Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Certain Virut Infection... Please help!


  • This topic is locked This topic is locked
15 replies to this topic

#1 WolfHero

WolfHero

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:04:58 PM

Posted 23 August 2010 - 01:19 AM

I am certain I have Virut, and I need to get rid of it asap before I'm doomed. x.x I could not get DDS to scan correctly, even after 10 minutes nothing happened, it was stuck showing the usual : signs, but no logs were made.

I have gotten info from scans with Advanced System Optimizer 3's System Protector that tell me that Virus.Virut.n has a registry fixture in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\npggsvc, and my Gamemon.des file in C:\Windows\System32 appears to be infected by it. Gamemon.des is valid, I know this because its a well known hack shield for a huge amount of online games. Its used by Gameguard.

To supply further proof its got me, all of my exe files currently scanned by GMER as of yet come back with a report that ntdll.dll has been put into them. I've heard this dll is used as Virut's main exploit for control and further infection...

I've used ESET, MBAM and Kapersky to further scan the computer, but as I saw, They too, had been injected with ntdll.dll, and they were of no use. Currently using Kapersky until I switch back to ESET, as I have a license for it.

I used defogger and Hijackthis as well. GMER is in the works, if you have a way to get DDS working, I'll try it again.

Thank you for taking your time to look into the matter. My computer was originally Vista, and it is now XP. I have neither one's CD, so if I have to format and re-install the OS, I really can't legally.

I do have a Dr.Web Cure-It LiveCD handy. It was of no use, however, I don't know if it updated after I clicked the green update button, and after finding a script infection, it hasn't been finding things since.

Hijackthis Log for convenience, in place of DDS (although it may be tampered by the virus x.x):

QUOTE
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:02:34 AM, on 8/23/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Advanced System Optimizer 3\ASO3DefragSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Advanced System Optimizer 3\ASO3.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Boss\Desktop\Hacks\gmer\gmer.exe
C:\Documents and Settings\Boss\Desktop\Hacks\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=;ftp=;https=;
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll
O2 - BHO: Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyn1.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyn1.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe"
O4 - HKLM\..\Run: [SystemProtector] "C:\Program Files\Advanced System Optimizer 3\SystemProtector.exe" /autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O9 - Extra button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} (Device Detection) - http://www.logitech.com/devicedetector/plu...Detection32.cab
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo...sreqlab_nvd.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase6087.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1258763718953
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - http://h20270.www2.hp.com/ediags/gmn2/inst...tDetection2.cab
O16 - DPF: {A796D216-2DE1-4EA8-BABB-FE6E7C959098} (HPSDDX Class) - http://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} - http://h20264.www2.hp.com/ediags/dd/instal...nosticsxp2k.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/html - {574940E0-1B7A-4881-8FA3-1E809714B156} - C:\Documents and Settings\Boss\AppData\LocalLow\Microñoft\redir.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: ASO3DiskOptimizer - Systweak Inc., (www.systweak.com) - C:\Program Files\Advanced System Optimizer 3\ASO3DefragSrv.exe
O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: Performance Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
O23 - Service: Update Center Service (UpdateCenterService) - NVIDIA - C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe

--
End of file - 8369 bytes

Edited by StephenHorlick, 23 August 2010 - 01:20 AM.


BC AdBot (Login to Remove)

 


#2 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:04:58 PM

Posted 23 August 2010 - 02:40 AM

Hello, and welcome.gif to the Malware Removal forum! My online alias is Blade Zephon, or Blade for short, and I will be assisting you with your malware issues!

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.

Before we begin cleaning your machine, I'd like to lay out some guidelines for us to follow while we are working together.
  • I will be assisting you with your malware issues. This may or may not resolve other problems you are having with your computer. If you are still having problems after your machine has been determined clean, I will be glad to direct you to the proper forum for assistance.
  • Even if things appear better, that does not mean we are finished. Please continue to follow my instructions until I give you the all clean. Absence of symptoms does not mean that all the malware has been removed. If a piece of the infection is left, it can regenerate and reinfect your machine.
  • Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • I ask that you please refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. If you act independently it will cause changes to your system that I will not be aware of, which will make the process of cleaning the machine a much slower and more difficult process. Additionally, some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you are unsure or confused about any instructions I give you, you should ask me to clarify before doing anything. Additionally, if you run into any problems while carrying out instructions, you should STOP and reply back here explaining what happened.
  • After 5 days if a topic is not replied to we assume it has been abandoned and it is closed. If you need additional time, that is perfectly alright; you just need to let us know beforehand. smile.gif
***************************************************

QUOTE
I am certain I have Virut, and I need to get rid of it asap before I'm doomed.


It is possible that the Virut detection you mentioned is a false positive. The first thing that we'll do is confirm whether virut is present or not. However, before we do anything else, I need to say this: If you do indeed have Virut, then you're already "doomed." I've seen many, many Virut cases attempt to be cured. . . and once the virus is allowed to propagate it cannot be safely and effectively removed due to Virut's unique characteristics. Period, end of story. Sorry to come out so bleak right at the start but I don't want to give any false hopes of eliminating a Virut infection as advanced as you seem to indicate. Below is some information on Virut.

***************************************************

Virut is a polymorphic file infector with IRCBot functionality which infects .exe, .scr files, downloads more malicious files to your system, and opens a back door that compromises your computer. According to this Norman White Paper Assessment of W32/Virut, some variants can infect the HOSTS file and block access to security related web sites. Virux is an even more complex file infector which can embed an iframe into the body of web-related files and infect script files (.php, .asp, and .html). When Virut creates infected files, it also creates non-functional files that are corrupted beyond repair. In many cases the infected files cannot be disinfected properly by your anti-virus. When disinfection is attempted, the files become corrupted and the system may become irreparable.

QUOTE
The virus has a number of bugs in its code, and as a result it may misinfect a proportion of executable files....some W32/Virut.h infections are corrupted beyond repair.
McAfee Risk Assessment and Overview of W32/Virut

QUOTE
There are bugs in the viral code. When the virus produces infected files, it also creates non-functional files that also contain the virus...Due to the damaged caused to files by virut it's possible to find repaired but corrupted files. They became corrupted by the incorrect writing of the viral code during the process of infection. undetected, corrupted files (possibly still containing part of the viral code) can also be found. this is caused by incorrectly written and non-function viral code present in these files.
AVG Overview of W32/Virut***************************************************

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Please click this link--> Virustotal

When the VirusTotal page has finished loading, click the browse button and navigate to the files listed below in bold, then click Submit. You will only be able to have one file scanned at a time.

C:\Windows\explorer.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe

Please post back the URL of the results page for each file in your next post.

If VirusTotal is busy, try the same at Jotti

~Blade


In your next reply, please include the following:
VirusTotal/Jotti URLs (4)

Edited by Blade Zephon, 23 August 2010 - 02:41 AM.

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#3 WolfHero

WolfHero
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:04:58 PM

Posted 23 August 2010 - 11:04 AM

Thank you for the quick reply sir. I've already enabled e-mail replys, and I've done some homework on virut, also I've seen the throw in the towel page you handed to me. I appreciate you for showing me that nonetheless, thank you very much.

After finding nothing in Winlogon, I was jumping up and down like a mad man. :3 Thank god, it appears that virut uses Winlogon first, so if it's not infected there's practically no chance for virut, right? If it is there nevertheless, it hasn't done harm yet apparently.

lsass was the only sign of hurt. I looked up what it showed:
http://www.microsoft.com/security/portal/T...=Win32%2fBanker

Apparently, either its one of the less common cases of non-Brazilian banks, or something put it into my computer for the heck of it. x.x

Scan Links:

Explorer.exe:
http://www.virustotal.com/file-scan/report...f455-1282578594

Winlogon.exe:
http://www.virustotal.com/file-scan/report...9b1e-1282578783

lsass.exe:
http://www.virustotal.com/file-scan/report...b501-1282578946

svchost.exe:
http://www.virustotal.com/file-scan/report...cdd5-1282579103

Edited by StephenHorlick, 23 August 2010 - 11:06 AM.


#4 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:04:58 PM

Posted 23 August 2010 - 11:26 AM

Alrighty. . . good news so far! thumbup2.gif

Now, let's see if we can get some more information on what's going on with this machine.
  • Please download OTL from the following mirror:
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Check the boxes beside LOP Check and Purity Check.
  • Under the "Custom Scans/Fixes" section paste in the below in bold

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
  • Push the button.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and paste them into the body of your next reply.

***************************************************

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO, then use the following settings for a more complete scan.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.log" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop, and copy/paste its contents in your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try unchecking the Devices box in addition to the others previously requested. Also, try running GMER in Safe Mode.
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


~Blade


In your next reply, please include the following:
OTL.txt
Extras.txt
GMER.log

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#5 WolfHero

WolfHero
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:04:58 PM

Posted 23 August 2010 - 04:41 PM

I've seen that GMER can be a hassle for just about anyone, however it worked fine for me.

Got the reports you wanted. You may notice the place I put them in as C:\Documents and Settings\Boss\Desktop\Hacks\OTL and C:\Documents and Settings\Boss\Desktop\Hacks\gmer. The hacks folder was originally a folder for Wii texture hacks, my friend and I enjoy playing Super Smash Bros Brawl and it makes it even more fun. ^^ I haven't fixed that download folder yet back to desktop with firefox, so that's why it's there. x.x I added OTL and gmer as separate folders for convenience.

OTL.txt
QUOTE
OTL logfile created on: 8/23/2010 1:05:49 PM - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\Boss\Desktop\Hacks\OTL
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.00 Mb Total Physical Memory | 278.00 Mb Available Physical Memory | 29.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 53.00% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 127.99 Gb Total Space | 75.84 Gb Free Space | 59.25% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SHANKS
Current User Name: Boss
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/08/23 13:04:24 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Boss\Desktop\Hacks\OTL\OTL.exe
PRC - [2010/07/25 18:13:55 | 000,145,184 | ---- | M] (Oracle) -- C:\Program Files\Java\jre6\bin\java.exe
PRC - [2010/07/23 21:04:31 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/07/23 21:04:30 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/07/01 21:39:08 | 000,357,096 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
PRC - [2010/06/24 10:04:08 | 000,604,488 | ---- | M] (TuneUp Software) -- C:\WINDOWS\system32\TUProgSt.exe
PRC - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010/04/19 17:15:08 | 009,999,080 | ---- | M] (Systweak Inc., (www.systweak.com)) -- C:\Program Files\Advanced System Optimizer 3\systemprotector.exe
PRC - [2010/04/19 17:15:00 | 000,238,824 | ---- | M] (Systweak Inc., (www.systweak.com)) -- C:\Program Files\Advanced System Optimizer 3\ASO3DefragSrv.exe
PRC - [2010/03/22 09:17:22 | 000,191,080 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
PRC - [2010/03/22 09:17:20 | 000,133,736 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe
PRC - [2009/11/06 13:24:52 | 000,195,176 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
PRC - [2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2001/08/23 08:00:00 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\sndvol32.exe


========== Modules (SafeList) ==========

MOD - [2010/08/23 13:04:24 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Boss\Desktop\Hacks\OTL\OTL.exe
MOD - [2008/04/14 06:40:22 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrv)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010/07/01 21:39:08 | 000,357,096 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe -- (AVP)
SRV - [2010/06/24 10:04:08 | 000,604,488 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc)
SRV - [2010/06/24 10:04:06 | 000,361,288 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\WINDOWS\system32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/04/19 17:15:00 | 000,238,824 | ---- | M] (Systweak Inc., (www.systweak.com)) [Auto | Running] -- C:\Program Files\Advanced System Optimizer 3\ASO3DefragSrv.exe -- (ASO3DiskOptimizer)
SRV - [2010/03/29 08:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2010/03/22 09:17:22 | 000,191,080 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService)
SRV - [2010/03/18 16:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2010/02/24 12:43:00 | 003,461,116 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2009/11/16 12:25:48 | 000,029,000 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2009/11/06 13:24:52 | 000,195,176 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe -- (UpdateCenterService)
SRV - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\vmnetadapter.sys -- (VMnetAdapter)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\nvoclock.sys -- (NVR0Dev)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Boss\LOCALS~1\Temp\GPU-Z.sys -- (GPU-Z)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\EagleNT.sys -- (EagleNT)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Boss\LOCALS~1\Temp\109058703.08- -- (ByakkoDriver)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Boss\LOCALS~1\Temp\ALSysIO.sys -- (ALSysIO)
DRV - [2010/08/21 22:43:36 | 000,482,392 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2010/07/09 18:38:00 | 010,604,128 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2010/06/09 17:43:52 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kl2.sys -- (kl2)
DRV - [2010/06/09 17:43:50 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\kl1.sys -- (KL1)
DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/05/07 12:06:26 | 000,032,856 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
DRV - [2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/03/30 23:38:26 | 000,020,968 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpuz133_x32.sys -- (cpuz133)
DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/03 15:56:56 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2010/01/30 15:00:22 | 000,006,656 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Advanced System Optimizer 3\adasprot32.sys -- (ADASPROT)
DRV - [2009/12/13 22:37:49 | 000,722,416 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/11/10 07:55:24 | 000,079,504 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2009/11/10 07:54:04 | 000,063,248 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2009/11/10 07:53:56 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2009/11/02 20:27:24 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009/09/15 14:59:28 | 000,038,248 | ---- | M] (NVIDIA Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvoclock.sys -- (nvoclock)
DRV - [2009/02/11 13:40:40 | 005,028,352 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/08/01 19:36:26 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2008/08/01 19:36:20 | 000,054,784 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2008/04/13 23:06:06 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/04/16 22:46:00 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2006/11/10 09:08:50 | 000,024,064 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ATITool.sys -- (ATITool)
DRV - [2006/04/10 15:02:00 | 000,162,816 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RT25USBAP.SYS -- (RT25USBAP)
DRV - [2005/01/04 05:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\npptNT2.sys -- (NPPTNT2)
DRV - [2004/12/15 16:18:32 | 000,220,928 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2004/12/15 16:18:28 | 000,703,232 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/12/15 16:18:26 | 001,038,208 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004/09/07 17:27:38 | 000,028,544 | ---- | M] (Ahead Software AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDpass.sys -- (InCDPass)
DRV - [2004/09/07 17:27:22 | 000,091,136 | ---- | M] (Ahead Software AG) [File_System | Disabled | Running] -- C:\WINDOWS\System32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2003/12/05 05:46:36 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/07/17 04:40:06 | 000,265,728 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-329068152-776561741-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-329068152-776561741-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-329068152-776561741-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-329068152-776561741-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D6 24 A6 6C 80 31 CB 01 [binary data]
IE - HKU\S-1-5-21-329068152-776561741-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-329068152-776561741-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=;ftp=;https=;

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100503
FF - prefs.js..extensions.enabledItems: chromeditplus@webdesigns.ms11.net:2.8.8
FF - prefs.js..extensions.enabledItems: {6236BA26-C117-4007-928C-DE0716C7FA96}:1.0.3
FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2c}:0.6.4
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: DeviceDetection@logitech.com:1.0.176.0
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.3
FF - prefs.js..extensions.enabledItems: tineye@ideeinc.com:1.0
FF - prefs.js..extensions.enabledItems: personasexpression@eddiescorpse.private:1.1.0
FF - prefs.js..extensions.enabledItems: {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}:3.1.0625
FF - prefs.js..extensions.enabledItems: afom@idevfh:2.0
FF - prefs.js..extensions.enabledItems: greasefire@skrul.com:1.0.4
FF - prefs.js..extensions.enabledItems: globefish@projects.6831.courses.csail.mit.edu:1.2.3
FF - prefs.js..extensions.enabledItems: {7BDB48D1-CD94-4B99-A5A4-E418B9EE6532}:1.0
FF - prefs.js..extensions.enabledItems: {9c51bd27-6ed8-4000-a2bf-36cb95c0c947}:11.0.1
FF - prefs.js..extensions.enabledItems: nosquint@urandom.ca:2.0.3
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.3
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:3.3.3
FF - prefs.js..extensions.enabledItems: {6e73f6b7-b9ab-44b8-b744-6393e3c2e351}:0.5
FF - prefs.js..extensions.enabledItems: wpcleaner@mickael.salaun:0.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {c2db4fe6-8409-45ce-8010-189a7b5cce86}:2.7.2.0
FF - prefs.js..extensions.enabledItems: SkipScreen@SkipScreen:0.5.5s
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.type: 0


FF - HKLM\software\mozilla\Firefox\extensions\\{6E19037A-12E3-4295-8915-ED48BC341614}: C:\Program Files\OpinionSquare
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/24 06:36:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/23 21:04:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0b3\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 1\components [2010/08/12 11:18:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\THBExt [2010/08/21 22:44:13 | 000,000,000 | ---D | M]

[2009/11/23 14:36:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Boss\Application Data\Mozilla\Extensions
[2010/08/22 18:56:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Boss\Application Data\Mozilla\Firefox\Profiles\7kqqmcl7.Quick Pages\extensions
[2010/04/04 19:31:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Boss\Application Data\Mozilla\Firefox\Profiles\7kqqmcl7.Quick Pages\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/06/03 16:57:44 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Boss\Application Data\Mozilla\Firefox\Profiles\7kqqmcl7.Quick Pages\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/05/08 15:18:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Boss\Application Data\Mozilla\Firefox\Profiles\7kqqmcl7.Quick Pages\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010/08/11 20:47:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Boss\Application Data\Mozilla\Firefox\Profiles\bm42qog4.Devon\extensions
[2010/07/07 18:25:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Boss\Application Data\Mozilla\Firefox\Profiles\bm42qog4.Devon\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/07/22 18:27:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Boss\Application Data\Mozilla\Firefox\Profiles\bm42qog4.Devon\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010/08/23 12:41:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Boss\Application Data\Mozilla\Firefox\Profiles\q0fhugaz.default\extensions
[2010/04/21 22:06:27 | 000,000,000 | ---D | M] (Organize Status Bar) -- C:\Documents and Settings\Boss\Application Data\Mozilla\Firefox\Profiles\q0fhugaz.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2c}
[2010/04/16 01:46:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Boss\Application Data\Mozilla\Firefox\Profiles\q0fhugaz.default\extensions\{6236BA26-C117-4007-928C-DE0716C7FA96}
[2010/07/23 22:21:48 | 000,000,000 | ---D | M] (Personas Rotator) -- C:\Documents and Settings\Boss\Application Data\Mozilla\Firefox\Profiles\q0fhugaz.default\extensions\{6e73f6b7-b9ab-44b8-b744-6393e3c2e351}
[2010/08/06 16:11:36 | 000,000,000 | ---D | M] (Destroy the Web) -- C:\Documents and Settings\Boss\Application Data\Mozilla\Firefox\Profiles\q0fhugaz.default\extensions\{7BDB48D1-CD94-4B99-A5A4-E418B9EE6532}
[2010/07/23 21:18:33 | 000,000,000 | ---D | M] (ImTranslator) -- C:\Documents and Settings\Boss\Application Data\Mozilla\Firefox\Profiles\q0fhugaz.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}
[2010/07/16 08:32:49 | 000,000,000 | ---D | M] (Tamper Data) -- C:\Documents and Settings\Boss\Application Data\Mozilla\Firefox\Profiles\q0fhugaz.default\extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}
[2010/05/15 20:09:28 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Boss\Application Data\Mozilla\Firefox\Profiles\q0fhugaz.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/05/08 15:18:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Boss\Application Data\Mozilla\Firefox\Profiles\q0fhugaz.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010/08/08 16:50:13 | 000,000,000 | ---D | M] (NCH Toolbar) -- C:\Documents and Settings\Boss\Application Data\Mozilla\Firefox\Profiles\q0fhugaz.default\extensions\{c2db4fe6-8409-45ce-8010-189a7b5cce86}
[2010/07/09 12:40:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Boss\Application Data\Mozilla\Firefox\Profiles\q0fhugaz.default\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}
[2010/08/19 20:13:48 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Boss\Application Data\Mozilla\Firefox\Profiles\q0fhugaz.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/05/31 19:29:46 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\Boss\Application Data\Mozilla\Firefox\Profiles\q0fhugaz.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010/06/17 18:22:36 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Boss\Application Data\Mozilla\Firefox\Profiles\q0fhugaz.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/07/23 21:18:34 | 000,000,000 | ---D | M] (FoxTab) -- C:\Documents and Settings\Boss\Application Data\Mozilla\Firefox\Profiles\q0fhugaz.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
[2010/07/09 12:40:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Boss\Application Data\Mozilla\Firefox\Profiles\q0fhugaz.default\extensions\afom@idevfh
[2010/03/11 20:59:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Boss\Application Data\Mozilla\Firefox\Profiles\q0fhugaz.default\extensions\chromeditplus@webdesigns.ms11.net
[2010/06/05 22:12:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Boss\Application Data\Mozilla\Firefox\Profiles\q0fhugaz.default\extensions\DeviceDetection@logitech.com
[2010/07/14 22:42:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Boss\Application Data\Mozilla\Firefox\Profiles\q0fhugaz.default\extensions\globefish@projects.6831.courses.csail.mit.edu
[2010/08/21 11:20:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Boss\Application Data\Mozilla\Firefox\Profiles\q0fhugaz.default\extensions\greasefire@skrul.com
[2010/07/23 21:18:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Boss\Application Data\Mozilla\Firefox\Profiles\q0fhugaz.default\extensions\nosquint@urandom.ca
[2010/07/23 22:21:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Boss\Application Data\Mozilla\Firefox\Profiles\q0fhugaz.default\extensions\personas@christopher.beard
[2010/06/29 14:52:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Boss\Application Data\Mozilla\Firefox\Profiles\q0fhugaz.default\extensions\personasexpression@eddiescorpse.private
[2010/08/18 10:07:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Boss\Application Data\Mozilla\Firefox\Profiles\q0fhugaz.default\extensions\SkipScreen@SkipScreen
[2010/07/01 11:55:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Boss\Application Data\Mozilla\Firefox\Profiles\q0fhugaz.default\extensions\tineye@ideeinc.com
[2010/07/23 22:21:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Boss\Application Data\Mozilla\Firefox\Profiles\q0fhugaz.default\extensions\wpcleaner@mickael.salaun
[2010/08/23 07:51:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Boss\Application Data\Mozilla\Firefox\Profiles\ys592spi.Barbara\extensions
[2010/07/09 11:21:57 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Boss\Application Data\Mozilla\Firefox\Profiles\ys592spi.Barbara\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/06 02:57:08 | 000,000,000 | ---D | M] (Grab and Drag) -- C:\Documents and Settings\Boss\Application Data\Mozilla\Firefox\Profiles\ys592spi.Barbara\extensions\{477c4c36-24eb-11da-94d4-00e08161165f}
[2010/04/16 01:41:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Boss\Application Data\Mozilla\Firefox\Profiles\ys592spi.Barbara\extensions\{6236BA26-C117-4007-928C-DE0716C7FA96}
[2010/04/02 13:51:06 | 000,000,000 | ---D | M] (FBFan) -- C:\Documents and Settings\Boss\Application Data\Mozilla\Firefox\Profiles\ys592spi.Barbara\extensions\{6236BA26-C117-4007-928C-DE0716C7FA99}
[2010/06/29 07:54:09 | 000,000,000 | ---D | M] (QAssistant) -- C:\Documents and Settings\Boss\Application Data\Mozilla\Firefox\Profiles\ys592spi.Barbara\extensions\{63414328-3ab4-2c84-6c41-5a473c4b2ff7}
[2010/08/20 01:10:25 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Documents and Settings\Boss\Application Data\Mozilla\Firefox\Profiles\ys592spi.Barbara\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2010/07/09 11:21:58 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Boss\Application Data\Mozilla\Firefox\Profiles\ys592spi.Barbara\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/05/08 15:18:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Boss\Application Data\Mozilla\Firefox\Profiles\ys592spi.Barbara\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010/07/01 09:34:05 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Boss\Application Data\Mozilla\Firefox\Profiles\ys592spi.Barbara\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/07/09 11:29:14 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Boss\Application Data\Mozilla\Firefox\Profiles\ys592spi.Barbara\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/03/13 19:06:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Boss\Application Data\Mozilla\Firefox\Profiles\ys592spi.Barbara\extensions\bejeweledblitz3cheat@thecybershadow.net
[2010/03/13 18:57:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Boss\Application Data\Mozilla\Firefox\Profiles\ys592spi.Barbara\extensions\chromeditplus@webdesigns.ms11.net
[2010/03/13 19:00:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Boss\Application Data\Mozilla\Firefox\Profiles\ys592spi.Barbara\extensions\s.alfa@idev.com
[2010/01/30 10:31:05 | 000,002,171 | ---- | M] () -- C:\Documents and Settings\Boss\Application Data\Mozilla\Firefox\Profiles\q0fhugaz.default\searchplugins\bing.xml
[2010/08/23 12:41:11 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/25 18:14:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/25 18:13:56 | 000,423,656 | ---- | M] (Oracle) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/03/30 12:57:04 | 000,098,304 | ---- | M] (NHN USA Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll

O1 HOSTS File: ([2010/07/03 19:53:27 | 000,000,705 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Zynga Toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyn1.dll (Conduit Ltd.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKLM\..\Toolbar: (Zynga Toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyn1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-329068152-776561741-839522115-1003\..\Toolbar\WebBrowser: (Zynga Toolbar) - {7B13EC3E-999A-4B70-B9CB-2617B8323822} - C:\Program Files\Zynga\tbZyn1.dll (Conduit Ltd.)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [SystemProtector] C:\Program Files\Advanced System Optimizer 3\SystemProtector.exe (Systweak Inc., (www.systweak.com))
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 127
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-329068152-776561741-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = [binary data]
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} http://www.logitech.com/devicedetector/plu...Detection32.cab (Device Detection)
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/common/asusTek_sys_ctrl.cab (asusTek_sysctrl Class)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownlo...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase6087.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1258763718953 (WUWebControl Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/inst...tDetection2.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {A796D216-2DE1-4EA8-BABB-FE6E7C959098} http://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab (HPSDDX Class)
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} http://h20264.www2.hp.com/ediags/dd/instal...nosticsxp2k.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/html {574940E0-1B7A-4881-8FA3-1E809714B156} - C:\Documents and Settings\Boss\AppData\LocalLow\Microñoft\redir.dll ()
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\mzvkbd3.dll (Kaspersky Lab ZAO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO)
O24 - Desktop WallPaper: C:\Documents and Settings\Boss\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Boss\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2009/11/20 18:18:57 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/08/30 20:17:12 | 000,048,904 | ---- | M] () - C:\autoruns.chm -- [ NTFS ]
O32 - AutoRun File - [2010/06/11 10:28:38 | 000,703,352 | ---- | M] (Sysinternals - www.sysinternals.com) - C:\autoruns.exe -- [ NTFS ]
O32 - AutoRun File - [2010/06/11 10:28:34 | 000,585,080 | ---- | M] (Sysinternals - www.sysinternals.com) - C:\autorunsc.exe -- [ NTFS ]
O33 - MountPoints2\{5accd6ac-d644-11de-9a06-0018f3bae8e8}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7deb8c2c-d62c-11de-9a01-000f666f7f74}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (sasnative32) - C:\WINDOWS\System32\sasnative32.exe ()
O34 - HKLM BootExecute: (Execute settings...) - File not found
O34 - HKLM BootExecute: (ountPoints) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: UxTuneUp - C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software)
NetSvcs: WmdmPmSp - File not found
Unable to start service SrService!

========== Files/Folders - Created Within 30 Days ==========

[2010/08/23 03:02:17 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Boss\Recent
[2010/08/22 14:00:12 | 003,461,116 | ---- | C] (INCA Internet Co., Ltd.) -- C:\WINDOWS\System32\GameMon.des
[2010/08/21 22:43:49 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2010/08/21 22:43:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
[2010/08/21 22:43:36 | 000,482,392 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2010/08/21 22:32:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
[2010/08/20 20:34:17 | 000,000,000 | ---D | C] -- C:\Program Files\Security Task Manager
[2010/08/20 20:30:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/08/20 20:29:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Boss\Application Data\Malwarebytes
[2010/08/20 20:29:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/08/20 20:26:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
[2010/08/20 20:26:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Systweak
[2010/08/17 20:26:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Boss\Local Settings\Application Data\groups.im
[2010/08/17 20:26:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Boss\My Documents\MSNPlus
[2010/08/17 20:25:45 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Messenger
[2010/08/17 20:25:45 | 000,000,000 | ---D | C] -- C:\Program Files\groups.im
[2010/08/14 19:23:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Boss\Application Data\Skype
[2010/08/14 19:22:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010/08/14 19:22:24 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2010/08/13 16:56:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Boss\Desktop\Hacks
[2010/08/13 16:06:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Boss\Desktop\DMC3 Dante
[2010/08/13 15:54:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Boss\Desktop\FINAL Edward Elric
[2010/08/13 15:35:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Boss\Desktop\Pikmin Trainer v1
[2010/08/13 15:30:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Boss\Desktop\Complete Rosalina
[2010/08/12 22:39:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Boss\Desktop\Deoxys Alpha
[2010/08/12 22:35:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Boss\Desktop\Rayquaza
[2010/08/12 22:18:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Boss\Desktop\zakochild
[2010/08/12 22:15:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Boss\Desktop\ZakoGirl
[2010/08/12 22:13:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Boss\Desktop\ZakoBoy
[2010/08/12 21:59:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Boss\Desktop\CSS Background Texture (Space) (+ Custom CSS)
[2010/08/12 20:49:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Boss\Desktop\ocarina
[2010/08/12 20:35:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Boss\Desktop\gcttxt
[2010/08/12 20:07:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Boss\Desktop\Koopa Troopa V1.0[ZakoChild]
[2010/08/12 20:04:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Boss\Desktop\Red Stars menu(with SMH´s custom css)
[2010/08/12 19:47:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Boss\Desktop\Smash Attacks
[2010/08/12 19:17:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Boss\Desktop\CC Shadow 3.0[NB]
[2010/08/11 21:12:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Boss\Desktop\YoukoSoundStage
[2010/08/11 16:50:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Boss\Desktop\YoukoTex2
[2010/08/11 16:47:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Boss\Desktop\BrawlMinus_Beta1.5
[2010/08/11 14:58:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Boss\Desktop\premade-hbc
[2010/08/10 16:00:18 | 000,000,000 | ---D | C] -- C:\Program Files\Redbana
[2010/08/09 17:49:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\ESET
[2010/08/08 19:50:43 | 000,000,000 | ---D | C] -- C:\Nexon
[2010/08/08 18:03:47 | 000,000,000 | ---D | C] -- C:\Program Files\Nexon
[2010/08/08 16:52:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Boss\Desktop\Switch Plus + Crack {HAB}
[2010/08/08 16:49:57 | 000,000,000 | ---D | C] -- C:\Program Files\NCH Software
[2010/08/08 16:49:37 | 000,000,000 | ---D | C] -- C:\Program Files\NCH Swift Sound
[2010/08/08 16:49:15 | 000,371,904 | ---- | C] (NCH Software) -- C:\Documents and Settings\Boss\Desktop\switchsetup.exe
[2010/08/05 16:39:12 | 000,000,000 | ---D | C] -- C:\Program Files\StepMania
[2010/08/05 14:11:33 | 000,000,000 | ---D | C] -- C:\Program Files\MSNTools
[2010/08/05 14:10:40 | 000,763,083 | ---- | C] ( ) -- C:\Documents and Settings\Boss\Desktop\MSNEmoticons.exe
[2010/08/02 17:21:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\nview
[2010/07/30 23:05:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\Latale GP
[2010/07/30 23:05:40 | 000,000,000 | ---D | C] -- C:\Program Files\Latale GP
[2010/07/28 12:17:45 | 000,204,496 | ---- | C] (Malwarebytes) -- C:\Documents and Settings\Boss\Desktop\StartUpLite.exe
[2010/07/25 18:47:31 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox 4.0 Beta 1
[2010/07/25 18:37:40 | 000,017,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2010/07/25 18:30:46 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2010/07/25 18:14:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/07/25 18:14:17 | 000,153,376 | ---- | C] (Oracle) -- C:\WINDOWS\System32\javaws.exe
[2010/07/25 18:14:17 | 000,145,184 | ---- | C] (Oracle) -- C:\WINDOWS\System32\javaw.exe
[2010/07/25 18:14:17 | 000,145,184 | ---- | C] (Oracle) -- C:\WINDOWS\System32\java.exe
[2010/07/25 18:14:17 | 000,073,728 | ---- | C] (Oracle) -- C:\WINDOWS\System32\javacpl.cpl
[2010/07/25 18:12:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Boss\Desktop\Updaters
[2010/07/25 18:10:32 | 000,248,832 | ---- | C] (FileHippo.com) -- C:\Documents and Settings\Boss\Desktop\UpdateChecker.exe
[2010/07/25 18:01:39 | 000,785,280 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Boss\Desktop\DXSDK_Jun10.exe.part
[2010/07/25 17:59:04 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_7.dll
[2010/07/25 17:59:04 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_5.dll
[2010/07/25 17:59:03 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_7.dll
[2010/07/25 17:59:02 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_43.dll
[2010/07/25 17:59:01 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dcsx_43.dll
[2010/07/25 17:59:01 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx11_43.dll
[2010/07/25 17:59:00 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_43.dll
[2010/07/25 17:58:59 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_43.dll
[2010/07/25 17:58:57 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_6.dll
[2010/07/25 17:58:57 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_4.dll
[2010/07/25 17:58:56 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_6.dll
[2010/07/25 17:58:55 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_7.dll
[2010/07/25 17:57:16 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Boss\Desktop\dxwebsetup.exe
[2010/07/25 15:06:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Boss\Desktop\nmap-5.21
[2010/07/24 16:49:11 | 013,549,568 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvoglnt.dll
[2010/07/24 16:49:11 | 000,061,440 | ---- | C] (Khronos Group) -- C:\WINDOWS\System32\OpenCL.dll
[2010/07/24 16:49:09 | 010,260,480 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcompiler.dll
[2010/07/24 16:49:09 | 004,595,712 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuda.dll
[2010/07/24 16:49:09 | 002,914,408 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvid.dll
[2010/07/24 16:49:09 | 002,506,344 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvenc.dll
[2010/07/24 16:49:09 | 001,388,544 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvapi.dll
[2010/07/24 16:49:09 | 000,236,136 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcodins.dll
[2010/07/24 16:49:09 | 000,236,136 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcod.dll
[2010/07/24 16:43:45 | 086,668,936 | ---- | C] (NVIDIA Corporation) -- C:\Documents and Settings\Boss\Desktop\258.96_desktop_winxp_32bit_english_whql.exe
[2010/07/24 16:41:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Boss\Application Data\SystemRequirementsLab
[2010/07/24 15:47:56 | 000,015,080 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\WINDOWS\System32\ROBoot.exe
[2010/07/24 14:57:14 | 000,000,000 | ---D | C] -- C:\Program Files\Advanced System Optimizer 3
[2010/07/24 14:56:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Boss\Application Data\Systweak
[2010/07/24 14:55:56 | 000,901,352 | ---- | C] (Systweak Inc) -- C:\Documents and Settings\Boss\Desktop\aso3setup_cnet_downloadcom.exe
[2010/07/24 14:12:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Boss\Local Settings\Application Data\TechSmith
[2010/07/24 14:10:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Boss\My Documents\Camtasia Studio
[2010/07/24 14:09:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\QuickTime
[2010/07/24 14:08:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\TechSmith Shared
[2010/07/24 14:08:11 | 000,000,000 | ---D | C] -- C:\Program Files\TechSmith
[2010/07/24 14:08:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2010/07/01 14:23:52 | 001,654,869 | ---- | C] (Dynu Systems Inc.) -- C:\Documents and Settings\All Users\Application Data\DynuEncrypt.dll
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/08/23 14:00:18 | 000,000,484 | ---- | M] () -- C:\WINDOWS\tasks\1-Click Maintenance.job
[2010/08/23 13:43:42 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-329068152-776561741-839522115-1003UA.job
[2010/08/23 07:37:47 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/23 07:35:45 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/23 07:35:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/23 03:03:19 | 012,058,624 | ---- | M] () -- C:\Documents and Settings\Boss\NTUSER.DAT
[2010/08/23 03:03:19 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Boss\ntuser.ini
[2010/08/23 01:14:01 | 000,080,232 | ---- | M] () -- C:\Documents and Settings\Boss\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/08/23 00:45:36 | 000,000,020 | ---- | M] () -- C:\Documents and Settings\Boss\defogger_reenable
[2010/08/22 23:34:47 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{6A38690E-C97B-44DE-9F99-EC7BEC37602C}.job
[2010/08/22 17:42:55 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-329068152-776561741-839522115-1003Core.job
[2010/08/22 17:13:42 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\switchDowngrade.job
[2010/08/22 15:30:32 | 000,000,424 | ---- | M] () -- C:\WINDOWS\tasks\ASO-AntiSpyware.job
[2010/08/21 23:46:00 | 000,284,520 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/21 23:13:57 | 000,002,415 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/08/21 23:02:33 | 000,001,293 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/08/21 23:02:33 | 000,000,327 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/08/21 23:02:33 | 000,000,225 | RHS- | M] () -- C:\boot.ini
[2010/08/21 22:56:29 | 000,113,933 | ---- | M] () -- C:\WINDOWS\System32\drivers\klin.dat
[2010/08/21 22:56:29 | 000,097,549 | ---- | M] () -- C:\WINDOWS\System32\drivers\klick.dat
[2010/08/21 22:43:36 | 000,482,392 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2010/08/20 17:53:49 | 524,288,000 | ---- | M] () -- C:\REMOVE_THIS_FILE.livecd.swap
[2010/08/16 16:14:03 | 000,000,049 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/08/15 23:52:06 | 000,002,564 | ---- | M] () -- C:\WINDOWS\System32\ASOROSet.bin
[2010/08/15 23:48:51 | 012,058,624 | ---- | M] () -- C:\Documents and Settings\Boss\NTUSER.DAT.bak
[2010/08/13 16:05:54 | 000,784,563 | ---- | M] () -- C:\Documents and Settings\Boss\Desktop\DMC3 Dante.rar
[2010/08/13 15:54:37 | 000,468,053 | ---- | M] () -- C:\Documents and Settings\Boss\Desktop\FINAL Edward Elric.zip
[2010/08/13 15:35:46 | 000,656,929 | ---- | M] () -- C:\Documents and Settings\Boss\Desktop\Pikmin Trainer v1.rar
[2010/08/13 15:26:14 | 012,147,180 | ---- | M] () -- C:\Documents and Settings\Boss\Desktop\Complete Rosalina.rar
[2010/08/12 22:38:49 | 000,636,749 | ---- | M] () -- C:\Documents and Settings\Boss\Desktop\Deoxys Alpha.rar
[2010/08/12 22:34:42 | 004,680,159 | ---- | M] () -- C:\Documents and Settings\Boss\Desktop\Rayquaza.rar
[2010/08/12 22:17:46 | 000,925,048 | ---- | M] () -- C:\Documents and Settings\Boss\Desktop\zakochild.rar
[2010/08/12 22:15:29 | 000,897,580 | ---- | M] () -- C:\Documents and Settings\Boss\Desktop\ZakoGirl.rar
[2010/08/12 22:13:32 | 000,957,622 | ---- | M] () -- C:\Documents and Settings\Boss\Desktop\ZakoBoy.rar
[2010/08/12 21:59:07 | 008,162,196 | ---- | M] () -- C:\Documents and Settings\Boss\Desktop\CSS Background Texture (Space) (+ Custom CSS).rar
[2010/08/12 21:45:10 | 000,002,224 | ---- | M] () -- C:\Documents and Settings\Boss\Desktop\RSBE01(alloysgbwmEVERYTHING).gct
[2010/08/12 21:26:12 | 003,699,444 | ---- | M] () -- C:\Documents and Settings\Boss\Desktop\Fighter.rar
[2010/08/12 20:43:38 | 000,001,160 | ---- | M] () -- C:\Documents and Settings\Boss\Desktop\RSBE01.gct
[2010/08/12 20:35:44 | 000,168,045 | ---- | M] () -- C:\Documents and Settings\Boss\Desktop\gcttxt.zip
[2010/08/12 20:07:11 | 000,781,126 | ---- | M] () -- C:\Documents and Settings\Boss\Desktop\Koopa Troopa V1.0[ZakoChild].zip
[2010/08/12 20:01:14 | 008,447,832 | ---- | M] () -- C:\Documents and Settings\Boss\Desktop\Red Stars menu(with SMH´s custom css).zip
[2010/08/12 19:46:56 | 000,207,416 | ---- | M] () -- C:\Documents and Settings\Boss\Desktop\Smash Attacks.rar
[2010/08/12 19:16:01 | 000,616,459 | ---- | M] () -- C:\Documents and Settings\Boss\Desktop\CC Shadow 3.0[NB].zip
[2010/08/12 13:59:10 | 000,615,242 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/12 13:59:10 | 000,526,184 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/12 13:59:10 | 000,096,040 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/11 18:21:14 | 224,963,654 | ---- | M] () -- C:\Documents and Settings\Boss\Desktop\YoukoSoundStage.zip
[2010/08/11 17:10:01 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\switchShakeIcon.job
[2010/08/11 16:52:03 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\wavepadShakeIcon.job
[2010/08/11 16:47:04 | 018,734,747 | ---- | M] () -- C:\Documents and Settings\Boss\Desktop\BrawlMinus_Beta1.5.zip
[2010/08/11 16:45:00 | 190,890,754 | ---- | M] () -- C:\Documents and Settings\Boss\Desktop\YoukoTex2.zip
[2010/08/11 14:58:32 | 121,466,110 | ---- | M] () -- C:\Documents and Settings\Boss\Desktop\premade-hbc.zip
[2010/08/10 16:00:18 | 000,000,591 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Audition.lnk
[2010/08/10 15:54:28 | 000,027,136 | ---- | M] () -- C:\Documents and Settings\Boss\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/08 19:56:16 | 000,000,204 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\MapleStory.url
[2010/08/08 16:50:20 | 000,000,798 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WavePad Sound Editor.lnk
[2010/08/08 16:49:37 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Switch Sound File Converter.lnk
[2010/08/02 17:28:34 | 000,233,192 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010/08/02 17:28:34 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/08/02 17:28:28 | 000,233,192 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010/08/02 10:07:23 | 000,031,232 | ---- | M] () -- C:\Documents and Settings\Boss\My Documents\Professional Letter.doc
[2010/07/30 23:07:37 | 000,001,599 | ---- | M] () -- C:\Documents and Settings\Boss\Desktop\Play GPLatale!.lnk
[2010/07/28 12:17:45 | 000,204,496 | ---- | M] (Malwarebytes) -- C:\Documents and Settings\Boss\Desktop\StartUpLite.exe
[2010/07/28 07:57:12 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/27 02:30:35 | 008,462,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shell32.dll
[2010/07/26 14:47:45 | 002,774,473 | ---- | M] () -- C:\Documents and Settings\Boss\Desktop\IPUGCHackv2.0.0.rar
[2010/07/26 06:58:59 | 013,992,138 | ---- | M] () -- C:\Documents and Settings\Boss\Desktop\StepMania-3.9a.exe
[2010/07/25 21:35:45 | 000,001,723 | ---- | M] () -- C:\Documents and Settings\Boss\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox 4.0 Beta 1.lnk
[2010/07/25 21:35:45 | 000,001,705 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox 4.0 Beta 1.lnk
[2010/07/25 18:38:08 | 000,000,800 | ---- | M] () -- C:\Documents and Settings\Boss\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/07/25 18:37:18 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/07/25 18:37:18 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/07/25 18:13:55 | 000,423,656 | ---- | M] (Oracle) -- C:\WINDOWS\System32\deployJava1.dll
[2010/07/25 18:13:55 | 000,153,376 | ---- | M] (Oracle) -- C:\WINDOWS\System32\javaws.exe
[2010/07/25 18:13:55 | 000,145,184 | ---- | M] (Oracle) -- C:\WINDOWS\System32\javaw.exe
[2010/07/25 18:13:55 | 000,145,184 | ---- | M] (Oracle) -- C:\WINDOWS\System32\java.exe
[2010/07/25 18:13:55 | 000,073,728 | ---- | M] (Oracle) -- C:\WINDOWS\System32\javacpl.cpl
[2010/07/25 18:10:33 | 000,248,832 | ---- | M] (FileHippo.com) -- C:\Documents and Settings\Boss\Desktop\UpdateChecker.exe
[2010/07/25 18:01:41 | 000,785,280 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Boss\Desktop\DXSDK_Jun10.exe.part
[2010/07/25 18:01:41 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Boss\Desktop\DXSDK_Jun10.exe
[2010/07/25 17:57:18 | 000,288,088 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Boss\Desktop\dxwebsetup.exe
[2010/07/25 15:06:03 | 011,096,893 | ---- | M] () -- C:\Documents and Settings\Boss\Desktop\nmap-5.21.tgz
[2010/07/24 16:50:01 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\nvdrswr.lk
[2010/07/24 16:48:35 | 086,668,936 | ---- | M] (NVIDIA Corporation) -- C:\Documents and Settings\Boss\Desktop\258.96_desktop_winxp_32bit_english_whql.exe
[2010/07/24 16:42:18 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/07/24 14:57:29 | 000,001,923 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Advanced System Optimizer.lnk
[2010/07/24 14:57:29 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Smart PC Care.lnk
[2010/07/24 14:55:57 | 000,901,352 | ---- | M] (Systweak Inc) -- C:\Documents and Settings\Boss\Desktop\aso3setup_cnet_downloadcom.exe
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/23 00:45:20 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\Boss\defogger_reenable
[2010/08/21 22:44:41 | 000,113,933 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat
[2010/08/21 22:44:41 | 000,097,549 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat
[2010/08/20 17:53:18 | 524,288,000 | ---- | C] () -- C:\REMOVE_THIS_FILE.livecd.swap
[2010/08/16 11:51:54 | 000,000,424 | ---- | C] () -- C:\WINDOWS\tasks\ASO-AntiSpyware.job
[2010/08/14 19:22:27 | 000,002,415 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/08/13 16:05:51 | 000,784,563 | ---- | C] () -- C:\Documents and Settings\Boss\Desktop\DMC3 Dante.rar
[2010/08/13 15:54:35 | 000,468,053 | ---- | C] () -- C:\Documents and Settings\Boss\Desktop\FINAL Edward Elric.zip
[2010/08/13 15:35:25 | 000,656,929 | ---- | C] () -- C:\Documents and Settings\Boss\Desktop\Pikmin Trainer v1.rar
[2010/08/13 15:25:33 | 012,147,180 | ---- | C] () -- C:\Documents and Settings\Boss\Desktop\Complete Rosalina.rar
[2010/08/12 22:38:36 | 000,636,749 | ---- | C] () -- C:\Documents and Settings\Boss\Desktop\Deoxys Alpha.rar
[2010/08/12 22:33:53 | 004,680,159 | ---- | C] () -- C:\Documents and Settings\Boss\Desktop\Rayquaza.rar
[2010/08/12 22:17:31 | 000,925,048 | ---- | C] () -- C:\Documents and Settings\Boss\Desktop\zakochild.rar
[2010/08/12 22:15:23 | 000,897,580 | ---- | C] () -- C:\Documents and Settings\Boss\Desktop\ZakoGirl.rar
[2010/08/12 22:13:27 | 000,957,622 | ---- | C] () -- C:\Documents and Settings\Boss\Desktop\ZakoBoy.rar
[2010/08/12 21:58:03 | 008,162,196 | ---- | C] () -- C:\Documents and Settings\Boss\Desktop\CSS Background Texture (Space) (+ Custom CSS).rar
[2010/08/12 21:45:10 | 000,002,224 | ---- | C] () -- C:\Documents and Settings\Boss\Desktop\RSBE01(alloysgbwmEVERYTHING).gct
[2010/08/12 21:26:05 | 003,699,444 | ---- | C] () -- C:\Documents and Settings\Boss\Desktop\Fighter.rar
[2010/08/12 20:49:12 | 000,528,441 | ---- | C] () -- C:\Documents and Settings\Boss\Desktop\ocarina.zip
[2010/08/12 20:43:38 | 000,001,160 | ---- | C] () -- C:\Documents and Settings\Boss\Desktop\RSBE01.gct
[2010/08/12 20:35:44 | 000,168,045 | ---- | C] () -- C:\Documents and Settings\Boss\Desktop\gcttxt.zip
[2010/08/12 20:07:11 | 000,781,126 | ---- | C] () -- C:\Documents and Settings\Boss\Desktop\Koopa Troopa V1.0[ZakoChild].zip
[2010/08/12 20:00:12 | 008,447,832 | ---- | C] () -- C:\Documents and Settings\Boss\Desktop\Red Stars menu(with SMH´s custom css).zip
[2010/08/12 19:46:55 | 000,207,416 | ---- | C] () -- C:\Documents and Settings\Boss\Desktop\Smash Attacks.rar
[2010/08/12 19:15:59 | 000,616,459 | ---- | C] () -- C:\Documents and Settings\Boss\Desktop\CC Shadow 3.0[NB].zip
[2010/08/11 16:56:15 | 224,963,654 | ---- | C] () -- C:\Documents and Settings\Boss\Desktop\YoukoSoundStage.zip
[2010/08/11 16:45:53 | 018,734,747 | ---- | C] () -- C:\Documents and Settings\Boss\Desktop\BrawlMinus_Beta1.5.zip
[2010/08/11 16:11:10 | 190,890,754 | ---- | C] () -- C:\Documents and Settings\Boss\Desktop\YoukoTex2.zip
[2010/08/11 14:50:42 | 121,466,110 | ---- | C] () -- C:\Documents and Settings\Boss\Desktop\premade-hbc.zip
[2010/08/10 16:00:18 | 000,000,591 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Audition.lnk
[2010/08/10 14:38:23 | 1418,355,454 | ---- | C] () -- C:\Documents and Settings\Boss\Desktop\Setup_America.exe
[2010/08/08 19:56:16 | 000,000,204 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\MapleStory.url
[2010/08/08 18:02:58 | 001,835,704 | ---- | C] () -- C:\Documents and Settings\Boss\Desktop\MSDownloaderV88.exe
[2010/08/08 17:10:02 | 000,000,276 | ---- | C] () -- C:\WINDOWS\tasks\switchShakeIcon.job
[2010/08/08 17:09:25 | 039,244,941 | ---- | C] () -- C:\Documents and Settings\Boss\Desktop\FFSetup245.zip
[2010/08/08 16:58:28 | 001,253,459 | ---- | C] () -- C:\Documents and Settings\Boss\Desktop\Doctor Who Theme 2010 kontakt.mp3
[2010/08/08 16:52:27 | 000,372,716 | ---- | C] () -- C:\Documents and Settings\Boss\Desktop\Switch Plus + Crack {HAB}.rar
[2010/08/08 16:52:00 | 000,000,276 | ---- | C] () -- C:\WINDOWS\tasks\switchDowngrade.job
[2010/08/08 16:50:23 | 000,000,280 | ---- | C] () -- C:\WINDOWS\tasks\wavepadShakeIcon.job
[2010/08/08 16:50:20 | 000,000,798 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WavePad Sound Editor.lnk
[2010/08/08 16:49:37 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Switch Sound File Converter.lnk
[2010/08/05 16:37:48 | 013,992,138 | ---- | C] () -- C:\Documents and Settings\Boss\Desktop\StepMania-3.9a.exe
[2010/08/02 17:21:13 | 000,043,609 | ---- | C] () -- C:\WINDOWS\System32\nvapps.xml
[2010/08/02 17:21:10 | 000,025,836 | ---- | C] () -- C:\WINDOWS\System32\nvdisp.nvu
[2010/08/02 17:20:53 | 000,007,959 | ---- | C] () -- C:\WINDOWS\System32\nvinfo.pb
[2010/08/02 10:07:17 | 000,031,232 | ---- | C] () -- C:\Documents and Settings\Boss\My Documents\Professional Letter.doc
[2010/07/30 23:07:37 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\Boss\Desktop\Play GPLatale!.lnk
[2010/07/30 14:20:00 | 646,536,460 | ---- | C] () -- C:\Documents and Settings\Boss\Desktop\GPLatale.exe
[2010/07/27 19:29:38 | 001,709,408 | ---- | C] () -- C:\Documents and Settings\Boss\Desktop\taskmanager17.exe
[2010/07/25 21:35:45 | 000,001,723 | ---- | C] () -- C:\Documents and Settings\Boss\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox 4.0 Beta 1.lnk
[2010/07/25 21:35:45 | 000,001,705 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox 4.0 Beta 1.lnk
[2010/07/25 18:37:12 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\Boss\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/07/25 18:01:41 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Boss\Desktop\DXSDK_Jun10.exe
[2010/07/25 15:04:48 | 011,096,893 | ---- | C] () -- C:\Documents and Settings\Boss\Desktop\nmap-5.21.tgz
[2010/07/24 16:50:05 | 000,233,192 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010/07/24 16:50:01 | 000,233,192 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010/07/24 16:50:01 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/07/24 16:50:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nvdrswr.lk
[2010/07/24 16:49:09 | 002,195,030 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010/07/24 16:42:18 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/07/24 15:51:41 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Boss\NTUSER.DAT.sav.LOG
[2010/07/24 15:47:56 | 000,002,564 | ---- | C] () -- C:\WINDOWS\System32\ASOROSet.bin
[2010/07/24 14:57:35 | 000,017,136 | ---- | C] () -- C:\WINDOWS\System32\sasnative32.exe
[2010/07/24 14:57:29 | 000,001,923 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Advanced System Optimizer.lnk
[2010/07/24 14:57:29 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Smart PC Care.lnk
[2010/07/24 14:09:50 | 000,000,893 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Camtasia Studio 7.lnk
[2010/07/08 16:17:40 | 000,000,123 | ---- | C] () -- C:\Documents and Settings\Boss\Local Settings\Application Data\SBar.ini
[2010/06/06 14:18:08 | 000,009,728 | ---- | C] () -- C:\WINDOWS\System32\uc_karos_launching.dll
[2010/05/25 01:37:35 | 000,337,840 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-329068152-776561741-839522115-1003-0.dat
[2010/05/25 01:37:28 | 000,301,434 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2010/05/16 22:52:21 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\nvRegDev.dll
[2010/05/01 21:51:07 | 000,000,045 | ---- | C] () -- C:\WINDOWS\YouTubeDownloader.INI
[2010/03/30 13:50:04 | 000,000,025 | ---- | C] () -- C:\WINDOWS\libem.INI
[2010/03/14 02:24:08 | 000,000,331 | ---- | C] () -- C:\WINDOWS\cdiemu.ini
[2010/03/11 23:13:00 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2010/02/12 11:38:42 | 000,000,338 | ---- | C] () -- C:\Documents and Settings\Boss\Application Data\settings.dat
[2010/02/11 03:58:56 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\detoured.dll
[2010/02/08 23:15:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WB.ini
[2009/12/18 02:16:32 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Boss\Local Settings\Application Data\prvlcl.dat
[2009/12/04 18:31:45 | 000,000,050 | ---- | C] () -- C:\WINDOWS\MegaManager.INI
[2009/11/25 17:56:05 | 000,002,499 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/11/24 00:40:53 | 001,589,248 | ---- | C] () -- C:\WINDOWS\System32\libmysql_d.dll
[2009/11/20 22:42:05 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/11/20 22:32:06 | 000,040,960 | ---- | C] () -- C:\Program Files\Uninstall_CDS.exe
[2009/11/20 22:18:14 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/11/20 20:49:35 | 000,027,136 | ---- | C] () -- C:\Documents and Settings\Boss\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/11/10 09:08:50 | 000,024,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\ATITool.sys
[2006/05/09 22:50:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/05/09 22:50:00 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/05/09 22:50:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/05/09 22:50:00 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/05/09 22:50:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/05/09 22:50:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2009/11/29 18:16:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2010/01/24 17:57:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2010/07/07 14:24:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Innovative Solutions
[2010/02/25 02:29:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JNKNGQWFYG
[2010/05/25 10:57:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MySQL
[2010/01/06 22:21:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2009/12/18 20:42:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS
[2010/02/24 01:45:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oberon Media
[2010/08/08 18:04:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2010/08/20 12:42:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2010/01/10 23:03:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sophos
[2010/07/16 09:54:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SuperHideIP
[2010/08/20 20:26:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Systweak
[2010/07/24 14:09:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2010/06/22 16:36:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/06/24 10:03:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2009/12/07 20:02:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YoYoGames
[2010/04/10 16:34:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/06/24 10:02:29 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
[2010/04/10 15:42:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/01/12 17:15:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Boss\Application Data\Acapela Group
[2010/05/01 22:32:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Boss\Application Data\AnvSoft
[2010/03/17 23:55:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Boss\Application Data\Azureus
[2010/04/05 15:57:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Boss\Application Data\BITS
[2009/12/13 22:37:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Boss\Application Data\DAEMON Tools Pro
[2010/05/08 15:18:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Boss\Application Data\DVDVideoSoftIEHelpers
[2010/01/24 17:39:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Boss\Application Data\ESET
[2010/04/16 20:27:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Boss\Application Data\Facebook
[2010/03/30 13:49:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Boss\Application Data\FlashGet
[2010/04/05 15:58:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Boss\Application Data\FlashGetBHO
[2010/08/16 01:11:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Boss\Application Data\FlashgetSetup
[2009/12/07 16:44:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Boss\Application Data\FreeFixer
[2010/06/24 07:46:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Boss\Application Data\gtk-2.0
[2010/07/01 14:05:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Boss\Application Data\ijjigame
[2010/04/25 13:16:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Boss\Application Data\Leadertech
[2010/03/07 13:49:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Boss\Application Data\Mael
[2010/06/17 13:10:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Boss\Application Data\MotionDSP
[2010/07/23 14:56:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Boss\Application Data\Music Recognition
[2010/06/20 20:34:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Boss\Application Data\MySQL
[2010/08/08 16:52:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Boss\Application Data\NCH Swift Sound
[2009/11/22 14:56:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Boss\Application Data\Nexon
[2010/06/28 15:37:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Boss\Application Data\OtakuSoftware
[2009/12/10 21:06:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Boss\Application Data\Publish Providers
[2010/08/21 11:14:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Boss\Application Data\Raptr
[2010/05/29 20:26:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Boss\Application Data\SecondLife
[2010/01/06 22:54:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Boss\Application Data\Sony
[2009/12/14 00:29:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Boss\Application Data\SPORE
[2009/12/13 01:55:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Boss\Application Data\SPORE Creature Creator
[2010/06/24 08:59:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Boss\Application Data\Styler
[2010/07/16 09:54:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Boss\Application Data\SuperHideIP
[2010/07/24 16:41:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Boss\Application Data\SystemRequirementsLab
[2010/07/24 14:56:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Boss\Application Data\Systweak
[2009/12/24 21:59:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Boss\Application Data\TeamViewer
[2009/11/30 19:05:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Boss\Application Data\Thinstall
[2010/06/24 10:04:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Boss\Application Data\TuneUp Software
[2010/07/08 20:38:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Boss\Application Data\Uniblue
[2010/06/07 13:23:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Boss\Application Data\Unity
[2010/07/24 15:38:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Boss\Application Data\uTorrent
[2010/06/24 11:29:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Boss\Application Data\ViGlance
[2010/06/26 13:46:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Boss\Application Data\ViSplore
[2010/06/24 11:29:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Boss\Application Data\ViStart
[2009/12/03 01:48:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Boss\Application Data\Vivox
[2009/11/20 19:47:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Boss\Application Data\WinBatch
[2010/04/26 15:35:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Boss\Application Data\Windows Desktop Search
[2010/02/06 06:05:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Boss\Application Data\Windows Search
[2010/01/12 17:15:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Boss\Application Data\Xtranormal
[2010/08/23 14:00:18 | 000,000,484 | ---- | M] () -- C:\WINDOWS\Tasks\1-Click Maintenance.job
[2010/08/22 15:30:32 | 000,000,424 | ---- | M] () -- C:\WINDOWS\Tasks\ASO-AntiSpyware.job
[2010/08/22 17:13:42 | 000,000,276 | ---- | M] () -- C:\WINDOWS\Tasks\switchDowngrade.job
[2010/08/11 17:10:01 | 000,000,276 | ---- | M] () -- C:\WINDOWS\Tasks\switchShakeIcon.job
[2010/08/22 23:34:47 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{6A38690E-C97B-44DE-9F99-EC7BEC37602C}.job
[2010/08/11 16:52:03 | 000,000,280 | ---- | M] () -- C:\WINDOWS\Tasks\wavepadShakeIcon.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2010/06/11 10:28:38 | 000,703,352 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\autoruns.exe
[2010/06/11 10:28:34 | 000,585,080 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\autorunsc.exe


< MD5 for: AGP440.SYS >
[2004/08/04 02:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/04/14 06:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/04 02:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008/04/14 06:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/14 01:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/14 01:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 02:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/14 06:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/04 02:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008/04/14 06:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 06:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 06:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/14 06:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 06:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2008/04/14 06:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 06:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2010/07/01 21:35:12 | 000,228,024 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\WINDOWS\system32\klogon.dll
[2008/04/14 06:42:02 | 001,384,479 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msvbvm60.dll
[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010/06/09 17:43:50 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\kl1.sys
[2010/06/09 17:43:52 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\kl2.sys
[2010/08/21 22:43:36 | 000,482,392 | ---- | M] (Kaspersky Lab) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\klif.sys
[2010/05/07 12:06:26 | 000,032,856 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\klim5.sys
[2009/11/02 20:27:24 | 000,019,472 | ---- | M] (Kaspersky Lab) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\klmouflt.sys

< %systemroot%\System32\config\*.sav >

========== Alternate Data Streams ==========

@Alternate Data Stream - 48 bytes -> C:\Documents and Settings\All Users\DRM:مهندسة
@Alternate Data Stream - 48 bytes -> C:\Documents and Settings\All Users\DRM:مايكروسوفت
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:890CC2F3
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:661DFA1C
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:288A91F8
< End of report >


Extras.txt
QUOTE
OTL Extras logfile created on: 8/23/2010 1:05:49 PM - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\Boss\Desktop\Hacks\OTL
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.00 Mb Total Physical Memory | 278.00 Mb Available Physical Memory | 29.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 53.00% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 127.99 Gb Total Space | 75.84 Gb Free Space | 59.25% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SHANKS
Current User Name: Boss
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-329068152-776561741-839522115-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"56166:TCP" = 56166:TCP:*:Enabled:Pando Media Booster
"56166:UDP" = 56166:UDP:*:Enabled:Pando Media Booster

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"25000:TCP" = 25000:TCP:*:Disabled:Atmosphir1
"25000:UDP" = 25000:UDP:*:Disabled:Atmosphir2
"50000:TCP" = 50000:TCP:*:Disabled:Atmosphir3
"50000:UDP" = 50000:UDP:*:Disabled:Atmosphir4
"55000:TCP" = 55000:TCP:*:Disabled:Atmosphir5
"55000:UDP" = 55000:UDP:*:Disabled:Atmosphir6
"56166:TCP" = 56166:TCP:*:Disabled:Pando Media Booster
"56166:UDP" = 56166:UDP:*:Disabled:Pando Media Booster
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
"80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Nexon\Combat Arms\CombatArms.exe" = C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe -- File not found
"C:\Nexon\Combat Arms\Engine.exe" = C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe -- File not found
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Disabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Disabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Nexon\Combat Arms\CombatArms.exe" = C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe -- File not found
"C:\Nexon\Combat Arms\Engine.exe" = C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe -- File not found
"C:\WINDOWS\system32\java.exe" = C:\WINDOWS\system32\java.exe:*:Enabled:Java™ Platform SE binary -- (Oracle)
"C:\WINDOWS\system32\dpnsvr.exe" = C:\WINDOWS\system32\dpnsvr.exe:*:Disabled:Microsoft DirectPlay8 Server -- (Microsoft Corporation)
"C:\Documents and Settings\Boss\temp\TeamViewer\Version5\TeamViewer.exe" = C:\Documents and Settings\Boss\temp\TeamViewer\Version5\TeamViewer.exe:*:Disabled:TeamViewer -- (TeamViewer GmbH)
"C:\Program Files\TeamViewer\Version5\TeamViewer.exe" = C:\Program Files\TeamViewer\Version5\TeamViewer.exe:*:Disabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Ntreev USA\Grand Chase\main.exe" = C:\Ntreev USA\Grand Chase\main.exe:*:Enabled:GrandChase -- (KOG)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\GrandChase Unlimited\main.exe" = C:\Program Files\GrandChase Unlimited\main.exe:*:Enabled:GrandChase -- ()
"C:\WINDOWS\system32\dxdiag.exe" = C:\WINDOWS\system32\dxdiag.exe:*:Disabled:Microsoft DirectX Diagnostic Tool -- (Microsoft Corporation)
"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java™ Platform SE binary -- (Oracle)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary -- (Oracle)
"C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Emulators-Consoles\SNES\zsnesw.exe" = C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Emulators-Consoles\SNES\zsnesw.exe:*:Enabled:zsnesw -- ()
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\Raptr\raptr.exe" = C:\Program Files\Raptr\raptr.exe:*:Enabled:Raptr Client -- ()
"C:\Program Files\Raptr\raptr_im.exe" = C:\Program Files\Raptr\raptr_im.exe:*:Enabled:Raptr IM -- ()
"C:\Program Files\ijji\ijji REACTOR\ijjiOptimizer.exe" = C:\Program Files\ijji\ijji REACTOR\ijjiOptimizer.exe:*:Disabled:ijjiOptimizer.exe -- ()
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Disabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Disabled:Pando Media Booster -- ()
"C:\Program Files\ijji\ijji REACTOR\REACTOR.exe" = C:\Program Files\ijji\ijji REACTOR\REACTOR.exe:*:Disabled:Reactor Application -- (NHN Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03ACC7CA-52CB-44d7-B87D-9F0D3B6930FD}" = HP Photosmart Printer Driver Software 10.0.02
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp version 0.99.7
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{14E94112-5F6B-4049-B177-4C7E69D3C3A0}_is1" = Dragonica Online
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java™ 6 Update 21
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{37B03AA0-B125-4649-900C-F26E1081F163}" = Camtasia Studio 7
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D281B1C-BF39-4893-B32A-EAB3B84BDE34}" = Audition
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0
"{48FE73F3-4C3A-4871-BCD0-A7726A08BD64}" = Hex Workshop v6
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{65A92AAA-3D05-4C94-9F70-731C05E60C16}" = NVIDIA System Update
"{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Anti-Virus 2011
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{7A512A34-F4E8-43C4-BD80-43A022B31BF6}" = MapleStory
"{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA Performance
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{901DC58A-5C1B-4315-BA40-5AD3D3A463B9}" = ijji REACTOR
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A1E21995-127E-4B7F-8C4D-CB04AA8A58EF}_is1" = Advanced System Optimizer
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A8896270-5B9A-4fd0-8752-AD8C7EBC9BE2}" = D7200
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin
"{AF1778C9-CC16-4aad-AF43-9A57429E7114}" = PS_SF_02_Software
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C6941FEB-0595-4ff5-8F31-B6F4B31C031F}" = D7200_Help
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D23E6E13-653C-415e-937A-598E1CEFACB1}" = PS_SF_02_Software_Min
"{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}" = NVIDIA System Monitor
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FB52D14B-505F-4e32-89FF-1234233301D2}" = PS_SF_02_ProductContext
"7-Zip" = 7-Zip 9.15 beta
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Data Fax SoftModem with SmartCP
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.54
"Defraggler" = Defraggler
"F3B506E1FDAEA4DC6669B53B2D3F0B68FBA20C2D" = Windows Driver Package - AMD System (04/06/2006 1.0.1.0)
"Free YouTube Download_is1" = Free YouTube Download 2.8
"Game Booster_is1" = Game Booster
"Grand Chase" = Grand Chase
"GrandChase Unlimited2.0" = GrandChase Unlimited
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"IconsExtract" = IconsExtract
"ie8" = Windows Internet Explorer 8
"InCD!UninstallKey" = InCD
"InstallShield_{65A92AAA-3D05-4C94-9F70-731C05E60C16}" = NVIDIA System Update
"InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA Performance
"InstallShield_{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}" = NVIDIA System Monitor
"InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Anti-Virus 2011
"Latale GP3.0" = Latale GP
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mario Forever : Block Party" = Mario Forever : Block Party
"Mario Forever Galaxy" = Mario Forever Galaxy
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"Mozilla Firefox (4.0b3)" = Mozilla Firefox (4.0b3)
"MSNPlus" = MSNPlus
"Nero - Burning Rom!UninstallKey" = Nero OEM
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Raptr" = Raptr
"Recuva" = Recuva
"RocketDock_is1" = RocketDock 1.3.5
"StepMania" = StepMania 3.9a (remove only)
"Switch" = Switch Sound File Converter
"SystemRequirementsLab" = System Requirements Lab
"TeamViewer 5" = TeamViewer 5
"Uninstall_is1" = Uninstall 1.0.0.1
"WavePad" = WavePad Sound Editor
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinGimp-2.0_is1" = GIMP 2.6.7
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"zbattle.net_is1" = zbattle.net 1.09 SR-1 beta
"Zynga Toolbar" = Zynga Toolbar

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-329068152-776561741-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"DeskSpace" = DeskSpace 1.5.4.4 Trial
"Facebook Plug-In" = Facebook Plug-In
"Google Chrome" = Google Chrome
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 12/13/2009 11:11:07 PM | Computer Name = SHANKS | Source = avast! | ID = 33554522
Description =

Error - 1/7/2010 1:56:34 PM | Computer Name = SHANKS | Source = avast! | ID = 33554522
Description =

Error - 1/7/2010 1:58:44 PM | Computer Name = SHANKS | Source = avast! | ID = 33554522
Description =

Error - 1/7/2010 2:01:08 PM | Computer Name = SHANKS | Source = avast! | ID = 33554522
Description =

Error - 1/7/2010 2:05:07 PM | Computer Name = SHANKS | Source = avast! | ID = 33554522
Description =

Error - 1/7/2010 2:08:59 PM | Computer Name = SHANKS | Source = avast! | ID = 33554522
Description =

Error - 1/7/2010 2:11:47 PM | Computer Name = SHANKS | Source = avast! | ID = 33554522
Description =

[ Application Events ]
Error - 8/20/2010 8:42:11 PM | Computer Name = SHANKS | Source = Google Update | ID = 20
Description =

Error - 8/21/2010 8:01:03 PM | Computer Name = SHANKS | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 1.9.2.3855, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x0000100b.

Error - 8/21/2010 9:42:36 PM | Computer Name = SHANKS | Source = Google Update | ID = 20
Description =

Error - 8/21/2010 10:43:26 PM | Computer Name = SHANKS | Source = Google Update | ID = 20
Description =

Error - 8/21/2010 10:49:02 PM | Computer Name = SHANKS | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 8/21/2010 10:49:02 PM | Computer Name = SHANKS | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 8/21/2010 10:49:02 PM | Computer Name = SHANKS | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 8/22/2010 1:18:06 AM | Computer Name = SHANKS | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 1.9.2.3855, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x0000100b.

Error - 8/22/2010 1:12:46 PM | Computer Name = SHANKS | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 1.9.2.3855, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x0000100b.

Error - 8/23/2010 7:43:01 AM | Computer Name = SHANKS | Source = Google Update | ID = 20
Description =

[ Application Events ]
Error - 8/20/2010 8:42:11 PM | Computer Name = SHANKS | Source = Google Update | ID = 20
Description =

Error - 8/21/2010 8:01:03 PM | Computer Name = SHANKS | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 1.9.2.3855, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x0000100b.

Error - 8/21/2010 9:42:36 PM | Computer Name = SHANKS | Source = Google Update | ID = 20
Description =

Error - 8/21/2010 10:43:26 PM | Computer Name = SHANKS | Source = Google Update | ID = 20
Description =

Error - 8/21/2010 10:49:02 PM | Computer Name = SHANKS | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 8/21/2010 10:49:02 PM | Computer Name = SHANKS | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 8/21/2010 10:49:02 PM | Computer Name = SHANKS | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 8/22/2010 1:18:06 AM | Computer Name = SHANKS | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 1.9.2.3855, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x0000100b.

Error - 8/22/2010 1:12:46 PM | Computer Name = SHANKS | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 1.9.2.3855, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x0000100b.

Error - 8/23/2010 7:43:01 AM | Computer Name = SHANKS | Source = Google Update | ID = 20
Description =

[ Application Events ]
Error - 8/20/2010 8:42:11 PM | Computer Name = SHANKS | Source = Google Update | ID = 20
Description =

Error - 8/21/2010 8:01:03 PM | Computer Name = SHANKS | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 1.9.2.3855, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x0000100b.

Error - 8/21/2010 9:42:36 PM | Computer Name = SHANKS | Source = Google Update | ID = 20
Description =

Error - 8/21/2010 10:43:26 PM | Computer Name = SHANKS | Source = Google Update | ID = 20
Description =

Error - 8/21/2010 10:49:02 PM | Computer Name = SHANKS | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 8/21/2010 10:49:02 PM | Computer Name = SHANKS | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 8/21/2010 10:49:02 PM | Computer Name = SHANKS | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 8/22/2010 1:18:06 AM | Computer Name = SHANKS | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 1.9.2.3855, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x0000100b.

Error - 8/22/2010 1:12:46 PM | Computer Name = SHANKS | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 1.9.2.3855, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x0000100b.

Error - 8/23/2010 7:43:01 AM | Computer Name = SHANKS | Source = Google Update | ID = 20
Description =

[ System Events ]
Error - 8/2/2010 4:05:38 PM | Computer Name = SHANKS | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 8/2/2010 4:11:31 PM | Computer Name = SHANKS | Source = Service Control Manager | ID = 7000
Description = The InCD Helper service failed to start due to the following error:
%%2

Error - 8/2/2010 4:12:53 PM | Computer Name = SHANKS | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 8/2/2010 4:27:57 PM | Computer Name = SHANKS | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service WSearch with
arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error - 8/2/2010 4:28:07 PM | Computer Name = SHANKS | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service WSearch with
arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error - 8/2/2010 4:28:11 PM | Computer Name = SHANKS | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service WSearch with
arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error - 8/2/2010 4:53:02 PM | Computer Name = SHANKS | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 8/2/2010 5:26:33 PM | Computer Name = SHANKS | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 8/2/2010 5:31:49 PM | Computer Name = SHANKS | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 8/2/2010 8:44:02 PM | Computer Name = SHANKS | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

[ TuneUp Events ]
Error - 8/20/2010 8:29:45 PM | Computer Name = SHANKS | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-08-20 20:29:45', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbam.exe','3580',0)

Error - 8/20/2010 8:35:31 PM | Computer Name = SHANKS | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-08-20 20:35:31', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbam.exe','1860',0)

Error - 8/21/2010 11:10:01 AM | Computer Name = SHANKS | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-08-21 11:10:01', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbamservice.exe','420',0)

Error - 8/21/2010 8:34:20 PM | Computer Name = SHANKS | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-08-21 20:34:20', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbamservice.exe','316',0)

Error - 8/21/2010 10:39:49 PM | Computer Name = SHANKS | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-08-21 22:39:49', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbamservice.exe','1308',0)

Error - 8/21/2010 11:04:43 PM | Computer Name = SHANKS | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-08-21 23:04:43', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbamservice.exe','636',0)

Error - 8/21/2010 11:46:32 PM | Computer Name = SHANKS | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-08-21 23:46:32', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbamservice.exe','188',0)

Error - 8/22/2010 12:16:14 AM | Computer Name = SHANKS | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-08-22 00:16:14', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbam.exe','852',0)

Error - 8/22/2010 9:24:48 PM | Computer Name = SHANKS | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-08-22 21:24:48', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbamservice.exe','1012',0)

Error - 8/23/2010 12:49:12 AM | Computer Name = SHANKS | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-08-23 00:49:12', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbamservice.exe','1184',0)

[ TuneUp Events ]
Error - 8/20/2010 8:29:45 PM | Computer Name = SHANKS | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-08-20 20:29:45', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbam.exe','3580',0)

Error - 8/20/2010 8:35:31 PM | Computer Name = SHANKS | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-08-20 20:35:31', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbam.exe','1860',0)

Error - 8/21/2010 11:10:01 AM | Computer Name = SHANKS | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-08-21 11:10:01', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbamservice.exe','420',0)

Error - 8/21/2010 8:34:20 PM | Computer Name = SHANKS | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-08-21 20:34:20', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbamservice.exe','316',0)

Error - 8/21/2010 10:39:49 PM | Computer Name = SHANKS | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-08-21 22:39:49', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbamservice.exe','1308',0)

Error - 8/21/2010 11:04:43 PM | Computer Name = SHANKS | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-08-21 23:04:43', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbamservice.exe','636',0)

Error - 8/21/2010 11:46:32 PM | Computer Name = SHANKS | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-08-21 23:46:32', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbamservice.exe','188',0)

Error - 8/22/2010 12:16:14 AM | Computer Name = SHANKS | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-08-22 00:16:14', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbam.exe','852',0)

Error - 8/22/2010 9:24:48 PM | Computer Name = SHANKS | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-08-22 21:24:48', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbamservice.exe','1012',0)

Error - 8/23/2010 12:49:12 AM | Computer Name = SHANKS | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-08-23 00:49:12', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbamservice.exe','1184',0)


< End of report >


gmer.log
QUOTE
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-23 17:31:08
Windows 5.1.2600 Service Pack 3
Running: 14y5hvwl.exe; Driver: C:\DOCUME~1\Boss\LOCALS~1\Temp\uwtdypog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwAdjustPrivilegesToken [0xF327DE5E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwClose [0xF327E754]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwConnectPort [0xF327F580]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateEvent [0xF327FACA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateFile [0xF327EA30]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateKey [0xF327CCD0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateMutant [0xF327F9B0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateNamedPipeFile [0xF327DA4E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreatePort [0xF327F884]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSection [0xF327DBF6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSemaphore [0xF327FBEA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateThread [0xF327E3DE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateWaitablePort [0xF327F91A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDebugActiveProcess [0xF32812C6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeleteKey [0xF327D2DA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeleteValueKey [0xF327D68E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeviceIoControlFile [0xF327EEB2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDuplicateObject [0xF32824DE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateKey [0xF327D7DA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateValueKey [0xF327D872]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwFsControlFile [0xF327ECC0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadDriver [0xF32813B8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadKey [0xF327CCAC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadKey2 [0xF327CCBE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwMapViewOfSection [0xF3281B2C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwNotifyChangeKey [0xF327D99E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenEvent [0xF327FB60]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenFile [0xF327E7D6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenKey [0xF327CE90]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenMutant [0xF327FA40]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenProcess [0xF327E096]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenSection [0xF32818C6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenSemaphore [0xF327FC80]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenThread [0xF327DF8C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryKey [0xF327D90A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryMultipleValueKey [0xF327D542]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQuerySection [0xF3281E66]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryValueKey [0xF327D16C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueueApcThread [0xF3281758]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRenameKey [0xF327D3FC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplaceKey [0xF327C6E6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplyPort [0xF327FFE4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplyWaitReceivePort [0xF327FEAA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRequestWaitReplyPort [0xF3281060]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRestoreKey [0xF327CA5E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwResumeThread [0xF3282380]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSaveKey [0xF327C67E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSecureConnectPort [0xF327F2CA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetContextThread [0xF327E5F8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetInformationToken [0xF3280908]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetSecurityObject [0xF3281556]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetSystemInformation [0xF3281FB6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetValueKey [0xF327CFE6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSuspendProcess [0xF32820A8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSuspendThread [0xF32821E2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSystemDebugControl [0xF32811EA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwTerminateProcess [0xF327E22A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwTerminateThread [0xF327E18A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwUnmapViewOfSection [0xF3281D0A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwWriteVirtualMemory [0xF327E314]

Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) FsRtlCheckLockForReadAccess
Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) IoIsOperationSynchronous

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2418 80501C50 4 Bytes JMP DCCCF327
.text ntkrnlpa.exe!ZwCallbackReturn + 2508 80501D40 12 Bytes [B8, 13, 28, F3, AC, CC, 27, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 2684 80501EBC 16 Bytes [FC, D3, 27, F3, E6, C6, 27, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 2778 80501FB0 12 Bytes [A8, 20, 28, F3, E2, 21, 28, ...]
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF62C13A0, 0x59FFE5, 0xE8000020]

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice \Driver\Tcpip \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice \Driver\Tcpip \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice \Driver\Tcpip \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Quest.wz\Act.img.xml 1304512 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Quest.wz\Check.img.xml 723457 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Quest.wz\QuestInfo.img.xml 1052389 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Quest.wz\Say.img.xml 2614186 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\0002000.img.xml 2506 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\1012000.img.xml 2621 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\1020000.img.xml 2362 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\1020001.img.xml 262 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\1020002.img.xml 262 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\1020003.img.xml 262 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\1020004.img.xml 262 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\1020005.img.xml 262 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\1020006.img.xml 262 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\1020007.img.xml 262 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\1020008.img.xml 262 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\1021001.img.xml 458 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\1022000.img.xml 2510 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\1029000.img.xml 5936 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\1050000.img.xml 3852 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\1052000.img.xml 376 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\1072000.img.xml 2697 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\1102000.img.xml 2717 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\1102001.img.xml 2475 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\1102002.img.xml 2471 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\1102003.img.xml 385 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\1200000.img.xml 930 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\1202002.img.xml 3102 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\1209000.img.xml 930 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2001000.img.xml 1261 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2001001.img.xml 1129 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2001002.img.xml 1103 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2001004.img.xml 430 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2001005.img.xml 430 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2001006.img.xml 430 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2001007.img.xml 430 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2001008.img.xml 430 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2001009.img.xml 430 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2001010.img.xml 431 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2001011.img.xml 443 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2001012.img.xml 443 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2001013.img.xml 443 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2001014.img.xml 443 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2001015.img.xml 443 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2001016.img.xml 974 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2002000.img.xml 2602 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2002001.img.xml 2833 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2002002.img.xml 2406 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2002003.img.xml 6123 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2002004.img.xml 254 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2002005.img.xml 254 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2002006.img.xml 254 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2002007.img.xml 254 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2002008.img.xml 254 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2002009.img.xml 254 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2002011.img.xml 2862 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2002012.img.xml 360 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2002013.img.xml 372 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2002014.img.xml 312 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2002015.img.xml 348 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2002016.img.xml 324 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2002017.img.xml 360 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2002018.img.xml 2862 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2006000.img.xml 2780 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2006001.img.xml 1819 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2008000.img.xml 2996 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2008001.img.xml 2986 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2008002.img.xml 2987 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2008003.img.xml 2986 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2008004.img.xml 2958 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2008005.img.xml 2986 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2008006.img.xml 20357 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2008007.img.xml 1503 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2008008.img.xml 425 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\1021000.img.xml 458 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2001003.img.xml 430 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2002010.img.xml 254 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2118002.img.xml 4556 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2502002.img.xml 2949 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2519002.img.xml 313 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\6702004.img.xml 2848 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\9108002.img.xml 2865 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\9202012.img.xml 362 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\9208010.img.xml 2270 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2092000.img.xml 842 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2092001.img.xml 2882 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2092002.img.xml 842 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2092003.img.xml 803 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2092004.img.xml 761 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2098000.img.xml 8487 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2098001.img.xml 803 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2099000.img.xml 1075 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2110000.img.xml 262 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2111000.img.xml 321 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2111001.img.xml 882 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2112000.img.xml 3660 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2112001.img.xml 286 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2112002.img.xml 274 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2112003.img.xml 274 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2112004.img.xml 252 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2112005.img.xml 254 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2112006.img.xml 257 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2112007.img.xml 3807 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2112008.img.xml 286 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2112009.img.xml 274 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2112010.img.xml 274 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2112011.img.xml 273 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2112012.img.xml 299 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2112013.img.xml 253 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2112014.img.xml 1744 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2112015.img.xml 4176 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2112016.img.xml 3216 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2112017.img.xml 3180 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2118000.img.xml 255 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2118001.img.xml 255 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2119000.img.xml 8092 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2119001.img.xml 372 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2119002.img.xml 372 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2119003.img.xml 372 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2200000.img.xml 1408 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2200001.img.xml 280 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2200002.img.xml 409 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2201000.img.xml 526 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2201001.img.xml 430 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2201002.img.xml 1668 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2201003.img.xml 1669 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2201004.img.xml 3634 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2202000.img.xml 2542 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2202001.img.xml 3609 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2202002.img.xml 2907 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2202003.img.xml 372 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2202004.img.xml 432 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2208000.img.xml 211 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2208001.img.xml 2232 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2208002.img.xml 1398 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2208003.img.xml 1366 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2208004.img.xml 2450 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2212000.img.xml 2071 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2212001.img.xml 322 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2212002.img.xml 322 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2212003.img.xml 322 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2212004.img.xml 2918 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2212005.img.xml 3002 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2221000.img.xml 1238 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2221001.img.xml 1170 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2221002.img.xml 1200 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2221003.img.xml 1125 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2221004.img.xml 1137 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2222000.img.xml 2340 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2222001.img.xml 2721 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2292001.img.xml 6262 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2292002.img.xml 6275 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2292003.img.xml 2190 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2292004.img.xml 6265 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2292005.img.xml 2901 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2292006.img.xml 6277 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2298001.img.xml 1193 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2298002.img.xml 2430 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2302000.img.xml 2718 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2302001.img.xml 5593 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2302002.img.xml 2797 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2302003.img.xml 8160 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2302005.img.xml 439 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2401000.img.xml 8551 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2401001.img.xml 3434 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2401002.img.xml 3398 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2402000.img.xml 4979 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2402001.img.xml 4978 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2402002.img.xml 2536 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2402003.img.xml 2548 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2402004.img.xml 2548 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2402005.img.xml 2548 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2402006.img.xml 350 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2406000.img.xml 3779 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2408000.img.xml 6177 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2408001.img.xml 6576 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2408002.img.xml 3555 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2408003.img.xml 339 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2408004.img.xml 650 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2502000.img.xml 3352 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2502001.img.xml 3352 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2511000.img.xml 3476 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2511001.img.xml 430 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2512000.img.xml 431 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2512001.img.xml 5237 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2516000.img.xml 1043 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2518000.img.xml 1036 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2519000.img.xml 2451 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2519001.img.xml 2537 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2519003.img.xml 313 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2602000.img.xml 349 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2618000.img.xml 8107 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2618001.img.xml 2722 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2618002.img.xml 2722 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2618003.img.xml 2430 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2618004.img.xml 2430 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2618005.img.xml 8424 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2618006.img.xml 8994 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\2618007.img.xml 2430 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\5411000.img.xml 979 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\6701000.img.xml 2850 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\6701001.img.xml 2850 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\6701002.img.xml 2850 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\6702000.img.xml 3170 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\6702001.img.xml 2751 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\6702002.img.xml 2848 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\6702003.img.xml 2848 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\6702005.img.xml 2848 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\6702006.img.xml 2848 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\6702007.img.xml 2848 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\6702008.img.xml 2848 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\6702009.img.xml 2848 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\6702010.img.xml 2849 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\6702011.img.xml 2849 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\6702012.img.xml 2849 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\6802000.img.xml 2849 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\6802001.img.xml 2715 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\6829000.img.xml 3274 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\8001000.img.xml 921 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\8091000.img.xml 300 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\8091001.img.xml 300 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\8091002.img.xml 300 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\8091003.img.xml 300 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\8091004.img.xml 300 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\8098000.img.xml 255 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\9000000.img.xml 271 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\9000001.img.xml 270 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\9000002.img.xml 271 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\9001000.img.xml 443 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\9002000.img.xml 276 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\9002001.img.xml 312 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\9002002.img.xml 336 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\9101000.img.xml 2893 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\9102000.img.xml 2458 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\9102001.img.xml 359 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\9102002.img.xml 3719 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\9102003.img.xml 343 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\9102004.img.xml 343 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\9102005.img.xml 343 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\9102006.img.xml 343 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\9102007.img.xml 343 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\9108000.img.xml 2865 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\9108001.img.xml 2865 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\9108003.img.xml 2865 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\9108004.img.xml 2865 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\9108005.img.xml 2865 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\9201000.img.xml 1063 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\9201001.img.xml 8989 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\9201002.img.xml 13205 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\9202000.img.xml 3480 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\9202001.img.xml 5393 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\9202002.img.xml 16585 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\9202003.img.xml 3285 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\9202004.img.xml 2853 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\9202005.img.xml 3160 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\9202006.img.xml 385 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\9202007.img.xml 385 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\9202008.img.xml 385 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\9202009.img.xml 3480 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\9202010.img.xml 314 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\9202011.img.xml 326 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\9208000.img.xml 2485 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\9208001.img.xml 2471 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\9208002.img.xml 2493 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\9208003.img.xml 1961 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\9208004.img.xml 10886 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\9208005.img.xml 2515 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\9208006.img.xml 2294 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\9208007.img.xml 5346 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\9208008.img.xml 4526 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\9208009.img.xml 2130 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\9208011.img.xml 2270 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\9208012.img.xml 2271 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\9208013.img.xml 3346 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\9980000.img.xml 9039 bytes
File C:\Documents and Settings\Boss\Desktop\Stephen's Stuff\PC Games\Maplestory\Admin Stuff\Extras\wz\wz\Reactor.wz\9980001.img.xml 9004 bytes

---- EOF - GMER 1.0.15 ----

Edited by StephenHorlick, 23 August 2010 - 04:46 PM.


#6 WolfHero

WolfHero
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:04:58 PM

Posted 24 August 2010 - 08:38 PM

Page 12... wow, you guys get alot.

Bumped, since I am already getting helped... Although this puts me back in line. x.x

Kapersky has been telling me strange activity of certain exes lately, so I'm worried I may be getting worse. Also, my games are getting slower and slower x.x

Isn't this common signs of virut again? (considering other things i've seen) I know this log is a bad thing, that I'm sure of.

QUOTE
Date: Today (33)
8/24/2010 9:06:05 AM Kaspersky Anti-Virus Task started Proactive Defense
8/24/2010 1:20:32 PM Main.exe Detected: PDM.Invader C:\NTREEV USA\GRAND CHASE\MAIN.EXE
8/24/2010 1:20:32 PM Main.exe Allowed: PDM.Invader C:\NTREEV USA\GRAND CHASE\MAIN.EXE Action selected according to the settings
8/24/2010 1:23:21 PM Main.exe Detected: PDM.Keylogger kernel mode memory patch
8/24/2010 1:23:23 PM Main.exe Allowed: PDM.Keylogger kernel mode memory patch Action selected according to the settings
8/24/2010 1:26:30 PM Main.exe Detected: PDM.DNS Query C:\NTREEV USA\GRAND CHASE\MAIN.EXE
8/24/2010 1:26:31 PM Main.exe Allowed: PDM.DNS Query C:\NTREEV USA\GRAND CHASE\MAIN.EXE Action selected according to the settings
8/24/2010 8:13:12 PM Main.exe Detected: PDM.Keylogger kernel mode memory patch
8/24/2010 8:13:12 PM Main.exe Allowed: PDM.Keylogger kernel mode memory patch Action selected according to the settings
8/24/2010 8:13:13 PM Main.exe Detected: PDM.Invader C:\NTREEV USA\GRAND CHASE\MAIN.EXE
8/24/2010 8:13:13 PM Main.exe Allowed: PDM.Invader C:\NTREEV USA\GRAND CHASE\MAIN.EXE Action selected according to the settings
8/24/2010 8:54:10 PM PATCHER.EXE Detected: PDM.DNS Query C:\PROGRAM FILES\REDBANA\AUDITION\PATCHER.EXE
8/24/2010 8:54:10 PM PATCHER.EXE Detected: PDM.DNS Query C:\PROGRAM FILES\REDBANA\AUDITION\PATCHER.EXE
8/24/2010 8:54:11 PM PATCHER.EXE Allowed: PDM.DNS Query C:\PROGRAM FILES\REDBANA\AUDITION\PATCHER.EXE Action selected according to the settings
8/24/2010 8:54:11 PM PATCHER.EXE Allowed: PDM.DNS Query C:\PROGRAM FILES\REDBANA\AUDITION\PATCHER.EXE Action selected according to the settings
8/24/2010 8:55:18 PM PATCHER.EXE Detected: PDM.DNS Query C:\PROGRAM FILES\REDBANA\AUDITION\PATCHER.EXE
8/24/2010 8:55:18 PM PATCHER.EXE Detected: PDM.DNS Query C:\PROGRAM FILES\REDBANA\AUDITION\PATCHER.EXE
8/24/2010 8:55:18 PM PATCHER.EXE Allowed: PDM.DNS Query C:\PROGRAM FILES\REDBANA\AUDITION\PATCHER.EXE Action selected according to the settings
8/24/2010 8:55:18 PM PATCHER.EXE Allowed: PDM.DNS Query C:\PROGRAM FILES\REDBANA\AUDITION\PATCHER.EXE Action selected according to the settings
8/24/2010 8:56:00 PM Kaspersky Anti-Virus Task stopped Proactive Defense
8/24/2010 9:00:00 PM Kaspersky Anti-Virus Task started Proactive Defense
8/24/2010 9:18:36 PM MAIN.EXE Detected: PDM.Suspicious driver installation C:\PROGRAM FILES\GRANDCHASE UNLIMITED\MAIN.EXE
8/24/2010 9:19:34 PM MAIN.EXE Allowed: PDM.Suspicious driver installation C:\PROGRAM FILES\GRANDCHASE UNLIMITED\MAIN.EXE Action selected according to the settings
8/24/2010 9:19:36 PM MAIN.EXE Detected: PDM.DNS Query C:\PROGRAM FILES\GRANDCHASE UNLIMITED\MAIN.EXE
8/24/2010 9:19:36 PM MAIN.EXE Detected: PDM.DNS Query C:\PROGRAM FILES\GRANDCHASE UNLIMITED\MAIN.EXE
8/24/2010 9:19:36 PM MAIN.EXE Allowed: PDM.DNS Query C:\PROGRAM FILES\GRANDCHASE UNLIMITED\MAIN.EXE Action selected according to the settings
8/24/2010 9:19:36 PM MAIN.EXE Allowed: PDM.DNS Query C:\PROGRAM FILES\GRANDCHASE UNLIMITED\MAIN.EXE Action selected according to the settings
8/24/2010 9:19:36 PM MAIN.EXE Detected: PDM.DNS Query C:\PROGRAM FILES\GRANDCHASE UNLIMITED\MAIN.EXE
8/24/2010 9:19:36 PM MAIN.EXE Allowed: PDM.DNS Query C:\PROGRAM FILES\GRANDCHASE UNLIMITED\MAIN.EXE Action selected according to the settings
8/24/2010 9:20:27 PM MAIN.EXE Detected: PDM.Keylogger kernel mode memory patch
8/24/2010 9:20:28 PM MAIN.EXE Allowed: PDM.Keylogger kernel mode memory patch Action selected according to the settings
8/24/2010 9:33:20 PM Kaspersky Anti-Virus Task stopped Proactive Defense
8/24/2010 9:33:22 PM Kaspersky Anti-Virus Task started Proactive Defense

Edited by StephenHorlick, 24 August 2010 - 08:39 PM.


#7 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:04:58 PM

Posted 24 August 2010 - 10:47 PM

Hello.

No need to bump your topic. Now that I'm helping you, I'm tracking the topic. Sometimes it might take me a day or so for replies. . . so I must ask for your patience.

I don't see anything in the requested logs that screams malware to me. . . Let's try running a systemwide Online Antivirus Scan. . . which will take a while but give us a good idea of what is being troublesome.

I'd like us to scan your machine with ESET OnlineScan
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push
Note for Vista Users: Eset is compatible but Internet Explorer must be run as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.)
**Note**
To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan.

~Blade


In your next reply, please include the following:
ESET Online Scan log

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#8 WolfHero

WolfHero
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:04:58 PM

Posted 25 August 2010 - 12:08 AM

Ok, so here's my early reply.

I've had ESET before I switched to Kapersky x.x in fact I bought it. The only reason I switched was to do a reccomendation on the virut blog. x.x

All the same, that doesn't matter. What does matter is that the scanner is stopping after a certain point (I waited a while), and it appears to be using 99 CPU, which isn't helping. Is this normal? dry.gif

I'll try to get up later since its 1:07 AM now and retry. I can't promise anything. If you have further advice on running it, let me know... x.x

Edited by StephenHorlick, 25 August 2010 - 12:09 AM.


#9 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:04:58 PM

Posted 25 August 2010 - 12:34 AM

The scan is supposed to take some time. . . since it's checking things against the cloud. This is the faster of the two Online Antivirus scans I like. The reason I'm wanting to do an online scan is because they are much more resistant to interference from malware than on-board scanners are. If ESET continues not to work for you. . . here are instructions for the other online scanner.

Please go to the Kaspersky website and perform an online antivirus scan.
  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply .

~Blade

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#10 WolfHero

WolfHero
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:04:58 PM

Posted 25 August 2010 - 03:02 PM

Ok, Finally got ESET to work after using iexplorer to make it built in. x.x I didn't see the export to text file option, probably because it found nothing. x.x

Please note that Kapersky's online scan could not run due to Kapersky Anti-Virus already being installed. x.x

Here's what did appear:



What now? I'm pretty sure I'm still infected, otherwise those programs wouldn't be keylogging. x.x

#11 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:04:58 PM

Posted 26 August 2010 - 02:57 PM

Hello StephenHorlick.

PDM.Keylogger is a proactive detection by KAV 2010. Essentially, what it means is that this could be a threat, but it isn't sure. If it were sure, it would be classified as an active threat. Both legitimate and malware programs perform actions that could cause this detection. In short, while it would be something that warrants investigation (which you did thumbup2.gif ) by itself it does not indicate an infection.

I see no reason here to think you're infected. Do you have any further questions?

~Blade

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#12 WolfHero

WolfHero
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:04:58 PM

Posted 26 August 2010 - 04:49 PM

Ah. Seems to make sense. ^^;

Erm, where can I get help with general preformance issues, since this turns out to not be a virus? I was worried since the Advanced System Optimizer's System protecter saw Gamemon.des as a virut, and it still does, but it may be a false positive.

Also, the built in system advisor (windows) detects that I have mutiple anti-viruses, and as I've been told before, that's a bad thing. It appears there's traces of Avast left behind, I thought I had uninstalled it, and it isn't in the program folder. Any ideas? Just re-installed ESET after getting rid of Kapersky x.x I like ESET because it has a good firewall system.

erm, also should I undo defogger? x.x

#13 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:04:58 PM

Posted 28 August 2010 - 08:50 PM

Hi StephenHorlick.

Sorry for the delay in my reply.

I'm not a huge fan of IOBit's security software for a number of reasons. . . I can tell you that Gamemon.des is not virut though.

For general perfomance issues, I would suggest posting in the forum corresponding to your Operating System (in this case the XP forum). However, please wait to do so until we are done here.

For the multiple antivirus thing, it sounds like Avast! did not uninstall correctly. What I would do is reinstall, then re-uninstall Avast!. Then, install ESET and see if it throws that error again. If it does. . . let me know. There are other ways of eliminating that problem but it's rather convoluted.

You can go ahead and undo defogger, yes smile.gif

Any other questions?

~Blade

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#14 WolfHero

WolfHero
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:04:58 PM

Posted 29 August 2010 - 04:09 PM

QUOTE(Blade Zephon @ Aug 28 2010, 09:50 PM) View Post
Hi StephenHorlick.

Sorry for the delay in my reply.

I'm not a huge fan of IOBit's security software for a number of reasons. . . I can tell you that Gamemon.des is not virut though.

For general perfomance issues, I would suggest posting in the forum corresponding to your Operating System (in this case the XP forum). However, please wait to do so until we are done here.

For the multiple antivirus thing, it sounds like Avast! did not uninstall correctly. What I would do is reinstall, then re-uninstall Avast!. Then, install ESET and see if it throws that error again. If it does. . . let me know. There are other ways of eliminating that problem but it's rather convoluted.

You can go ahead and undo defogger, yes smile.gif

Any other questions?

~Blade


Re did avast like you said, uninstalled it and re-installed Eset. :3 Success.

Thank you, Suprisingly my computer is running faster now for some strange reason, I'll post in the XP section should it get bad again. ^^ I think a chkdisk fixed it. o_o

#15 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:04:58 PM

Posted 30 August 2010 - 02:26 PM

Hello
  • Please double click on the icon on your desktop.
  • Click the large button marked "Cleanup"
***************************************************

Your machine appears to be clean!

I highly recommend that you read through the below set of very helpful suggestions and implement them; they will help protect you from reinfectionI recommend you regularly visit the Windows Update Site!
  • Lots of Hacking/Trojans use the methods found (plugged by the updates) that have not been stopped by people not updating.
  • By updating your machine, you have one less headache!
  • Update ALL Critical updates and any other Windows updates for services/programs that you use.
  • If you wish, you can also use automatic updates. This is a good thing to have if you want to be up-to-date all the time, but can also be a bit of an annoyance due to its handling and the sizes of the updates. If you wish to turn on automatic updates then you will find here is a nice little article about turning on automatic updates.
  • Note that it will download them for you, but you still have to actually click install.
  • If you do not want to have automatic updates turned on, or are on dial-up, you can always download updates seperately at: http://windowsupdate.microsoft.com.
It is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.

For a nice list of freeware programs in all categories, please have a look at this thread with freeware products that are regarded as useful by the users of this forum: Commonly Used Freeware Replacements.

Finally, and definitely the MOST IMPORTANT step, click on the following tutorial and follow each step listed there:

Simple and easy ways to keep your computer safe and secure on the Internet

Glad I was able to help and if there any other problems related to your computer please feel free to post them in the appropriate forum. Though we help people with spyware and viruses here at BC, we also help people with other computer problems! Do not forget to tell your friends about us!

~Blade

Edited by Blade Zephon, 30 August 2010 - 02:26 PM.

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users