WiredWX Hobby Weather ToolsLog in

 


descriptiongrrr...vista security Emptygrrr...vista security

more_horiz
Strolling along, minding my own business today on the internet, when suddenly vista security popped up! (was using google to find an address). Have been trying unsuccessfully to rid my poor computer of this monster. It's gone from just the pop ups, to not being able to use any .exe files, back to just pop ups. I've run otl and here are the logs:

descriptiongrrr...vista security EmptyRe: grrr...vista security

more_horiz
OTL logfile created on: 24/04/2010 11:29:33 PM - Run 1
OTL by OldTimer - Version 3.2.2.0 Folder = C:\Users\Owner\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 44.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 224.11 Gb Total Space | 142.02 Gb Free Space | 63.37% Space Free | Partition Type: NTFS
Drive D: | 8.77 Gb Total Space | 0.01 Gb Free Space | 0.10% Space Free | Partition Type: NTFS
Drive E: | 111.78 Gb Total Space | 105.42 Gb Free Space | 94.31% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OWNER-PC
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/04/24 23:29:23 | 000,562,688 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
PRC - [2010/04/24 17:26:11 | 000,221,696 | -HS- | M] () -- C:\Users\Owner\AppData\Local\ave.exe
PRC - [2010/04/01 23:58:52 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/03/30 00:46:02 | 001,086,856 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2010/02/21 05:03:12 | 001,093,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2009/12/09 18:02:38 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2009/11/19 13:46:12 | 000,065,344 | ---- | M] () -- C:\Program Files\SGPSA\ie3sh.exe
PRC - [2008/10/29 00:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/15 12:26:18 | 004,874,240 | ---- | M] (Realtek Semiconductor) -- C:\WINDOWS\RtHDVCpl.exe
PRC - [2006/11/02 03:44:59 | 000,068,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\conime.exe
PRC - [2006/09/28 07:42:24 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe


========== Modules (SafeList) ==========

MOD - [2010/04/24 23:29:23 | 000,562,688 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
MOD - [2006/11/02 03:38:57 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (UHV)
SRV - [2010/04/16 17:09:06 | 000,246,520 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/03/29 08:51:54 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2009/12/09 18:02:38 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2008/01/22 15:16:44 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2009/12/02 15:23:40 | 000,149,040 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\MpFilter.sys -- (MpFilter)
DRV - [2009/12/02 15:23:40 | 000,042,368 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2009/09/15 20:47:44 | 000,798,208 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Dnetr28u.sys -- (netr28u)
DRV - [2008/08/22 00:49:58 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2008/08/22 00:49:22 | 000,018,688 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\motccgp.sys -- (motccgp)
DRV - [2008/05/22 15:49:00 | 007,465,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/05/08 14:05:18 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2008/05/08 14:04:16 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2008/05/08 14:03:18 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2008/03/20 17:59:08 | 000,009,344 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Salmosa.sys -- (Salmosa03)
DRV - [2008/01/15 20:19:04 | 002,047,576 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/10/26 19:51:22 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007/10/18 16:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/05/04 02:29:10 | 001,065,384 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2006/11/02 03:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 03:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 03:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 03:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 03:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 03:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 03:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 03:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 03:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 03:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 03:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 03:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 03:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 03:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 03:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 03:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 03:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 03:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 03:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 03:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 03:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 03:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 03:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 03:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 03:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 03:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 03:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 03:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 03:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 03:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 03:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 03:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 03:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 03:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 03:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 02:55:05 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2006/11/02 02:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 02:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 02:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 02:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 02:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 02:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 01:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 01:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2006/06/20 15:00:40 | 000,038,144 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2006/06/20 15:00:30 | 000,021,312 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2006/06/20 15:00:18 | 000,039,248 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2005/12/12 11:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\PS2.sys -- (Ps2)
DRV - [2005/08/17 07:45:00 | 000,058,352 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=73&bd=Presario&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.zune.net/en-CA/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 67 63 74 03 98 3C B8 40 8B 0C C5 AA FA 0A E9 5C [binary data]
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "Fast Browser Search"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "tmz.com"
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.6.6.117
FF - prefs.js..extensions.enabledItems: {38AB6A6C-CC4C-4f9e-A3DD-3C5681EF18A1}:1.0.3.110
FF - prefs.js..extensions.enabledItems: {514bf275-6afe-44fc-9b62-a23492ac7d67}:1.0
FF - prefs.js..extensions.enabledItems: {FDE3FEE9-893E-4cc7-A814-60E0DE7B2E01}:3.6
FF - prefs.js..extensions.enabledItems: pink-bee@loic.com:2.5.7
FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=LMW2&o=16054&locale=en_US&q="


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/01 23:58:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/21 13:18:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009/11/26 17:11:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010/03/18 16:57:00 | 000,000,000 | ---D | M]

[2009/04/05 13:00:00 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\mozilla\Extensions
[2009/04/05 13:00:00 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2010/04/24 16:17:08 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\tgeub4p6.default\extensions
[2010/04/14 19:20:37 | 000,000,000 | ---D | M] () -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\tgeub4p6.default\extensions\{38AB6A6C-CC4C-4f9e-A3DD-3C5681EF18A1}
[2010/04/20 07:36:46 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\tgeub4p6.default\extensions\{514bf275-6afe-44fc-9b62-a23492ac7d67}
[2010/04/03 09:06:01 | 000,000,000 | ---D | M] (Aeon Clouds) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\tgeub4p6.default\extensions\{FDE3FEE9-893E-4cc7-A814-60E0DE7B2E01}
[2010/03/02 00:47:40 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\tgeub4p6.default\extensions\pink-bee@loic.com
[2010/03/15 08:24:50 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\tgeub4p6.default\extensions\toolbar@ask.com
[2010/03/15 08:24:54 | 000,002,425 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\FireFox\Profiles\tgeub4p6.default\searchplugins\askcom.xml
[2008/06/24 18:33:41 | 000,000,908 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\FireFox\Profiles\tgeub4p6.default\searchplugins\imdb.xml
[2010/04/24 16:17:08 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/06/07 19:16:52 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\npmozax@real.com
[2005/12/05 23:31:00 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
[2009/03/30 17:13:54 | 000,098,304 | ---- | M] (RealNetworks) -- C:\Program Files\Mozilla Firefox\plugins\npraclient.dll
[2009/07/02 11:19:28 | 000,102,400 | ---- | M] (Zylom) -- C:\Program Files\Mozilla Firefox\plugins\npzylomgamesplayer.dll

O1 HOSTS File: ([2008/02/28 07:35:19 | 000,227,744 | R--- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 1001-search.info
O1 - Hosts: 127.0.0.1 www.1001-search.info
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 7990 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (BrowserHelper Class) - {8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6} - C:\Program Files\SGPSA\SearchAssistant.dll (Make The Web Better, LLC)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: [FBSSA] C:\Program Files\SGPSA\ie3sh.exe ()
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Super%20Collapse!%20Puzzle%20Gallery/Images/stg_drm.ocx (Reg Error: Key error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Little%20Shop%20-%20Road%20Trip/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 64.59.184.13 64.59.184.15
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\Windows\System32\D3DX9_4032.dll) - C:\Windows\System32\D3DX9_4032.dll File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\img23.jpg
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\img23.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/04/21 02:07:55 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{c198e3a8-1376-11de-acb9-001bfc082f25}\Shell\AutoRun\command - "" = F:\podcastready.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = ”exefile”] -- Reg Error: Key error. File not found
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/04/24 23:29:16 | 000,562,688 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2010/04/23 09:41:34 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\VendelGAMES
[2010/04/21 13:43:43 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Absolutist
[2010/04/21 13:43:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Absolutist
[2010/04/21 13:18:49 | 000,000,000 | ---D | C] -- C:\ProgramData\NOS
[2010/04/21 13:18:48 | 000,000,000 | ---D | C] -- C:\Program Files\NOS
[2010/04/20 14:18:51 | 000,512,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2010/04/20 14:06:53 | 002,433,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL
[2010/04/20 14:06:52 | 002,855,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2010/04/20 14:06:52 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rrinstaller.exe
[2010/04/20 14:06:51 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2010/04/20 14:06:51 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfpmp.exe
[2010/04/20 14:06:51 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mferror.dll
[2010/04/20 09:05:01 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/04/20 00:24:33 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/04/19 22:05:38 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Malwarebytes
[2010/04/19 22:05:26 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/04/19 22:05:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/04/19 22:05:22 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/04/19 22:05:22 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/17 20:49:23 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Frogwares
[2010/04/17 09:23:09 | 000,000,000 | -HSD | C] -- C:\ProgramData\SysWoW32
[2010/04/14 18:55:14 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\GameFools
[2010/04/14 14:43:22 | 003,502,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/04/14 14:43:22 | 003,468,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010/04/14 14:43:12 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010/04/14 14:42:50 | 000,220,672 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codecp.acm
[2010/04/14 14:42:50 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
[2010/04/14 14:42:40 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpipcfg.dll
[2010/04/14 14:42:40 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiougc.exe
[2010/04/12 22:36:09 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Jetdogs Studios
[2010/04/11 08:28:46 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\DarkParablesBriarRoseSE_BFG
[2010/04/10 21:26:24 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Top Evidence
[2010/04/10 21:26:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Top Evidence
[2010/04/08 08:54:34 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Alawar Entertainment
[2010/04/08 08:54:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Alawar Entertainment
[2010/04/06 11:01:33 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\GameMill Entertainment
[2010/04/05 23:01:57 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Roaming
[2010/04/05 22:33:48 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\LegacyInteractive
[2010/04/05 22:23:18 | 000,000,000 | ---D | C] -- C:\Program Files\bfgclient
[2010/04/05 22:21:15 | 000,000,000 | ---D | C] -- C:\BigFishGamesCache
[2010/04/02 15:48:15 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Settlement. Colossus
[2010/04/01 23:11:38 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\BigFishGames
[2010/04/01 23:10:53 | 000,000,000 | ---D | C] -- C:\Program Files\Penny Dreadfuls - Sweeney Todd Collector's Edition
[2010/03/31 22:11:41 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\MemoryClinic
[2010/03/30 16:22:01 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010/03/30 16:21:59 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/03/30 16:21:59 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2010/03/30 16:21:56 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/03/30 16:21:56 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2010/03/30 16:21:55 | 000,459,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/03/30 16:21:55 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2010/03/30 16:21:55 | 000,192,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/03/30 16:21:54 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2010/03/30 16:21:53 | 001,830,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/03/30 16:21:53 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2010/03/30 16:21:53 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/03/30 16:21:52 | 000,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/03/30 16:21:52 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2010/03/30 16:21:51 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/03/30 16:21:51 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/03/30 16:21:51 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2010/03/30 16:21:51 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/03/30 16:21:51 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/03/30 16:21:50 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/03/30 16:21:50 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2010/03/30 16:21:50 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/04/24 23:29:46 | 005,767,168 | -HS- | M] () -- C:\Users\Owner\ntuser.dat
[2010/04/24 23:29:23 | 000,562,688 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2010/04/24 23:10:04 | 000,010,752 | ---- | M] () -- C:\Users\Owner\Desktop\exefix_xp.com
[2010/04/24 22:56:01 | 000,009,506 | -HS- | M] () -- C:\Users\Owner\AppData\Local\f1pKdvbneJkm
[2010/04/24 22:56:01 | 000,009,506 | -HS- | M] () -- C:\ProgramData\f1pKdvbneJkm
[2010/04/24 22:55:25 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/24 22:54:06 | 000,003,584 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/04/24 22:54:04 | 000,003,584 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/04/24 22:54:03 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2010/04/24 22:54:01 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/04/24 22:53:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/04/24 21:48:26 | 002,346,867 | -H-- | M] () -- C:\Users\Owner\AppData\Local\IconCache.db
[2010/04/24 21:39:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/24 21:11:31 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{8D231D9F-AC29-4119-BE8A-70077B4B1E31}.job
[2010/04/24 17:35:36 | 000,009,018 | ---- | M] () -- C:\Users\Owner\Documents\cc_20100424_173532.reg
[2010/04/24 17:26:11 | 000,221,696 | -HS- | M] () -- C:\Users\Owner\AppData\Local\ave.exe
[2010/04/23 08:48:29 | 000,001,618 | ---- | M] () -- C:\Users\Public\Desktop\More Great Games.lnk
[2010/04/21 13:09:28 | 000,002,021 | ---- | M] () -- C:\Users\Public\Desktop\Play Games.lnk
[2010/04/20 15:49:56 | 000,000,749 | RH-- | M] () -- C:\Windows\WindowsShell.Manifest
[2010/04/20 14:24:41 | 000,025,088 | ---- | M] () -- C:\Users\Owner\Documents\customer service cover letter2.doc
[2010/04/20 08:12:51 | 000,003,765 | -HS- | M] () -- C:\Users\Owner\AppData\Roaming\020000001b11b65b879P.manifest
[2010/04/20 08:11:44 | 000,000,817 | ---- | M] () -- C:\ProgramData\1275400155
[2010/04/20 00:24:34 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010/04/20 00:17:43 | 000,612,560 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/04/20 00:17:43 | 000,104,940 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/04/19 22:07:36 | 000,727,406 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/04/19 22:05:31 | 000,000,784 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/19 10:32:23 | 000,001,023 | -HS- | M] () -- C:\ProgramData\475357067
[2010/04/19 10:31:52 | 000,000,051 | -HS- | M] () -- C:\Users\Owner\AppData\Roaming\020000001b11b65b879C.manifest
[2010/04/19 10:31:52 | 000,000,011 | -HS- | M] () -- C:\Users\Owner\AppData\Roaming\020000001b11b65b879S.manifest
[2010/04/19 10:31:52 | 000,000,011 | -HS- | M] () -- C:\Users\Owner\AppData\Roaming\020000001b11b65b879O.manifest
[2010/04/18 19:26:21 | 000,240,640 | ---- | M] () -- C:\Windows\System32\ctl3d3232.dll
[2010/04/17 09:23:09 | 000,000,113 | ---- | M] () -- C:\ProgramData\sl2109000985
[2010/04/17 09:22:54 | 000,203,776 | -HS- | M] () -- C:\ProgramData\unrar.exe
[2010/04/08 23:37:29 | 000,024,064 | ---- | M] () -- C:\Users\Owner\Documents\REFERENCES.doc
[2010/04/06 14:02:33 | 000,015,304 | ---- | M] () -- C:\Users\Owner\Documents\cc_20100406_140229.reg
[2010/04/01 23:11:17 | 000,001,582 | ---- | M] () -- C:\Users\Owner\Desktop\Penny Dreadfuls - Sweeney Todd Collector's Edition.lnk
[2010/03/31 03:21:03 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForOwner.job
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/24 23:09:59 | 000,010,752 | ---- | C] () -- C:\Users\Owner\Desktop\exefix_xp.com
[2010/04/24 17:35:34 | 000,009,018 | ---- | C] () -- C:\Users\Owner\Documents\cc_20100424_173532.reg
[2010/04/24 17:26:11 | 000,221,696 | -HS- | C] () -- C:\Users\Owner\AppData\Local\ave.exe
[2010/04/24 17:26:11 | 000,009,506 | -HS- | C] () -- C:\Users\Owner\AppData\Local\f1pKdvbneJkm
[2010/04/24 17:26:11 | 000,009,506 | -HS- | C] () -- C:\ProgramData\f1pKdvbneJkm
[2010/04/23 08:48:29 | 000,001,618 | ---- | C] () -- C:\Users\Public\Desktop\More Great Games.lnk
[2010/04/21 13:09:28 | 000,002,021 | ---- | C] () -- C:\Users\Public\Desktop\Play Games.lnk
[2010/04/20 00:24:34 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010/04/19 22:05:31 | 000,000,784 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/18 19:26:21 | 000,240,640 | ---- | C] () -- C:\Windows\System32\ctl3d3232.dll
[2010/04/17 09:23:53 | 000,001,023 | -HS- | C] () -- C:\ProgramData\475357067
[2010/04/17 09:23:52 | 000,000,817 | ---- | C] () -- C:\ProgramData\1275400155
[2010/04/17 09:23:09 | 000,000,113 | ---- | C] () -- C:\ProgramData\sl2109000985
[2010/04/17 09:22:54 | 000,203,776 | -HS- | C] () -- C:\ProgramData\unrar.exe
[2010/04/17 09:22:37 | 000,003,765 | -HS- | C] () -- C:\Users\Owner\AppData\Roaming\020000001b11b65b879P.manifest
[2010/04/17 09:22:37 | 000,000,051 | -HS- | C] () -- C:\Users\Owner\AppData\Roaming\020000001b11b65b879C.manifest
[2010/04/17 09:22:37 | 000,000,011 | -HS- | C] () -- C:\Users\Owner\AppData\Roaming\020000001b11b65b879S.manifest
[2010/04/17 09:22:37 | 000,000,011 | -HS- | C] () -- C:\Users\Owner\AppData\Roaming\020000001b11b65b879O.manifest
[2010/04/10 20:56:13 | 000,003,895 | ---- | C] () -- C:\ProgramData\doicrane_save.log
[2010/04/06 14:02:31 | 000,015,304 | ---- | C] () -- C:\Users\Owner\Documents\cc_20100406_140229.reg
[2010/04/06 12:15:00 | 000,025,088 | ---- | C] () -- C:\Users\Owner\Documents\customer service cover letter2.doc
[2010/04/01 23:11:17 | 000,001,582 | ---- | C] () -- C:\Users\Owner\Desktop\Penny Dreadfuls - Sweeney Todd Collector's Edition.lnk
[2009/09/01 22:54:06 | 000,000,094 | -H-- | C] () -- C:\Windows\System32\spv1_WCssg.ini
[2009/08/30 13:32:59 | 000,000,000 | ---- | C] () -- C:\Windows\Game.INI
[2009/08/30 10:20:13 | 000,000,000 | ---- | C] () -- C:\Windows\ResortingToDanger.INI
[2009/07/05 02:23:17 | 000,000,029 | ---- | C] () -- C:\Windows\PControl.ini
[2009/06/21 15:19:11 | 000,000,000 | ---- | C] () -- C:\Windows\Curses.INI
[2009/01/04 14:26:31 | 000,072,192 | ---- | C] () -- C:\Windows\System32\zlib.dll
[2008/09/07 11:07:42 | 000,000,022 | ---- | C] () -- C:\Windows\iexplore.ini
[2008/06/03 20:16:25 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/03/05 18:36:25 | 000,000,028 | ---- | C] () -- C:\Windows\TLCAPPS.INI
[2007/04/21 01:30:02 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom24.dll
[2007/04/21 01:30:02 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes24.dll
[2007/03/06 02:47:24 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2007/01/12 08:07:48 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2007/01/12 08:07:48 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/11/02 06:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 01:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

descriptiongrrr...vista security EmptyRe: grrr...vista security

more_horiz
========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:EEB25EAE
@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:BB71BBA2
@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:6CC147C9
@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:69AF9D20
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:12D2EB9C
@Alternate Data Stream - 97 bytes -> C:\ProgramData\TEMP:F2AF86D9
@Alternate Data Stream - 97 bytes -> C:\ProgramData\TEMP:97C4F81F
@Alternate Data Stream - 97 bytes -> C:\ProgramData\TEMP:7547DA5B
@Alternate Data Stream - 97 bytes -> C:\ProgramData\TEMP:17C48B08
@Alternate Data Stream - 97 bytes -> C:\ProgramData\TEMP:14520962
@Alternate Data Stream - 97 bytes -> C:\ProgramData\TEMP:1316EAD4
@Alternate Data Stream - 96 bytes -> C:\ProgramData\TEMP:FDDD8917
@Alternate Data Stream - 96 bytes -> C:\ProgramData\TEMP:ED810E46
@Alternate Data Stream - 96 bytes -> C:\ProgramData\TEMP:A01617F0
@Alternate Data Stream - 96 bytes -> C:\ProgramData\TEMP:767A78E5
@Alternate Data Stream - 96 bytes -> C:\ProgramData\TEMP:43982D5E
@Alternate Data Stream - 96 bytes -> C:\ProgramData\TEMP:3D36932D
@Alternate Data Stream - 96 bytes -> C:\ProgramData\TEMP:28CDD861
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:DEEA5B0E
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:D1D597D0
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:A296A63F
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:8BA6C9F8
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:59C113EC
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:54D5DB8A
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:3815BC84
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:31106FCB
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:2E49D185
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:02A78DF6
@Alternate Data Stream - 94 bytes -> C:\ProgramData\TEMP:FC8FFA4E
@Alternate Data Stream - 94 bytes -> C:\ProgramData\TEMP:EE39C93C
@Alternate Data Stream - 94 bytes -> C:\ProgramData\TEMP:E5F85065
@Alternate Data Stream - 94 bytes -> C:\ProgramData\TEMP:CF61CE5A
@Alternate Data Stream - 94 bytes -> C:\ProgramData\TEMP:96C05DC7
@Alternate Data Stream - 94 bytes -> C:\ProgramData\TEMP:80FE037D
@Alternate Data Stream - 94 bytes -> C:\ProgramData\TEMP:5E9B629B
@Alternate Data Stream - 382 bytes -> C:\ProgramData\TEMP:4EDC977B
@Alternate Data Stream - 373 bytes -> C:\ProgramData\TEMP:732C5717
@Alternate Data Stream - 358 bytes -> C:\ProgramData\TEMP:92AD6888
@Alternate Data Stream - 349 bytes -> C:\ProgramData\TEMP:F585932D
@Alternate Data Stream - 347 bytes -> C:\ProgramData\TEMP:766C5F65
@Alternate Data Stream - 341 bytes -> C:\ProgramData\TEMP:B7908AB4
@Alternate Data Stream - 341 bytes -> C:\ProgramData\TEMP:6BA0A39E
@Alternate Data Stream - 340 bytes -> C:\ProgramData\TEMP:D52D3C91
@Alternate Data Stream - 336 bytes -> C:\ProgramData\TEMP:E2533C29
@Alternate Data Stream - 333 bytes -> C:\ProgramData\TEMP:36D4F33D
@Alternate Data Stream - 330 bytes -> C:\ProgramData\TEMP:B8EC11DE
@Alternate Data Stream - 328 bytes -> C:\ProgramData\TEMP:5694A9EA
@Alternate Data Stream - 321 bytes -> C:\ProgramData\TEMP:7C9B1BB3
@Alternate Data Stream - 321 bytes -> C:\ProgramData\TEMP:51E41381
@Alternate Data Stream - 320 bytes -> C:\ProgramData\TEMP:70D0C9DD
@Alternate Data Stream - 316 bytes -> C:\ProgramData\TEMP:2F984905
@Alternate Data Stream - 315 bytes -> C:\ProgramData\TEMP:9A472841
@Alternate Data Stream - 313 bytes -> C:\ProgramData\TEMP:5C354A58
@Alternate Data Stream - 308 bytes -> C:\ProgramData\TEMP:A2400EF3
@Alternate Data Stream - 305 bytes -> C:\ProgramData\TEMP:4D98FE3E
@Alternate Data Stream - 296 bytes -> C:\ProgramData\TEMP:06500394
@Alternate Data Stream - 289 bytes -> C:\ProgramData\TEMP:6170D1F5
@Alternate Data Stream - 288 bytes -> C:\ProgramData\TEMP:F190E283
@Alternate Data Stream - 273 bytes -> C:\ProgramData\TEMP:6F82DBA8
@Alternate Data Stream - 267 bytes -> C:\ProgramData\TEMP:CB0ACD5C
@Alternate Data Stream - 207 bytes -> C:\ProgramData\TEMP:72E74C26
@Alternate Data Stream - 195 bytes -> C:\ProgramData\TEMP:3EDEA3E1
@Alternate Data Stream - 165 bytes -> C:\ProgramData\TEMP:AFD2D4A7
@Alternate Data Stream - 155 bytes -> C:\ProgramData\TEMP:AD7C3EFB
@Alternate Data Stream - 155 bytes -> C:\ProgramData\TEMP:708561A8
@Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:CA4300C6
@Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:C3A4217C
@Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:07348C09
@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:4EAD6852
@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:2556A8A0
@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:0E660858
@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:0E341035
@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:71612023
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:FA7FE636
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:BE0BAFE1
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:A118E9A3
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:798F4CE4
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:6247E766
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:341C1FBD
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:F878F14A
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:0E22C5DB
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:EE187F5B
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:C8E29393
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:EDC744FB
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:E7B4296D
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:86725A4F
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:E14FA16F
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:35FAD15D
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:FAB64002
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:9E76E7F3
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:88A44CC1
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:80F63EC3
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:33E12B7A
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:18F64313
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:BD47E4EB
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:6B9828AE
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:54997B77
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:36FFA2FB
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:32ED8AE7
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:16ADBA30
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:123A86B5
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:0EC7A545
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:DC21D414
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:D44D0CA3
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:C0A504B9
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:9D86EE01
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:89CF6F9C
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:89C28CF6
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:7FCB9D0D
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:32A82570
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:E8A39657
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:E3B5F2D1
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:DE9AC04F
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:A60D0FA6
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:8135A716
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:DF0DB8AB
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:CF2C26D2
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:71004506
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:3CD562B4
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:2495D97A
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:13EF4AF6
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:BFD53918
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:AA6C7C38
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:9B7E8561
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:61B54B15
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:0F38B460
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:ED705107
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:EA10407C
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:E895790F
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:9A00FBCA
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:8B4B9596
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:6A7B7A50
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:5E413CD6
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:4AA3DAA3
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:29B2472B
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:F791B5EF
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:D7CCB616
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:5A1A3CC5
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:596E2371
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:9A7BF72D
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:8E60033F
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:7BE471CB
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:687D1056
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:104EF12D
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:EF5B3572
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:3D6B89CE
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:3BD6F4E7
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:3B4C97B5
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:27D1368B
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:FF9C44FE
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:C10635F6
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:ABE818FA
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:A73EAFFB
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:7E082023
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:703CE963
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:5FEFEAEF
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:5D351BC6
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:2FAFBD6A
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:1181620C
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:E55CE2D1
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:997E6AF4
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:72E546C1
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:6F0B6A5A
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:48977386
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:409A775B
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:EBE4F6FC
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:E411AA0D
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:F64FC07C
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:ADE67221
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:A7596EAE
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:A02025CE
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:89123481
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:86FA1A34
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:5025C6E4
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:4C528C86
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:147A3409
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:EA983230
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:DE9E6085
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:D31BE97C
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:B2735F9E
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:9AE67195
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:91FFEC32
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:88698068
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:6FA346B6
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:5FFC2819
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:1B7E2022
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:FDAF118C
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:D055FC10
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:CC174F28
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:BF2E2F0E
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:B2CD146E
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:A167A0BB
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:981349EA
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:90865A6D
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:737160C1
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:58D2A680
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:588B60C7
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:4CD2D817
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:20FFCF0B
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:F0B6A31E
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:A58B27C9
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:988216DA
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:93D985FC
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:91DEEE71
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:6E86D926
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:6E5C36BA
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:471AD3D0
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:3FD496E1
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:3BF63E4A
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:38B32B54
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:1F96ED45
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:17DA7CD5
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:FED25C29
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:FC4EA67C
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:FB65A4AA
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:EC2381A4
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:D390A6A7
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:BDCD8531
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:A5FC8FA1
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:8DBEDD28
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:8944C195
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:891E6CB1
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:864A52B8
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:848CC150
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:8356AE8B
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:68B61847
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:5BC73C48
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:4CF76F21
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:481DAC2B
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:3651A580
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:2BC498A4
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:26FBC1F9
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:164FA86E
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:E945C214
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:E7B49FBF
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:E732B44B
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:DEDAEF90
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:DD04902E
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:DB77E2C4
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:C5E2BAEE
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:C3B04546
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:BFC41B39
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:9F36615A
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:912389B7
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:7B52659E
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:7A032A04
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:50A11A00
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:3D186293
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:2361E235
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:163B8B93
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:0E684AC9
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:0D278FB5
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:FE4E15B1
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:D2C57161
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:9B0F9E15
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:9446E8B9
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:7FD903D7
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:699E0EA8
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:6425A235
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:55F44B88
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:53DF59D1
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:275AA066
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:206470A5
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:12B6A5EC
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:0F6AC518
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:0DA384B0
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:E90251A2
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:E07EA07E
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:D2593961
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:C928F3BE
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:9E3E060F
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:8999FD56
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:6C5EC3CD
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:5FA4CB99
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:2F141B68
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:F50F1555
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:E9FAC3AB
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:BAC9506D
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:B0EB578B
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:9B9B0020
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:80A452DD
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:7A0EFE63
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:550179F5
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:3E06C78F
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:39C7B7C6
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:2871B698
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:225CD7D5
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:F45F3031
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:F33C37D5
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:ED2998F5
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:BA05E0C4
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:A56D6987
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:70F0A2F4
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:69D59C23
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:63CFD724
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:63306D48
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:5EF1AD34
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:48FEA089
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:3539CD43
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:2E0B7D8A
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:0AC32449
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:08D8BB20
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:C63E7DE2
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:98F6F85C
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:96C9689F
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:943E8182
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:817F0659
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:700B9342
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:6C491D31
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:6A97C459
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:68EF6203
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:61F0C8FB
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:5856B2C0
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:22313216
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:1C6CB897
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:072F1F69
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:CEF2A14E
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:B18C4339
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:8E7F155B
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:639F0420
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:5C270C64
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:3C5ABDC7
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:0F0A5896
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:04A2BA27
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:F65733F1
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:E91ADC66
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:D92485C9
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:D48500F8
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:D1979811
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:C72A744C
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:85C3B823
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:7A0FEE87
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:6017A808
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:5C6EBC69
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:4D1D6B2D
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:405D842B
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:3B812EE0
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:2EA99C48
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:2832349A
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:102394C6
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:0FA1EAA7
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:FE2D31D5
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:FD000392
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:EB40BC91
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:DE9F4320
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:B419A171
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:A0CB43B2
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:99A29126
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:9331E9D2
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:8401B6D5
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:7AA6FC81
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:5EC637CB
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:55BB2521
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:523B97A0
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:4573A78F
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:389D51A1
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:29629382
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:237E4B91
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:13AA281B
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:090FB735
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:00D5EBC2
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:FC2D0F32
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:E80802C7
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:DE47A3DA
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:C2B2C9C1
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:996104FC
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:7C412B92
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:7B2BB690
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:618BF152
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:60C897F3
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:4DCAC4BC
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:43301D1D
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:2B1EA607
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:0DAD93FF
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:CD9109D4
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:C213B3C4
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:C0A9D0E7
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:A4F63AED
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:A4BF246C
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:A4076A3B
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:A2865730
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:896E1EFF
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:6FE17A89
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:1F67CD26
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:98DFF516
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:620EC79A
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:60A4BB64
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:067F588D
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:90D89144
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:8AB6C1D7
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:870649A4
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:55E1514E
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:5345C8F6
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:45F3AD49
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:3857ABB7
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:33DB8278
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:331B76C7
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:0ED4AC2F
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:0C9CD455
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:07241935
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:E717F65C
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DF0BC727
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:C36B1175
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:C22674B6
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:C17FCA88
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:BE6DC701
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:7972CF54
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:61AF2B29
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:55E3C0E0
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:25249477
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:24FECE50
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:1CE87230
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:067BF339
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:E9B5CB53
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:DE892EFB
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:CB52BE62
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:93F3E4C9
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:8C458D50
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:7DC6E295
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:55EFEB27
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:46700142
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:1502A995
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:FA206A00
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:C8EAE2CC
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:9ACB70D7
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:51F17BB8
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:42509EA1
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:2CFBE2D1
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:1ECED34B
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:086DE893
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:EC0A74A1
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:EB603FE4
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:E3CEEC4C
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:D3A8AA31
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:CFF21EA7
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:C40E212B
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:B845F669
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:B6FD7157
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:95970EA3
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:93877B62
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:8160BC44
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:814B9485
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:78E0DF72
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:5CF48ABF
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:569CEE83
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:40D8F125
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:13B137AF
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:0D3CE40A
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:0BFCB272
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:026B76F2
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:EB6CB455
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:C8E82994
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:C67CB31A
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:8C37BA2F
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:7881FECE
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:3C282BEA
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:315B4A13
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:F5B69884
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:F42B5B0E
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:E32966C0
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:938EC881
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:8DF68137
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:798A3728
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:598E0FFA
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:551BED5F
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:4673E9EA
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:2342AE46
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:F437A62A
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:F14D1F80
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:E5294695
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:CB16385F
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:5B85C37B
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:53C0A7FF
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:4FE42FFC
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:3F22DA14
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:1B927722
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:D507B5A8
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:C07A6A6B
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:9DF07E8F
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:96BE5F33
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:90B52091
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:1A7E6B73
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:0F38F234
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:F3EFA8A8
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:ECCE99EF
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:E51234A9
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:D6BE1CEA
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:A7DA2BCD
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:7776B809
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:6444B424
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:561B1D2B
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:38BFF11F
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:3313A48D
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:FB97DB91
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:D0668210
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:92A815D8
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:55818279
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:260575F1
< End of report >


and....

descriptiongrrr...vista security EmptyRe: grrr...vista security

more_horiz
OTL Extras logfile created on: 24/04/2010 11:29:33 PM - Run 1
OTL by OldTimer - Version 3.2.2.0 Folder = C:\Users\Owner\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 44.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 224.11 Gb Total Space | 142.02 Gb Free Space | 63.37% Space Free | Partition Type: NTFS
Drive D: | 8.77 Gb Total Space | 0.01 Gb Free Space | 0.10% Space Free | Partition Type: NTFS
Drive E: | 111.78 Gb Total Space | 105.42 Gb Free Space | 94.31% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OWNER-PC
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.exe [@ = ”exefile”] -- Reg Error: Key error. File not found
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\PROGRAM FILES\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- File not found


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03EF2DAE-13F7-4347-A193-2CEDA3CA5C7E}" = rport=138 | protocol=17 | dir=out | app=system |
"{0633D17D-3EA1-46D2-8F0A-58F17229E805}" = lport=445 | protocol=6 | dir=in | app=system |
"{543E7FDB-7C60-466F-B624-D465D86A42C0}" = rport=445 | protocol=6 | dir=out | app=system |
"{60BB0181-F04C-4D99-A2DA-BA0EEE45B64A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{759802A4-219E-452F-A931-310D2B7482FC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{B677F3B5-6486-48CF-B999-111E3BB0BC69}" = rport=137 | protocol=17 | dir=out | app=system |
"{C7C4FF53-7A48-4C77-B229-24EB6A8CD47B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{CE6EEBAB-4126-46DA-835E-58B39A8FA535}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{DEA90D2B-91D7-4FAA-8C71-940B80D84375}" = lport=137 | protocol=17 | dir=in | app=system |
"{ECDE534D-3F91-4294-8836-E8AD5412110A}" = lport=139 | protocol=6 | dir=in | app=system |
"{F96C108D-4F6C-4437-AE8E-F20E264400E4}" = lport=138 | protocol=17 | dir=in | app=system |
"{FE741C4D-5C90-4DE4-89E0-D2E263055AA4}" = rport=139 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0719F8B0-5FAF-44D2-BCBB-5B3B3917FECE}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{19332B24-85C1-4C82-9B36-BA60B8A9E2EC}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{206547EA-5F80-4F1B-939D-2C3BD9BA9A6F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{28048B98-FB35-4126-9C68-6ECF4E45D1C1}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{30046C66-14C9-4BB1-B1A1-5BCF4E695A64}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{318E423D-5969-4558-8D37-F84079B4BA8B}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{359CEF27-348D-41DF-A60A-1CE1F2DAC6BB}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{40955AD8-559F-4088-8053-00A2EE8A6902}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{42EA081C-2896-4F6E-A183-4AFE91D10FA0}" = protocol=6 | dir=in | app=c:\makena\there\thereclient\there.exe |
"{541AD729-7E4D-4699-A8B3-C60339A59FCF}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{5E213652-126B-4CD2-B26D-0D28A969E8D8}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{624F12D0-9A2F-445C-8973-E87B26BD05DF}" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"{65775FC7-3DE5-446B-9784-C4A1797D2795}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{6A44990B-6A79-4746-9AEA-C03B26BF7EB6}" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"{76914B10-334A-411B-9371-13C8C984959A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{77BE3E79-6E80-4212-8F05-80BBD9E2F270}" = dir=in | app=c:\windows\explorer.exe |
"{796B2D64-4C74-4346-86C0-88B638B2CF4A}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{7ACC6E87-8C12-4adb-91B7-EFC3F2F4705A}" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"{802D0A86-4D0B-4F1A-96AB-6A43BCC3F809}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{8C7FAF73-BF93-4BFC-8D90-83D368041F60}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{8FC680F5-B38A-4028-9F28-69A6D0666C0E}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{92459C5E-D350-4cba-AA74-C8F989C9336F}" = protocol=17 | dir=out | app=c:\windows\explorer.exe |
"{94BCE304-4854-4955-9DB0-3A5A5CB9FF57}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{A12E953B-110B-4438-877E-CFE3B9E07CD8}" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"{A53AD028-734B-4F11-A975-477F30811937}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{A6499BFE-0CB5-4B06-945A-1ACCC47D79A4}" = protocol=17 | dir=in | app=c:\makena\there\thereclient\there.exe |
"{A7B8B809-944E-487E-BE99-F5753F748205}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B078B2B6-A878-44ff-9BCC-458257924F96}" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"{B1A40E4F-58DB-490f-9D18-55B5194E8BD5}" = protocol=6 | dir=out | app=c:\windows\explorer.exe |
"{B8CBAB00-C10B-45F7-80B0-5435EEE934EF}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{BD56A5A2-C753-4567-AE44-84D640DF7A8C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C3E9B20A-B7E2-4aab-9835-3C548937E46F}" = dir=out | app=c:\windows\explorer.exe |
"{CA31E674-07EE-475A-9EEF-6DE7188D3CAA}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{CE220298-6D5B-416E-9797-21B1080B7F56}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{D73B6343-A8E7-42D6-BB43-C8CB36C8060E}" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"{D7A0B0ED-6CA8-431E-B941-4440BC06E310}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{DF6FD02C-C63F-42F8-8B26-935301A5BEB6}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{E6F2D478-B5BB-4782-9F2F-952EDB9C844A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{EA72AE0B-AAF7-4D52-8928-E3C1482B884C}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{F569565D-22D8-4CA4-8A6D-85CE192F21CF}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{F755D38E-9C35-4F77-AF7B-F4B8A21FE5D8}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{F9E0C00A-17CF-4E39-82BC-5CF08C7184BC}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"TCP Query User{04350C09-065A-481A-8BE0-7AD3A4537977}C:\program files\break for games\puzzle quest\puzzle quest.exe" = protocol=6 | dir=in | app=c:\program files\break for games\puzzle quest\puzzle quest.exe |
"TCP Query User{C803A851-405D-4AB5-B6BD-3566D2D0D0BF}C:\windows\system32\dpnsvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dpnsvr.exe |
"UDP Query User{A4892A4E-74A9-415E-B795-D1B51F87D29E}C:\windows\system32\dpnsvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dpnsvr.exe |
"UDP Query User{DD103D0D-161C-4B09-8123-1EE318C9B827}C:\program files\break for games\puzzle quest\puzzle quest.exe" = protocol=17 | dir=in | app=c:\program files\break for games\puzzle quest\puzzle quest.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 12
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{37D74171-3131-498A-BE5D-7E3DA6AC0DBE}" = UFile 2007
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{451BB54C-8B23-4455-8BDC-14FC7D43E056}" = MSXML4SP2
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}" = iTunes
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6AF49698-949A-4C89-9B31-041D2CCB5FBD}" = muvee autoProducer 6.0
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A43E42-3658-4DD9-8551-FACDA3632538}" = HP Advisor
"{75E71ADD-042C-4F30-BFAC-A9EC42351313}" = Python 2.4.3
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{938B1CD7-7C60-491E-AA90-1F1888168240}" = Roxio MyDVD Basic v9
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AFA20D47-69C3-4030-8DF8-D37466E70F13}" = Apple Mobile Device Support
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BA930137-16E1-400E-8496-4ED5ECD056C6}" = Puzzle Quest
"{BAF0296B-77EA-425B-934E-671B4DBAED6E}" = UFile Updater 2007
"{BF953F1A-F946-4804-875D-94B6A6C05CE1}" = Business Card Factory Deluxe 2.0
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E590FD1C-E8C6-4D2E-8CA9-77B403F7EE01}" = Microsoft Antimalware
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"BFGC" = Big Fish Games: Game Manager
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Soft Data Fax Modem with SmartCP
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"ESET Online Scanner" = ESET Online Scanner v3
"LimeWire" = LimeWire 5.5.6
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft Security Essentials" = Microsoft Security Essentials
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Mozilla Thunderbird (2.0.0.23)" = Mozilla Thunderbird (2.0.0.23)
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator
"Penny Dreadfuls - Sweeney Todd Collector's Edition % CompanyName%" = Penny Dreadfuls - Sweeney Todd Collector's Edition % CompanyName%
"PhotoScape" = PhotoScape
"RealPlayer 6.0" = RealPlayer
"Rhapsody" = Rhapsody
"Slingo Quest Hawaii" = Slingo Quest Hawaii
"WildTangent hp Master Uninstall" = HP Games
"WildTangent hpdesktop Master Uninstall" = My HP Games
"WildTangent wildgames Master Uninstall" = WildTangent Games
"Winamp" = Winamp (remove only)
"WinLiveSuite_Wave3" = Windows Live Essentials
"WT081305" = Midnight Mysteries - The Edgar Allan Poe Conspiracy
"WT084432" = Petz Catz 2
"WT087963" = Green Moon
"WT087977" = Public Enemies - Bonnie and Clyde
"WT087993" = Mystery P.I. - The London Caper

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 21/04/2010 3:15:54 PM | Computer Name = Owner-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.17037, time stamp
0x4b9658a0, faulting module ntdll.dll, version 6.0.6000.16386, time stamp 0x4549bdc9,
exception code 0xc0000374, fault offset 0x000af1c9, process id 0x12bc, application
start time 0x01cae186e941d787.

Error - 24/04/2010 7:54:50 PM | Computer Name = Owner-PC | Source = Perflib | ID = 1008
Description =

Error - 24/04/2010 7:54:50 PM | Computer Name = Owner-PC | Source = Perflib | ID = 1010
Description =

Error - 24/04/2010 7:54:51 PM | Computer Name = Owner-PC | Source = Perflib | ID = 1008
Description =

Error - 24/04/2010 7:54:51 PM | Computer Name = Owner-PC | Source = Perflib | ID = 1005
Description =

Error - 24/04/2010 7:54:51 PM | Computer Name = Owner-PC | Source = Perflib | ID = 1017
Description =

Error - 24/04/2010 7:54:57 PM | Computer Name = Owner-PC | Source = usbperf | ID = 2004
Description = Usbperf data collection failed. Collect function called with usupported
Query Type.

Error - 24/04/2010 7:57:33 PM | Computer Name = Owner-PC | Source = usbperf | ID = 2004
Description = Usbperf data collection failed. Collect function called with usupported
Query Type.

Error - 24/04/2010 8:03:06 PM | Computer Name = Owner-PC | Source = usbperf | ID = 2004
Description = Usbperf data collection failed. Collect function called with usupported
Query Type.

Error - 24/04/2010 10:46:58 PM | Computer Name = Owner-PC | Source = VSS | ID = 8194
Description =

[ System Events ]
Error - 24/04/2010 8:26:45 PM | Computer Name = Owner-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 24/04/2010 8:26:45 PM | Computer Name = Owner-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 24/04/2010 8:57:44 PM | Computer Name = Owner-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot
9, function 0. Please contact your system vendor for technical assistance.

Error - 24/04/2010 8:57:44 PM | Computer Name = Owner-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot
11, function 0. Please contact your system vendor for technical assistance.

Error - 24/04/2010 10:35:15 PM | Computer Name = Owner-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot
9, function 0. Please contact your system vendor for technical assistance.

Error - 24/04/2010 10:35:15 PM | Computer Name = Owner-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot
11, function 0. Please contact your system vendor for technical assistance.

Error - 24/04/2010 10:37:15 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 25/04/2010 12:53:33 AM | Computer Name = Owner-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot
9, function 0. Please contact your system vendor for technical assistance.

Error - 25/04/2010 12:53:33 AM | Computer Name = Owner-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot
11, function 0. Please contact your system vendor for technical assistance.

Error - 25/04/2010 12:55:37 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000
Description =


< End of report >

descriptiongrrr...vista security EmptyRe: grrr...vista security

more_horiz
Hello.

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :OTL
    FF - prefs.js..browser.search.defaultengine: "Ask.com"
    FF - prefs.js..browser.search.defaultenginename: "Ask.com"
    FF - prefs.js..browser.search.defaultthis.engineName: "Fast Browser Search"
    FF - prefs.js..browser.search.order.1: "Ask.com"
    FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.6.6.117
    FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=LMW2&o=16054&locale=en_US&q="
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (BrowserHelper Class) - {8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6} - C:\Program Files\SGPSA\SearchAssistant.dll (Make The Web Better, LLC)
    O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
    O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
    O4 - HKLM..\Run: [FBSSA] C:\Program Files\SGPSA\ie3sh.exe ()
    [2010/04/24 22:56:01 | 000,009,506 | -HS- | M] () -- C:\Users\Owner\AppData\Local\f1pKdvbneJkm
    [2010/04/24 22:56:01 | 000,009,506 | -HS- | M] () -- C:\ProgramData\f1pKdvbneJkm
    [2010/04/24 17:26:11 | 000,221,696 | -HS- | M] () -- C:\Users\Owner\AppData\Local\ave.exe
    [2010/04/18 19:26:21 | 000,240,640 | ---- | C] () -- C:\Windows\System32\ctl3d3232.dll
    [2010/04/17 09:23:53 | 000,001,023 | -HS- | C] () -- C:\ProgramData\475357067
    [2010/04/17 09:23:52 | 000,000,817 | ---- | C] () -- C:\ProgramData\1275400155
    [2010/04/17 09:23:09 | 000,000,113 | ---- | C] () -- C:\ProgramData\sl2109000985


  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

descriptiongrrr...vista security EmptyRe: grrr...vista security

more_horiz
Thanks! Followed your instructions and here is the log. Anything else I need to do? I don't have the vista security anymore, and things seem ok!

========== OTL ==========
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Ask.com" removed from browser.search.defaultenginename
Prefs.js: "Fast Browser Search" removed from browser.search.defaultthis.engineName
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: [You must be registered and logged in to see this link.]:3.6.6.117 removed from extensions.enabledItems
Prefs.js: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=LMW2&o=16054&locale=en_US&q=" removed from keyword.URL
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6}\ not found.
File C:\Program Files\SGPSA\SearchAssistant.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\FBSSA not found.
File C:\Program Files\SGPSA\ie3sh.exe not found.
C:\Users\Owner\AppData\Local\f1pKdvbneJkm moved successfully.
C:\ProgramData\f1pKdvbneJkm moved successfully.
File C:\Users\Owner\AppData\Local\ave.exe not found.
File C:\Windows\System32\ctl3d3232.dll not found.
C:\ProgramData\475357067 moved successfully.
C:\ProgramData\1275400155 moved successfully.
C:\ProgramData\sl2109000985 moved successfully.

OTL by OldTimer - Version 3.2.3.0 log created on 04252010_234839

descriptiongrrr...vista security EmptyRe: grrr...vista security

more_horiz
Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.

descriptiongrrr...vista security EmptyRe: grrr...vista security

more_horiz
I had already done this! Thanks for all your help!

descriptiongrrr...vista security EmptyRe: grrr...vista security

more_horiz
Please post the MBAM log then.

descriptiongrrr...vista security EmptyRe: grrr...vista security

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum