Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser being Redirected/Hijacked


  • This topic is locked This topic is locked
32 replies to this topic

#1 xRichyx

xRichyx

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:53 PM

Posted 28 September 2010 - 03:55 PM

Hello All

I have only just recently registered with BleepingComputer.com as I am looking for assisttance/help with solving a possible browser hijacking/re-direction with my desktop PC running Windows XP SP3 with Internet Explorer.

I have tried following the instructions in - Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help - but keep encountering problems and have only partially been able to complete the process. On my last attempt my PC crashed before being able to complete the full scan.

Could somebody please advise that this is the correct procedure to follow and possibly guide me through resolving my problem.

Richy

Edited by xRichyx, 28 September 2010 - 03:56 PM.


BC AdBot (Login to Remove)

 


#2 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:53 PM

Posted 02 October 2010 - 03:48 PM

Hello and welcome to Bleeping Computer

Please try this approach instead...make sure to backup, too!

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.

Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.

We need to create an OTL report,
  • Please download OTL from this link.
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in:

    netsvcs
    msconfig
    drivers32 /all
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\system32\*.sys /90
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\*. /mp /s
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32
    ahcix86s.sys
    nvrd32.sys
    user32.dll
    ws2_32.dll
    /md5stop
    %systemroot%\*. /mp /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    CREATERESTOREPOINT

  • Click the Quick Scan button.
  • The scan should take a few minutes.
  • Please copy and paste both logs in your reply.

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new OTL log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


In your reply, please post both OTL logs and the GMER log.

Since you're having issues with GMER< please try GMER in safe mode. If that doesn't work, try in safe mode, but uncheck 'devices'. If all else fails, try in safe mode and only check 'files' and 'sections'


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#3 xRichyx

xRichyx
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:53 PM

Posted 03 October 2010 - 12:05 PM

Thank you for your assistance Etavares. As requested please find attached the two .txt files in zipped format created by running the OTL Scan. I will now try the second part of your instructions then post results as soon as possible.

With regard to further details about the problem I am experiencing: My Internet Browser seemed to be being redirected - either when selecting a result of a search with Google or BIng Search Engines/Or as a result of redirection Or as now - becaue the problem seems to have become worse - at anytime. I have just Started Up the PC and logged on to bleepingcomputer.com from a saved favourites link within IE - no search engine - but during this process unrequested new Tabs were created within IE by what I beleive is the Malware causing the Browser Diverts/Hijacks.

Thanks again for your assistance and I will attempt to follow your instructions as swiftly and closely as possible.

Richy

PS Yesterday I did get an error message and notification from my AntiVirus Programme - AVG free - that Updates could not be performed as the Computer System Time was incorrect. This appeared to have been changed within the previous twenty four hours from my previous settings. I have now corrected this and updated my AntiVirus Programme.

Attached Files


Edited by xRichyx, 03 October 2010 - 12:07 PM.


#4 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:53 PM

Posted 03 October 2010 - 12:44 PM

OK, I'll keep an eye out for your GMER log.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#5 xRichyx

xRichyx
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:53 PM

Posted 03 October 2010 - 03:07 PM

Hello Etavares

PC realy seems to have picked up something. While logging in to this forum a few minutes ago a new tab opened in IE/browser was redirected to: hxxp://lpgen.info/mylpgen/regerrors-bundle...2183660_b1?c=75 which is probably some scam antvirus.

Another attempt to create a GMER log with Windows running in normal mode failed. I did use the Defogger, and by the way when clicking the link after following your instructions my browser was also redirected - by clicking the back buton I am able to navigate away from bogus/re directed sites and successfully ran the Defogger.

I am also finding it impossible to run Windows in Safe Mode - Have tried the usual methods - Pressing F8 after Disk Detection but this has also been failing. I seem to remember somewhere once seeing how to get Windows XP to restart in safe mode but cannot find this now when required - Any Suggestions?.

I have made a screenprint of the processes that are loading at Start Up (attached).

I will keep trying to create the GMER log - Further assistance greatly appreciated.

Richy

EDIT: deactivate link

Attached Files


Edited by etavares, 03 October 2010 - 04:06 PM.


#6 xRichyx

xRichyx
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:53 PM

Posted 03 October 2010 - 05:35 PM

Hello Etavares

Whenever I have tried to run GMER I keep getting the Blue Screen and the PC crashes. PC failed even when trying to scan only Files and Sections but I was unable to run in Safe Mode as I am still unable to get Windows to start in Safe Mode.

Richy

#7 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:53 PM

Posted 03 October 2010 - 07:57 PM

OK, please run these instead:


FIRST:
  • Please Rootkit Unhooker and save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.

Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

QUOTE
"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


SECOND:

Please download MBRCheck by ad_13 and save it to your desktop.

Double-click to run. A window will pop up. If it says 'non-standard' or 'infected' MBR code detected, please type 3 for Exit for now and press Enter.

It will save a logfile on your desktop that starts with MBR, then has the date, etc. Please copy and paste the contents of that log in your reply.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#8 xRichyx

xRichyx
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:53 PM

Posted 04 October 2010 - 08:05 AM

Thanks Etavares

Please find reports requested below

Richy

Rootkit Unhooker Report

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>Drivers
==============================================
0xF6EB6000 C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 10604544 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 258.96 )
0xBD012000 C:\WINDOWS\System32\nv4_disp.dll 6344704 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 258.96 )
0xF6C28000 C:\WINDOWS\system32\drivers\ALCXWDM.SYS 2318336 bytes (Realtek Semiconductor Corp., Realtek AC'97 Audio Driver (WDM))
0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2260992 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2260992 bytes
0x804D7000 RAW 2260992 bytes
0x804D7000 WMIxWDM 2260992 bytes
0xBF800000 Win32k 1855488 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xF83C9000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xF3B04000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xF6B47000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xF3C88000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xB813C000 C:\WINDOWS\system32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xB76C2000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xF3C28000 C:\WINDOWS\System32\Drivers\avgtdix.sys 237568 bytes (AVG Technologies CZ, s.r.o., AVG Network connection watcher)
0xF3AD0000 C:\WINDOWS\System32\Drivers\avgldx86.sys 212992 bytes (AVG Technologies CZ, s.r.o., AVG AVI Loader Driver)
0xF84E7000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xB8373000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF839C000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xB702F000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xF3B74000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xF3BC1000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xF3C62000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xB80C8000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xF6C04000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF6E7E000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF6BE1000 C:\WINDOWS\system32\drivers\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xF3B9F000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x806FF000 ACPI_HAL 134400 bytes
0x806FF000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF847F000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF6E5E000 C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys 131072 bytes (Realtek Semiconductor Corporation , Realtek 10/100/1000 NDIS 5.1 Driver )
0xF84B7000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xF8382000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF849F000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xF3AB8000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xF8456000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF6BB6000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xF3BE9000 C:\WINDOWS\system32\DRIVERS\P0620Vid.sys 94208 bytes (Creative Technology Ltd., Video streaming and Capture Device Driver)
0xB7E5B000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF6BCD000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xF6EA2000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xF3CE1000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBD000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF846D000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF84D6000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF6BA5000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xF7E56000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF8626000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF8606000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xF85F6000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF8636000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xB7FD0000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF8766000 C:\WINDOWS\system32\drivers\usbaudio.sys 61440 bytes (Microsoft Corporation, USB Audio Class Driver)
0xF86B6000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF8576000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF8646000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF86F6000 C:\WINDOWS\system32\DRIVERS\STREAM.SYS 53248 bytes (Microsoft Corporation, WDM CODEC Class Device Driver 2.0)
0xF8556000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF8666000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF8746000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF8616000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF8546000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF8656000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF8536000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF86A6000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF8686000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF8566000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF8776000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xF85E6000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xF8676000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF8736000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xB7482000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xF8706000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF8826000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF8836000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xF8916000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF891E000 C:\WINDOWS\system32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xF880E000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xF87B6000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF8866000 C:\WINDOWS\system32\DRIVERS\usbprint.sys 28672 bytes (Microsoft Corporation, USB Printer driver)
0xF883E000 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xF8856000 C:\WINDOWS\System32\Drivers\avgmfx86.sys 24576 bytes (AVG Technologies CZ, s.r.o., AVG Resident Shield Minifilter Driver)
0xF893E000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF87CE000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF890E000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xF8816000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF87FE000 C:\WINDOWS\system32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
0xF881E000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF87BE000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF892E000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF8936000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xF8926000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF88C6000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xB756A000 C:\WINDOWS\system32\DRIVERS\asyncmac.sys 16384 bytes (Microsoft Corporation, MS Remote Access serial network driver)
0xF3D50000 C:\WINDOWS\system32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xB86EC000 C:\WINDOWS\system32\DRIVERS\mdc8021x.sys 16384 bytes (Meetinghouse Data Communications, IEEE 802.1X Protocol Driver)
0xF8356000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xB86E0000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF8A2A000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xF8946000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF3D4C000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xF8A26000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xB7656000 C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys 12288 bytes
0xF3D44000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xF8A32000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF89DA000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF8A72000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF8AE2000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF8A70000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF8A3A000 intelide.sys 8192 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0xF8A36000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF8A74000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF8AB0000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xF8A76000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF8A6C000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF8A6E000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF8A38000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF8BD9000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF8B7C000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF8B2A000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF8AFE000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================
0x00F70000 Hidden Image-->Sage.Integration.Server.dll [ EPROCESS 0x81BF6DA0 ] PID: 240, 192512 bytes
0x010E0000 Hidden Image-->Sage.Integration.Diagnostics.dll [ EPROCESS 0x81BF6DA0 ] PID: 240, 28672 bytes
0x011B0000 Hidden Image-->Sage.Integration.Server.Feeds.dll [ EPROCESS 0x81BF6DA0 ] PID: 240, 36864 bytes
0x01020000 Hidden Image-->Sage.Common.Syndication.dll [ EPROCESS 0x81BF6DA0 ] PID: 240, 372736 bytes
0x00FB0000 Hidden Image-->Sage.Integration.Server.Model.dll [ EPROCESS 0x81BF6DA0 ] PID: 240, 45056 bytes
0x010A0000 Hidden Image-->Sage.Common.Web.Server.dll [ EPROCESS 0x81BF6DA0 ] PID: 240, 69632 bytes
0x01110000 Hidden Image-->Sage.Utilities.dll [ EPROCESS 0x81BF6DA0 ] PID: 240, 69632 bytes
0x03520000 Hidden Image-->Sage.Integration.Client.dll [ EPROCESS 0x81BF6DA0 ] PID: 240, 69632 bytes




MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x000000fd

Kernel Drivers (total 119):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806FF000 \WINDOWS\system32\hal.dll
0xF8A36000 \WINDOWS\system32\KDCOM.DLL
0xF8946000 \WINDOWS\system32\BOOTVID.dll
0xF84E7000 ACPI.sys
0xF8A38000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF84D6000 pci.sys
0xF8536000 isapnp.sys
0xF8AFE000 pciide.sys
0xF87B6000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF8A3A000 intelide.sys
0xF8546000 MountMgr.sys
0xF84B7000 ftdisk.sys
0xF87BE000 PartMgr.sys
0xF8556000 VolSnap.sys
0xF849F000 atapi.sys
0xF8566000 disk.sys
0xF8576000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF847F000 fltmgr.sys
0xF846D000 sr.sys
0xF8456000 KSecDD.sys
0xF83C9000 Ntfs.sys
0xF839C000 NDIS.sys
0xF8382000 Mup.sys
0xF85E6000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF6EB6000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xF6EA2000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF890E000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF6E7E000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF8916000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF6E5E000 \SystemRoot\system32\DRIVERS\Rtnicxp.sys
0xF6C28000 \SystemRoot\system32\drivers\ALCXWDM.SYS
0xF6C04000 \SystemRoot\system32\drivers\portcls.sys
0xF85F6000 \SystemRoot\system32\drivers\drmk.sys
0xF6BE1000 \SystemRoot\system32\drivers\ks.sys
0xF891E000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF6BCD000 \SystemRoot\system32\DRIVERS\parport.sys
0xF8606000 \SystemRoot\system32\DRIVERS\serial.sys
0xF8A2A000 \SystemRoot\system32\DRIVERS\serenum.sys
0xF8616000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF8626000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF8636000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF8BD9000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF8646000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF8A32000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF6BB6000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF8656000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF8666000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF8926000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF6BA5000 \SystemRoot\system32\DRIVERS\psched.sys
0xF8676000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF892E000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF8936000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF8686000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF893E000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF87CE000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF8A6C000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF6B47000 \SystemRoot\system32\DRIVERS\update.sys
0xF8356000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF86A6000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF86B6000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF8A6E000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF87FE000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xF8A70000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF8B2A000 \SystemRoot\System32\Drivers\Null.SYS
0xF8A72000 \SystemRoot\System32\Drivers\Beep.SYS
0xF880E000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF8816000 \SystemRoot\System32\drivers\vga.sys
0xF8A74000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF8A76000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF881E000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF8826000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF89DA000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xF3CE1000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xF3C88000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF3C62000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF3C28000 \SystemRoot\System32\Drivers\avgtdix.sys
0xF3BE9000 \SystemRoot\system32\DRIVERS\P0620Vid.sys
0xF86F6000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0xF8706000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF8836000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xF883E000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xF3BC1000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF3B9F000 \SystemRoot\System32\drivers\afd.sys
0xF8736000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF3B74000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xF3B04000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF8746000 \SystemRoot\System32\Drivers\Fips.SYS
0xF8856000 \SystemRoot\System32\Drivers\avgmfx86.sys
0xF3AD0000 \SystemRoot\System32\Drivers\avgldx86.sys
0xF8766000 \SystemRoot\system32\drivers\usbaudio.sys
0xF8A26000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF8776000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF8866000 \SystemRoot\system32\DRIVERS\usbprint.sys
0xF3D50000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xF3D44000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xF7E56000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xF3AB8000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF8AE2000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF3D4C000 \SystemRoot\System32\drivers\Dxapi.sys
0xF88C6000 \SystemRoot\System32\watchdog.sys
0xBD000000 \SystemRoot\System32\drivers\dxg.sys
0xF8B7C000 \SystemRoot\System32\drivers\dxgthk.sys
0xBD012000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xB86EC000 \SystemRoot\system32\DRIVERS\mdc8021x.sys
0xB86E0000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB8373000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xF8AB0000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xB813C000 \SystemRoot\system32\DRIVERS\srv.sys
0xB80C8000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xB7E5B000 \SystemRoot\system32\drivers\wdmaud.sys
0xB7FD0000 \SystemRoot\system32\drivers\sysaudio.sys
0xB76C2000 \SystemRoot\System32\Drivers\HTTP.sys
0xB756A000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0xB7656000 \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
0xB702F000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 53):
0 System Idle Process
4 System
568 C:\WINDOWS\system32\smss.exe
624 csrss.exe
648 C:\WINDOWS\system32\winlogon.exe
692 C:\WINDOWS\system32\services.exe
704 C:\WINDOWS\system32\lsass.exe
852 C:\WINDOWS\system32\nvsvc32.exe
944 C:\WINDOWS\system32\svchost.exe
1016 svchost.exe
1112 C:\WINDOWS\system32\svchost.exe
1184 svchost.exe
1232 C:\Program Files\AVG\AVG9\avgchsvx.exe
1276 C:\Program Files\AVG\AVG9\avgrsx.exe
1360 svchost.exe
1456 C:\Program Files\AVG\AVG9\avgcsrvx.exe
1480 C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
1776 C:\WINDOWS\system32\spoolsv.exe
408 svchost.exe
444 C:\Program Files\AVG\AVG9\avgwdsvc.exe
560 C:\Program Files\iWin Games\iWinTrusted.exe
616 C:\Program Files\Java\jre6\bin\jqs.exe
772 C:\Program Files\Google\Update\GoogleUpdate.exe
1072 sqlservr.exe
1300 C:\Program Files\AVG\AVG9\avgnsx.exe
144 C:\WINDOWS\system32\PnkBstrA.exe
212 C:\WINDOWS\system32\PnkBstrB.exe
240 C:\Program Files\Common Files\Sage SData\Sage.SData.Service.exe
1940 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
1972 C:\WINDOWS\system32\svchost.exe
2036 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2188 C:\WINDOWS\system32\searchindexer.exe
2448 C:\WINDOWS\explorer.exe
2828 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
3000 unsecapp.exe
3076 wmiprvse.exe
3180 C:\WINDOWS\SOUNDMAN.EXE
3312 C:\PROGRA~1\AVG\AVG9\avgtray.exe
3316 alg.exe
3676 C:\WINDOWS\system32\rundll32.exe
3916 C:\WINDOWS\system32\ctfmon.exe
748 C:\WINDOWS\system32\rundll32.exe
1144 C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\st121g.exe
1312 C:\Program Files\Windows Desktop Search\WindowsSearch.exe
1308 C:\WINDOWS\system32\svchost.exe
2140 C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\PRISMSVR.exe
3908 C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
3168 C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
1104 C:\Program Files\Internet Explorer\iexplore.exe
116 C:\Program Files\Internet Explorer\iexplore.exe
3732 C:\WINDOWS\system32\searchprotocolhost.exe
1356 searchfilterhost.exe
1948 C:\Documents and Settings\Richard\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: WDCWD1600JD-00HBC0, Rev: 08.02D08

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!

#9 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:53 PM

Posted 04 October 2010 - 06:20 PM

Hello, xRichyx.

P2P Warning and Request
The log shows that you have been using so called peer-to-peer or file-sharing programmes (in your case LimeWire). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come a long way and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of their malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. I recommend that you uninstall this program. That is optional, however. If you decide to not uninstall, please refrain from using it until I let you know your computer is clean.



Registry Cleaner Warning


I also see that you have a Ccleaner installed. It is a great tool that I use. However, be careful of the registry cleaning functionality (versus file cleaning), Here at BC, we do not recommend using registry cleaners as they don't speed up your computer and they can do more harm than good if they remove a legitimate entry. If you do use it, make sure to use a tool like ERUNT to back up your registry first. Merely backing it up yourself via regedit wont' help you if you can't boot up as a result!

See here for more information:
http://www.bleepingcomputer.com/forums/ind...p;#entry1326578










Step 1

Next, please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop as etavaresCF.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on etavaresCF.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply, along with any symptoms that are present after it runs.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#10 xRichyx

xRichyx
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:53 PM

Posted 05 October 2010 - 02:23 AM

Hello Etavares

Limewire Uninstalled
Adaware and AVG Free Disabled
Regedit deselected from CCleaner
Combofix Downloaded and Run
Microsoft Windows Recovery Console Installed
Combofix Log created as follows
Adaware and AVG Free Enabled
Microsoft Updates Installed

However when I have opened IE an unrequested Tab opened so it would appear some sort of redirection is still occurring.

Thanks again Etavares

ComboFix 10-10-04.01 - Richard 05/10/2010 7:24.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.152 [GMT 1:00]
Running from: c:\documents and settings\Richard\Desktop\etavaresCF.exe.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Neth\Application Data\My Security Shield
c:\program files\\setup.exe
c:\program files\GamesBar\oberontb.dll
c:\program files\iWin Games\iWINgameshookie.dll
c:\program files\Setup.exe
c:\windows\system32\_000007_.tmp.dll
c:\windows\system32\Temp

Infected copy of c:\windows\system32\kernel32.dll was found and disinfected
Restored copy from - c:\windows\$NtServicePackUninstall$\kernel32.dll

.
((((((((((((((((((((((((( Files Created from 2010-09-05 to 2010-10-05 )))))))))))))))))))))))))))))))
.

2010-10-05 06:47 . 2010-10-05 06:47 -------- d-----w- c:\windows\LastGood
2010-09-30 17:41 . 2010-09-30 17:43 -------- d-----w- c:\program files\Rare Treasures - Dinnerware Trading Company
2010-09-26 12:57 . 2010-10-05 06:37 -------- d-----w- c:\program files\iWin Games
2010-09-26 12:07 . 2010-09-26 12:07 -------- d-----w- c:\documents and settings\Richard\Application Data\Floodlight Games
2010-09-24 20:14 . 2010-09-24 20:14 -------- d-----w- c:\documents and settings\Neth\Application Data\Artifex Mundi
2010-09-24 20:10 . 2010-09-24 20:10 -------- d-----w- c:\program files\bfgclient
2010-09-24 20:09 . 2010-09-24 20:09 3964328 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\BigFishGamesCache\Upgrade\Unpack\bfgsetup_s1_l1.exe
2010-09-24 15:19 . 2010-09-24 15:19 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\PopCap Games
2010-09-23 19:56 . 2010-09-23 19:56 232968 ----a-w- c:\windows\system32\nvdrsdb0.bin
2010-09-23 19:55 . 2010-09-23 19:56 1 ----a-w- c:\windows\system32\nvdrssel.bin
2010-09-23 19:55 . 2010-09-23 19:55 232968 ----a-w- c:\windows\system32\nvdrsdb1.bin
2010-09-23 19:51 . 2010-09-23 19:51 -------- d-----w- c:\windows\system32\winrm
2010-09-23 19:51 . 2010-09-23 19:51 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2010-09-23 19:09 . 2010-09-23 19:12 -------- d-----w- c:\documents and settings\Richard\Local Settings\Application Data\Temporary Projects
2010-09-22 19:18 . 2010-09-22 19:18 388096 ----a-r- c:\documents and settings\Richard\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-09-22 19:18 . 2010-09-22 19:18 -------- d-----w- c:\program files\Trend Micro
2010-09-21 17:23 . 2010-09-24 20:10 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\BigFishGamesCache
2010-09-19 17:53 . 2010-09-19 18:59 -------- d-----w- c:\program files\Reincarnations - Uncover the Past
2010-09-17 17:29 . 2010-09-17 17:44 -------- d-----w- c:\program files\Farmers Market
2010-09-17 17:16 . 2010-09-17 17:20 -------- d-----w- c:\program files\Lamp of Aladdin
2010-09-17 16:31 . 2010-09-17 16:31 -------- d-----w- c:\documents and settings\Neth\Application Data\Frogwares
2010-09-16 18:08 . 2010-09-16 18:08 -------- d-----w- c:\documents and settings\Neth\Application Data\Friday's games
2010-09-16 16:52 . 2010-09-16 16:52 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\SpinTop
2010-09-15 02:28 . 2010-10-31 11:06 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Temp
2010-09-15 01:53 . 2010-09-08 12:59 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-09-14 21:59 . 2010-09-14 21:59 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-09-14 21:42 . 2010-09-14 21:42 -------- d-----w- c:\documents and settings\Richard\Local Settings\Application Data\Sunbelt Software
2010-09-14 21:41 . 2010-09-14 21:41 -------- dc-h--w- c:\documents and settings\All Users.WINDOWS\Application Data\{437292BE-95BD-4B12-B699-6D217A03ACAF}
2010-09-14 21:41 . 2010-09-08 13:00 2985688 -c--a-w- c:\documents and settings\All Users.WINDOWS\Application Data\{437292BE-95BD-4B12-B699-6D217A03ACAF}\Ad-AwareInstall.exe
2010-09-14 21:39 . 2010-09-14 21:58 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft
2010-09-14 18:05 . 2010-09-14 18:05 -------- d-----w- c:\documents and settings\Neth\Application Data\Dekovir
2010-09-14 16:50 . 2010-09-14 16:50 -------- d-----w- c:\documents and settings\Neth\Application Data\Artifact Quest
2010-09-13 18:15 . 2010-09-14 07:16 -------- d-----w- c:\program files\Fishdom Double Pack - Fishdom, Fishdom H2O
2010-09-13 14:54 . 2010-09-13 14:54 -------- d-----w- c:\documents and settings\Neth\Application Data\Ten Heavens
2010-09-13 08:07 . 2010-09-13 08:07 -------- d-----w- c:\documents and settings\Neth\Application Data\Batovi
2010-09-13 08:06 . 2010-09-13 08:06 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2010-09-13 08:06 . 2010-09-13 08:06 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2010-09-13 07:26 . 2010-09-13 07:26 -------- d-----w- c:\documents and settings\Neth\Application Data\Big Splash Games
2010-09-13 07:26 . 2010-09-13 07:26 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Big Splash Games
2010-09-12 09:29 . 2010-09-12 09:29 -------- d-----w- c:\windows\system32\wbem\Repository
2010-09-12 08:13 . 2010-09-15 01:52 -------- d-sh--w- c:\documents and settings\All Users.WINDOWS\Application Data\MSEBXBQTZS
2010-09-12 08:13 . 2010-09-11 12:20 467928 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\e05c484\sqlite3.dll
2010-09-12 08:13 . 2010-09-11 12:20 718296 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\e05c484\mozcrt19.dll
2010-09-12 08:13 . 2010-09-12 09:45 -------- d-sh--w- c:\documents and settings\All Users.WINDOWS\Application Data\e05c484
2010-09-11 20:10 . 2010-09-11 20:10 -------- d-----w- c:\documents and settings\Neth\Application Data\ERS Game Studios
2010-09-10 20:34 . 2010-09-10 20:34 -------- d-----w- c:\documents and settings\Neth\Application Data\GameHouse
2010-09-10 16:45 . 2010-09-12 16:13 83520 ----a-w- c:\documents and settings\LocalService.NT AUTHORITY\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-09-08 20:25 . 2010-09-08 20:25 -------- d-----w- c:\documents and settings\Neth\Application Data\V-Games
2010-09-08 14:58 . 2010-09-08 14:58 -------- d-----w- c:\documents and settings\Neth\Application Data\SevenSails
2010-09-07 19:30 . 2010-09-07 19:30 -------- d-----w- C:\ProgramData
2010-09-07 19:28 . 2010-09-07 20:30 -------- d-----w- c:\program files\Dominic Crane 2 - Dark Mystery Revealed

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-05 06:37 . 2009-11-25 06:48 -------- d-----w- c:\program files\GamesBar
2010-10-05 06:05 . 2010-01-25 08:04 0 ----a-w- c:\documents and settings\Richard\Local Settings\Application Data\prvlcl.dat
2010-10-04 19:31 . 2009-12-14 06:18 -------- d-----w- c:\documents and settings\Richard\Application Data\Canon
2010-10-02 14:42 . 2010-03-15 20:51 -------- d-----w- c:\program files\CCleaner
2010-09-30 17:52 . 2009-12-04 20:12 -------- d---a-w- c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
2010-09-30 17:44 . 2010-06-14 14:00 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\MumboJumbo
2010-09-30 12:43 . 2009-12-21 18:57 -------- d-----w- c:\documents and settings\Neth\Application Data\PlayFirst
2010-09-30 12:43 . 2009-12-21 18:57 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\PlayFirst
2010-09-29 16:40 . 2008-01-26 13:57 -------- d-----w- c:\program files\Oberon Media
2010-09-29 16:25 . 2008-01-28 07:50 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-28 17:24 . 2010-01-23 18:14 -------- d-----w- c:\documents and settings\Neth\Application Data\Boomzap
2010-09-28 17:20 . 2007-12-19 18:17 -------- d-----w- c:\program files\iwin.com
2010-09-26 13:25 . 2009-12-04 20:12 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Alawar Stargaze
2010-09-26 12:07 . 2010-05-27 18:16 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Floodlight Games
2010-09-23 19:57 . 2009-12-03 12:02 -------- d-----w- c:\program files\NVIDIA Corporation
2010-09-23 17:04 . 2010-06-07 13:43 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\The Game Equation
2010-09-21 17:40 . 2010-06-17 07:35 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Playrix Entertainment
2010-09-19 17:57 . 2010-08-27 19:27 -------- d-----w- c:\documents and settings\Neth\Application Data\Enki Games
2010-09-19 16:32 . 2006-02-28 23:19 -------- d-----w- c:\program files\Google
2010-09-18 06:33 . 2009-11-28 08:08 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\NOS
2010-09-17 17:36 . 2009-12-08 22:33 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Fugazo
2010-09-16 16:52 . 2010-02-08 18:53 -------- d-----w- c:\documents and settings\Neth\Application Data\SpinTop
2010-09-15 02:09 . 2009-12-06 10:44 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft Help
2010-09-10 20:34 . 2010-03-05 20:00 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\GameHouse
2010-09-06 07:11 . 2010-04-13 16:29 -------- d-----w- c:\documents and settings\Neth\Application Data\Total Eclipse
2010-09-04 17:06 . 2010-09-04 17:06 -------- d-----w- c:\documents and settings\Neth\Application Data\Boolat Games
2010-09-03 20:20 . 2010-09-03 20:20 -------- d-----w- c:\documents and settings\Neth\Application Data\BigFish
2010-09-03 20:20 . 2010-09-03 20:20 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\BigFish
2010-09-03 17:34 . 2010-09-03 17:34 -------- d-----w- c:\documents and settings\Neth\Application Data\blg
2010-09-03 17:34 . 2010-09-03 17:34 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\blg
2010-09-01 22:46 . 2010-09-01 22:46 143392 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\BigFishGamesCache\Upgrade\stub\womens-murder-club-little-black-lies_s1_l1_gF5997T1L1_d1044957764[1].exe
2010-09-01 22:46 . 2010-09-01 22:46 143392 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\BigFishGamesCache\Upgrade\stub\rare-treasures_s1_l1_gF6002T1L1_d1049549259[1].exe
2010-09-01 22:46 . 2010-09-01 22:46 143392 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\BigFishGamesCache\Upgrade\stub\hospital-haste_s1_l1_gF5980T1L1_d1042990803[1].exe
2010-09-01 22:46 . 2010-09-01 22:46 143392 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\BigFishGamesCache\Upgrade\stub\heroes-of-kalevala_s1_l1_gF6545T1L1_d1039540245[1].exe
2010-09-01 22:46 . 2010-09-01 22:46 143392 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\BigFishGamesCache\Upgrade\stub\cooking-dash-3-collectors-edition_s1_l1_gF5989T1L1_d1049551037[1].exe
2010-09-01 22:46 . 2010-09-01 22:46 143392 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\BigFishGamesCache\Upgrade\stub\burger-battle_s1_l1_gF5892T1L1_d1049524919[1].exe
2010-09-01 22:46 . 2010-09-01 22:46 3907288 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\BigFishGamesCache\Upgrade\clientinstaller\bfgsetup_s1_l1.exe
2010-08-31 05:21 . 2009-12-05 08:15 -------- d-----w- c:\program files\Yahoo!
2010-08-30 10:39 . 2009-11-25 15:50 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-29 14:07 . 2010-08-29 14:07 -------- d-----w- c:\documents and settings\Neth\Application Data\SpinTop Games
2010-08-29 13:45 . 2010-03-30 17:06 -------- d-----w- c:\documents and settings\Neth\Application Data\Specialbit
2010-08-28 11:05 . 2010-08-28 11:05 -------- d-----w- c:\documents and settings\Neth\Application Data\Elephant Games
2010-08-27 20:02 . 2010-08-27 19:24 -------- d-----w- c:\program files\Reincarnations - Uncover the Past Collector's Edition
2010-08-27 16:07 . 2010-08-27 16:07 -------- d-----w- c:\documents and settings\Neth\Application Data\HotdogHotshot
2010-08-27 15:42 . 2010-08-16 16:39 -------- d-----w- c:\documents and settings\Neth\Application Data\Gamers Digital
2010-08-27 15:42 . 2010-08-16 16:39 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Gamers Digital
2010-08-26 17:57 . 2010-08-26 17:56 -------- d-----w- c:\program files\Yahoo! Games
2010-08-26 17:56 . 2010-02-07 10:54 -------- d-----w- c:\documents and settings\Neth\Application Data\Yahoo!
2010-08-26 17:56 . 2010-08-26 17:56 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Oberon Media
2010-08-26 16:45 . 2010-08-07 18:23 -------- d-----w- c:\documents and settings\Neth\Application Data\Merscom
2010-08-26 16:45 . 2010-08-07 18:23 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Merscom
2010-08-25 17:09 . 2009-12-05 17:03 -------- d-----w- c:\documents and settings\Neth\Application Data\Gamelab
2010-08-24 19:16 . 2010-08-24 19:16 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Veronica&BoD
2010-08-21 06:42 . 2010-08-18 18:05 -------- d-----w- c:\documents and settings\Neth\Application Data\Gaijin Ent
2010-08-20 14:09 . 2010-08-20 13:45 -------- d-----w- c:\program files\Robin's Quest - A Legend Born
2010-08-20 13:48 . 2010-08-20 13:48 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Gogii
2010-08-19 19:39 . 2010-06-18 19:32 -------- d-----w- c:\documents and settings\Neth\Application Data\Playrix Entertainment
2010-08-19 18:37 . 2010-08-14 07:10 -------- d-----w- c:\documents and settings\Neth\Application Data\Oberon Games
2010-08-19 18:37 . 2010-08-14 07:10 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Oberon Games
2010-08-18 17:56 . 2010-08-18 17:16 -------- d-----w- c:\program files\Exorcist
2010-08-18 17:19 . 2010-08-18 17:18 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Exorcist DS 1
2010-08-17 13:17 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 17:40 . 2010-08-16 17:40 503808 ----a-w- c:\documents and settings\Neth\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1f5d4801-n\msvcp71.dll
2010-08-16 17:40 . 2010-08-16 17:40 499712 ----a-w- c:\documents and settings\Neth\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1f5d4801-n\jmc.dll
2010-08-16 17:40 . 2010-08-16 17:40 61440 ----a-w- c:\documents and settings\Neth\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-5f181f64-n\decora-sse.dll
2010-08-16 17:40 . 2010-08-16 17:40 348160 ----a-w- c:\documents and settings\Neth\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1f5d4801-n\msvcr71.dll
2010-08-16 17:40 . 2010-08-16 17:40 12800 ----a-w- c:\documents and settings\Neth\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-5f181f64-n\decora-d3d.dll
2010-08-13 17:52 . 2010-08-13 17:15 -------- d-----w- c:\program files\Shaolin Mystery - Tale of the Jade Dragon Staff
2010-08-13 17:18 . 2010-08-13 17:17 -------- d-----w- c:\documents and settings\Neth\Application Data\ShaoLin
2010-08-12 20:12 . 2006-03-05 17:25 -------- d-----w- c:\program files\Common Files\Java
2010-08-12 20:12 . 2006-03-05 17:28 -------- d-----w- c:\program files\Java
2010-08-10 17:46 . 2010-02-17 17:45 -------- d-----w- c:\documents and settings\Neth\Application Data\Age of Japan II
2010-08-10 17:02 . 2010-08-10 17:02 -------- d-----w- c:\documents and settings\Neth\Application Data\TheGreatPharaoh
2010-08-08 19:08 . 2010-08-08 18:27 -------- d-----w- c:\documents and settings\Neth\Application Data\Iwin Ashtons Family Resort
2010-08-08 18:27 . 2010-08-08 18:27 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Iwin Ashtons Family Resort
2010-08-08 17:58 . 2010-04-05 14:59 -------- d-----w- c:\program files\Ubi Soft
2010-08-08 16:45 . 2010-08-08 16:45 -------- d-----w- c:\documents and settings\Neth\Application Data\Anarchy
2010-08-08 12:39 . 2010-08-08 12:39 -------- d-----w- c:\documents and settings\Neth\Application Data\DigirononGames
2010-08-07 21:13 . 2010-03-11 18:36 24744 ----a-w- c:\documents and settings\Neth\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-06 19:58 . 2010-08-06 19:58 -------- d-----w- c:\documents and settings\Neth\Application Data\Enlightenus2_BFG
2010-08-06 06:24 . 2010-08-06 06:24 12800 ----a-w- c:\documents and settings\Richard\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-32fff84a-n\decora-d3d.dll
2010-08-06 06:24 . 2010-08-06 06:24 61440 ----a-w- c:\documents and settings\Richard\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-32fff84a-n\decora-sse.dll
2010-08-06 06:24 . 2010-08-06 06:24 503808 ----a-w- c:\documents and settings\Richard\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-3396ae66-n\msvcp71.dll
2010-08-06 06:24 . 2010-08-06 06:24 499712 ----a-w- c:\documents and settings\Richard\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-3396ae66-n\jmc.dll
2010-08-06 06:24 . 2010-08-06 06:24 348160 ----a-w- c:\documents and settings\Richard\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-3396ae66-n\msvcr71.dll
2010-07-22 15:49 . 2004-08-04 12:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 05:57 . 2009-11-26 07:27 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-07-17 04:00 . 2010-04-24 06:09 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-15 16:23 . 2009-12-04 05:31 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-15 16:23 . 2010-07-15 16:23 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-15 16:21 . 2009-12-04 05:31 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-15 06:23 . 2010-07-15 06:11 157155 ----a-w- c:\windows\hphins26.dat
2010-07-09 15:24 . 2010-07-09 15:24 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-07-09 15:24 . 2010-07-09 15:24 277608 ----a-w- c:\windows\system32\nvmccs.dll
2010-07-09 15:24 . 2010-07-09 15:24 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-07-09 15:24 . 2010-07-09 15:24 155752 ----a-w- c:\windows\system32\nvsvc32.exe
2010-07-09 15:24 . 2010-07-09 15:24 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-07-09 15:24 . 2010-07-09 15:24 13923432 ----a-w- c:\windows\system32\nvcpl.dll
2008-05-30 05:12 . 2008-05-30 05:12 25685128 ----a-w- c:\program files\wordview_en-us.exe
2008-03-05 18:41 . 2008-03-05 18:41 0 ----a-w- c:\program files\temp01
2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll
2002-04-16 11:27 . 2002-04-16 11:27 5 --sha-w- c:\windows\system32\CdI5T.drv
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-04-15 77824]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-06-19 417792]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-07 1753192]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-09 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
SpeedTouch 121g Wireless USB Monitor.lnk - c:\program files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\st121g.exe [2004-9-23 303104]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-15 16:23 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^Richard^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\Richard\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG9_TRAY]
2010-07-15 16:23 2065760 ----a-w- c:\progra~1\AVG\AVG9\avgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-11-10 15:39 5244216 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSI Live]
2005-11-10 15:16 212992 ----a-w- c:\program files\MSI\MSI Live\SetWallpaper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2010-07-09 15:24 13923432 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2010-07-07 22:52 1753192 ----a-w- c:\program files\NVIDIA Corporation\nView\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Omnipage]
2002-06-03 11:38 49152 ----a-w- c:\program files\ScanSoft\OmniPageSE\opware32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PD0620 STISvc]
2005-05-10 17:03 36864 ----a-r- c:\windows\system32\P0620Pin.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PRISMSVR.EXE]
2004-07-02 16:27 295001 ----a-w- c:\program files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\PRISMSVR.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-06-19 15:03 417792 ----a-w- c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 10:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipCheapCom]
2010-07-16 15:57 10790200 ----a-w- c:\program files\VoipCheapCom.com\VoipCheapCom\voipcheapcom.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinSys2]
2009-08-25 16:00 208896 ----a-r- c:\windows\system32\WinSys2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\VoipCheapCom.com\\VoipCheapCom\\VoipCheapCom.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\StubInstaller.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\USArmy\\America's Army 3\\Binaries\\AA3Game.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\iWin Games\\iWinGames.exe"=
"c:\\Program Files\\iWin Games\\WebUpdater.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [04/12/2009 06:31 216400]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [04/12/2009 06:31 243024]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [15/07/2010 17:23 308136]
R2 iWinTrusted;iWinTrusted;c:\program files\iWin Games\iWinTrusted.exe [02/09/2010 16:38 176408]
R2 Sage SData Service;Sage SData Service;c:\program files\Common Files\Sage SData\Sage.SData.Service.exe [08/06/2009 16:19 49152]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [08/09/2010 13:59 15008]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13:16 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [20/06/2009 12:19 133104]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [08/09/2010 13:59 1356952]
S3 BT4501G;SpeedTouch 121g Wireless USB Adapter Driver;c:\windows\system32\drivers\BT4501G.sys [16/11/2005 12:21 357568]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [04/08/2004 13:00 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13:16 753504]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [11/07/2008 01:28 47128]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [30/03/2009 03:09 239336]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [30/03/2009 03:23 366936]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - LAVASOFT_KERNEXPLORER

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder

2010-10-05 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-09-08 10:31]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
Trusted Zone: britishcycling.org.uk\new
Trusted Zone: chesshere.com\www
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
AddRemove-NVIDIA Display Control Panel - c:\program files\NVIDIA Corporation\Uninstall\nvuninst.exe


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2000478354-1644491937-725345543-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(916)
c:\windows\system32\WININET.dll
c:\program files\NVIDIA Corporation\nView\nview.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\SearchIndexer.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\rundll32.exe
c:\progra~1\THOMSO~1\SPEEDT~1\PRISMSVR.EXE
.
**************************************************************************
.
Completion time: 2010-10-05 07:59:16 - machine was rebooted
ComboFix-quarantined-files.txt 2010-10-05 06:59

Pre-Run: 94,689,636,352 bytes free
Post-Run: 96,582,684,672 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 5414C4D90FDF9B7B4CA7BA635D985925

Edited by xRichyx, 05 October 2010 - 02:39 AM.


#11 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:53 PM

Posted 05 October 2010 - 11:36 AM

Hello, xRichyx.
Can you get into safe mode now? You also had a backdoor trojan.

Backdoor Warning
One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you do decide to proceed, please continue with the fix below.











Trusted Zone Warning

Having trusted sites may not be a good idea. The reason why I say it's not a good idea is because the security settings for the internet is not extremely high and once you put a site in your trusted zone, basically almost anymore or thing, including hackers or other malicious software have full access to that site which can lead to hijacking that site and may even have access to your computer. Are you sure you trust a site to that degree?

It is recommended NOT to have ANY sites in your Trusted Zone unless the site requires it to function properly and you trust it very well. Other than that, it is not necessary for you to add any sites into the trusted zone. If you're not sure, and/or you do not need these in your trusted zone to facilitate access or you did not knowingly permit this access yourself, then please remove those sites from your trusted zone.

They can be accessed in Internet Explorer via Tools>>Internet Options>>Security>>Trusted Zone>>Sites. Remove if there are any there.



Step 1

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

QUOTE
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000
RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]


Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.



Step 2

We need run an OTL Script
  1. Please download OTL from one of the following mirrors if you do not still have it.
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Paste the following code under the Custom Scans/Fixes box at the bottom. Do not include the word "Code".
    CODE
    :OTL
    DRV - File not found [Kernel | On_Demand | Stopped] -- H:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKU\S-1-5-21-2000478354-1644491937-725345543-1004\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O4 - HKLM..\Run: [KernelFaultCheck]  File not found
    O4 - HKLM..\Run: [KernelFaultCheck]  File not found
    :Commands
    [ResetHosts]
  5. Click the Run Fix button at the top.
  6. let the program run unhindered and reboot when it is done.
  7. You will get a log when it is done, please post that in your reply.
  8. Please then create a new OTL report....
  9. Click the "Scan All Users" checkbox.
  10. Push the button.
  11. A report will open, copy and paste it in a reply here.



Step 3

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

etavares

EDIT: CFScript

Edited by etavares, 05 October 2010 - 11:37 AM.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#12 xRichyx

xRichyx
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:53 PM

Posted 06 October 2010 - 03:13 AM

Hello Etavares

I removed all trusted sites from IE. I am still unable to run Windows in Safe Mode. I followed your instructions and please find below the following reports:

OTL Fix Log
COMBOFIX Log
OTL All User Log
mbam log

========== OTL ==========
Service GMSIPCI stopped successfully!
Service GMSIPCI deleted successfully!
File H:\INSTALL\GMSIPCI.SYS not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found.
Registry value HKEY_USERS\S-1-5-21-2000478354-1644491937-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck not found.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.14.1 log created on 10062010_073927


ComboFix 10-10-04.01 - Richard 06/10/2010 7:17.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.265 [GMT 1:00]
Running from: c:\documents and settings\Richard\Desktop\etavaresCF.exe.exe
Command switches used :: c:\documents and settings\Richard\Desktop\CFScript.txt
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.

((((((((((((((((((((((((( Files Created from 2010-09-06 to 2010-10-06 )))))))))))))))))))))))))))))))
.

2010-10-05 18:24 . 2010-06-01 17:37 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-10-05 16:26 . 2010-10-05 16:27 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-09-26 12:57 . 2010-10-05 06:37 -------- d-----w- c:\program files\iWin Games
2010-09-26 12:07 . 2010-09-26 12:07 -------- d-----w- c:\documents and settings\Richard\Application Data\Floodlight Games
2010-09-24 20:14 . 2010-09-24 20:14 -------- d-----w- c:\documents and settings\Neth\Application Data\Artifex Mundi
2010-09-24 20:10 . 2010-09-24 20:10 -------- d-----w- c:\program files\bfgclient
2010-09-24 20:09 . 2010-09-24 20:09 3964328 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\BigFishGamesCache\Upgrade\Unpack\bfgsetup_s1_l1.exe
2010-09-24 15:19 . 2010-09-24 15:19 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\PopCap Games
2010-09-23 19:56 . 2010-09-23 19:56 232968 ----a-w- c:\windows\system32\nvdrsdb0.bin
2010-09-23 19:55 . 2010-09-23 19:56 1 ----a-w- c:\windows\system32\nvdrssel.bin
2010-09-23 19:55 . 2010-09-23 19:55 232968 ----a-w- c:\windows\system32\nvdrsdb1.bin
2010-09-23 19:51 . 2010-09-23 19:51 -------- d-----w- c:\windows\system32\winrm
2010-09-23 19:51 . 2010-09-23 19:51 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2010-09-23 19:09 . 2010-09-23 19:12 -------- d-----w- c:\documents and settings\Richard\Local Settings\Application Data\Temporary Projects
2010-09-22 19:18 . 2010-09-22 19:18 388096 ----a-r- c:\documents and settings\Richard\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-09-22 19:18 . 2010-09-22 19:18 -------- d-----w- c:\program files\Trend Micro
2010-09-21 17:23 . 2010-09-24 20:10 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\BigFishGamesCache
2010-09-19 17:53 . 2010-09-19 18:59 -------- d-----w- c:\program files\Reincarnations - Uncover the Past
2010-09-17 17:29 . 2010-09-17 17:44 -------- d-----w- c:\program files\Farmers Market
2010-09-17 17:16 . 2010-09-17 17:20 -------- d-----w- c:\program files\Lamp of Aladdin
2010-09-17 16:31 . 2010-09-17 16:31 -------- d-----w- c:\documents and settings\Neth\Application Data\Frogwares
2010-09-16 18:08 . 2010-09-16 18:08 -------- d-----w- c:\documents and settings\Neth\Application Data\Friday's games
2010-09-16 16:52 . 2010-09-16 16:52 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\SpinTop
2010-09-15 02:28 . 2010-10-31 11:06 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Temp
2010-09-14 21:59 . 2010-09-14 21:59 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-09-14 21:42 . 2010-09-14 21:42 -------- d-----w- c:\documents and settings\Richard\Local Settings\Application Data\Sunbelt Software
2010-09-14 21:39 . 2010-10-05 16:26 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft
2010-09-14 18:05 . 2010-09-14 18:05 -------- d-----w- c:\documents and settings\Neth\Application Data\Dekovir
2010-09-14 16:50 . 2010-09-14 16:50 -------- d-----w- c:\documents and settings\Neth\Application Data\Artifact Quest
2010-09-13 18:15 . 2010-09-14 07:16 -------- d-----w- c:\program files\Fishdom Double Pack - Fishdom, Fishdom H2O
2010-09-13 14:54 . 2010-09-13 14:54 -------- d-----w- c:\documents and settings\Neth\Application Data\Ten Heavens
2010-09-13 08:07 . 2010-09-13 08:07 -------- d-----w- c:\documents and settings\Neth\Application Data\Batovi
2010-09-13 08:06 . 2010-09-13 08:06 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2010-09-13 08:06 . 2010-09-13 08:06 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2010-09-13 07:26 . 2010-09-13 07:26 -------- d-----w- c:\documents and settings\Neth\Application Data\Big Splash Games
2010-09-13 07:26 . 2010-09-13 07:26 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Big Splash Games
2010-09-12 09:29 . 2010-09-12 09:29 -------- d-----w- c:\windows\system32\wbem\Repository
2010-09-12 08:13 . 2010-09-15 01:52 -------- d-sh--w- c:\documents and settings\All Users.WINDOWS\Application Data\MSEBXBQTZS
2010-09-12 08:13 . 2010-09-11 12:20 467928 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\e05c484\sqlite3.dll
2010-09-12 08:13 . 2010-09-11 12:20 718296 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\e05c484\mozcrt19.dll
2010-09-12 08:13 . 2010-09-12 09:45 -------- d-sh--w- c:\documents and settings\All Users.WINDOWS\Application Data\e05c484
2010-09-11 20:10 . 2010-09-11 20:10 -------- d-----w- c:\documents and settings\Neth\Application Data\ERS Game Studios
2010-09-10 20:34 . 2010-09-10 20:34 -------- d-----w- c:\documents and settings\Neth\Application Data\GameHouse
2010-09-10 16:45 . 2010-09-12 16:13 83520 ----a-w- c:\documents and settings\LocalService.NT AUTHORITY\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-09-08 20:25 . 2010-09-08 20:25 -------- d-----w- c:\documents and settings\Neth\Application Data\V-Games
2010-09-08 14:58 . 2010-09-08 14:58 -------- d-----w- c:\documents and settings\Neth\Application Data\SevenSails
2010-09-07 19:30 . 2010-09-07 19:30 -------- d-----w- C:\ProgramData
2010-09-07 19:28 . 2010-09-07 20:30 -------- d-----w- c:\program files\Dominic Crane 2 - Dark Mystery Revealed

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-05 17:33 . 2009-12-04 20:12 -------- d---a-w- c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
2010-10-05 16:26 . 2008-06-17 16:04 -------- d-----w- c:\program files\Lavasoft
2010-10-05 16:05 . 2010-01-25 08:04 0 ----a-w- c:\documents and settings\Richard\Local Settings\Application Data\prvlcl.dat
2010-10-05 06:37 . 2009-11-25 06:48 -------- d-----w- c:\program files\GamesBar
2010-10-04 19:31 . 2009-12-14 06:18 -------- d-----w- c:\documents and settings\Richard\Application Data\Canon
2010-10-02 14:42 . 2010-03-15 20:51 -------- d-----w- c:\program files\CCleaner
2010-09-30 17:44 . 2010-06-14 14:00 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\MumboJumbo
2010-09-30 12:43 . 2009-12-21 18:57 -------- d-----w- c:\documents and settings\Neth\Application Data\PlayFirst
2010-09-30 12:43 . 2009-12-21 18:57 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\PlayFirst
2010-09-29 16:40 . 2008-01-26 13:57 -------- d-----w- c:\program files\Oberon Media
2010-09-29 16:25 . 2008-01-28 07:50 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-28 17:24 . 2010-01-23 18:14 -------- d-----w- c:\documents and settings\Neth\Application Data\Boomzap
2010-09-28 17:20 . 2007-12-19 18:17 -------- d-----w- c:\program files\iwin.com
2010-09-26 13:25 . 2009-12-04 20:12 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Alawar Stargaze
2010-09-26 12:07 . 2010-05-27 18:16 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Floodlight Games
2010-09-23 19:57 . 2009-12-03 12:02 -------- d-----w- c:\program files\NVIDIA Corporation
2010-09-23 17:04 . 2010-06-07 13:43 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\The Game Equation
2010-09-21 17:40 . 2010-06-17 07:35 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Playrix Entertainment
2010-09-19 17:57 . 2010-08-27 19:27 -------- d-----w- c:\documents and settings\Neth\Application Data\Enki Games
2010-09-19 16:32 . 2006-02-28 23:19 -------- d-----w- c:\program files\Google
2010-09-18 06:33 . 2009-11-28 08:08 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\NOS
2010-09-17 17:36 . 2009-12-08 22:33 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Fugazo
2010-09-16 16:52 . 2010-02-08 18:53 -------- d-----w- c:\documents and settings\Neth\Application Data\SpinTop
2010-09-15 02:09 . 2009-12-06 10:44 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft Help
2010-09-10 20:34 . 2010-03-05 20:00 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\GameHouse
2010-09-06 07:11 . 2010-04-13 16:29 -------- d-----w- c:\documents and settings\Neth\Application Data\Total Eclipse
2010-09-04 17:06 . 2010-09-04 17:06 -------- d-----w- c:\documents and settings\Neth\Application Data\Boolat Games
2010-09-03 20:20 . 2010-09-03 20:20 -------- d-----w- c:\documents and settings\Neth\Application Data\BigFish
2010-09-03 20:20 . 2010-09-03 20:20 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\BigFish
2010-09-03 17:34 . 2010-09-03 17:34 -------- d-----w- c:\documents and settings\Neth\Application Data\blg
2010-09-03 17:34 . 2010-09-03 17:34 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\blg
2010-09-01 22:46 . 2010-09-01 22:46 143392 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\BigFishGamesCache\Upgrade\stub\womens-murder-club-little-black-lies_s1_l1_gF5997T1L1_d1044957764[1].exe
2010-09-01 22:46 . 2010-09-01 22:46 143392 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\BigFishGamesCache\Upgrade\stub\rare-treasures_s1_l1_gF6002T1L1_d1049549259[1].exe
2010-09-01 22:46 . 2010-09-01 22:46 143392 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\BigFishGamesCache\Upgrade\stub\hospital-haste_s1_l1_gF5980T1L1_d1042990803[1].exe
2010-09-01 22:46 . 2010-09-01 22:46 143392 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\BigFishGamesCache\Upgrade\stub\heroes-of-kalevala_s1_l1_gF6545T1L1_d1039540245[1].exe
2010-09-01 22:46 . 2010-09-01 22:46 143392 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\BigFishGamesCache\Upgrade\stub\cooking-dash-3-collectors-edition_s1_l1_gF5989T1L1_d1049551037[1].exe
2010-09-01 22:46 . 2010-09-01 22:46 143392 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\BigFishGamesCache\Upgrade\stub\burger-battle_s1_l1_gF5892T1L1_d1049524919[1].exe
2010-09-01 22:46 . 2010-09-01 22:46 3907288 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\BigFishGamesCache\Upgrade\clientinstaller\bfgsetup_s1_l1.exe
2010-08-31 05:21 . 2009-12-05 08:15 -------- d-----w- c:\program files\Yahoo!
2010-08-30 10:39 . 2009-11-25 15:50 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-29 14:07 . 2010-08-29 14:07 -------- d-----w- c:\documents and settings\Neth\Application Data\SpinTop Games
2010-08-29 13:45 . 2010-03-30 17:06 -------- d-----w- c:\documents and settings\Neth\Application Data\Specialbit
2010-08-28 11:05 . 2010-08-28 11:05 -------- d-----w- c:\documents and settings\Neth\Application Data\Elephant Games
2010-08-27 20:02 . 2010-08-27 19:24 -------- d-----w- c:\program files\Reincarnations - Uncover the Past Collector's Edition
2010-08-27 16:07 . 2010-08-27 16:07 -------- d-----w- c:\documents and settings\Neth\Application Data\HotdogHotshot
2010-08-27 15:42 . 2010-08-16 16:39 -------- d-----w- c:\documents and settings\Neth\Application Data\Gamers Digital
2010-08-27 15:42 . 2010-08-16 16:39 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Gamers Digital
2010-08-26 17:57 . 2010-08-26 17:56 -------- d-----w- c:\program files\Yahoo! Games
2010-08-26 17:56 . 2010-02-07 10:54 -------- d-----w- c:\documents and settings\Neth\Application Data\Yahoo!
2010-08-26 17:56 . 2010-08-26 17:56 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Oberon Media
2010-08-26 16:45 . 2010-08-07 18:23 -------- d-----w- c:\documents and settings\Neth\Application Data\Merscom
2010-08-26 16:45 . 2010-08-07 18:23 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Merscom
2010-08-25 17:09 . 2009-12-05 17:03 -------- d-----w- c:\documents and settings\Neth\Application Data\Gamelab
2010-08-24 19:16 . 2010-08-24 19:16 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Veronica&BoD
2010-08-21 06:42 . 2010-08-18 18:05 -------- d-----w- c:\documents and settings\Neth\Application Data\Gaijin Ent
2010-08-20 14:09 . 2010-08-20 13:45 -------- d-----w- c:\program files\Robin's Quest - A Legend Born
2010-08-20 13:48 . 2010-08-20 13:48 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Gogii
2010-08-19 19:39 . 2010-06-18 19:32 -------- d-----w- c:\documents and settings\Neth\Application Data\Playrix Entertainment
2010-08-19 18:37 . 2010-08-14 07:10 -------- d-----w- c:\documents and settings\Neth\Application Data\Oberon Games
2010-08-19 18:37 . 2010-08-14 07:10 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Oberon Games
2010-08-18 17:56 . 2010-08-18 17:16 -------- d-----w- c:\program files\Exorcist
2010-08-18 17:19 . 2010-08-18 17:18 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Exorcist DS 1
2010-08-17 13:17 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 17:40 . 2010-08-16 17:40 503808 ----a-w- c:\documents and settings\Neth\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1f5d4801-n\msvcp71.dll
2010-08-16 17:40 . 2010-08-16 17:40 499712 ----a-w- c:\documents and settings\Neth\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1f5d4801-n\jmc.dll
2010-08-16 17:40 . 2010-08-16 17:40 61440 ----a-w- c:\documents and settings\Neth\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-5f181f64-n\decora-sse.dll
2010-08-16 17:40 . 2010-08-16 17:40 348160 ----a-w- c:\documents and settings\Neth\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1f5d4801-n\msvcr71.dll
2010-08-16 17:40 . 2010-08-16 17:40 12800 ----a-w- c:\documents and settings\Neth\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-5f181f64-n\decora-d3d.dll
2010-08-13 17:52 . 2010-08-13 17:15 -------- d-----w- c:\program files\Shaolin Mystery - Tale of the Jade Dragon Staff
2010-08-13 17:18 . 2010-08-13 17:17 -------- d-----w- c:\documents and settings\Neth\Application Data\ShaoLin
2010-08-12 20:12 . 2006-03-05 17:25 -------- d-----w- c:\program files\Common Files\Java
2010-08-12 20:12 . 2006-03-05 17:28 -------- d-----w- c:\program files\Java
2010-08-10 17:46 . 2010-02-17 17:45 -------- d-----w- c:\documents and settings\Neth\Application Data\Age of Japan II
2010-08-10 17:02 . 2010-08-10 17:02 -------- d-----w- c:\documents and settings\Neth\Application Data\TheGreatPharaoh
2010-08-08 19:08 . 2010-08-08 18:27 -------- d-----w- c:\documents and settings\Neth\Application Data\Iwin Ashtons Family Resort
2010-08-08 18:27 . 2010-08-08 18:27 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Iwin Ashtons Family Resort
2010-08-08 17:58 . 2010-04-05 14:59 -------- d-----w- c:\program files\Ubi Soft
2010-08-08 16:45 . 2010-08-08 16:45 -------- d-----w- c:\documents and settings\Neth\Application Data\Anarchy
2010-08-08 12:39 . 2010-08-08 12:39 -------- d-----w- c:\documents and settings\Neth\Application Data\DigirononGames
2010-08-07 21:13 . 2010-03-11 18:36 24744 ----a-w- c:\documents and settings\Neth\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-06 06:24 . 2010-08-06 06:24 12800 ----a-w- c:\documents and settings\Richard\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-32fff84a-n\decora-d3d.dll
2010-08-06 06:24 . 2010-08-06 06:24 61440 ----a-w- c:\documents and settings\Richard\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-32fff84a-n\decora-sse.dll
2010-08-06 06:24 . 2010-08-06 06:24 503808 ----a-w- c:\documents and settings\Richard\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-3396ae66-n\msvcp71.dll
2010-08-06 06:24 . 2010-08-06 06:24 499712 ----a-w- c:\documents and settings\Richard\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-3396ae66-n\jmc.dll
2010-08-06 06:24 . 2010-08-06 06:24 348160 ----a-w- c:\documents and settings\Richard\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-3396ae66-n\msvcr71.dll
2010-07-22 15:49 . 2004-08-04 12:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 05:57 . 2009-11-26 07:27 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-07-17 04:00 . 2010-04-24 06:09 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-15 06:23 . 2010-07-15 06:11 157155 ----a-w- c:\windows\hphins26.dat
2010-07-09 15:24 . 2010-07-09 15:24 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-07-09 15:24 . 2010-07-09 15:24 277608 ----a-w- c:\windows\system32\nvmccs.dll
2010-07-09 15:24 . 2010-07-09 15:24 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-07-09 15:24 . 2010-07-09 15:24 155752 ----a-w- c:\windows\system32\nvsvc32.exe
2010-07-09 15:24 . 2010-07-09 15:24 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-07-09 15:24 . 2010-07-09 15:24 13923432 ----a-w- c:\windows\system32\nvcpl.dll
2008-05-30 05:12 . 2008-05-30 05:12 25685128 ----a-w- c:\program files\wordview_en-us.exe
2008-03-05 18:41 . 2008-03-05 18:41 0 ----a-w- c:\program files\temp01
2007-05-29 14:37 . 2007-05-29 14:37 217 ----a-w- c:\program files\setup.ini
2006-04-25 15:12 . 2006-04-25 13:07 4302 ----a-w- c:\program files\settings.dat
2006-04-25 15:12 . 2006-04-23 00:40 6305 ----a-w- c:\program files\lib4.dat
2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll
2002-04-16 11:27 . 2002-04-16 11:27 5 --sha-w- c:\windows\system32\CdI5T.drv
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-04-15 77824]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-06-19 417792]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-07 1753192]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-09 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-06-01 1093208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
SpeedTouch 121g Wireless USB Monitor.lnk - c:\program files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\st121g.exe [2004-9-23 303104]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^Richard^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\Richard\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-11-10 15:39 5244216 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSI Live]
2005-11-10 15:16 212992 ----a-w- c:\program files\MSI\MSI Live\SetWallpaper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2010-07-09 15:24 13923432 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2010-07-07 22:52 1753192 ----a-w- c:\program files\NVIDIA Corporation\nView\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Omnipage]
2002-06-03 11:38 49152 ----a-w- c:\program files\ScanSoft\OmniPageSE\opware32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PD0620 STISvc]
2005-05-10 17:03 36864 ----a-r- c:\windows\system32\P0620Pin.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PRISMSVR.EXE]
2004-07-02 16:27 295001 ----a-w- c:\program files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\PRISMSVR.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-06-19 15:03 417792 ----a-w- c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 10:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipCheapCom]
2010-07-16 15:57 10790200 ----a-w- c:\program files\VoipCheapCom.com\VoipCheapCom\voipcheapcom.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinSys2]
2009-08-25 16:00 208896 ----a-r- c:\windows\system32\WinSys2.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\VoipCheapCom.com\\VoipCheapCom\\VoipCheapCom.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\StubInstaller.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\USArmy\\America's Army 3\\Binaries\\AA3Game.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\iWin Games\\iWinGames.exe"=
"c:\\Program Files\\iWin Games\\WebUpdater.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management

R2 iWinTrusted;iWinTrusted;c:\program files\iWin Games\iWinTrusted.exe [02/09/2010 16:38 176408]
R2 Sage SData Service;Sage SData Service;c:\program files\Common Files\Sage SData\Sage.SData.Service.exe [08/06/2009 16:19 49152]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13:16 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [20/06/2009 12:19 133104]
S3 BT4501G;SpeedTouch 121g Wireless USB Adapter Driver;c:\windows\system32\drivers\BT4501G.sys [16/11/2005 12:21 357568]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [04/08/2004 13:00 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13:16 753504]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [11/07/2008 01:28 47128]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [30/03/2009 03:09 239336]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [30/03/2009 03:23 366936]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2000478354-1644491937-725345543-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(588)
c:\windows\system32\WININET.dll
c:\program files\NVIDIA Corporation\nView\nview.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-10-06 07:36:18
ComboFix-quarantined-files.txt 2010-10-06 06:36
ComboFix2.txt 2010-10-05 06:59

Pre-Run: 97,053,102,080 bytes free
Post-Run: 97,079,398,400 bytes free

- - End Of File - - F78757DDE670B02A843EEFEB2988036C



OTL logfile created on: 06/10/2010 07:50:12 - Run 2
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\Richard\Desktop\Bleeping Computers
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

511.00 Mb Total Physical Memory | 128.00 Mb Available Physical Memory | 25.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 60.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 90.44 Gb Free Space | 60.68% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME-C992A3E819
Current User Name: Richard
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/10/03 16:54:14 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Richard\Desktop\Bleeping Computers\OTL.exe
PRC - [2010/09/02 16:38:28 | 000,176,408 | ---- | M] (iWin Inc.) -- C:\Program Files\iWin Games\iWinTrusted.exe
PRC - [2010/07/11 00:54:32 | 000,408,936 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
PRC - [2010/06/01 14:53:46 | 001,093,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2010/04/26 11:06:44 | 000,096,112 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe
PRC - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
PRC - [2009/08/18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
PRC - [2009/06/08 16:19:08 | 000,049,152 | ---- | M] (Sage (UK) Limited) -- C:\Program Files\Common Files\Sage SData\Sage.SData.Service.exe
PRC - [2009/03/30 03:25:26 | 043,010,392 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
PRC - [2008/07/10 02:49:44 | 000,098,840 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2008/05/26 23:19:14 | 000,123,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Desktop Search\WindowsSearch.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/04/15 04:01:46 | 000,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2004/09/23 19:36:28 | 000,303,104 | ---- | M] () -- C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\st121g.exe
PRC - [2004/07/02 17:27:26 | 000,295,001 | ---- | M] (Conexant Systems, Inc.) -- C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\PRISMSVR.exe


========== Modules (SafeList) ==========

MOD - [2010/10/03 16:54:14 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Richard\Desktop\Bleeping Computers\OTL.exe
MOD - [2010/07/09 16:24:26 | 000,081,920 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvwddi.dll
MOD - [2010/07/07 23:52:42 | 002,307,688 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\nView\nView.dll
MOD - [2008/04/14 01:11:53 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\framedyn.dll
MOD - [2008/04/14 01:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/09/02 16:38:28 | 000,176,408 | ---- | M] (iWin Inc.) [Auto | Running] -- C:\Program Files\iWin Games\iWinTrusted.exe -- (iWinTrusted)
SRV - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/03/18 16:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009/06/08 16:19:08 | 000,049,152 | ---- | M] (Sage (UK) Limited) [Auto | Running] -- C:\Program Files\Common Files\Sage SData\Sage.SData.Service.exe -- (Sage SData Service)
SRV - [2009/03/30 03:25:26 | 043,010,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS)
SRV - [2009/03/30 03:23:32 | 000,254,808 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2009/03/30 03:23:24 | 000,366,936 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE -- (SQLAgent$SQLEXPRESS) SQL Server Agent (SQLEXPRESS)
SRV - [2008/07/11 01:28:04 | 000,047,128 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE -- (MSSQLServerADHelper100)
SRV - [2008/07/10 02:49:44 | 000,098,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2005/11/14 02:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005/04/08 20:15:02 | 000,056,320 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50215\mscorsvw.exe -- (clr_optimization_v2.0.50215_32)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Richard\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/07/10 05:38:00 | 010,604,128 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2010/03/25 21:30:22 | 000,151,216 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\MpFilter.sys -- (MpFilter)
DRV - [2010/03/02 14:54:05 | 000,015,781 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2010/03/02 14:53:12 | 000,357,568 | ---- | M] (THOMSON Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BT4501G.sys -- (BT4501G)
DRV - [2009/12/28 15:13:05 | 000,137,544 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PnkBstrK.sys -- (PnkBstrK)
DRV - [2009/03/30 03:09:28 | 000,239,336 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\RsFx0103.sys -- (RsFx0103)
DRV - [2009/03/25 07:29:52 | 000,130,432 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2008/04/13 19:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2005/04/25 02:57:36 | 000,091,864 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\P0620Vid.sys -- (PD0620VID)
DRV - [2005/04/19 03:40:52 | 002,317,504 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/08/03 23:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2000478354-1644491937-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\S-1-5-21-2000478354-1644491937-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B6 9B 72 4E 5C 64 CB 01 [binary data]
IE - HKU\S-1-5-21-2000478354-1644491937-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{98e34367-8df7-42b4-837b-20b892ff0849}: C:\Program Files\iWin Games\firefox\ [2010/09/26 21:23:59 | 000,000,000 | ---D | M]

[2010/09/17 21:59:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\Mozilla\Extensions
[2009/12/31 08:56:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/09/17 21:59:38 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/24 07:09:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/12 21:12:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/10/06 07:39:28 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\SpeedTouch 121g Wireless USB Monitor.lnk = C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\st121g.exe ()
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2000478354-1644491937-725345543-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2000478354-1644491937-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2000478354-1644491937-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2000478354-1644491937-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab (QuickTime Plugin Control)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://oas.support.microsoft.com/ActiveX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Best%20of%20Match-3%20Pack/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownlo...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} http://intel-drv-cdn.systemrequirementslab...reqlab_srlx.cab (System Requirements Lab Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1259166303875 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1259222163281 (MUWebControl Class)
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} https://transfers.ds.microsoft.com/FTM/Tran...ransferCtrl.cab (DLC Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/11/26 00:39:33 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/10/06 07:39:27 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/10/05 19:24:20 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2010/10/05 17:26:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/10/05 07:15:30 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/10/05 06:37:31 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/10/05 06:37:31 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/10/05 06:37:31 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/10/05 06:37:31 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/10/05 06:37:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/10/05 06:37:02 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/10/03 16:50:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard\Desktop\Bleeping Computers
[2010/10/02 15:44:18 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Richard\Recent
[2010/10/02 11:22:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard\Desktop\Level 3 IT Principles 7266 7267 041
[2010/09/29 07:32:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard\Desktop\IB Changes
[2010/09/26 13:57:46 | 000,000,000 | ---D | C] -- C:\Program Files\iWin Games
[2010/09/26 13:07:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard\Application Data\Floodlight Games
[2010/09/24 21:10:09 | 000,000,000 | ---D | C] -- C:\Program Files\bfgclient
[2010/09/24 16:19:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\PopCap Games
[2010/09/23 20:51:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\WindowsPowerShell
[2010/09/23 20:51:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\winrm
[2010/09/23 20:51:25 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$968930Uinstall_KB968930$
[2010/09/23 20:09:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard\Local Settings\Application Data\Temporary Projects
[2010/09/22 20:18:20 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/09/21 18:23:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\BigFishGamesCache
[2010/09/19 18:53:09 | 000,000,000 | ---D | C] -- C:\Program Files\Reincarnations - Uncover the Past
[2010/09/17 20:43:22 | 008,358,096 | ---- | C] (Mozilla) -- C:\Documents and Settings\Richard\Desktop\Firefox Setup 3.6.10.exe
[2010/09/17 18:29:46 | 000,000,000 | ---D | C] -- C:\Program Files\Farmers Market
[2010/09/17 18:16:54 | 000,000,000 | ---D | C] -- C:\Program Files\Lamp of Aladdin
[2010/09/16 17:52:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\SpinTop
[2010/09/14 22:59:03 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/09/14 22:42:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard\Local Settings\Application Data\Sunbelt Software
[2010/09/14 22:39:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft
[2010/09/13 19:15:49 | 000,000,000 | ---D | C] -- C:\Program Files\Fishdom Double Pack - Fishdom, Fishdom H2O
[2010/09/13 09:06:41 | 000,444,952 | ---- | C] (Creative Labs) -- C:\WINDOWS\System32\wrap_oal.dll
[2010/09/13 09:06:40 | 000,109,080 | ---- | C] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\WINDOWS\System32\OpenAL32.dll
[2010/09/13 08:26:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Big Splash Games
[2010/09/13 06:52:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard\Desktop\ESA+DLA
[2010/09/12 09:13:18 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\MSEBXBQTZS
[2010/09/12 09:13:03 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\e05c484
[2010/09/11 10:53:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard\Desktop\Veronicas Laptop
[2010/09/11 06:34:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard\Desktop\ESA_IS_Claim_Complaint
[2010/09/08 23:21:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Documents\RighteousKill2
[2010/09/07 20:30:37 | 000,000,000 | ---D | C] -- C:\ProgramData
[2010/09/07 20:28:11 | 000,000,000 | ---D | C] -- C:\Program Files\Dominic Crane 2 - Dark Mystery Revealed
[2008/12/23 10:32:46 | 000,184,320 | R--- | C] ( ) -- C:\WINDOWS\System32\SgE.interop.MSXML2.dll
[2008/05/30 06:12:02 | 025,685,128 | ---- | C] (Microsoft Corporation) -- C:\Program Files\wordview_en-us.exe
[2004/12/12 23:00:14 | 001,069,056 | ---- | C] (Frontcode Technologies) -- C:\Program Files\WinMX.exe
[2002/03/11 10:06:30 | 001,822,520 | ---- | C] (Microsoft Corporation) -- C:\Program Files\instmsiw.exe
[2002/03/11 09:45:04 | 001,708,856 | ---- | C] (Microsoft Corporation) -- C:\Program Files\instmsia.exe
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/10/31 12:10:06 | 000,001,926 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Google Earth.lnk
[2010/10/30 20:55:47 | 000,025,601 | ---- | M] () -- C:\WINDOWS\CSTBox.INI
[2010/10/06 07:47:35 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Richard\Desktop\~$avares instructions.docx
[2010/10/06 07:43:08 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/10/06 07:43:01 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/06 07:41:09 | 005,767,168 | ---- | M] () -- C:\Documents and Settings\Richard\ntuser.dat
[2010/10/06 07:39:28 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/10/06 07:30:59 | 000,000,435 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/10/06 07:09:08 | 000,060,008 | ---- | M] () -- C:\Documents and Settings\Richard\Desktop\etavares instructions.docx
[2010/10/05 17:40:43 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Richard\ntuser.ini
[2010/10/05 17:26:54 | 000,000,831 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Microsoft Security Essentials.lnk
[2010/10/05 17:17:42 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/05 17:05:40 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Richard\Local Settings\Application Data\prvlcl.dat
[2010/10/05 08:06:47 | 000,001,744 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/10/05 08:06:47 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2010/10/05 06:53:10 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/10/05 06:28:37 | 003,861,166 | R--- | M] () -- C:\Documents and Settings\Richard\Desktop\etavaresCF.exe.exe
[2010/10/04 13:57:35 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Richard\Desktop\MBRCheck.exe
[2010/10/04 13:55:35 | 000,028,936 | ---- | M] () -- C:\Documents and Settings\Richard\Desktop\Rootkit Unhooker Report
[2010/10/04 13:50:14 | 000,133,632 | ---- | M] () -- C:\Documents and Settings\Richard\Desktop\RKUnhookerLE.EXE
[2010/10/03 18:14:01 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Richard\Desktop\gmer.exe
[2010/10/03 18:08:52 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Richard\defogger_reenable
[2010/10/02 15:33:31 | 000,673,850 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/10/02 15:33:30 | 000,139,128 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/10/02 15:33:29 | 000,830,862 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/09/30 18:43:05 | 000,001,252 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\More Great Games.lnk
[2010/09/28 18:21:22 | 000,001,744 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Antiques Road Trip USA.lnk
[2010/09/26 13:57:51 | 000,001,584 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Play iWin Games.lnk
[2010/09/26 12:57:05 | 000,000,372 | ---- | M] () -- C:\Documents and Settings\Richard\My Documents\spider.sav
[2010/09/24 21:10:12 | 000,001,589 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Game Manager.lnk
[2010/09/23 20:56:04 | 000,232,968 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010/09/23 20:56:04 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/09/23 20:55:55 | 000,232,968 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010/09/23 20:55:55 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\nvdrswr.lk
[2010/09/23 19:30:59 | 000,276,202 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010/09/23 08:07:21 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Richard\My Documents\gmer.exe
[2010/09/22 20:18:23 | 000,001,988 | ---- | M] () -- C:\Documents and Settings\Richard\Desktop\HiJackThis.lnk
[2010/09/17 20:43:33 | 008,358,096 | ---- | M] (Mozilla) -- C:\Documents and Settings\Richard\Desktop\Firefox Setup 3.6.10.exe
[2010/09/17 07:04:01 | 000,000,263 | ---- | M] () -- C:\Documents and Settings\Richard\Desktop\Disability Alliance UK (United Kingdom) - digest of Incapacity Benefit case law and commissioners decisions compiled by Martin Inch.url
[2010/09/15 08:37:27 | 000,000,180 | ---- | M] () -- C:\Documents and Settings\Richard\Desktop\Rightsnet discussion forum Rightsnet.url
[2010/09/14 22:59:01 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/09/13 09:06:41 | 000,444,952 | ---- | M] (Creative Labs) -- C:\WINDOWS\System32\wrap_oal.dll
[2010/09/13 09:06:40 | 000,109,080 | ---- | M] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\WINDOWS\System32\OpenAL32.dll
[2010/09/13 07:14:21 | 001,143,057 | ---- | M] () -- C:\Documents and Settings\Richard\Desktop\Volunary Work _ESA.mht
[2010/09/13 07:11:05 | 000,108,103 | ---- | M] () -- C:\Documents and Settings\Richard\Desktop\t13_supporting_evidence+medical certificates.pdf
[2010/09/10 17:37:54 | 000,297,493 | ---- | M] () -- C:\Documents and Settings\Richard\Desktop\Job Centre Complaints.pdf
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/31 12:10:06 | 000,001,926 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Google Earth.lnk
[2010/10/30 20:55:46 | 000,025,601 | ---- | C] () -- C:\WINDOWS\CSTBox.INI
[2010/10/06 07:47:35 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Richard\Desktop\~$avares instructions.docx
[2010/10/06 07:09:06 | 000,060,008 | ---- | C] () -- C:\Documents and Settings\Richard\Desktop\etavares instructions.docx
[2010/10/05 17:26:54 | 000,000,831 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Microsoft Security Essentials.lnk
[2010/10/05 07:15:38 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/10/05 07:15:33 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/10/05 06:37:31 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/10/05 06:37:31 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/10/05 06:37:31 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/10/05 06:37:31 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/10/05 06:37:31 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/10/05 06:28:37 | 003,861,166 | R--- | C] () -- C:\Documents and Settings\Richard\Desktop\etavaresCF.exe.exe
[2010/10/04 13:57:35 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Richard\Desktop\MBRCheck.exe
[2010/10/04 13:55:35 | 000,028,936 | ---- | C] () -- C:\Documents and Settings\Richard\Desktop\Rootkit Unhooker Report
[2010/10/04 13:50:14 | 000,133,632 | ---- | C] () -- C:\Documents and Settings\Richard\Desktop\RKUnhookerLE.EXE
[2010/10/03 20:49:50 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Richard\Desktop\gmer.exe
[2010/10/03 18:08:52 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Richard\defogger_reenable
[2010/09/30 18:43:05 | 000,001,252 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\More Great Games.lnk
[2010/09/28 18:21:22 | 000,001,744 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Antiques Road Trip USA.lnk
[2010/09/26 13:57:51 | 000,001,584 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Play iWin Games.lnk
[2010/09/26 12:57:05 | 000,000,372 | ---- | C] () -- C:\Documents and Settings\Richard\My Documents\spider.sav
[2010/09/24 21:10:12 | 000,001,589 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Game Manager.lnk
[2010/09/23 20:56:04 | 000,232,968 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010/09/23 20:55:55 | 000,232,968 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010/09/23 20:55:55 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/09/23 20:55:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nvdrswr.lk
[2010/09/22 20:18:23 | 000,001,988 | ---- | C] () -- C:\Documents and Settings\Richard\Desktop\HiJackThis.lnk
[2010/09/17 07:04:01 | 000,000,263 | ---- | C] () -- C:\Documents and Settings\Richard\Desktop\Disability Alliance UK (United Kingdom) - digest of Incapacity Benefit case law and commissioners decisions compiled by Martin Inch.url
[2010/09/15 08:37:27 | 000,000,180 | ---- | C] () -- C:\Documents and Settings\Richard\Desktop\Rightsnet discussion forum Rightsnet.url
[2010/09/13 07:14:16 | 001,143,057 | ---- | C] () -- C:\Documents and Settings\Richard\Desktop\Volunary Work _ESA.mht
[2010/09/13 07:11:05 | 000,108,103 | ---- | C] () -- C:\Documents and Settings\Richard\Desktop\t13_supporting_evidence+medical certificates.pdf
[2010/09/10 17:37:54 | 000,297,493 | ---- | C] () -- C:\Documents and Settings\Richard\Desktop\Job Centre Complaints.pdf
[2010/09/09 07:36:58 | 005,767,168 | ---- | C] () -- C:\Documents and Settings\Richard\ntuser.dat
[2010/04/05 16:13:03 | 000,185,344 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2010/04/05 16:08:15 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2010/04/05 16:08:15 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2010/03/04 07:56:30 | 000,000,129 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/01/25 09:04:01 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Richard\Local Settings\Application Data\prvlcl.dat
[2009/12/14 06:48:13 | 000,000,525 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2009/12/12 14:07:08 | 000,137,544 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009/12/12 14:07:06 | 000,139,152 | ---- | C] () -- C:\Documents and Settings\Richard\Application Data\PnkBstrK.sys
[2009/12/12 14:03:19 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\leverage.drm.log
[2009/12/03 13:09:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\msicpl.ini
[2009/12/03 13:02:17 | 000,131,072 | R--- | C] () -- C:\WINDOWS\System32\smdll.dll
[2009/12/03 13:02:13 | 000,032,768 | R--- | C] () -- C:\WINDOWS\System32\Auxiliary.dll
[2009/12/02 06:07:05 | 000,001,976 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\hpzinstall.log
[2009/11/28 09:26:17 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2009/11/28 08:16:42 | 000,006,144 | ---- | C] () -- C:\Documents and Settings\Richard\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/27 17:09:02 | 000,000,084 | ---- | C] () -- C:\Documents and Settings\Richard\Local Settings\Application Data\FASTWiz.log
[2009/11/26 09:13:04 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2009/11/25 17:59:52 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2009/08/03 01:21:54 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2009/08/03 01:21:52 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2009/08/03 01:21:52 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2009/07/10 15:59:26 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\SGList32.dll
[2009/07/10 15:59:20 | 000,278,528 | ---- | C] () -- C:\WINDOWS\System32\SGTool32.dll
[2009/07/10 15:59:16 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\SGIntl32.dll
[2009/07/10 15:59:14 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\SGDt32.dll
[2009/07/10 15:59:12 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\SGHelp32.dll
[2009/07/10 15:59:08 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\SGSchemeXml.dll
[2009/07/10 15:59:00 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\SGSchemeXP.dll
[2009/07/10 15:58:56 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\SGSchemeDefault.dll
[2009/07/10 15:58:52 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\SGSchemeManager.dll
[2009/07/10 15:58:46 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\SGCom32.dll
[2009/07/10 15:58:02 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\SGWebBrowser.dll
[2009/05/29 12:37:41 | 000,804,400 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/03/04 12:40:02 | 000,001,204 | ---- | C] () -- C:\WINDOWS\SAGEINTL.INI
[2009/03/03 13:18:04 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2008/12/23 10:33:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\SgELauncher.dll
[2008/12/23 10:33:26 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\SgEData.dll
[2008/12/22 11:28:06 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\SageFolderBrowser.dll
[2008/12/22 11:26:34 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\SGSTDREG.dll
[2008/12/22 11:26:30 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\SGRegister.dll
[2008/12/01 16:36:12 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\SGCtrlEx.dll
[2008/12/01 16:36:06 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\SGTBAR32.DLL
[2008/12/01 16:36:02 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\SGSTAT32.DLL
[2008/12/01 16:36:02 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\SGLOGO32.DLL
[2008/12/01 16:36:00 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\SGJPEG32.dll
[2008/12/01 16:35:56 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\SGCDLG32.DLL
[2008/12/01 16:35:36 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\SGAPPBAR.DLL
[2008/12/01 16:35:34 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\SG3D32.DLL
[2008/03/05 19:41:13 | 000,000,000 | ---- | C] () -- C:\Program Files\temp01
[2007/09/27 11:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 11:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 11:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/05/29 15:37:45 | 000,000,217 | ---- | C] () -- C:\Program Files\setup.ini
[2007/05/13 06:00:11 | 000,000,078 | ---- | C] () -- C:\Program Files\AUTOCAD_2005.cue
[2007/05/13 05:59:36 | 724,597,104 | ---- | C] () -- C:\Program Files\AUTOCAD_2005.bin
[2006/11/01 17:41:24 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\SGLCH32.DLL
[2006/11/01 17:41:16 | 001,712,128 | ---- | C] () -- C:\WINDOWS\System32\SGRep32.dll
[2006/04/25 14:07:01 | 000,004,302 | ---- | C] () -- C:\Program Files\settings.dat
[2006/04/23 01:40:16 | 000,006,305 | ---- | C] () -- C:\Program Files\lib4.dat
[2006/04/23 01:31:47 | 000,009,218 | ---- | C] () -- C:\Program Files\colors.dat
[2006/03/17 05:54:12 | 000,376,832 | ---- | C] () -- C:\Program Files\Complete Network Course.doc
[2006/03/17 05:52:51 | 000,688,128 | ---- | C] () -- C:\Program Files\Complete PC Hardware Course.doc
[2006/03/11 15:00:24 | 000,194,253 | ---- | C] () -- C:\Program Files\VideoEffects.vfz
[2002/04/16 12:27:54 | 000,000,005 | -HS- | C] () -- C:\WINDOWS\System32\CdI5T.drv
[1998/03/26 02:12:00 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\SgHmZLib.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:86A8CE8D
@Alternate Data Stream - 97 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:95198126
@Alternate Data Stream - 151 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:E60D24D7
@Alternate Data Stream - 151 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:E3C56885
@Alternate Data Stream - 151 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:8FCCCD6D
@Alternate Data Stream - 149 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:9950163C
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:E0C2ABF7
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:A652BC99
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:6C75AF4C
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:2AE39AFC
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:F59916B9
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:CA8D6B60
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:C0A9B815
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:9E46FAD0
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:812141B6
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:66FC2E6F
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:E85475C7
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:CDA9D806
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:ACA276FB
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:012D8180
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:D8A7F3FF
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:CDDEFD6F
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:9C0543A9
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:764BDBC8
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:5D10C56A
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:48F5C64F
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:0671E3E6
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:FCB70953
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:6FCFD0EF
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:5A13AEC2
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:20B17557
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:0479E312
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:EB277F6C
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:BF6C81B2
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:B6AF2226
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:AE78B77A
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:A8725EB5
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:7B6AD0CE
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:2D3E25B5
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:2AEB42F1
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:1E26EE1D
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:C4AB79AE
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:AF24D911
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:99C301D0
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:95659AC5
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:88AE8AB0
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:803A486C
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:73D27958
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:615E8DBB
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:56EE2CAF
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:4A966CC2
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:2504A086
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:1B825050
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:0E0E9645
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:0915A718
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:F8BCC942
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:CF5C4195
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:94124B85
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:92D91D7E
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:887EAE14
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:7AB36AC8
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:7965CDCE
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:708AB985
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:602146E4
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:42F5BBCE
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:237EF7B2
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:C7F08EA3
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:B709343D
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:6F71E822
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:4AC5AE3E
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:2E45FA8F
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:1D4140C3
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:124B94C0
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:B9B2111D
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:B683AD23
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:B4F0E275
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:8ED48622
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:7318DDBB
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:50E7393E
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:B722BCE5
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:A2FF62A6
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:95FC57E0
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:956EC010
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:908A1B53
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:252B7D28
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:1E93E0ED
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:0A217D1B
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:EFBB5E26
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:DC74545C
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:D26DD363
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:A59DD4AD
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:87452B14
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:729F0E7F
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:62A22B09
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:5AA80927
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:451E94A6
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:3C6E4889
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:ED9B661E
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:C9D9AD33
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:BAC2F271
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:B7C6AAAB
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:9C0CEDAF
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:97C6B915
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:91A12471
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:6C1A9365
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:4F2FAC0C
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:403264CC
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:3EA715B9
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:3AD6342E
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:FC1777D7
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:E3BD4B99
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:991C2673
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:81697BDB
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:7BB47057
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:9AB338B9
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:98358353
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:980E793B
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:62EBE39C
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:1B8B59DB
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:0588E665
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:04FDFCF6
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:03D08225
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:F8AC0D6D
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:D6BEA85D
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:C46995DA
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:C3E7C8C5
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:C0D722EB
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:9D605054
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:8DED4A5E
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:7E5B14AE
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:4BD41AB7
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:16F2A6FF
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:0B5AB4FA
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:0A423B55
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:FAC5BCF5
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:B8F8512D
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:A9B2AAD0
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:A7CC0E50
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:A6D6E537
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:937C8022
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:7C134254
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:443F2F8E
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:09A43FB1
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:E9645B80
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:C62640AC
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:C30487EE
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:80D975A5
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:5E571A39
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:5C462DAE
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:2FBB2B9B
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:290A724C
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:1ACE3A1B
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:1585E7B2
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:DA23AD9A
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:B5458D6D
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:4B215686
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:47C3EF59
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:36CB2BB0
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:10D45FC3
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:DDF112BD
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:B7C09B00
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:AB15E5CC
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:6FD36C4B
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:593E515D
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:413E2927
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:2C94AE95
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:18AE7C5A
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:1218B03A
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:0D713C0D
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:EF0C5444
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:DFDE872C
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:DCB1165A
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:C3A9C939
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:AB82C54F
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:737EACFF
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:64170090
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:62525FE7
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:5E707762
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:52F4CBFF
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:FBD11154
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:F662888F
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:BA21F28A
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:939A4172
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:895A78C5
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:81980DF5
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:5F8486EE
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:5E5A3598
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:373DF935
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:29D4DB2C
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:0406003C
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:D6D87980
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:CDB75348
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:C3D26A8A
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:ADAD2FFE
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:A1023D41
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:9033BDFB
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:5E748D4C
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:57777E90
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:530FA8DC
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:4A56D50C
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:1CE25169
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:1C93E55E
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:0ADB5110
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:0355E87F
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:F5B3D15A
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:DE0ED846
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:C76CFF82
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:AF9BF410
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:A27DB5B4
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:864881BF
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:66871744
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:4EE323A4
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:3ED71AF9
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:2CD14F7E
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:282F4A70
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:04BB186B
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:D8F51B27
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:D8B6E216
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:AF4CC666
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:972E051C
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:91486201
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:85B3C587
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:57CA0BA5
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:4E46F3AD
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:26A148EB
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:E0135E7C
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:DC9E0AAE
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:D1D657D4
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:C186F20B
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:A5264343
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:99A77513
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:89C22C79
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:7ADCE5D2
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:4E2A5A6D
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:01EDA307
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:E46A89F4
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:D8D58038
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:D83224FA
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:AB6BFFCD
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:9C51FFBC
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:76C56CCB
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:755BD5CD
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:7169BE62
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:6944AE3A
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:F10C2DA8
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:4F3BEF81
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:3DBE461A
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:F7370879
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:CCB49694
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:CBE042C1
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:AA2A4FE5
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:9670EFE7
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:32FFF2D1
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:2EC5D66C
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:14A7B409
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:DDDBE327
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:DDBA1B03
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:769BB147
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:67518200
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:63DBE157
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:F9EDCFB0
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:E21D3CA0
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:C6CD88E9
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:B1786630
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:9CD3B6D1
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:6611AB82
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:FE53E4F7
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:CFC8A5FD
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:8BB2EE92
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:4BBB987B
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:33DB8278
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:9BBA6A34
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:441D63A8
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:DE07152F
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:B3196E8D
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:8BFA0030
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:393F7B1E
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:FEB0595A
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:F36BFA23
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:DC0B1070
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:BC2A20FD
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:1B1532BF
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:067BF339
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:AE9C4BE9
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:8A6A2C1E
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:22B52633
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:D28A4F5D
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:AD4FECAB
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:3595B780
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:65929158
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:64A30B7C
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:193426B4
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:EEF1584F
< End of report >



Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4750

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

06/10/2010 08:31:58
mbam-log-2010-10-06 (08-31-58).txt

Scan type: Quick scan
Objects scanned: 230955
Time elapsed: 10 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


#13 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:53 PM

Posted 06 October 2010 - 05:52 PM

Hello, xRichyx.


Step 1

We need run an OTL Script
  1. Please download OTL from one of the following mirrors if you do not still have it.
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Paste the following code under the Custom Scans/Fixes box at the bottom. Do not include the word "Code".
    CODE
    :OTL
    @Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:86A8CE8D
    @Alternate Data Stream - 97 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:95198126
    @Alternate Data Stream - 151 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:E60D24D7
    @Alternate Data Stream - 151 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:E3C56885
    @Alternate Data Stream - 151 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:8FCCCD6D
    @Alternate Data Stream - 149 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:9950163C
    @Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:E0C2ABF7
    @Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:A652BC99
    @Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:6C75AF4C
    @Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:2AE39AFC
    @Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:F59916B9
    @Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:CA8D6B60
    @Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:C0A9B815
    @Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:9E46FAD0
    @Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:812141B6
    @Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:66FC2E6F
    @Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:E85475C7
    @Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:CDA9D806
    @Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:ACA276FB
    @Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:012D8180
    @Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:D8A7F3FF
    @Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:CDDEFD6F
    @Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:9C0543A9
    @Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:764BDBC8
    @Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:5D10C56A
    @Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:48F5C64F
    @Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:0671E3E6
    @Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:FCB70953
    @Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:6FCFD0EF
    @Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:5A13AEC2
    @Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:20B17557
    @Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:0479E312
    @Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:EB277F6C
    @Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:BF6C81B2
    @Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:B6AF2226
    @Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:AE78B77A
    @Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:A8725EB5
    @Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:7B6AD0CE
    @Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:2D3E25B5
    @Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:2AEB42F1
    @Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:1E26EE1D
    @Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:C4AB79AE
    @Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:AF24D911
    @Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:99C301D0
    @Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:95659AC5
    @Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:88AE8AB0
    @Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:803A486C
    @Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:73D27958
    @Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:615E8DBB
    @Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:56EE2CAF
    @Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:4A966CC2
    @Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:2504A086
    @Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:1B825050
    @Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:0E0E9645
    @Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:0915A718
    @Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:F8BCC942
    @Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:CF5C4195
    @Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:94124B85
    @Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:92D91D7E
    @Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:887EAE14
    @Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:7AB36AC8
    @Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:7965CDCE
    @Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:708AB985
    @Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:602146E4
    @Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:42F5BBCE
    @Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:237EF7B2
    @Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:C7F08EA3
    @Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:B709343D
    @Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:6F71E822
    @Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:4AC5AE3E
    @Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:2E45FA8F
    @Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:1D4140C3
    @Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:124B94C0
    @Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:B9B2111D
    @Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:B683AD23
    @Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:B4F0E275
    @Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:8ED48622
    @Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:7318DDBB
    @Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:50E7393E
    @Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:B722BCE5
    @Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:A2FF62A6
    @Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:95FC57E0
    @Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:956EC010
    @Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:908A1B53
    @Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:252B7D28
    @Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:1E93E0ED
    @Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:0A217D1B
    @Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:EFBB5E26
    @Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:DC74545C
    @Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:D26DD363
    @Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:A59DD4AD
    @Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:87452B14
    @Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:729F0E7F
    @Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:62A22B09
    @Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:5AA80927
    @Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:451E94A6
    @Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:3C6E4889
    @Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:ED9B661E
    @Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:C9D9AD33
    @Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:BAC2F271
    @Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:B7C6AAAB
    @Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:9C0CEDAF
    @Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:97C6B915
    @Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:91A12471
    @Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:6C1A9365
    @Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:4F2FAC0C
    @Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:403264CC
    @Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:3EA715B9
    @Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:3AD6342E
    @Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:FC1777D7
    @Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:E3BD4B99
    @Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:991C2673
    @Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:81697BDB
    @Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:7BB47057
    @Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:9AB338B9
    @Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:98358353
    @Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:980E793B
    @Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:62EBE39C
    @Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:1B8B59DB
    @Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:0588E665
    @Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:04FDFCF6
    @Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:03D08225
    @Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:F8AC0D6D
    @Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:D6BEA85D
    @Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:C46995DA
    @Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:C3E7C8C5
    @Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:C0D722EB
    @Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:9D605054
    @Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:8DED4A5E
    @Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:7E5B14AE
    @Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:4BD41AB7
    @Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:16F2A6FF
    @Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:0B5AB4FA
    @Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:0A423B55
    @Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:FAC5BCF5
    @Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:B8F8512D
    @Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:A9B2AAD0
    @Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:A7CC0E50
    @Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:A6D6E537
    @Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:937C8022
    @Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:7C134254
    @Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:443F2F8E
    @Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:09A43FB1
    @Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:E9645B80
    @Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:C62640AC
    @Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:C30487EE
    @Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:80D975A5
    @Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:5E571A39
    @Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:5C462DAE
    @Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:2FBB2B9B
    @Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:290A724C
    @Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:1ACE3A1B
    @Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:1585E7B2
    @Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:DA23AD9A
    @Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:B5458D6D
    @Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:4B215686
    @Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:47C3EF59
    @Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:36CB2BB0
    @Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:10D45FC3
    @Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:DDF112BD
    @Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:B7C09B00
    @Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:AB15E5CC
    @Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:6FD36C4B
    @Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:593E515D
    @Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:413E2927
    @Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:2C94AE95
    @Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:18AE7C5A
    @Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:1218B03A
    @Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:0D713C0D
    @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:EF0C5444
    @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:DFDE872C
    @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:DCB1165A
    @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:C3A9C939
    @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:AB82C54F
    @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:737EACFF
    @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:64170090
    @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:62525FE7
    @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:5E707762
    @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:52F4CBFF
    @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:FBD11154
    @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:F662888F
    @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:BA21F28A
    @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:939A4172
    @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:895A78C5
    @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:81980DF5
    @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:5F8486EE
    @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:5E5A3598
    @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:373DF935
    @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:29D4DB2C
    @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:0406003C
    @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:D6D87980
    @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:CDB75348
    @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:C3D26A8A
    @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:ADAD2FFE
    @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:A1023D41
    @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:9033BDFB
    @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:5E748D4C
    @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:57777E90
    @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:530FA8DC
    @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:4A56D50C
    @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:1CE25169
    @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:1C93E55E
    @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:0ADB5110
    @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:0355E87F
    @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:F5B3D15A
    @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:DE0ED846
    @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:C76CFF82
    @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:AF9BF410
    @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:A27DB5B4
    @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:864881BF
    @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:66871744
    @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:4EE323A4
    @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:3ED71AF9
    @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:2CD14F7E
    @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:282F4A70
    @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:04BB186B
    @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:D8F51B27
    @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:D8B6E216
    @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:AF4CC666
    @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:972E051C
    @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:91486201
    @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:85B3C587
    @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:57CA0BA5
    @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:4E46F3AD
    @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:26A148EB
    @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:E0135E7C
    @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:DC9E0AAE
    @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:D1D657D4
    @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:C186F20B
    @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:A5264343
    @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:99A77513
    @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:89C22C79
    @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:7ADCE5D2
    @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:4E2A5A6D
    @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:01EDA307
    @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:E46A89F4
    @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:D8D58038
    @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:D83224FA
    @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:AB6BFFCD
    @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:9C51FFBC
    @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:76C56CCB
    @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:755BD5CD
    @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:7169BE62
    @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:6944AE3A
    @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:F10C2DA8
    @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:4F3BEF81
    @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:3DBE461A
    @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:F7370879
    @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:CCB49694
    @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:CBE042C1
    @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:AA2A4FE5
    @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:9670EFE7
    @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:32FFF2D1
    @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:2EC5D66C
    @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:14A7B409
    @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:DDDBE327
    @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:DDBA1B03
    @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:769BB147
    @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:67518200
    @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:63DBE157
    @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:F9EDCFB0
    @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:E21D3CA0
    @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:C6CD88E9
    @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:B1786630
    @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:9CD3B6D1
    @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:6611AB82
    @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:FE53E4F7
    @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:CFC8A5FD
    @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:8BB2EE92
    @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:4BBB987B
    @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:33DB8278
    @Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:9BBA6A34
    @Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:441D63A8
    @Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:DE07152F
    @Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:B3196E8D
    @Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:8BFA0030
    @Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:393F7B1E
    @Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:FEB0595A
    @Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:F36BFA23
    @Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:DC0B1070
    @Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:BC2A20FD
    @Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:1B1532BF
    @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:067BF339
    @Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:AE9C4BE9
    @Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:8A6A2C1E
    @Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:22B52633
    @Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:D28A4F5D
    @Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:AD4FECAB
    @Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:3595B780
    @Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:65929158
    @Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:64A30B7C
    @Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:193426B4
    @Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:EEF1584F
  5. Click the Run Fix button at the top.
  6. let the program run unhindered and reboot when it is done.
  7. You will get a log when it is done, please post that in your reply.
  8. Please then create a new OTL report....
  9. Click the "Scan All Users" checkbox.
  10. Push the button.
  11. A report will open, copy and paste it in a reply here.



Step 2

what happens when you try and get in safe mode?

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#14 xRichyx

xRichyx
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:53 PM

Posted 07 October 2010 - 01:07 AM

Hello Etavares

When I attempt to run Windows in Safe Mode by pressing F8 at Start Up after Hard Disk Detection I am directed to select the boot device Floppy/CD/HDD or Windows continues to open in normal mode.

Please find the latest requested OTL Log below

Richy


========== OTL ==========
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:86A8CE8D deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:95198126 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:E60D24D7 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:E3C56885 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:8FCCCD6D deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:9950163C deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:E0C2ABF7 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:A652BC99 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:6C75AF4C deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:2AE39AFC deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:F59916B9 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:CA8D6B60 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:C0A9B815 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:9E46FAD0 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:812141B6 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:66FC2E6F deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:E85475C7 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:CDA9D806 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:ACA276FB deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:012D8180 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:D8A7F3FF deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:CDDEFD6F deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:9C0543A9 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:764BDBC8 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:5D10C56A deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:48F5C64F deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:0671E3E6 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:FCB70953 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:6FCFD0EF deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:5A13AEC2 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:20B17557 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:0479E312 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:EB277F6C deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:BF6C81B2 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:B6AF2226 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:AE78B77A deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:A8725EB5 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:7B6AD0CE deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:2D3E25B5 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:2AEB42F1 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:1E26EE1D deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:C4AB79AE deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:AF24D911 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:99C301D0 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:95659AC5 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:88AE8AB0 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:803A486C deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:73D27958 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:615E8DBB deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:56EE2CAF deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:4A966CC2 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:2504A086 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:1B825050 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:0E0E9645 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:0915A718 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:F8BCC942 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:CF5C4195 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:94124B85 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:92D91D7E deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:887EAE14 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:7AB36AC8 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:7965CDCE deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:708AB985 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:602146E4 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:42F5BBCE deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:237EF7B2 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:C7F08EA3 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:B709343D deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:6F71E822 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:4AC5AE3E deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:2E45FA8F deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:1D4140C3 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:124B94C0 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:B9B2111D deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:B683AD23 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:B4F0E275 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:8ED48622 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:7318DDBB deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:50E7393E deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:B722BCE5 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:A2FF62A6 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:95FC57E0 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:956EC010 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:908A1B53 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:252B7D28 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:1E93E0ED deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:0A217D1B deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:EFBB5E26 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:DC74545C deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:D26DD363 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:A59DD4AD deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:87452B14 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:729F0E7F deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:62A22B09 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:5AA80927 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:451E94A6 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:3C6E4889 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:ED9B661E deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:C9D9AD33 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:BAC2F271 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:B7C6AAAB deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:9C0CEDAF deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:97C6B915 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:91A12471 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:6C1A9365 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:4F2FAC0C deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:403264CC deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:3EA715B9 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:3AD6342E deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:FC1777D7 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:E3BD4B99 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:991C2673 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:81697BDB deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:7BB47057 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:9AB338B9 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:98358353 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:980E793B deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:62EBE39C deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:1B8B59DB deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:0588E665 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:04FDFCF6 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:03D08225 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:F8AC0D6D deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:D6BEA85D deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:C46995DA deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:C3E7C8C5 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:C0D722EB deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:9D605054 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:8DED4A5E deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:7E5B14AE deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:4BD41AB7 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:16F2A6FF deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:0B5AB4FA deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:0A423B55 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:FAC5BCF5 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:B8F8512D deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:A9B2AAD0 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:A7CC0E50 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:A6D6E537 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:937C8022 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:7C134254 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:443F2F8E deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:09A43FB1 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:E9645B80 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:C62640AC deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:C30487EE deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:80D975A5 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:5E571A39 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:5C462DAE deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:2FBB2B9B deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:290A724C deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:1ACE3A1B deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:1585E7B2 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:DA23AD9A deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:B5458D6D deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:4B215686 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:47C3EF59 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:36CB2BB0 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:10D45FC3 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:DDF112BD deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:B7C09B00 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:AB15E5CC deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:6FD36C4B deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:593E515D deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:413E2927 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:2C94AE95 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:18AE7C5A deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:1218B03A deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:0D713C0D deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:EF0C5444 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:DFDE872C deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:DCB1165A deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:C3A9C939 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:AB82C54F deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:737EACFF deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:64170090 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:62525FE7 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:5E707762 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:52F4CBFF deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:FBD11154 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:F662888F deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:BA21F28A deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:939A4172 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:895A78C5 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:81980DF5 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:5F8486EE deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:5E5A3598 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:373DF935 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:29D4DB2C deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:0406003C deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:D6D87980 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:CDB75348 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:C3D26A8A deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:ADAD2FFE deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:A1023D41 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:9033BDFB deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:5E748D4C deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:57777E90 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:530FA8DC deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:4A56D50C deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:1CE25169 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:1C93E55E deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:0ADB5110 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:0355E87F deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:F5B3D15A deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:DE0ED846 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:C76CFF82 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:AF9BF410 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:A27DB5B4 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:864881BF deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:66871744 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:4EE323A4 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:3ED71AF9 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:2CD14F7E deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:282F4A70 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:04BB186B deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:D8F51B27 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:D8B6E216 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:AF4CC666 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:972E051C deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:91486201 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:85B3C587 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:57CA0BA5 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:4E46F3AD deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:26A148EB deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:E0135E7C deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:DC9E0AAE deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:D1D657D4 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:C186F20B deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:A5264343 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:99A77513 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:89C22C79 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:7ADCE5D2 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:4E2A5A6D deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:01EDA307 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:E46A89F4 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:D8D58038 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:D83224FA deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:AB6BFFCD deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:9C51FFBC deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:76C56CCB deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:755BD5CD deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:7169BE62 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:6944AE3A deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:F10C2DA8 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:4F3BEF81 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:3DBE461A deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:F7370879 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:CCB49694 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:CBE042C1 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:AA2A4FE5 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:9670EFE7 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:32FFF2D1 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:2EC5D66C deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:14A7B409 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:DDDBE327 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:DDBA1B03 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:769BB147 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:67518200 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:63DBE157 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:F9EDCFB0 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:E21D3CA0 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:C6CD88E9 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:B1786630 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:9CD3B6D1 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:6611AB82 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:FE53E4F7 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:CFC8A5FD deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:8BB2EE92 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:4BBB987B deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:33DB8278 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:9BBA6A34 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:441D63A8 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:DE07152F deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:B3196E8D deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:8BFA0030 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:393F7B1E deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:FEB0595A deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:F36BFA23 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:DC0B1070 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:BC2A20FD deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:1B1532BF deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:067BF339 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:AE9C4BE9 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:8A6A2C1E deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:22B52633 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:D28A4F5D deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:AD4FECAB deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:3595B780 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:65929158 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:64A30B7C deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:193426B4 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:EEF1584F deleted successfully.

OTL by OldTimer - Version 3.2.14.1 log created on 10072010_065614


#15 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:53 PM

Posted 07 October 2010 - 08:07 AM

OK, please try this. Press F8 until it asks you to select the boot device. Select your hard drive. As soon as you press enter, keep hitting F8 again. Does the Safe Mode menu pop up then?


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users