/04 23:11:09 | 000,089,600 | ---- | M] (dnSoft Research Group ) -- C:\Documents and Settings\Administrator\Desktop\xntimer.exe
[2010/05/03 14:10:13 | 004,075,597 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\MTS_AD85_1089954_Tunable_Core_3.2.1.rar
[2010/05/03 03:26:47 | 000,001,879 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AMD OverDrive.lnk
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\SysWow64\drivers\mbamswissarmy.sys
[2010/04/28 18:16:23 | 000,000,168 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\hwmonitorw.ini
[2010/04/28 17:48:21 | 000,000,809 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\RightMark CPU Clock Utility.lnk
[2010/04/27 12:09:06 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\GJ Biol & Chem 2009 10 taping info by date .xls
[2010/04/26 16:04:42 | 000,353,592 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\SysWow64\DivXControlPanelApplet.cpl
[2010/04/19 11:54:53 | 000,002,006 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\EA Download Manager.lnk
[2010/04/17 20:20:43 | 000,001,937 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\The Sims™ 3 World Adventures.lnk
[2010/04/17 20:04:02 | 000,001,777 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\The Sims™ 3.lnk
[2010/04/15 21:17:03 | 000,002,062 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\TVersity.lnk
[2010/04/14 22:38:35 | 000,001,875 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PlayOn.lnk
[2010/04/14 22:12:56 | 001,228,854 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\OrbError.bmp
[2010/04/14 21:59:42 | 000,001,759 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Winamp Remote.lnk
[2010/04/14 21:48:44 | 008,875,514 | ---- | M] (Orb Networks) -- C:\Documents and Settings\Administrator\Desktop\winampremote.exe
[2010/04/14 21:48:42 | 008,875,514 | ---- | M] (Orb Networks) -- C:\Documents and Settings\Administrator\Desktop\winampremote.exe.part
[2010/04/12 16:57:41 | 000,277,979 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\3GIRLS.pdf
[2010/04/12 16:57:41 | 000,033,280 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\mikado Save the date.doc
[2010/04/11 22:53:44 | 000,135,680 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\wendysgiftshop sales2009.xls
[2010/04/11 03:47:49 | 000,138,240 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\wendysgiftshop sales2008.xls
[2010/04/05 22:03:50 | 000,001,769 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\H&R Block 2009.lnk
[2010/04/04 00:40:41 | 000,001,594 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2010/04/03 19:56:43 | 000,010,694 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\fire.smod
[2010/04/01 03:34:28 | 000,020,862 | ---- | M] () -- C:\WINDOWS\atiogl.xml
[2010/03/31 11:34:55 | 000,249,393 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\robert bobby v turner memorial.std
[2010/03/30 22:03:31 | 000,001,679 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/03/29 14:18:17 | 000,000,166 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\wklnhst.dat
[2010/03/29 14:18:16 | 000,010,752 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\031810 spreadsheet.xlr
[2010/03/28 15:22:27 | 000,001,182 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Walmart MP3 Music Downloads.lnk
[2010/03/25 18:16:02 | 000,001,093 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\magicJack.lnk
[2010/03/18 22:14:39 | 005,657,066 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\EX-F1.pdf
[2010/03/18 11:08:15 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Contacts.doc
[2010/03/18 10:35:18 | 000,023,040 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\nami invoice 031810.doc
[2010/03/17 19:46:17 | 000,172,831 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Nami psa label.std
[10 C:\WINDOWS\SysWow64\*.tmp files -> C:\WINDOWS\SysWow64\*.tmp -> ]
[10 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/10 19:36:23 | 000,024,101 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\The book that has impacted me the most in this class is Courage and Calling.docx
[2010/06/09 22:21:02 | 000,042,432 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\all the same.mp3.sfk
[2010/06/09 22:21:00 | 001,968,486 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\all the same.mp3
[2010/06/09 22:20:35 | 000,046,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\all the same.sfk
[2010/06/09 22:19:43 | 023,591,416 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\all the same.wav
[2010/06/08 20:49:56 | 000,030,716 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\ad.jpg
[2010/06/06 13:28:20 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\wi7ot1ul.exe
[2010/06/04 09:45:58 | 000,000,026 | ---- | C] () -- C:\WINDOWS\Zone.Identifier
[2010/06/01 19:25:16 | 000,021,474 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\gmer.jpg
[2010/06/01 19:15:11 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\dds.scr
[2010/06/01 19:12:17 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\defogger_reenable
[2010/06/01 19:10:27 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Defogger.exe
[2010/06/01 11:17:12 | 000,049,314 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\wendyorder.jpg
[2010/05/31 22:54:15 | 000,000,907 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Cinema Craft Encoder Basic.lnk
[2010/05/31 22:34:04 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\tw987cp5.exe
[2010/05/31 20:12:53 | 030,424,605 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Office 2007 All In One Desk Reference for Dummies.pdf
[2010/05/29 11:00:44 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/05/27 16:59:01 | 000,000,771 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/26 23:44:18 | 000,015,450 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\second paper- mike's edit.docx
[2010/05/26 21:35:12 | 000,016,331 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\second paper.docx
[2010/05/25 22:49:40 | 000,000,990 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Virtual CloneDrive.lnk
[2010/05/25 22:29:57 | 018,804,787 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\106.GameExSetup.rar
[2010/05/25 16:57:08 | 000,001,743 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\VPinball_9_0_2.lnk
[2010/05/25 16:57:08 | 000,001,701 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\VPinball.lnk
[2010/05/25 16:57:07 | 000,001,831 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\vpforums.org.lnk
[2010/05/25 16:56:04 | 007,775,314 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\VPInstaller_1_0_3.exe
[2010/05/25 16:36:43 | 000,000,675 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Future Pinball.lnk
[2010/05/25 12:44:47 | 000,624,146 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\VPinball907.zip
[2010/05/25 12:39:12 | 017,530,367 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\GameEx.v9.83.rar
[2010/05/22 23:23:10 | 000,000,314 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1865067173-612216720-2012268356-500.job
[2010/05/22 23:23:10 | 000,000,306 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1865067173-612216720-2012268356-500.job
[2010/05/22 23:23:09 | 000,000,777 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer SP.lnk
[2010/05/19 20:21:04 | 000,120,087 | -H-- | C] () -- C:\Documents and Settings\Administrator\Desktop\mvstcdxx.lst
[2010/05/15 00:00:02 | 000,087,552 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\memorial number stickers.zdl
[2010/05/14 09:49:23 | 000,524,288 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\dvd399.bin
[2010/05/10 21:21:14 | 000,561,548 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\UG-E_PANSCN01_v1_5_10-13-08.pdf
[2010/05/08 00:00:57 | 1047,476,224 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\the princess bride.avi
[2010/05/07 20:02:38 | 000,000,761 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\ATITool.lnk
[2010/05/07 11:06:23 | 000,001,562 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\DivX Movies.lnk
[2010/05/07 11:06:03 | 000,000,852 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Player.lnk
[2010/05/07 11:05:38 | 000,000,892 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Converter.lnk
[2010/05/03 14:09:37 | 004,075,597 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\MTS_AD85_1089954_Tunable_Core_3.2.1.rar
[2010/05/03 03:26:47 | 000,001,879 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AMD OverDrive.lnk
[2010/04/28 17:48:21 | 000,000,809 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\RightMark CPU Clock Utility.lnk
[2010/04/28 00:02:50 | 000,000,168 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\hwmonitorw.ini
[2010/04/19 11:54:53 | 000,002,006 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\EA Download Manager.lnk
[2010/04/18 17:40:45 | 000,528,544 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/04/17 20:20:43 | 000,001,937 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\The Sims™ 3 World Adventures.lnk
[2010/04/17 20:04:02 | 000,001,777 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\The Sims™ 3.lnk
[2010/04/15 21:17:42 | 000,000,949 | ---- | C] () -- C:\WINDOWS\SysWow64\tversity.cookies
[2010/04/15 21:17:03 | 000,002,062 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\TVersity.lnk
[2010/04/15 21:17:02 | 000,007,680 | ---- | C] () -- C:\WINDOWS\SysWow64\ff_vfw.dll
[2010/04/15 21:17:02 | 000,000,547 | ---- | C] () -- C:\WINDOWS\SysWow64\ff_vfw.dll.manifest
[2010/04/14 22:38:35 | 000,001,875 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PlayOn.lnk
[2010/04/14 22:11:40 | 001,228,854 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\OrbError.bmp
[2010/04/14 21:59:42 | 000,001,759 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Winamp Remote.lnk
[2010/04/13 02:02:46 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\prvlcl.dat
[2010/04/12 16:57:41 | 000,277,979 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\3GIRLS.pdf
[2010/04/12 16:57:41 | 000,033,280 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\mikado Save the date.doc
[2010/04/11 19:44:33 | 000,102,901 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Charles Packard 2008 Tax Return.T08
[2010/04/10 21:57:40 | 000,138,240 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\wendysgiftshop sales2008.xls
[2010/04/10 21:57:19 | 000,135,680 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\wendysgiftshop sales2009.xls
[2010/04/06 19:58:52 | 000,001,990 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\hacks.ini
[2010/04/05 22:03:50 | 000,001,769 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\H&R Block 2009.lnk
[2010/04/04 00:40:41 | 000,001,594 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2010/04/03 12:27:31 | 000,010,694 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\fire.smod
[2010/03/31 11:34:42 | 000,249,393 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\robert bobby v turner memorial.std
[2010/03/30 22:03:31 | 000,001,679 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/03/28 15:22:27 | 000,001,182 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Walmart MP3 Music Downloads.lnk
[2010/03/25 18:16:02 | 000,001,093 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\magicJack.lnk
[2010/03/19 19:19:14 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\031810 spreadsheet.xlr
[2010/03/19 18:05:32 | 000,000,166 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\wklnhst.dat
[2010/03/18 22:14:07 | 005,657,066 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\EX-F1.pdf
[2010/03/18 11:08:15 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Contacts.doc
[2010/03/18 10:06:53 | 000,023,040 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\nami invoice 031810.doc
[2009/11/26 17:13:12 | 001,278,464 | ---- | C] () -- C:\WINDOWS\SysWow64\quartz.dll
[2009/11/22 01:39:05 | 000,027,648 | ---- | C] () -- C:\WINDOWS\SysWow64\AVSredirect.dll
[2009/10/17 15:31:57 | 000,829,781 | ---- | C] () -- C:\WINDOWS\SysWow64\xvidcore.dll
[2009/06/24 14:21:32 | 000,000,432 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/06/11 13:30:03 | 000,151,552 | ---- | C] () -- C:\WINDOWS\SysWow64\nvRegDev.dll
[2009/04/29 22:14:17 | 000,120,200 | ---- | C] () -- C:\WINDOWS\SysWow64\DLLDEV32i.dll
[2009/04/29 22:13:57 | 000,007,119 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2009/04/17 15:51:37 | 000,000,229 | ---- | C] () -- C:\WINDOWS\ABC_mru.ini
[2009/01/12 19:04:05 | 000,000,021 | ---- | C] () -- C:\WINDOWS\SurCode.INI
[2008/11/08 10:53:37 | 000,001,025 | ---- | C] () -- C:\WINDOWS\SysWow64\sysprs7.dll
[2008/11/08 10:53:37 | 000,001,025 | ---- | C] () -- C:\WINDOWS\SysWow64\clauth2.dll
[2008/11/08 10:53:37 | 000,001,025 | ---- | C] () -- C:\WINDOWS\SysWow64\clauth1.dll
[2008/11/08 10:53:37 | 000,000,073 | ---- | C] () -- C:\WINDOWS\SysWow64\ssprs.dll
[2008/11/08 10:53:36 | 000,000,205 | ---- | C] () -- C:\WINDOWS\SysWow64\lsprst7.dll
[2008/10/22 17:06:29 | 000,000,067 | ---- | C] () -- C:\WINDOWS\My Video Converter.INI
[2008/10/20 20:09:36 | 000,164,352 | ---- | C] () -- C:\WINDOWS\SysWow64\unrar.dll
[2008/10/20 20:09:35 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2008/10/10 15:00:05 | 000,034,308 | ---- | C] () -- C:\WINDOWS\SysWow64\BASSMOD.dll
[2008/10/02 01:50:30 | 000,061,440 | ---- | C] () -- C:\WINDOWS\SysWow64\cdTextCtl.dll
[2008/09/30 14:32:12 | 000,000,890 | ---- | C] () -- C:\WINDOWS\SysWow64\WLAN.INI
[2008/09/30 14:06:00 | 000,094,208 | ---- | C] () -- C:\WINDOWS\SysWow64\GTW32N50.dll
[2008/09/30 13:17:29 | 000,000,026 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2008/09/30 01:28:10 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/09/25 20:44:09 | 000,494,557 | ---- | C] () -- C:\WINDOWS\SysWow64\dxgi.dll
[2008/09/25 20:44:09 | 000,025,037 | ---- | C] () -- C:\WINDOWS\SysWow64\Nucleus.dll
[2008/09/25 20:44:08 | 000,519,912 | ---- | C] () -- C:\WINDOWS\SysWow64\d3dx10d_33.dll
[2008/09/25 20:44:07 | 000,566,624 | ---- | C] () -- C:\WINDOWS\SysWow64\d3d10.dll
[2008/09/09 00:57:01 | 000,058,792 | ---- | C] () -- C:\WINDOWS\SysWow64\wbload.dll
[2008/09/09 00:14:36 | 002,463,976 | ---- | C] () -- C:\WINDOWS\SysWow64\NPSWF32.dll
[2008/09/08 22:02:31 | 000,564,564 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\SysWow64\AgCPanelTraditionalChinese.dll
[2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\SysWow64\AgCPanelSwedish.dll
[2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\SysWow64\AgCPanelSpanish.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\SysWow64\AgCPanelSimplifiedChinese.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\SysWow64\AgCPanelPortugese.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\SysWow64\AgCPanelKorean.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\SysWow64\AgCPanelJapanese.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\SysWow64\AgCPanelGerman.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\SysWow64\AgCPanelFrench.dll
[2007/02/18 06:00:00 | 000,733,696 | ---- | C] () -- C:\WINDOWS\SysWow64\qedwipes.dll
[2007/02/18 06:00:00 | 000,512,512 | ---- | C] () -- C:\WINDOWS\SysWow64\qedit.dll
[2007/02/18 06:00:00 | 000,498,742 | ---- | C] () -- C:\WINDOWS\SysWow64\dxmasf.dll
[2007/02/18 06:00:00 | 000,396,288 | ---- | C] () -- C:\WINDOWS\SysWow64\encdec.dll
[2007/02/18 06:00:00 | 000,385,536 | ---- | C] () -- C:\WINDOWS\SysWow64\qdvd.dll
[2007/02/18 06:00:00 | 000,355,112 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2007/02/18 06:00:00 | 000,279,040 | ---- | C] () -- C:\WINDOWS\SysWow64\qdv.dll
[2007/02/18 06:00:00 | 000,276,992 | ---- | C] () -- C:\WINDOWS\SysWow64\sbe.dll
[2007/02/18 06:00:00 | 000,199,168 | ---- | C] () -- C:\WINDOWS\SysWow64\ir32_32.dll
[2007/02/18 06:00:00 | 000,192,512 | ---- | C] () -- C:\WINDOWS\SysWow64\qcap.dll
[2007/02/18 06:00:00 | 000,114,688 | ---- | C] () -- C:\WINDOWS\SysWow64\msencode.dll
[2007/02/18 06:00:00 | 000,072,704 | ---- | C] () -- C:\WINDOWS\SysWow64\amstream.dll
[2007/02/18 06:00:00 | 000,062,464 | ---- | C] () -- C:\WINDOWS\SysWow64\mciqtz32.dll
[2007/02/18 06:00:00 | 000,061,440 | ---- | C] () -- C:\WINDOWS\SysWow64\devenum.dll
[2007/02/18 06:00:00 | 000,016,896 | ---- | C] () -- C:\WINDOWS\SysWow64\tsd32.dll
[2007/02/18 06:00:00 | 000,014,336 | ---- | C] () -- C:\WINDOWS\SysWow64\msdmo.dll
[2007/02/18 06:00:00 | 000,004,126 | ---- | C] () -- C:\WINDOWS\SysWow64\msdxmlc.dll
[2005/07/08 22:07:46 | 000,007,168 | ---- | C] () -- C:\WINDOWS\SysWow64\dfscacm.dll
[2005/07/08 22:07:44 | 000,005,632 | ---- | C] () -- C:\WINDOWS\SysWow64\dfsc.dll
[2002/03/16 18:00:00 | 000,007,420 | ---- | C] () -- C:\WINDOWS\UA000071.DLL

========== LOP Check ==========

[2008/09/24 19:32:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\acccore
[2009/04/18 15:34:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Autodesk
[2010/01/19 01:15:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Azureus
[2008/12/05 16:43:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\BitTorrent
[2009/09/26 23:11:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Coby Media Manager
[2009/06/10 23:59:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DJS Sims
[2009/05/03 19:05:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DNA
[2009/11/22 01:15:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Elecard
[2010/05/17 19:42:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Facebook
[2009/04/20 14:26:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Foxit
[2009/03/03 23:35:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\FreeStone Group
[2009/02/08 04:00:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\funkitron
[2009/10/17 15:31:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GetRightToGo
[2008/10/11 18:44:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GlobalSCAPE
[2008/12/05 21:35:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ImgBurn
[2008/11/18 19:14:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\InterVideo
[2008/11/04 12:27:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\JGsoft
[2008/11/15 14:30:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Laplink
[2009/04/29 22:36:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\MAGIX
[2008/10/22 19:04:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\MainConcept
[2010/03/25 18:16:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mjusbsp
[2009/04/16 23:11:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mootools
[2008/11/25 00:09:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\NewsLeecher
[2008/10/10 15:03:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Publish Providers
[2010/04/12 10:42:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ReGet Software
[2008/09/24 21:45:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\River Past G5
[2009/09/16 19:34:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Sony
[2008/09/24 22:55:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Sony Setup
[2010/04/05 22:05:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TaxCut
[2010/03/19 18:05:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Template
[2009/07/01 10:50:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Thinstall
[2008/10/08 02:04:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Viewpoint
[2010/01/10 21:35:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Vso
[2008/10/03 23:36:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Walgreens
[2009/11/19 18:14:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\XnView
[2008/09/24 19:32:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2009/06/19 20:41:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM Toolbar
[2009/04/18 15:33:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2008/10/02 01:30:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avery
[2010/05/27 15:11:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2008/09/26 02:01:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2009/08/02 21:00:29 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2009/07/27 17:24:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Codemasters
[2010/04/19 11:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2010/01/16 17:23:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\explauncher
[2008/10/11 18:46:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GlobalSCAPE
[2010/06/11 19:17:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gosu
[2008/09/24 23:01:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2009/04/29 22:34:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MAGIX
[2010/06/11 03:36:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MediaMall
[2008/11/08 10:53:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Minnetonka Audio Software
[2010/04/14 22:01:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OrbNetworks
[2010/01/16 21:29:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Paragon
[2009/11/22 23:50:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2009/11/22 23:45:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio Plus
[2009/11/22 23:50:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio Ultimate Collection
[2008/09/30 16:04:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ralink Driver
[2009/11/12 02:44:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Redirected
[2008/09/24 21:52:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\River Past G5
[2010/05/29 11:00:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SASCORE
[2009/02/25 23:24:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2009/05/18 01:14:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2009/11/19 02:06:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2009/11/22 23:45:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Studio 14
[2010/04/05 22:00:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TaxCut
[2008/10/02 07:09:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2010/03/09 20:07:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/11/15 13:55:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2009/06/19 20:41:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/11/10 18:04:45 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}
[2008/09/09 16:22:40 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{8227D5D4-E2F9-4B81-98FA-54E4E78F5238}
[2008/10/28 04:07:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\Defrag Job #00.job
[2010/06/11 19:14:33 | 000,032,474 | ---- | M] () -- C:\WINDOWS\Tasks\SchedLgU.Txt

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2007/02/18 06:00:00 | 011,678,589 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\amd64\sp2.cab:AGP440.sys

< MD5 for: ATAPI.SYS >
[2007/02/18 06:00:00 | 011,678,589 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\amd64\sp2.cab:atapi.sys

< MD5 for: NETLOGON.DLL >
[2007/02/18 06:00:00 | 000,430,592 | ---- | M] (Microsoft Corporation) MD5=451564B8F22461D90CF8ED3945637845 -- C:\WINDOWS\SysWOW64\netlogon.dll
[2007/02/18 06:00:00 | 000,430,592 | ---- | M] (Microsoft Corporation) MD5=451564B8F22461D90CF8ED3945637845 -- C:\WINDOWS\SysWOW64\netlogon.dll

< MD5 for: SCECLI.DLL >
[2007/02/18 06:00:00 | 000,188,928 | ---- | M] (Microsoft Corporation) MD5=E7B7FD7D8907DADED4928E922608887F -- C:\WINDOWS\SysWOW64\scecli.dll
[2007/02/18 06:00:00 | 000,188,928 | ---- | M] (Microsoft Corporation) MD5=E7B7FD7D8907DADED4928E922608887F -- C:\WINDOWS\SysWOW64\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 04:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\SysWOW64\dxtmsft.dll
[2009/03/08 04:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\SysWOW64\dxtrans.dll
[10 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemdrive%\*.sys /90 /md5 >
[2010/06/11 19:16:26 | 4293,918,719 | -HS- | M] () Unable to obtain MD5 -- C:\pagefile.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 487 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
@Alternate Data Stream - 197 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:556BBACC
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9E00596C
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:61A065F2
< End of report >

Edited by berighteous, 11 June 2010 - 08:49 PM.


#8 berighteous

berighteous
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:18 PM

Posted 11 June 2010 - 09:04 PM

still being redirected. boo. EVery once in awhile the link actually goes where it's supposed to, but most of the time I end up somewhere totally different. The sharon stone link I mentioned before in the google results page just took me to another search page for quick payday loans, Rue online education, tazinga search for Bank of America, a juggle search for Mobile Satelite internet, mydealmatch page for beauty schools... so funny.

#9 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:04:18 AM

Posted 12 June 2010 - 04:15 AM

Hi,


Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    CODE
    :OTL
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
    FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query="
    FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query="
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O4 - HKCU..\Run: [] File not found
    O4 - HKCU..\Run: [Aim6] File not found

    :Commands
    [emptytemp]
    [resethosts]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
================================Follow up scan=================================
  • Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open one notepad window. OTL.Txt a This is saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.

regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#10 berighteous

berighteous
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:18 PM

Posted 12 June 2010 - 08:24 AM

All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\CustomSearch| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
Prefs.js: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=" removed from browser.search.defaulturl
Prefs.js: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query=" removed from keyword.URL
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Aim6 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 809349389 bytes
->Temporary Internet Files folder emptied: 1258621 bytes
->Java cache emptied: 10942908 bytes
->FireFox cache emptied: 37202803 bytes
->Google Chrome cache emptied: 217599169 bytes
->Apple Safari cache emptied: 69907504 bytes
->Flash cache emptied: 1702512 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33956 bytes
->Flash cache emptied: 41620 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 3175640 bytes
%systemroot%\System32 .tmp files removed: 7113993 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 68858928 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,170.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.5.3 log created on 06122010_071533

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\292E85B.dmp not found!
File\Folder C:\WINDOWS\temp\292F329.tmp not found!

Registry entries deleted on Reboot...


#11 berighteous

berighteous
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:18 PM

Posted 12 June 2010 - 09:03 AM

OTL logfile created on: 6/12/2010 7:26:48 AM - Run 3
OTL by OldTimer - Version 3.2.5.3 Folder = C:\Documents and Settings\Administrator\Desktop
64bit-Windows Server 2003 Service Pack 2 (Version = 5.2.3790) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 7.00 Gb Available Physical Memory | 85.00% Memory free
16.00 Gb Paging File | 14.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): c:\pagefile.sys 8191 15000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 107.42 Gb Total Space | 2.19 Gb Free Space | 2.04% Space Free | Partition Type: NTFS
Drive D: | 107.42 Gb Total Space | 28.31 Gb Free Space | 26.36% Space Free | Partition Type: NTFS
Drive E: | 250.91 Gb Total Space | 23.46 Gb Free Space | 9.35% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive M: | 100.59 Gb Total Space | 2.38 Gb Free Space | 2.37% Space Free | Partition Type: NTFS
Drive N: | 100.59 Gb Total Space | 16.03 Gb Free Space | 15.94% Space Free | Partition Type: NTFS
Drive O: | 31.69 Gb Total Space | 1.82 Gb Free Space | 5.73% Space Free | Partition Type: FAT32
Drive P: | 298.09 Gb Total Space | 47.77 Gb Free Space | 16.02% Space Free | Partition Type: NTFS
Drive Q: | 465.75 Gb Total Space | 35.64 Gb Free Space | 7.65% Space Free | Partition Type: NTFS
Drive R: | 298.09 Gb Total Space | 48.92 Gb Free Space | 16.41% Space Free | Partition Type: NTFS
Drive S: | 465.76 Gb Total Space | 46.94 Gb Free Space | 10.08% Space Free | Partition Type: NTFS

Computer Name: PHENOM
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe ()
PRC - C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\MediaMall\MediaMallServer.exe (MediaMall Technologies, Inc.)
PRC - C:\Program Files (x86)\TVersity\Media Server\MediaServer.exe ()
PRC - C:\Program Files (x86)\Real\RealUpgrade\realupgrade.exe (RealNetworks, Inc.)
PRC - C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe (Autodesk)
PRC - C:\Program Files (x86)\PC Tools Disk Suite\DSService.exe (PC Tools Software)
PRC - C:\Program Files (x86)\Live365\Radio365\Radio365TrayAgent.exe (Live365)
PRC - C:\WINDOWS\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
PRC - C:\Program Files (x86)\Winamp Remote\bin\OrbTray.exe (Orb Networks)
PRC - C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_64server.exe ()
PRC - C:\Program Files (x86)\Winamp Remote\bin\Orb.exe (Orb Networks, Inc.)
PRC - c:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\MagicTune Premium\MagicTuneEngine.exe ()
PRC - C:\Program Files (x86)\RALINK\Common\RaUI.exe (Ralink Technology, Corp.)
PRC - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
PRC - C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
PRC - C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe (InterVideo Inc.)
PRC - C:\Program Files (x86)\Canon\CAL\CALMAIN.exe (Canon Inc.)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll ()
MOD - C:\WINDOWS\SysWOW64\msvcp71.dll (Microsoft Corporation)
MOD - C:\WINDOWS\SysWOW64\msvcr71.dll (Microsoft Corporation)
MOD - C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrcInj.dll (Logitech Inc.)
MOD - C:\WINDOWS\SysWOW64\comres.dll (Microsoft Corporation)
MOD - C:\WINDOWS\SysWOW64\comdlg32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\SysWOW64\wbem\framedyn.dll (Microsoft Corporation)
MOD - C:\WINDOWS\SysWOW64\MSCTFIME.IME (Microsoft Corporation)
MOD - C:\WINDOWS\SysWOW64\msscript.ocx (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\wow64_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.3790.3959_x-ww_5FA17F4E\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.)
SRV:64bit: - (mi-raysat_3dsMax2009_64) -- C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_64server.exe ()
SRV:64bit: - (LVSrvLauncher) -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe (Logitech Inc.)
SRV:64bit: - (LVPrcS64) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV:64bit: - (LVCOMSer) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVCSer64.exe (Logitech Inc.)
SRV - (AODService) -- C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe ()
SRV - (avg9wd) -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (MediaMall Server) -- C:\Program Files (x86)\MediaMall\MediaMallServer.exe (MediaMall Technologies, Inc.)
SRV - (TVersityMediaServer) -- C:\Program Files (x86)\TVersity\Media Server\MediaServer.exe ()
SRV - (Autodesk Licensing Service) -- C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe (Autodesk)
SRV - (DiskSuiteService) -- C:\Program Files (x86)\PC Tools Disk Suite\DSService.exe (PC Tools Software)
SRV - (ATI Smart) -- C:\WINDOWS\SysWOW64\ati2saag.exe ()
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (Adobe Version Cue CS4) -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe (Adobe Systems Incorporated)
SRV - (PnkBstrA) -- C:\WINDOWS\SysWOW64\PnkBstrA.exe ()
SRV - (clr_optimization_v2.0.50727_64) -- C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (aspnet_state) -- C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (SgtSch2Svc) -- C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe (Seagate)
SRV - (SupportSoft RemoteAssist) -- C:\Program Files (x86)\Common Files\supportsoft\bin\ssrc.exe (SupportSoft, Inc.)
SRV - (MagicTuneEngine) -- C:\Program Files (x86)\MagicTune Premium\MagicTuneEngine.exe ()
SRV - (Adobe Version Cue CS3) -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe (Adobe Systems Incorporated)
SRV - (IASJet) -- C:\WINDOWS\SysWOW64\iasrecst.dll (Microsoft Corporation)
SRV - (helpsvc) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IviRegMgr) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
SRV - (Viewpoint Manager Service) -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (WMPNetworkSvc) -- C:\Program Files (x86)\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)
SRV - (Capture Device Service) -- C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe (InterVideo Inc.)
SRV - (CCALib8) -- C:\Program Files (x86)\Canon\CAL\CALMAIN.exe (Canon Inc.)
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®)


========== Driver Services (SafeList) ==========

DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (RivaTuner64) -- C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys ()
DRV - (AODDriver2) -- C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys (Advanced Micro Devices)
DRV - (gdrv) -- C:\WINDOWS\gdrv.sys (Windows ® Server 2003 DDK provider)
DRV - (adfs) -- C:\WINDOWS\SysWOW64\Drivers\adfs.sys (Adobe Systems, Inc.)
DRV - (ElbyCDIO) -- C:\WINDOWS\SysWOW64\ElbyCDIO.dll (Elaborate Bytes AG)
DRV - (NCPro) -- C:\WINDOWS\system32\drivers\MTictwl.sys (Samsung Electronics, Inc. )
DRV - (MagicTune) -- C:\WINDOWS\SysWOW64\Drivers\MTiCtwl.sys (Samsung Electronics, Inc. )
DRV - (mnmdd) -- C:\WINDOWS\SysWOW64\mnmdd.dll (Microsoft Corporation)
DRV - (speedfan) -- C:\WINDOWS\SysWOW64\speedfan.sys (Windows ® Server 2003 DDK provider)
DRV - (RT61) -- C:\WINDOWS\SysWOW64\rt61.cat ()
DRV - (RTCore64) -- C:\Program Files (x86)\RMClock\RTCore64.sys ()


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL LLC.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL LLC.)
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.drudgereport.com/"
FF - prefs.js..extensions.enabledItems: activegs@freetoolsassociation.com:3.0.213
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.825
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.2.1
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.4
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.3


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG9\Firefox [2010/06/02 10:12:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/11/22 23:23:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/05/22 23:23:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/05/29 13:34:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/05/29 13:34:40 | 000,000,000 | ---D | M]

[2008/09/08 23:07:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2008/09/08 23:07:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010/06/10 20:05:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\g6jc335s.default\extensions
[2010/06/03 23:06:14 | 000,000,000 | ---D | M] (FlashGot) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\g6jc335s.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2010/04/26 19:11:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\g6jc335s.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/26 19:11:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\g6jc335s.default\extensions\activegs@freetoolsassociation.com
[2010/06/11 00:22:16 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/05/29 13:34:40 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/12/25 23:02:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2010/05/29 13:34:21 | 000,023,000 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browserdirprovider.dll
[2010/05/29 13:34:21 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\brwsrcmp.dll
[2008/09/19 15:55:32 | 000,479,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugins\msvcm80.dll
[2008/09/19 15:55:32 | 000,548,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugins\msvcp80.dll
[2008/09/19 15:55:32 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugins\msvcr80.dll
[2007/04/10 17:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
[2008/09/03 18:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npbittorrent.dll
[2008/12/25 23:02:48 | 000,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeploytk.dll
[2009/11/13 18:47:38 | 000,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
[2008/09/26 10:40:34 | 000,053,248 | ---- | M] (AOL LLC) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
[2009/04/20 14:25:54 | 000,072,960 | ---- | M] (Foxit Software Company) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2009/02/06 13:44:28 | 001,447,296 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
[2010/05/29 13:34:26 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npnul32.dll
[2006/10/26 20:12:16 | 000,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
[2010/04/02 05:30:43 | 000,095,672 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
[2010/05/22 23:22:52 | 000,140,864 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
[2010/03/30 22:03:45 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
[2010/03/30 22:03:45 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
[2010/03/30 22:03:45 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
[2010/03/30 22:03:45 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
[2010/03/30 22:03:45 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
[2010/03/30 22:03:45 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
[2010/03/30 22:03:45 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
[2010/05/22 23:23:19 | 000,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
[2010/05/22 23:22:46 | 000,098,304 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
[2007/04/16 11:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\plugins\npViewpoint.dll
[2010/05/29 13:34:26 | 000,001,394 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazondotcom.xml
[2010/05/29 13:34:26 | 000,002,193 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\answers.xml
[2009/07/01 04:30:46 | 000,001,490 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg_igeared.xml
[2010/05/29 13:34:26 | 000,001,534 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\creativecommons.xml
[2010/05/29 13:34:26 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay.xml
[2010/05/29 13:34:26 | 000,002,371 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\google.xml
[2010/05/29 13:34:26 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia.xml
[2010/05/29 13:34:26 | 000,001,096 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo.xml

Hosts file not found
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O3 - HKLM\..\Toolbar: (ReGet Bar) - {17939A30-18E2-471E-9D3A-56DD725F1215} - C:\Program Files (x86)\ReGet Software\ReGet Deluxe\IEBar.dll File not found
O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3:64bit: - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\SysNative\browseui.dll File not found
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\SysWOW64\browseui.dll (Microsoft Corporation)
O3:64bit: - HKCU\..\Toolbar\ShellBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\SysNative\SHELL32.dll File not found
O3 - HKCU\..\Toolbar\ShellBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\SysWOW64\shell32.dll (Microsoft Corporation)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\SysNative\browseui.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\SysWOW64\browseui.dll (Microsoft Corporation)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\SysNative\SHELL32.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\SysWOW64\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Foxit Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL LLC.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VirtualCloneDrive] C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
O4 - HKCU..\Run: [cdloader] C:\Documents and Settings\Administrator\Application Data\mjusbsp\cdloader2.exe (magicJack L.P.)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\SysWOW64\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [EA Core] C:\Program Files (x86)\Electronic Arts\EADM\Core.exe File not found
O4 - HKCU..\Run: [Google Update] C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Orb] C:\Program Files (x86)\Winamp Remote\bin\OrbTray.exe (Orb Networks)
O4 - HKCU..\Run: [Radio365Agent] C:\Program Files (x86)\Live365\Radio365\Radio365TrayAgent.exe (Live365)
O4 - HKCU..\Run: [Search Protection] C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe File not found
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk = C:\Program Files (x86)\RALINK\Common\RaUI.exe (Ralink Technology, Corp.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\setup.exe (magicJack L.P.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8:64bit: - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8:64bit: - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8:64bit: - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9:64bit: - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra Button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\SysNative\mswsock.dll File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\SysNative\winrnr.dll File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\SysNative\mswsock.dll File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\SysNative\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\SysNative\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\SysNative\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\SysNative\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\SysNative\mswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\SysWOW64\mswsock.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: magicjack.com ([my] https in Trusted sites)
O15 - HKCU\..Trusted Domains: talk4free.com ([reg] https in Trusted sites)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} http://chat.bresnan.com/sdccommon/download/tgctlcm.cab (Support.com Configuration Class)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.srtest.com/srl_bin/sysreqlab3.cab (System Requirements Lab Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1220928006546 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 69.144.49.30 69.146.17.2 69.144.49.29
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SysNative\mshtml.dll File not found
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\SysNative\urlmon.dll File not found
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\SysNative\msvidctl.dll File not found
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SysNative\urlmon.dll File not found
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SysNative\urlmon.dll File not found
O18:64bit: - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SysNative\urlmon.dll File not found
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SysNative\urlmon.dll File not found
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SysNative\urlmon.dll File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\SysNative\itss.dll File not found
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SysNative\mshtml.dll File not found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SysNative\urlmon.dll File not found
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SysNative\mshtml.dll File not found
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\SysNative\inetcomm.dll File not found
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SysNative\urlmon.dll File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\SysNative\itss.dll File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SysNative\mshtml.dll File not found
O18:64bit: - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\SysNative\mshtml.dll File not found
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\SysNative\msvidctl.dll File not found
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SysNative\mshtml.dll File not found
O18:64bit: - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\SysNative\wiascr.dll File not found
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\SysWOW64\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\SysWOW64\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\SysWOW64\wiascr.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O18:64bit: - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\SysNative\urlmon.dll File not found
O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SysNative\urlmon.dll File not found
O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SysNative\urlmon.dll File not found
O18:64bit: - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SysNative\urlmon.dll File not found
O18:64bit: - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\SysNative\SHELL32.dll File not found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\SysWOW64\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\SysNative\userinit.exe File not found
O20:64bit: - HKLM Winlogon: UIHost - (%SystemRoot%\system32\logonui.exe) - C:\WINDOWS\SysNative\logonui.exe File not found
O20:64bit: - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\SysWow64\shell32.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: System - (lsass.exe) - File not found
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (%SystemRoot%\system32\logonui.exe) - C:\WINDOWS\SysWOW64\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\SysWow64\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\SysWow64\sysdm.cpl (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\AtiExtEvent: DllName - Reg Error: Value error. - File not found
O20:64bit: - Winlogon\Notify\avgrsstarter: DllName - Reg Error: Value error. - File not found
O20:64bit: - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - File not found
O20:64bit: - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - File not found
O20:64bit: - Winlogon\Notify\cscdll: DllName - cscdll.dll - File not found
O20:64bit: - Winlogon\Notify\dimsntfy: DllName - dimsntfy.dll - File not found
O20:64bit: - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found
O20:64bit: - Winlogon\Notify\Schedule: DllName - wlnotify.dll - File not found
O20:64bit: - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - File not found
O20:64bit: - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - File not found
O20:64bit: - Winlogon\Notify\termsrv: DllName - Reg Error: Value error. - File not found
O20:64bit: - Winlogon\Notify\WB: DllName - Reg Error: Value error. - C:\Program Files (x86)\Stardock\Object Desktop\WindowBlinds\WbSrv.dll (Stardock Corporation)
O20:64bit: - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\AtiExtEvent: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\avgrsstarter: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\SysWow64\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\SysWow64\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\SysWow64\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - dimsntfy.dll - C:\WINDOWS\SysWow64\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\EFS: DllName - sclgntfy.dll - C:\WINDOWS\SysWow64\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\SysWow64\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - File not found
O20 - Winlogon\Notify\termsrv: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\WB: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\WBSrv: DllName - C:\Program Files (x86)\Stardock\Object Desktop\WindowBlinds\WBSrv.dll - C:\Program Files (x86)\Stardock\Object Desktop\WindowBlinds\WbSrv.dll (Stardock Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - File not found
O21:64bit: - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\SysNative\SHELL32.dll File not found
O21:64bit: - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\SysNative\SHELL32.dll File not found
O21:64bit: - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\SysNative\stobject.dll File not found
O21:64bit: - SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\SysNative\upnpui.dll File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\SysNative\webcheck.dll File not found
O21:64bit: - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\SysNative\WPDShServiceObj.dll File not found
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\SysWOW64\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\SysWOW64\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\SysWOW64\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\SysWOW64\webcheck.dll (Microsoft Corporation)
O22:64bit: - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\SysNative\browseui.dll File not found
O22:64bit: - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\SysNative\browseui.dll File not found
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\SysWOW64\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\SysWOW64\browseui.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - File not found
O28 - HKLM ShellExecuteHooks: {16664848-0E00-11D2-8059-000000000000} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\SysWow64\shell32.dll (Microsoft Corporation)
O29:64bit: - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\SysWow64\msapsspc.dll (Microsoft Corporation)
O29:64bit: - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\SysWow64\schannel.dll (Microsoft Corporation)
O29:64bit: - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\SysWow64\digest.dll (Microsoft Corporation)
O29:64bit: - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\SysWow64\msnsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\SysWow64\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\SysWow64\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\SysWow64\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\SysWow64\msnsspc.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (C:\\WINDOWS\\system32\\awtrPijH) - File not found
O30:64bit: - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\SysWow64\relog_ap.dll (Acronis)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (C:\\WINDOWS\\system32\\awtrPijH) - File not found
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\SysWow64\relog_ap.dll (Acronis)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\WINDOWS\SysWow64\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\WINDOWS\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\WINDOWS\SysWow64\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\WINDOWS\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\SysWow64\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/09/08 20:02:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/06/10 15:42:20 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/07/28 15:08:34 | 000,004,671 | ---- | M] () - D:\Autounattend.xml -- [ NTFS ]
O33 - MountPoints2\{0302d81b-f44a-11de-8fd0-0018f8ab06a4}\Shell - "" = AutoRun
O33 - MountPoints2\{0302d81b-f44a-11de-8fd0-0018f8ab06a4}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0302d81b-f44a-11de-8fd0-0018f8ab06a4}\Shell\AutoRun\command - "" = T:\WD SmartWare.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/06/12 07:20:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Gosu
[2010/06/12 07:15:33 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/06/08 18:38:11 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/06/02 11:22:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\100SSCAM
[2010/05/31 21:57:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010/05/31 15:32:08 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/05/29 11:02:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/05/29 11:02:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
[2010/05/29 11:00:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SASCORE
[2010/05/29 11:00:43 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/05/29 10:58:13 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\Administrator\Desktop\ATF-Cleaner.exe
[2010/05/27 19:47:41 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IECompatCache
[2010/05/27 19:44:41 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\PrivacIE
[2010/05/27 16:59:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2010/05/27 16:58:59 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\SysWow64\drivers\mbamswissarmy.sys
[2010/05/27 16:58:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/05/27 16:58:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/05/27 15:11:26 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IETldCache
[2010/05/27 15:01:00 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/05/27 13:56:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\MnF_13in1
[2010/05/25 22:57:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Windows Server
[2010/05/25 22:49:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Elaborate Bytes
[2010/05/25 22:48:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\gs
[2010/05/25 22:48:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\KaraokeDX
[2010/05/25 22:48:19 | 001,258,928 | ---- | C] (Spesoft Ltd) -- C:\WINDOWS\SysWow64\sysperxg.dll
[2010/05/25 22:48:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GameEx
[2010/05/25 22:46:12 | 018,804,032 | ---- | C] (Spesoft ) -- C:\Documents and Settings\Administrator\Desktop\106.GameExSetup.exe
[2010/05/25 16:56:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Visual Pinball
[2010/05/25 16:36:38 | 000,000,000 | ---D | C] -- C:\Games
[2010/05/25 16:27:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Future Pinball
[2010/05/25 14:40:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\PCHealth
[2010/05/22 23:22:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared
[2010/05/20 23:19:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pcsx2
[2010/05/17 19:42:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Facebook
[2010/05/15 23:34:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\ios 249
[2010/05/14 19:48:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\boob

========== Files - Modified Within 30 Days ==========

[2010/06/12 07:26:51 | 000,000,314 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1865067173-612216720-2012268356-500.job
[2010/06/12 07:26:51 | 000,000,306 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1865067173-612216720-2012268356-500.job
[2010/06/12 07:19:40 | 000,000,949 | ---- | M] () -- C:\WINDOWS\SysWow64\tversity.cookies
[2010/06/12 07:19:00 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1865067173-612216720-2012268356-500UA.job
[2010/06/12 07:18:43 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/12 07:18:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/12 07:16:35 | 015,466,496 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010/06/12 07:16:35 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/06/12 01:07:28 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\prvlcl.dat
[2010/06/12 00:19:00 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1865067173-612216720-2012268356-500Core.job
[2010/06/10 19:45:56 | 000,024,101 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\The book that has impacted me the most in this class is Courage and Calling.docx
[2010/06/10 16:46:52 | 000,030,208 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/10 00:02:48 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/06/09 22:21:06 | 000,042,432 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\all the same.mp3.sfk
[2010/06/09 22:21:02 | 001,968,486 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\all the same.mp3
[2010/06/09 22:20:53 | 000,046,136 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\all the same.sfk
[2010/06/09 22:19:48 | 023,591,416 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\all the same.wav
[2010/06/08 21:55:14 | 000,001,866 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2010/06/08 21:43:00 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/06/08 20:49:57 | 000,030,716 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\ad.jpg
[2010/06/08 18:38:11 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/06/08 15:19:54 | 000,002,389 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Google Chrome.lnk
[2010/06/06 13:28:20 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\wi7ot1ul.exe
[2010/06/06 13:27:11 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\dds.scr
[2010/06/06 09:09:44 | 000,001,562 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\DivX Movies.lnk
[2010/06/06 09:09:29 | 000,000,852 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Player.lnk
[2010/06/06 09:09:14 | 000,000,892 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Converter.lnk
[2010/06/04 16:01:06 | 000,000,013 | ---- | M] () -- C:\WINDOWS\SysWow64\WinSys32.crc
[2010/06/04 09:45:58 | 000,000,026 | ---- | M] () -- C:\WINDOWS\Zone.Identifier
[2010/06/01 19:25:16 | 000,021,474 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\gmer.jpg
[2010/06/01 19:12:17 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Administrator\defogger_reenable
[2010/06/01 19:10:28 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Defogger.exe
[2010/06/01 11:17:12 | 000,049,314 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\wendyorder.jpg
[2010/05/31 22:54:15 | 000,000,907 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Cinema Craft Encoder Basic.lnk
[2010/05/31 22:34:05 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\tw987cp5.exe
[2010/05/31 21:57:46 | 000,000,970 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/05/31 21:57:01 | 003,764,218 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2010/05/31 20:16:23 | 030,424,605 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Office 2007 All In One Desk Reference for Dummies.pdf
[2010/05/31 19:27:45 | 000,185,340 | -H-- | M] () -- C:\WINDOWS\SysWow64\mlfcache.dat
[2010/05/29 11:00:44 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/05/29 10:58:13 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\Administrator\Desktop\ATF-Cleaner.exe
[2010/05/27 16:59:01 | 000,000,771 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/27 12:39:19 | 000,015,450 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\second paper- mike's edit.docx
[2010/05/26 22:45:22 | 000,016,331 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\second paper.docx
[2010/05/25 22:49:40 | 000,000,990 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Virtual CloneDrive.lnk
[2010/05/25 22:48:35 | 000,272,784 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/05/25 22:35:02 | 018,804,787 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\106.GameExSetup.rar
[2010/05/25 16:57:08 | 000,001,743 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\VPinball_9_0_2.lnk
[2010/05/25 16:57:08 | 000,001,701 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\VPinball.lnk
[2010/05/25 16:57:07 | 000,001,831 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\vpforums.org.lnk
[2010/05/25 16:56:28 | 007,775,314 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\VPInstaller_1_0_3.exe
[2010/05/25 16:36:43 | 000,000,675 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Future Pinball.lnk
[2010/05/25 12:44:47 | 000,624,146 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\VPinball907.zip
[2010/05/25 12:42:29 | 017,530,367 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\GameEx.v9.83.rar
[2010/05/25 01:05:00 | 000,000,349 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\PCLECHAL.INI
[2010/05/23 21:45:10 | 000,046,806 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\science classes.std
[2010/05/22 23:23:09 | 000,000,777 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer SP.lnk
[2010/05/22 23:22:52 | 000,185,920 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\SysWow64\rmoc3260.dll
[2010/05/22 23:22:43 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\SysWow64\pndx5016.dll
[2010/05/22 23:22:43 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\SysWow64\pndx5032.dll
[2010/05/22 23:21:37 | 000,499,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msvcp71.dll
[2010/05/22 23:21:37 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msvcr71.dll
[2010/05/22 23:21:37 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\WINDOWS\SysWow64\pncrt.dll
[2010/05/19 20:21:04 | 000,120,087 | -H-- | M] () -- C:\Documents and Settings\Administrator\Desktop\mvstcdxx.lst
[2010/05/15 00:00:03 | 000,087,552 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\memorial number stickers.zdl
[2010/05/14 09:49:23 | 000,524,288 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\dvd399.bin

========== Files Created - No Company Name ==========

[2010/06/10 19:36:23 | 000,024,101 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\The book that has impacted me the most in this class is Courage and Calling.docx
[2010/06/09 22:21:02 | 000,042,432 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\all the same.mp3.sfk
[2010/06/09 22:21:00 | 001,968,486 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\all the same.mp3
[2010/06/09 22:20:35 | 000,046,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\all the same.sfk
[2010/06/09 22:19:43 | 023,591,416 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\all the same.wav
[2010/06/08 20:49:56 | 000,030,716 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\ad.jpg
[2010/06/06 13:28:20 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\wi7ot1ul.exe
[2010/06/04 09:45:58 | 000,000,026 | ---- | C] () -- C:\WINDOWS\Zone.Identifier
[2010/06/01 19:25:16 | 000,021,474 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\gmer.jpg
[2010/06/01 19:15:11 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\dds.scr
[2010/06/01 19:12:17 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\defogger_reenable
[2010/06/01 19:10:27 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Defogger.exe
[2010/06/01 11:17:12 | 000,049,314 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\wendyorder.jpg
[2010/05/31 22:54:15 | 000,000,907 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Cinema Craft Encoder Basic.lnk
[2010/05/31 22:34:04 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\tw987cp5.exe
[2010/05/31 20:12:53 | 030,424,605 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Office 2007 All In One Desk Reference for Dummies.pdf
[2010/05/29 11:00:44 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/05/27 16:59:01 | 000,000,771 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/26 23:44:18 | 000,015,450 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\second paper- mike's edit.docx
[2010/05/26 21:35:12 | 000,016,331 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\second paper.docx
[2010/05/25 22:49:40 | 000,000,990 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Virtual CloneDrive.lnk
[2010/05/25 22:29:57 | 018,804,787 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\106.GameExSetup.rar
[2010/05/25 16:57:08 | 000,001,743 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\VPinball_9_0_2.lnk
[2010/05/25 16:57:08 | 000,001,701 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\VPinball.lnk
[2010/05/25 16:57:07 | 000,001,831 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\vpforums.org.lnk
[2010/05/25 16:56:04 | 007,775,314 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\VPInstaller_1_0_3.exe
[2010/05/25 16:36:43 | 000,000,675 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Future Pinball.lnk
[2010/05/25 12:44:47 | 000,624,146 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\VPinball907.zip
[2010/05/25 12:39:12 | 017,530,367 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\GameEx.v9.83.rar
[2010/05/22 23:23:10 | 000,000,314 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1865067173-612216720-2012268356-500.job
[2010/05/22 23:23:10 | 000,000,306 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1865067173-612216720-2012268356-500.job
[2010/05/22 23:23:09 | 000,000,777 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer SP.lnk
[2010/05/19 20:21:04 | 000,120,087 | -H-- | C] () -- C:\Documents and Settings\Administrator\Desktop\mvstcdxx.lst
[2010/05/15 00:00:02 | 000,087,552 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\memorial number stickers.zdl
[2010/05/14 09:49:23 | 000,524,288 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\dvd399.bin
[2010/04/15 21:17:02 | 000,007,680 | ---- | C] () -- C:\WINDOWS\SysWow64\ff_vfw.dll
[2010/04/15 21:17:02 | 000,000,547 | ---- | C] () -- C:\WINDOWS\SysWow64\ff_vfw.dll.manifest
[2009/11/26 17:13:12 | 001,278,464 | ---- | C] () -- C:\WINDOWS\SysWow64\quartz.dll
[2009/11/22 01:39:05 | 000,027,648 | ---- | C] () -- C:\WINDOWS\SysWow64\AVSredirect.dll
[2009/10/17 15:31:57 | 000,829,781 | ---- | C] () -- C:\WINDOWS\SysWow64\xvidcore.dll
[2009/06/24 14:21:32 | 000,000,432 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/06/11 13:30:03 | 000,151,552 | ---- | C] () -- C:\WINDOWS\SysWow64\nvRegDev.dll
[2009/04/29 22:14:17 | 000,120,200 | ---- | C] () -- C:\WINDOWS\SysWow64\DLLDEV32i.dll
[2009/04/29 22:13:57 | 000,007,119 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2009/04/17 15:51:37 | 000,000,229 | ---- | C] () -- C:\WINDOWS\ABC_mru.ini
[2009/01/12 19:04:05 | 000,000,021 | ---- | C] () -- C:\WINDOWS\SurCode.INI
[2008/11/08 10:53:37 | 000,001,025 | ---- | C] () -- C:\WINDOWS\SysWow64\sysprs7.dll
[2008/11/08 10:53:37 | 000,001,025 | ---- | C] () -- C:\WINDOWS\SysWow64\clauth2.dll
[2008/11/08 10:53:37 | 000,001,025 | ---- | C] () -- C:\WINDOWS\SysWow64\clauth1.dll
[2008/11/08 10:53:37 | 000,000,073 | ---- | C] () -- C:\WINDOWS\SysWow64\ssprs.dll
[2008/11/08 10:53:36 | 000,000,205 | ---- | C] () -- C:\WINDOWS\SysWow64\lsprst7.dll
[2008/10/22 17:06:29 | 000,000,067 | ---- | C] () -- C:\WINDOWS\My Video Converter.INI
[2008/10/20 20:09:36 | 000,164,352 | ---- | C] () -- C:\WINDOWS\SysWow64\unrar.dll
[2008/10/20 20:09:35 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2008/10/10 15:00:05 | 000,034,308 | ---- | C] () -- C:\WINDOWS\SysWow64\BASSMOD.dll
[2008/10/02 01:50:30 | 000,061,440 | ---- | C] () -- C:\WINDOWS\SysWow64\cdTextCtl.dll
[2008/09/30 14:32:12 | 000,000,890 | ---- | C] () -- C:\WINDOWS\SysWow64\WLAN.INI
[2008/09/30 14:06:00 | 000,094,208 | ---- | C] () -- C:\WINDOWS\SysWow64\GTW32N50.dll
[2008/09/30 13:17:29 | 000,000,026 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2008/09/30 01:28:10 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/09/25 20:44:09 | 000,494,557 | ---- | C] () -- C:\WINDOWS\SysWow64\dxgi.dll
[2008/09/25 20:44:09 | 000,025,037 | ---- | C] () -- C:\WINDOWS\SysWow64\Nucleus.dll
[2008/09/25 20:44:08 | 000,519,912 | ---- | C] () -- C:\WINDOWS\SysWow64\d3dx10d_33.dll
[2008/09/25 20:44:07 | 000,566,624 | ---- | C] () -- C:\WINDOWS\SysWow64\d3d10.dll
[2008/09/09 00:57:01 | 000,058,792 | ---- | C] () -- C:\WINDOWS\SysWow64\wbload.dll
[2008/09/09 00:14:36 | 002,463,976 | ---- | C] () -- C:\WINDOWS\SysWow64\NPSWF32.dll
[2008/09/08 22:02:31 | 000,564,564 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\SysWow64\AgCPanelTraditionalChinese.dll
[2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\SysWow64\AgCPanelSwedish.dll
[2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\SysWow64\AgCPanelSpanish.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\SysWow64\AgCPanelSimplifiedChinese.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\SysWow64\AgCPanelPortugese.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\SysWow64\AgCPanelKorean.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\SysWow64\AgCPanelJapanese.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\SysWow64\AgCPanelGerman.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\SysWow64\AgCPanelFrench.dll
[2007/02/18 06:00:00 | 000,733,696 | ---- | C] () -- C:\WINDOWS\SysWow64\qedwipes.dll
[2007/02/18 06:00:00 | 000,512,512 | ---- | C] () -- C:\WINDOWS\SysWow64\qedit.dll
[2007/02/18 06:00:00 | 000,498,742 | ---- | C] () -- C:\WINDOWS\SysWow64\dxmasf.dll
[2007/02/18 06:00:00 | 000,396,288 | ---- | C] () -- C:\WINDOWS\SysWow64\encdec.dll
[2007/02/18 06:00:00 | 000,385,536 | ---- | C] () -- C:\WINDOWS\SysWow64\qdvd.dll
[2007/02/18 06:00:00 | 000,355,112 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2007/02/18 06:00:00 | 000,279,040 | ---- | C] () -- C:\WINDOWS\SysWow64\qdv.dll
[2007/02/18 06:00:00 | 000,276,992 | ---- | C] () -- C:\WINDOWS\SysWow64\sbe.dll
[2007/02/18 06:00:00 | 000,199,168 | ---- | C] () -- C:\WINDOWS\SysWow64\ir32_32.dll
[2007/02/18 06:00:00 | 000,192,512 | ---- | C] () -- C:\WINDOWS\SysWow64\qcap.dll
[2007/02/18 06:00:00 | 000,114,688 | ---- | C] () -- C:\WINDOWS\SysWow64\msencode.dll
[2007/02/18 06:00:00 | 000,072,704 | ---- | C] () -- C:\WINDOWS\SysWow64\amstream.dll
[2007/02/18 06:00:00 | 000,062,464 | ---- | C] () -- C:\WINDOWS\SysWow64\mciqtz32.dll
[2007/02/18 06:00:00 | 000,061,440 | ---- | C] () -- C:\WINDOWS\SysWow64\devenum.dll
[2007/02/18 06:00:00 | 000,016,896 | ---- | C] () -- C:\WINDOWS\SysWow64\tsd32.dll
[2007/02/18 06:00:00 | 000,014,336 | ---- | C] () -- C:\WINDOWS\SysWow64\msdmo.dll
[2007/02/18 06:00:00 | 000,004,126 | ---- | C] () -- C:\WINDOWS\SysWow64\msdxmlc.dll
[2005/07/08 22:07:46 | 000,007,168 | ---- | C] () -- C:\WINDOWS\SysWow64\dfscacm.dll
[2005/07/08 22:07:44 | 000,005,632 | ---- | C] () -- C:\WINDOWS\SysWow64\dfsc.dll
[2002/03/16 18:00:00 | 000,007,420 | ---- | C] () -- C:\WINDOWS\UA000071.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 487 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
@Alternate Data Stream - 197 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:556BBACC
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9E00596C
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:61A065F2
< End of report >


#12 berighteous

berighteous
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:18 PM

Posted 12 June 2010 - 09:06 AM

still redirecting.

#13 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:04:18 AM

Posted 12 June 2010 - 11:15 AM

Hi,


Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    CODE
    :Commands
    [emptytemp]
    [resethosts]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
================================Follow up scan=================================
  • Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open one notepad window. OTL.Txt a This is saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.

regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#14 berighteous

berighteous
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:18 PM

Posted 12 June 2010 - 12:16 PM

All processes killed
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 45893377 bytes
->Temporary Internet Files folder emptied: 79686 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 78252013 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 2926 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33875 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 529 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 119.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.5.3 log created on 06122010_110253

Files\Folders moved on Reboot...
C:\Documents and Settings\Administrator\Local Settings\Temp\alm.log moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\amt.log moved successfully.
File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\Photoshop Temp5929864988 not found!
File\Folder C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\CM317BBO\getInfo[1].htm not found!
File\Folder C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\32LKGD0U\country[1].js not found!

Registry entries deleted on Reboot...
======================================

2010-06-12 09:55:53 [6128] AMT: START SESSION, library version 1.0.5.1504,49.285477
2010-06-12 09:55:53 [6128] AMT: Initializing C:\Program Files (x86)\Adobe\Adobe Premiere Pro CS3\ [en_US]
2010-06-12 09:55:53 [6128] AMT: Adobe License Manager version 2.1 (build 5.1504) RELEASE
2010-06-12 09:55:53 [6128] /AMT0069688654/ {4DAFF26A-62E5-4F2F-9E98-E73B914E6828}
2010-06-12 09:55:53 [6128] /AMT0194694755/ {4DAFF26A-62E5-4F2F-9E98-E73B914E6828}
2010-06-12 09:55:53 [6128] /AMT0073107491/ {4DAFF26A-62E5-4F2F-9E98-E73B914E6828}
2010-06-12 09:55:53 [6128] /AMT0087759331/ {0CB57D21-5E7C-4121-AD75-8ED4AE1B31C8}
2010-06-12 09:55:53 [6128] /AMT0051932803/ GUID-MS-Premium-CS3-Win
2010-06-12 09:55:53 [6128] /AMT0186350190/
2010-06-12 09:55:53 [6128] /AMT0013778542/
2010-06-12 09:55:53 [6128] /AMT0165831715/ C:\Program Files (x86)\Common Files\Adobe\Adobe Creative Suite 3 Master Collection\AMT
2010-06-12 09:55:53 [6128] /AMT0166617427/ C:\Program Files (x86)\Common Files\Adobe\Adobe Creative Suite 3 Master Collection\AMT\application.sif
2010-06-12 09:55:53 [6128] /AMT0268432926/ 92298115383687449057
2010-06-12 09:55:53 [6128] /AMT0172021198/
2010-06-12 09:55:53 [6128] /AMT0201805758/
2010-06-12 09:55:53 [6128] /AMT0013754766/
2010-06-12 09:55:53 [6128] /AMT0088421566/
2010-06-12 09:55:53 [6128] /AMT0171050355/ 434.918125
2010-06-12 09:56:09 [6128] /AMT0125289710/ Validating
2010-06-12 09:56:09 [6128] /AMT0011178590/
2010-06-12 09:56:09 [6128] /AMT0227587655/
2010-06-12 09:56:09 [6128] /AMT0193605470/
2010-06-12 09:56:09 [6128] /AMT0227926229/ 0x735ca2c0 3228
2010-06-12 09:56:09 [6128] /AMT0227926229/ 0xaf26c2b8 9644
2010-06-12 09:56:09 [6128] /AMT0227926229/ 0x1b53ef68 29519
2010-06-12 09:56:09 [6128] /AMT0227926229/ 0x8b4ac2d6 3228
2010-06-12 09:56:09 [6128] /AMT0227926229/ 0x9edcd59d 16812
2010-06-12 09:56:09 [6128] /AMT0227926229/ 0x7a7835fa 433242
2010-06-12 09:56:09 [6128] /AMT0112838974/
2010-06-12 09:56:09 [6128] /AMT0074144334/
2010-06-12 09:56:10 [6128] /ALMService0136556144/
2010-06-12 09:56:10 [6128] /ALMService0064228135/
2010-06-12 09:56:11 [6128] /ALMService0173276467/ false
2010-06-12 09:56:12 [6128] /AMT0053109662/
2010-06-12 09:56:13 [6128] /AMT0072388350/
2010-06-12 09:56:13 [6128] /AMT0156978254/
2010-06-12 09:56:13 [6128] /AMT0136045502/
2010-06-12 09:56:15 [6128] /AMT0206183934/
2010-06-12 09:56:15 [6128] /AMT0237326350/
2010-06-12 09:56:15 [6128] /AMT0034786110/ Validated
2010-06-12 09:56:15 [6128] /AMT0217531966/
2010-06-12 09:56:15 [6128] /AMT0261659678/
2010-06-12 09:56:15 [6128] /AUMService0196997731/
===========================================

2010-06-12 09:56:11 [6128] ALM: _info_: ==========================================
2010-06-12 09:56:11 [6128] ALM: _info_: Start ALM 2.1 Release (build 2.1.5.1504)
2010-06-12 09:56:11 [6128] ALM: _info_: TYPE = 1
2010-06-12 09:56:11 [6128] ALM: _info_: GUID = GUID-MS-Premium-CS3-Win
2010-06-12 09:56:11 [6128] ALM: _info_: LANG = en_US
2010-06-12 09:56:11 [6128] ALM: _info_: Load AdobeConfig (version = 1.3)
2010-06-12 09:56:12 [6128] ALM: _info_: Use Serial Number In PCD
2010-06-12 09:56:12 [6128] ALM: _info_: Find License (type = 0x03, property = 0x00, status = 0x00)
2010-06-12 09:56:13 [6128] ALM: _info_: Start License Session Succeed!
2010-06-12 09:56:13 [6128] ALM: _info_: Query Feature Ultra_Base (version = 3.0) Succeed
2010-06-12 09:56:13 [6128] ALM: _info_: Query Feature Acrobat (version = 8.0) Succeed
2010-06-12 09:56:13 [6128] ALM: _info_: Query Feature Acrobat_Distiller (version = 8.0) Succeed
2010-06-12 09:56:14 [6128] ALM: _info_: Query Feature Acrobat_Viewer (version = 8.0) Succeed
2010-06-12 09:56:14 [6128] ALM: _info_: Query Feature AfterEffects (version = 8.0) Succeed
2010-06-12 09:56:14 [6128] ALM: _info_: Query Feature AfterEffects_Base (version = 8.0) Succeed
2010-06-12 09:56:14 [6128] ALM: _info_: Query Feature Bridge_Base (version = 2.0) Succeed
2010-06-12 09:56:14 [6128] ALM: _info_: Query Feature Bridge_CameraRaw (version = 2.0) Succeed
2010-06-12 09:56:14 [6128] ALM: _info_: Query Feature Bridge_ColorSettings (version = 2.0) Succeed
2010-06-12 09:56:14 [6128] ALM: _info_: Query Feature Contribute (version = 4.1) Succeed
2010-06-12 09:56:14 [6128] ALM: _info_: Query Feature Contribute_Base (version = 4.1) Succeed
2010-06-12 09:56:14 [6128] ALM: _info_: Query Feature CreativeSuite (version = 3.0) Succeed
2010-06-12 09:56:14 [6128] ALM: _info_: Query Feature Dreamweaver (version = 9.0) Succeed
2010-06-12 09:56:14 [6128] ALM: _info_: Query Feature Dreamweaver_Base (version = 9.0) Succeed
2010-06-12 09:56:14 [6128] ALM: _info_: Query Feature Encore (version = 3.0) Succeed
2010-06-12 09:56:14 [6128] ALM: _info_: Query Feature Encore_Base (version = 3.0) Succeed
2010-06-12 09:56:14 [6128] ALM: _info_: Query Feature Fireworks (version = 9.0) Succeed
2010-06-12 09:56:14 [6128] ALM: _info_: Query Feature Fireworks_Base (version = 9.0) Succeed
2010-06-12 09:56:14 [6128] ALM: _info_: Query Feature Flash (version = 9.0) Succeed
2010-06-12 09:56:14 [6128] ALM: _info_: Query Feature Flash_Base (version = 9.0) Succeed
2010-06-12 09:56:14 [6128] ALM: _info_: Query Feature Flash_Pro (version = 9.0) Succeed
2010-06-12 09:56:14 [6128] ALM: _info_: Query Feature Illustrator (version = 13.0) Succeed
2010-06-12 09:56:14 [6128] ALM: _info_: Query Feature Illustrator_Base (version = 13.0) Succeed
2010-06-12 09:56:14 [6128] ALM: _info_: Query Feature InDesign (version = 5.0) Succeed
2010-06-12 09:56:14 [6128] ALM: _info_: Query Feature InDesign_Standard (version = 5.0) Succeed
2010-06-12 09:56:14 [6128] ALM: _info_: Query Feature MobileCenter_Base (version = 1.0) Succeed
2010-06-12 09:56:14 [6128] ALM: _info_: Query Feature Photoshop (version = 10.0) Succeed
2010-06-12 09:56:14 [6128] ALM: _info_: Query Feature Photoshop_Premium (version = 10.0) Succeed
2010-06-12 09:56:14 [6128] ALM: _info_: Query Feature Photoshop_Standard (version = 10.0) Succeed
2010-06-12 09:56:14 [6128] ALM: _info_: Query Feature Premiere (version = 3.0) Succeed
2010-06-12 09:56:15 [6128] ALM: _info_: Query Feature Premiere_Base (version = 3.0) Succeed
2010-06-12 09:56:15 [6128] ALM: _info_: Query Feature Shared_Designer (version = 8.0) Succeed
2010-06-12 09:56:15 [6128] ALM: _info_: Query Feature Soundbooth (version = 1.0) Succeed
2010-06-12 09:56:15 [6128] ALM: _info_: Query Feature Soundbooth_Base (version = 1.0) Succeed
2010-06-12 09:56:15 [6128] ALM: _info_: Query Feature SuiteBundle_118 (version = 8.0) Succeed
2010-06-12 09:56:15 [6128] ALM: _info_: Query Feature CreativeSuite_DVADynamicLink (version = 2.0) Succeed
2010-06-12 09:56:15 [6128] ALM: _info_: Query Feature Premiere_Base (version = 3.0) Succeed
2010-06-12 09:56:15 [6128] ALM: _info_: Query Feature CreativeSuite_DVADynamicLink (version = 2.0) Succeed




#15 berighteous

berighteous
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:18 PM

Posted 12 June 2010 - 12:21 PM

OTL logfile created on: 6/12/2010 11:19:46 AM - Run 4
OTL by OldTimer - Version 3.2.5.3 Folder = C:\Documents and Settings\Administrator\Desktop
64bit-Windows Server 2003 Service Pack 2 (Version = 5.2.3790) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 7.00 Gb Available Physical Memory | 85.00% Memory free
16.00 Gb Paging File | 14.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): c:\pagefile.sys 8191 15000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 107.42 Gb Total Space | 2.11 Gb Free Space | 1.96% Space Free | Partition Type: NTFS
Drive D: | 107.42 Gb Total Space | 28.31 Gb Free Space | 26.36% Space Free | Partition Type: NTFS
Drive E: | 250.91 Gb Total Space | 23.46 Gb Free Space | 9.35% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive M: | 100.59 Gb Total Space | 2.38 Gb Free Space | 2.37% Space Free | Partition Type: NTFS
Drive N: | 100.59 Gb Total Space | 16.03 Gb Free Space | 15.94% Space Free | Partition Type: NTFS
Drive O: | 31.69 Gb Total Space | 1.82 Gb Free Space | 5.73% Space Free | Partition Type: FAT32
Drive P: | 298.09 Gb Total Space | 47.77 Gb Free Space | 16.02% Space Free | Partition Type: NTFS
Drive Q: | 465.75 Gb Total Space | 35.64 Gb Free Space | 7.65% Space Free | Partition Type: NTFS
Drive R: | 298.09 Gb Total Space | 48.92 Gb Free Space | 16.41% Space Free | Partition Type: NTFS
Drive S: | 465.76 Gb Total Space | 46.94 Gb Free Space | 10.08% Space Free | Partition Type: NTFS

Computer Name: PHENOM
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe ()
PRC - C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\MediaMall\MediaMallServer.exe (MediaMall Technologies, Inc.)
PRC - C:\Program Files (x86)\TVersity\Media Server\MediaServer.exe ()
PRC - C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe (Autodesk)
PRC - C:\Program Files (x86)\PC Tools Disk Suite\DSService.exe (PC Tools Software)
PRC - C:\Program Files (x86)\Live365\Radio365\Radio365TrayAgent.exe (Live365)
PRC - C:\WINDOWS\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
PRC - C:\Program Files (x86)\Winamp Remote\bin\OrbTray.exe (Orb Networks)
PRC - C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_64server.exe ()
PRC - C:\Program Files (x86)\Winamp Remote\bin\Orb.exe (Orb Networks, Inc.)
PRC - c:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\MagicTune Premium\MagicTuneEngine.exe ()
PRC - C:\Program Files (x86)\RALINK\Common\RaUI.exe (Ralink Technology, Corp.)
PRC - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
PRC - C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
PRC - C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe (InterVideo Inc.)
PRC - C:\Program Files (x86)\Canon\CAL\CALMAIN.exe (Canon Inc.)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll ()
MOD - C:\WINDOWS\SysWOW64\msvcp71.dll (Microsoft Corporation)
MOD - C:\WINDOWS\SysWOW64\msvcr71.dll (Microsoft Corporation)
MOD - C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrcInj.dll (Logitech Inc.)
MOD - C:\WINDOWS\SysWOW64\comres.dll (Microsoft Corporation)
MOD - C:\WINDOWS\SysWOW64\comdlg32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\SysWOW64\wbem\framedyn.dll (Microsoft Corporation)
MOD - C:\WINDOWS\SysWOW64\MSCTFIME.IME (Microsoft Corporation)
MOD - C:\WINDOWS\SysWOW64\msscript.ocx (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\wow64_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.3790.3959_x-ww_5FA17F4E\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.)
SRV:64bit: - (mi-raysat_3dsMax2009_64) -- C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_64server.exe ()
SRV:64bit: - (LVSrvLauncher) -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe (Logitech Inc.)
SRV:64bit: - (LVPrcS64) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV:64bit: - (LVCOMSer) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVCSer64.exe (Logitech Inc.)
SRV - (AODService) -- C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe ()
SRV - (avg9wd) -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (MediaMall Server) -- C:\Program Files (x86)\MediaMall\MediaMallServer.exe (MediaMall Technologies, Inc.)
SRV - (TVersityMediaServer) -- C:\Program Files (x86)\TVersity\Media Server\MediaServer.exe ()
SRV - (Autodesk Licensing Service) -- C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe (Autodesk)
SRV - (DiskSuiteService) -- C:\Program Files (x86)\PC Tools Disk Suite\DSService.exe (PC Tools Software)
SRV - (ATI Smart) -- C:\WINDOWS\SysWOW64\ati2saag.exe ()
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (Adobe Version Cue CS4) -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe (Adobe Systems Incorporated)
SRV - (PnkBstrA) -- C:\WINDOWS\SysWOW64\PnkBstrA.exe ()
SRV - (clr_optimization_v2.0.50727_64) -- C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (aspnet_state) -- C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (SgtSch2Svc) -- C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe (Seagate)
SRV - (SupportSoft RemoteAssist) -- C:\Program Files (x86)\Common Files\supportsoft\bin\ssrc.exe (SupportSoft, Inc.)
SRV - (MagicTuneEngine) -- C:\Program Files (x86)\MagicTune Premium\MagicTuneEngine.exe ()
SRV - (Adobe Version Cue CS3) -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe (Adobe Systems Incorporated)
SRV - (IASJet) -- C:\WINDOWS\SysWOW64\iasrecst.dll (Microsoft Corporation)
SRV - (helpsvc) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IviRegMgr) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
SRV - (Viewpoint Manager Service) -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (WMPNetworkSvc) -- C:\Program Files (x86)\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)
SRV - (Capture Device Service) -- C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe (InterVideo Inc.)
SRV - (CCALib8) -- C:\Program Files (x86)\Canon\CAL\CALMAIN.exe (Canon Inc.)
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®)


========== Driver Services (SafeList) ==========

DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (RivaTuner64) -- C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys ()
DRV - (AODDriver2) -- C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys (Advanced Micro Devices)
DRV - (gdrv) -- C:\WINDOWS\gdrv.sys (Windows ® Server 2003 DDK provider)
DRV - (adfs) -- C:\WINDOWS\SysWOW64\Drivers\adfs.sys (Adobe Systems, Inc.)
DRV - (ElbyCDIO) -- C:\WINDOWS\SysWOW64\ElbyCDIO.dll (Elaborate Bytes AG)
DRV - (NCPro) -- C:\WINDOWS\system32\drivers\MTictwl.sys (Samsung Electronics, Inc. )
DRV - (MagicTune) -- C:\WINDOWS\SysWOW64\Drivers\MTiCtwl.sys (Samsung Electronics, Inc. )
DRV - (mnmdd) -- C:\WINDOWS\SysWOW64\mnmdd.dll (Microsoft Corporation)
DRV - (speedfan) -- C:\WINDOWS\SysWOW64\speedfan.sys (Windows ® Server 2003 DDK provider)
DRV - (RT61) -- C:\WINDOWS\SysWOW64\rt61.cat ()
DRV - (RTCore64) -- C:\Program Files (x86)\RMClock\RTCore64.sys ()


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL LLC.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL LLC.)
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.drudgereport.com/"
FF - prefs.js..extensions.enabledItems: activegs@freetoolsassociation.com:3.0.213
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.825
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.2.1
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.4
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.3


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG9\Firefox [2010/06/02 10:12:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/11/22 23:23:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/05/22 23:23:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Minefield 3.7a5pre\extensions\\Components: C:\Program Files (x86)\Minefield\components [2010/06/12 08:13:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Minefield 3.7a5pre\extensions\\Plugins: C:\Program Files (x86)\Minefield\plugins
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/05/29 13:34:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/05/29 13:34:40 | 000,000,000 | ---D | M]

[2008/09/08 23:07:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2008/09/08 23:07:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010/06/12 08:13:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\g6jc335s.default\extensions
[2010/06/03 23:06:14 | 000,000,000 | ---D | M] (FlashGot) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\g6jc335s.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2010/04/26 19:11:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\g6jc335s.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/26 19:11:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\g6jc335s.default\extensions\activegs@freetoolsassociation.com
[2010/06/12 08:13:08 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/05/29 13:34:40 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/12/25 23:02:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2010/05/29 13:34:21 | 000,023,000 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browserdirprovider.dll
[2010/05/29 13:34:21 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\brwsrcmp.dll
[2008/09/19 15:55:32 | 000,479,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugins\msvcm80.dll
[2008/09/19 15:55:32 | 000,548,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugins\msvcp80.dll
[2008/09/19 15:55:32 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugins\msvcr80.dll
[2007/04/10 17:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
[2008/09/03 18:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npbittorrent.dll
[2008/12/25 23:02:48 | 000,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeploytk.dll
[2009/11/13 18:47:38 | 000,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
[2008/09/26 10:40:34 | 000,053,248 | ---- | M] (AOL LLC) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
[2009/04/20 14:25:54 | 000,072,960 | ---- | M] (Foxit Software Company) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2009/02/06 13:44:28 | 001,447,296 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
[2010/05/29 13:34:26 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npnul32.dll
[2006/10/26 20:12:16 | 000,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
[2010/04/02 05:30:43 | 000,095,672 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
[2010/05/22 23:22:52 | 000,140,864 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
[2010/03/30 22:03:45 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
[2010/03/30 22:03:45 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
[2010/03/30 22:03:45 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
[2010/03/30 22:03:45 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
[2010/03/30 22:03:45 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
[2010/03/30 22:03:45 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
[2010/03/30 22:03:45 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
[2010/05/22 23:23:19 | 000,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
[2010/05/22 23:22:46 | 000,098,304 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
[2007/04/16 11:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\plugins\npViewpoint.dll
[2010/05/29 13:34:26 | 000,001,394 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazondotcom.xml
[2010/05/29 13:34:26 | 000,002,193 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\answers.xml
[2009/07/01 04:30:46 | 000,001,490 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg_igeared.xml
[2010/05/29 13:34:26 | 000,001,534 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\creativecommons.xml
[2010/05/29 13:34:26 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay.xml
[2010/05/29 13:34:26 | 000,002,371 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\google.xml
[2010/05/29 13:34:26 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia.xml
[2010/05/29 13:34:26 | 000,001,096 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo.xml

Hosts file not found
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O3 - HKLM\..\Toolbar: (ReGet Bar) - {17939A30-18E2-471E-9D3A-56DD725F1215} - C:\Program Files (x86)\ReGet Software\ReGet Deluxe\IEBar.dll File not found
O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3:64bit: - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\SysNative\browseui.dll File not found
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\SysWOW64\browseui.dll (Microsoft Corporation)
O3:64bit: - HKCU\..\Toolbar\ShellBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\SysNative\SHELL32.dll File not found
O3 - HKCU\..\Toolbar\ShellBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\SysWOW64\shell32.dll (Microsoft Corporation)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\SysNative\browseui.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\SysWOW64\browseui.dll (Microsoft Corporation)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\SysNative\SHELL32.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\SysWOW64\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Foxit Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL LLC.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VirtualCloneDrive] C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
O4 - HKCU..\Run: [cdloader] C:\Documents and Settings\Administrator\Application Data\mjusbsp\cdloader2.exe (magicJack L.P.)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\SysWOW64\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [EA Core] C:\Program Files (x86)\Electronic Arts\EADM\Core.exe File not found
O4 - HKCU..\Run: [Google Update] C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Orb] C:\Program Files (x86)\Winamp Remote\bin\OrbTray.exe (Orb Networks)
O4 - HKCU..\Run: [Radio365Agent] C:\Program Files (x86)\Live365\Radio365\Radio365TrayAgent.exe (Live365)
O4 - HKCU..\Run: [Search Protection] C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe File not found
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk = C:\Program Files (x86)\RALINK\Common\RaUI.exe (Ralink Technology, Corp.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\setup.exe (magicJack L.P.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8:64bit: - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8:64bit: - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8:64bit: - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9:64bit: - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra Button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\SysNative\mswsock.dll File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\SysNative\winrnr.dll File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\SysNative\mswsock.dll File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\SysNative\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\SysNative\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\SysNative\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\SysNative\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\SysNative\mswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\SysWOW64\mswsock.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: magicjack.com ([my] https in Trusted sites)
O15 - HKCU\..Trusted Domains: talk4free.com ([reg] https in Trusted sites)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} http://chat.bresnan.com/sdccommon/download/tgctlcm.cab (Support.com Configuration Class)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.srtest.com/srl_bin/sysreqlab3.cab (System Requirements Lab Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1220928006546 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 69.144.49.30 69.146.17.2 69.144.49.29
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SysNative\mshtml.dll File not found
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\SysNative\urlmon.dll File not found
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\SysNative\msvidctl.dll File not found
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SysNative\urlmon.dll File not found
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SysNative\urlmon.dll File not found
O18:64bit: - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SysNative\urlmon.dll File not found
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SysNative\urlmon.dll File not found
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SysNative\urlmon.dll File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\SysNative\itss.dll File not found
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SysNative\mshtml.dll File not found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SysNative\urlmon.dll File not found
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SysNative\mshtml.dll File not found
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\SysNative\inetcomm.dll File not found
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SysNative\urlmon.dll File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\SysNative\itss.dll File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SysNative\mshtml.dll File not found
O18:64bit: - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\SysNative\mshtml.dll File not found
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\SysNative\msvidctl.dll File not found
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SysNative\mshtml.dll File not found
O18:64bit: - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\SysNative\wiascr.dll File not found
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\SysWOW64\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\SysWOW64\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\SysWOW64\wiascr.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O18:64bit: - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\SysNative\urlmon.dll File not found
O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SysNative\urlmon.dll File not found
O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SysNative\urlmon.dll File not found
O18:64bit: - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SysNative\urlmon.dll File not found
O18:64bit: - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\SysNative\SHELL32.dll File not found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\SysWOW64\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\SysNative\userinit.exe File not found
O20:64bit: - HKLM Winlogon: UIHost - (%SystemRoot%\system32\logonui.exe) - C:\WINDOWS\SysNative\logonui.exe File not found
O20:64bit: - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\SysWow64\shell32.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: System - (lsass.exe) - File not found
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (%SystemRoot%\system32\logonui.exe) - C:\WINDOWS\SysWOW64\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\SysWow64\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\SysWow64\sysdm.cpl (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\AtiExtEvent: DllName - Reg Error: Value error. - File not found
O20:64bit: - Winlogon\Notify\avgrsstarter: DllName - Reg Error: Value error. - File not found
O20:64bit: - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - File not found
O20:64bit: - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - File not found
O20:64bit: - Winlogon\Notify\cscdll: DllName - cscdll.dll - File not found
O20:64bit: - Winlogon\Notify\dimsntfy: DllName - dimsntfy.dll - File not found
O20:64bit: - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found
O20:64bit: - Winlogon\Notify\Schedule: DllName - wlnotify.dll - File not found
O20:64bit: - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - File not found
O20:64bit: - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - File not found
O20:64bit: - Winlogon\Notify\termsrv: DllName - Reg Error: Value error. - File not found
O20:64bit: - Winlogon\Notify\WB: DllName - Reg Error: Value error. - C:\Program Files (x86)\Stardock\Object Desktop\WindowBlinds\WbSrv.dll (Stardock Corporation)
O20:64bit: - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\AtiExtEvent: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\avgrsstarter: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\SysWow64\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\SysWow64\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\SysWow64\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - dimsntfy.dll - C:\WINDOWS\SysWow64\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\EFS: DllName - sclgntfy.dll - C:\WINDOWS\SysWow64\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\SysWow64\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - File not found
O20 - Winlogon\Notify\termsrv: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\WB: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\WBSrv: DllName - C:\Program Files (x86)\Stardock\Object Desktop\WindowBlinds\WBSrv.dll - C:\Program Files (x86)\Stardock\Object Desktop\WindowBlinds\WbSrv.dll (Stardock Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - File not found
O21:64bit: - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\SysNative\SHELL32.dll File not found
O21:64bit: - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\SysNative\SHELL32.dll File not found
O21:64bit: - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\SysNative\stobject.dll File not found
O21:64bit: - SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\SysNative\upnpui.dll File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\SysNative\webcheck.dll File not found
O21:64bit: - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\SysNative\WPDShServiceObj.dll File not found
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\SysWOW64\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\SysWOW64\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\SysWOW64\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\SysWOW64\webcheck.dll (Microsoft Corporation)
O22:64bit: - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\SysNative\browseui.dll File not found
O22:64bit: - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\SysNative\browseui.dll File not found
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\SysWOW64\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\SysWOW64\browseui.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - File not found
O28 - HKLM ShellExecuteHooks: {16664848-0E00-11D2-8059-000000000000} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\SysWow64\shell32.dll (Microsoft Corporation)
O29:64bit: - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\SysWow64\msapsspc.dll (Microsoft Corporation)
O29:64bit: - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\SysWow64\schannel.dll (Microsoft Corporation)
O29:64bit: - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\SysWow64\digest.dll (Microsoft Corporation)
O29:64bit: - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\SysWow64\msnsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\SysWow64\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\SysWow64\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\SysWow64\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\SysWow64\msnsspc.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (C:\\WINDOWS\\system32\\awtrPijH) - File not found
O30:64bit: - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\SysWow64\relog_ap.dll (Acronis)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (C:\\WINDOWS\\system32\\awtrPijH) - File not found
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\SysWow64\relog_ap.dll (Acronis)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\WINDOWS\SysWow64\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\WINDOWS\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\WINDOWS\SysWow64\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\WINDOWS\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\SysWow64\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/09/08 20:02:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/06/10 15:42:20 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/07/28 15:08:34 | 000,004,671 | ---- | M] () - D:\Autounattend.xml -- [ NTFS ]
O33 - MountPoints2\{0302d81b-f44a-11de-8fd0-0018f8ab06a4}\Shell - "" = AutoRun
O33 - MountPoints2\{0302d81b-f44a-11de-8fd0-0018f8ab06a4}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0302d81b-f44a-11de-8fd0-0018f8ab06a4}\Shell\AutoRun\command - "" = T:\WD SmartWare.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/06/12 11:07:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Gosu
[2010/06/12 08:13:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Minefield
[2010/06/12 08:12:08 | 008,893,329 | ---- | C] (Mozilla) -- C:\Documents and Settings\Administrator\Desktop\firefox-3.7a5pre.en-US.win64-x86_64.installer.exe
[2010/06/12 07:15:33 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/06/08 18:38:11 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/06/02 11:22:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\100SSCAM
[2010/05/31 21:57:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010/05/31 15:32:08 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/05/29 11:02:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/05/29 11:02:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
[2010/05/29 11:00:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SASCORE
[2010/05/29 11:00:43 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/05/29 10:58:13 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\Administrator\Desktop\ATF-Cleaner.exe
[2010/05/27 19:47:41 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IECompatCache
[2010/05/27 19:44:41 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\PrivacIE
[2010/05/27 16:59:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2010/05/27 16:58:59 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\SysWow64\drivers\mbamswissarmy.sys
[2010/05/27 16:58:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/05/27 16:58:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/05/27 15:11:26 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IETldCache
[2010/05/27 15:01:00 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/05/27 13:56:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\MnF_13in1
[2010/05/25 22:57:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Windows Server
[2010/05/25 22:49:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Elaborate Bytes
[2010/05/25 22:48:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\gs
[2010/05/25 22:48:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\KaraokeDX
[2010/05/25 22:48:19 | 001,258,928 | ---- | C] (Spesoft Ltd) -- C:\WINDOWS\SysWow64\sysperxg.dll
[2010/05/25 22:48:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GameEx
[2010/05/25 22:46:12 | 018,804,032 | ---- | C] (Spesoft ) -- C:\Documents and Settings\Administrator\Desktop\106.GameExSetup.exe
[2010/05/25 16:56:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Visual Pinball
[2010/05/25 16:36:38 | 000,000,000 | ---D | C] -- C:\Games
[2010/05/25 16:27:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Future Pinball
[2010/05/25 14:40:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\PCHealth
[2010/05/22 23:22:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared
[2010/05/20 23:19:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pcsx2
[2010/05/17 19:42:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Facebook
[2010/05/15 23:34:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\ios 249
[2010/05/14 19:48:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\boob

========== Files - Modified Within 30 Days ==========

[2010/06/12 11:19:00 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1865067173-612216720-2012268356-500UA.job
[2010/06/12 11:18:32 | 000,000,314 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1865067173-612216720-2012268356-500.job
[2010/06/12 11:18:32 | 000,000,306 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1865067173-612216720-2012268356-500.job
[2010/06/12 11:15:57 | 015,466,496 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010/06/12 11:06:21 | 000,000,949 | ---- | M] () -- C:\WINDOWS\SysWow64\tversity.cookies
[2010/06/12 11:05:23 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/12 11:05:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/12 11:03:19 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/06/12 09:07:51 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\prvlcl.dat
[2010/06/12 08:13:19 | 000,001,647 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Minefield.lnk
[2010/06/12 08:12:52 | 008,893,329 | ---- | M] (Mozilla) -- C:\Documents and Settings\Administrator\Desktop\firefox-3.7a5pre.en-US.win64-x86_64.installer.exe
[2010/06/12 00:19:00 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1865067173-612216720-2012268356-500Core.job
[2010/06/10 19:45:56 | 000,024,101 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\The book that has impacted me the most in this class is Courage and Calling.docx
[2010/06/10 16:46:52 | 000,030,208 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/10 00:02:48 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/06/09 22:21:06 | 000,042,432 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\all the same.mp3.sfk
[2010/06/09 22:21:02 | 001,968,486 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\all the same.mp3
[2010/06/09 22:20:53 | 000,046,136 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\all the same.sfk
[2010/06/09 22:19:48 | 023,591,416 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\all the same.wav
[2010/06/08 21:55:14 | 000,001,866 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2010/06/08 21:43:00 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/06/08 20:49:57 | 000,030,716 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\ad.jpg
[2010/06/08 18:38:11 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/06/08 15:19:54 | 000,002,389 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Google Chrome.lnk
[2010/06/06 13:28:20 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\wi7ot1ul.exe
[2010/06/06 13:27:11 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\dds.scr
[2010/06/06 09:09:44 | 000,001,562 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\DivX Movies.lnk
[2010/06/06 09:09:29 | 000,000,852 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Player.lnk
[2010/06/06 09:09:14 | 000,000,892 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Converter.lnk
[2010/06/04 16:01:06 | 000,000,013 | ---- | M] () -- C:\WINDOWS\SysWow64\WinSys32.crc
[2010/06/04 09:45:58 | 000,000,026 | ---- | M] () -- C:\WINDOWS\Zone.Identifier
[2010/06/01 19:25:16 | 000,021,474 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\gmer.jpg
[2010/06/01 19:12:17 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Administrator\defogger_reenable
[2010/06/01 19:10:28 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Defogger.exe
[2010/06/01 11:17:12 | 000,049,314 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\wendyorder.jpg
[2010/05/31 22:54:15 | 000,000,907 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Cinema Craft Encoder Basic.lnk
[2010/05/31 22:34:05 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\tw987cp5.exe
[2010/05/31 21:57:46 | 000,000,970 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/05/31 21:57:01 | 003,764,218 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2010/05/31 20:16:23 | 030,424,605 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Office 2007 All In One Desk Reference for Dummies.pdf
[2010/05/31 19:27:45 | 000,185,340 | -H-- | M] () -- C:\WINDOWS\SysWow64\mlfcache.dat
[2010/05/29 11:00:44 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/05/29 10:58:13 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\Administrator\Desktop\ATF-Cleaner.exe
[2010/05/27 16:59:01 | 000,000,771 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/27 12:39:19 | 000,015,450 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\second paper- mike's edit.docx
[2010/05/26 22:45:22 | 000,016,331 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\second paper.docx
[2010/05/25 22:49:40 | 000,000,990 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Virtual CloneDrive.lnk
[2010/05/25 22:48:35 | 000,272,784 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/05/25 22:35:02 | 018,804,787 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\106.GameExSetup.rar
[2010/05/25 16:57:08 | 000,001,743 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\VPinball_9_0_2.lnk
[2010/05/25 16:57:08 | 000,001,701 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\VPinball.lnk
[2010/05/25 16:57:07 | 000,001,831 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\vpforums.org.lnk
[2010/05/25 16:56:28 | 007,775,314 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\VPInstaller_1_0_3.exe
[2010/05/25 16:36:43 | 000,000,675 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Future Pinball.lnk
[2010/05/25 12:44:47 | 000,624,146 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\VPinball907.zip
[2010/05/25 12:42:29 | 017,530,367 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\GameEx.v9.83.rar
[2010/05/25 01:05:00 | 000,000,349 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\PCLECHAL.INI
[2010/05/23 21:45:10 | 000,046,806 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\science classes.std
[2010/05/22 23:23:09 | 000,000,777 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer SP.lnk
[2010/05/22 23:22:52 | 000,185,920 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\SysWow64\rmoc3260.dll
[2010/05/22 23:22:43 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\SysWow64\pndx5016.dll
[2010/05/22 23:22:43 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\SysWow64\pndx5032.dll
[2010/05/22 23:21:37 | 000,499,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msvcp71.dll
[2010/05/22 23:21:37 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msvcr71.dll
[2010/05/22 23:21:37 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\WINDOWS\SysWow64\pncrt.dll
[2010/05/19 20:21:04 | 000,120,087 | -H-- | M] () -- C:\Documents and Settings\Administrator\Desktop\mvstcdxx.lst
[2010/05/15 00:00:03 | 000,087,552 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\memorial number stickers.zdl
[2010/05/14 09:49:23 | 000,524,288 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\dvd399.bin

========== Files Created - No Company Name ==========

[2010/06/12 08:13:19 | 000,001,647 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Minefield.lnk
[2010/06/10 19:36:23 | 000,024,101 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\The book that has impacted me the most in this class is Courage and Calling.docx
[2010/06/09 22:21:02 | 000,042,432 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\all the same.mp3.sfk
[2010/06/09 22:21:00 | 001,968,486 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\all the same.mp3
[2010/06/09 22:20:35 | 000,046,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\all the same.sfk
[2010/06/09 22:19:43 | 023,591,416 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\all the same.wav
[2010/06/08 20:49:56 | 000,030,716 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\ad.jpg
[2010/06/06 13:28:20 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\wi7ot1ul.exe
[2010/06/04 09:45:58 | 000,000,026 | ---- | C] () -- C:\WINDOWS\Zone.Identifier
[2010/06/01 19:25:16 | 000,021,474 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\gmer.jpg
[2010/06/01 19:15:11 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\dds.scr
[2010/06/01 19:12:17 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\defogger_reenable
[2010/06/01 19:10:27 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Defogger.exe
[2010/06/01 11:17:12 | 000,049,314 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\wendyorder.jpg
[2010/05/31 22:54:15 | 000,000,907 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Cinema Craft Encoder Basic.lnk
[2010/05/31 22:34:04 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\tw987cp5.exe
[2010/05/31 20:12:53 | 030,424,605 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Office 2007 All In One Desk Reference for Dummies.pdf
[2010/05/29 11:00:44 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/05/27 16:59:01 | 000,000,771 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/26 23:44:18 | 000,015,450 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\second paper- mike's edit.docx
[2010/05/26 21:35:12 | 000,016,331 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\second paper.docx
[2010/05/25 22:49:40 | 000,000,990 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Virtual CloneDrive.lnk
[2010/05/25 22:29:57 | 018,804,787 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\106.GameExSetup.rar
[2010/05/25 16:57:08 | 000,001,743 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\VPinball_9_0_2.lnk
[2010/05/25 16:57:08 | 000,001,701 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\VPinball.lnk
[2010/05/25 16:57:07 | 000,001,831 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\vpforums.org.lnk
[2010/05/25 16:56:04 | 007,775,314 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\VPInstaller_1_0_3.exe
[2010/05/25 16:36:43 | 000,000,675 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Future Pinball.lnk
[2010/05/25 12:44:47 | 000,624,146 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\VPinball907.zip
[2010/05/25 12:39:12 | 017,530,367 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\GameEx.v9.83.rar
[2010/05/22 23:23:10 | 000,000,314 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1865067173-612216720-2012268356-500.job
[2010/05/22 23:23:10 | 000,000,306 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1865067173-612216720-2012268356-500.job
[2010/05/22 23:23:09 | 000,000,777 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer SP.lnk
[2010/05/19 20:21:04 | 000,120,087 | -H-- | C] () -- C:\Documents and Settings\Administrator\Desktop\mvstcdxx.lst
[2010/05/15 00:00:02 | 000,087,552 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\memorial number stickers.zdl
[2010/05/14 09:49:23 | 000,524,288 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\dvd399.bin
[2010/04/15 21:17:02 | 000,007,680 | ---- | C] () -- C:\WINDOWS\SysWow64\ff_vfw.dll
[2010/04/15 21:17:02 | 000,000,547 | ---- | C] () -- C:\WINDOWS\SysWow64\ff_vfw.dll.manifest
[2009/11/26 17:13:12 | 001,278,464 | ---- | C] () -- C:\WINDOWS\SysWow64\quartz.dll
[2009/11/22 01:39:05 | 000,027,648 | ---- | C] () -- C:\WINDOWS\SysWow64\AVSredirect.dll
[2009/10/17 15:31:57 | 000,829,781 | ---- | C] () -- C:\WINDOWS\SysWow64\xvidcore.dll
[2009/06/24 14:21:32 | 000,000,432 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/06/11 13:30:03 | 000,151,552 | ---- | C] () -- C:\WINDOWS\SysWow64\nvRegDev.dll
[2009/04/29 22:14:17 | 000,120,200 | ---- | C] () -- C:\WINDOWS\SysWow64\DLLDEV32i.dll
[2009/04/29 22:13:57 | 000,007,119 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2009/04/17 15:51:37 | 000,000,229 | ---- | C] () -- C:\WINDOWS\ABC_mru.ini
[2009/01/12 19:04:05 | 000,000,021 | ---- | C] () -- C:\WINDOWS\SurCode.INI
[2008/11/08 10:53:37 | 000,001,025 | ---- | C] () -- C:\WINDOWS\SysWow64\sysprs7.dll
[2008/11/08 10:53:37 | 000,001,025 | ---- | C] () -- C:\WINDOWS\SysWow64\clauth2.dll
[2008/11/08 10:53:37 | 000,001,025 | ---- | C] () -- C:\WINDOWS\SysWow64\clauth1.dll
[2008/11/08 10:53:37 | 000,000,073 | ---- | C] () -- C:\WINDOWS\SysWow64\ssprs.dll
[2008/11/08 10:53:36 | 000,000,205 | ---- | C] () -- C:\WINDOWS\SysWow64\lsprst7.dll
[2008/10/22 17:06:29 | 000,000,067 | ---- | C] () -- C:\WINDOWS\My Video Converter.INI
[2008/10/20 20:09:36 | 000,164,352 | ---- | C] () -- C:\WINDOWS\SysWow64\unrar.dll
[2008/10/20 20:09:35 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2008/10/10 15:00:05 | 000,034,308 | ---- | C] () -- C:\WINDOWS\SysWow64\BASSMOD.dll
[2008/10/02 01:50:30 | 000,061,440 | ---- | C] () -- C:\WINDOWS\SysWow64\cdTextCtl.dll
[2008/09/30 14:32:12 | 000,000,890 | ---- | C] () -- C:\WINDOWS\SysWow64\WLAN.INI
[2008/09/30 14:06:00 | 000,094,208 | ---- | C] () -- C:\WINDOWS\SysWow64\GTW32N50.dll
[2008/09/30 13:17:29 | 000,000,026 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2008/09/30 01:28:10 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/09/25 20:44:09 | 000,494,557 | ---- | C] () -- C:\WINDOWS\SysWow64\dxgi.dll
[2008/09/25 20:44:09 | 000,025,037 | ---- | C] () -- C:\WINDOWS\SysWow64\Nucleus.dll
[2008/09/25 20:44:08 | 000,519,912 | ---- | C] () -- C:\WINDOWS\SysWow64\d3dx10d_33.dll
[2008/09/25 20:44:07 | 000,566,624 | ---- | C] () -- C:\WINDOWS\SysWow64\d3d10.dll
[2008/09/09 00:57:01 | 000,058,792 | ---- | C] () -- C:\WINDOWS\SysWow64\wbload.dll
[2008/09/09 00:14:36 | 002,463,976 | ---- | C] () -- C:\WINDOWS\SysWow64\NPSWF32.dll
[2008/09/08 22:02:31 | 000,564,564 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\SysWow64\AgCPanelTraditionalChinese.dll
[2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\SysWow64\AgCPanelSwedish.dll
[2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\SysWow64\AgCPanelSpanish.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\SysWow64\AgCPanelSimplifiedChinese.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\SysWow64\AgCPanelPortugese.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\SysWow64\AgCPanelKorean.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\SysWow64\AgCPanelJapanese.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\SysWow64\AgCPanelGerman.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\SysWow64\AgCPanelFrench.dll
[2007/02/18 06:00:00 | 000,733,696 | ---- | C] () -- C:\WINDOWS\SysWow64\qedwipes.dll
[2007/02/18 06:00:00 | 000,512,512 | ---- | C] () -- C:\WINDOWS\SysWow64\qedit.dll
[2007/02/18 06:00:00 | 000,498,742 | ---- | C] () -- C:\WINDOWS\SysWow64\dxmasf.dll
[2007/02/18 06:00:00 | 000,396,288 | ---- | C] () -- C:\WINDOWS\SysWow64\encdec.dll
[2007/02/18 06:00:00 | 000,385,536 | ---- | C] () -- C:\WINDOWS\SysWow64\qdvd.dll
[2007/02/18 06:00:00 | 000,355,112 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2007/02/18 06:00:00 | 000,279,040 | ---- | C] () -- C:\WINDOWS\SysWow64\qdv.dll
[2007/02/18 06:00:00 | 000,276,992 | ---- | C] () -- C:\WINDOWS\SysWow64\sbe.dll
[2007/02/18 06:00:00 | 000,199,168 | ---- | C] () -- C:\WINDOWS\SysWow64\ir32_32.dll
[2007/02/18 06:00:00 | 000,192,512 | ---- | C] () -- C:\WINDOWS\SysWow64\qcap.dll
[2007/02/18 06:00:00 | 000,114,688 | ---- | C] () -- C:\WINDOWS\SysWow64\msencode.dll
[2007/02/18 06:00:00 | 000,072,704 | ---- | C] () -- C:\WINDOWS\SysWow64\amstream.dll
[2007/02/18 06:00:00 | 000,062,464 | ---- | C] () -- C:\WINDOWS\SysWow64\mciqtz32.dll
[2007/02/18 06:00:00 | 000,061,440 | ---- | C] () -- C:\WINDOWS\SysWow64\devenum.dll
[2007/02/18 06:00:00 | 000,016,896 | ---- | C] () -- C:\WINDOWS\SysWow64\tsd32.dll
[2007/02/18 06:00:00 | 000,014,336 | ---- | C] () -- C:\WINDOWS\SysWow64\msdmo.dll
[2007/02/18 06:00:00 | 000,004,126 | ---- | C] () -- C:\WINDOWS\SysWow64\msdxmlc.dll
[2005/07/08 22:07:46 | 000,007,168 | ---- | C] () -- C:\WINDOWS\SysWow64\dfscacm.dll
[2005/07/08 22:07:44 | 000,005,632 | ---- | C] () -- C:\WINDOWS\SysWow64\dfsc.dll
[2002/03/16 18:00:00 | 000,007,420 | ---- | C] () -- C:\WINDOWS\UA000071.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 487 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
@Alternate Data Stream - 197 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:556BBACC
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9E00596C
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:61A065F2
< End of report >





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users