WiredWX Hobby Weather ToolsLog in

 


MS Removal Tool Help

2 posters

descriptionMS Removal Tool Help EmptyMS Removal Tool Help

more_horiz
Hello,
So my computer started going crazy and said critical had drive failure and some other things, and popped up with the MS removal tool, which I didn't buy or even attempt to look at I just googled the critical hard drive failure and it came back that it was a virus from malware, so I followed the instructions on the read this before you post, post. I downloaded the OTL and copied and pasted the info into the custom scan, and during the scan it got stuck on the mozilla settings and, stopped responding, I tried it again with the same results. I downloaded Malwarebytes' anti-malware and scanned my pc, this of course before I found this site. I will paste the results from that in this post. Hopefully you can help me fix this problem any advice is greatly appreciated. Thanks for your time.

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8201

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

11/20/2011 2:27:13 PM
mbam-log-2011-11-20 (14-27-13).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)
Objects scanned: 402690
Time elapsed: 1 hour(s), 18 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 18
Registry Values Infected: 6
Registry Data Items Infected: 7
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{09971cee-01b8-42bc-9d91-456b1faad6be} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF6-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{7B9F8C21-46EC-4C0B-8683-E755EF84577A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7B9F8C21-46EC-4C0B-8683-E755EF84577A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{F02FABCB-92DD-475A-98AF-14217BD50746} (Adware.Gamevance) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{F02FABCB-92DD-475A-98AF-14217BD50746} (Adware.Gamevance) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3462C343-BE19-4143-AF70-CEFB56F46FC6} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3A421C8F-E238-4AEB-8874-B8B5F2CC4772} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{549B5CA7-4A86-11D7-A4DF-000874180BB3} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{60E91567-EF8A-4520-BCE2-83ABA5256799} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.TryMedia) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\CouponAlert_2p (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\AppDataLow\gvtl (Adware.GameVance) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MENUEXT\&SEARCH (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{7B9F8C21-46EC-4C0B-8683-E755EF84577A} (Adware.MyWebSearch) -> Value: {7B9F8C21-46EC-4C0B-8683-E755EF84577A} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{3462C343-BE19-4143-AF70-CEFB56F46FC6} (Adware.MyWebSearch) -> Value: {3462C343-BE19-4143-AF70-CEFB56F46FC6} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{3462C343-BE19-4143-AF70-CEFB56F46FC6} (Adware.MyWebSearch) -> Value: {3462C343-BE19-4143-AF70-CEFB56F46FC6} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{7b9f8c21-46ec-4c0b-8683-e755ef84577a} (Adware.MyWebSearch) -> Value: {7b9f8c21-46ec-4c0b-8683-e755ef84577a} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\don't load\scui.cpl (Hijack.SecurityCenter) -> Value: scui.cpl -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Search\(default) (Adware.MyWebSearch) -> Value: (default) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowControlPanel (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowRun (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDesktop (PUM.Hidden.Desktop) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\Liz\local settings\Temp\dealiotoolbarinstall.exe (PUP.Dealio.TB) -> Not selected for removal.
c:\system volume information\_restore{106cf321-99a3-4e3a-9103-1bd027606a99}\RP2261\A0226078.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\system volume information\_restore{106cf321-99a3-4e3a-9103-1bd027606a99}\RP2261\A0226084.exe (Adware.TryMedia) -> Quarantined and deleted successfully.

descriptionMS Removal Tool Help EmptyRe: MS Removal Tool Help

more_horiz
Hi there draysmith11 and welcome to GeekPolice!

I am Gabethebabe and I will be helping you with this issue. Before we start some general remarks/rules:
  • Whilst I´m helping you, please follow my instructions carefully and do not experiment on your own or accept help from other persons.
  • Feel free to ask questions! Especially if my instructions are not clear. I´m here to help, not confuse you.
  • I will try and respond quickly, but please understand I do have a real life (job, wife, 3 kids, kinky hobbies).
  • Stick with me till the end. If your computer starts running better, doesn´t mean it is clean yet!

====================

Time to use ComboFix by sUBs, a powerful tool that you are advised not to run without supervision of a trained malware helper. Please visit this webpage and read the tutorial on using ComboFix very carefully. After that download the tool and save it to your desktop.

Doubleclick ComboFix.exe to run the tool. Please post its log back here.

descriptionMS Removal Tool Help EmptyMS Removal Tool Help

more_horiz
Hello Gabethebabe,
Thank you for the response and help I will do the things you have asked and then repost the findings, again thank you so much.

I have started the download of Combofix and a warning tab popped up which says combo fix has detected a security scanner which must be diabled so it will not cause interference with the program, and to click ok after the AVG Free was disabled, however I uninstalled AVG many months ago, or so I thought, because I have Mcaffe now. It doesn't show up on the add/remove programs files. I just want to know where to go from here so I don't mess anything up more than it already is. Again thank you for your time and help. the download screens where no on point with the bleepingcomputer.com breakdown, but it did have the save tab, maybe due to the Mozilla downloading it? Im just saying so you see what I see if it helps or not.

descriptionMS Removal Tool Help EmptyRe: MS Removal Tool Help

more_horiz
This is a known problem of AVG. It uninstalls terribly.

We´ll try something else then.

Please download OTL by OldTimer from here and save it to your desktop.
  • Close all windows and double click OTL.exe.
  • The Extra Registry setting should be Use Safelist
  • Copy and paste the following text into the Custom Scans/Fixes box:

Code:

%APPDATA%\Microsoft\*.*
%systemroot%\system32\config\systemprofile\*.dat /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\winn32\*.*
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%PROGRAMFILES%\Mozilla Firefox\*.exe
%ProgramFiles%\TinyProxy.
%systemroot%\system32\*.* /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.* /lockedfiles
%PROGRAMFILES%\*.
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
/md5start
netlogon.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
disk.sys
explorer.exe
userinit.exe
winlogon.exe
/md5stop
CREATERESTOREPOINT
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs

  • Click the Run Scan button and allow it to run.
  • It will produce two logs for you, OTL.txt and Extras.txt. Please post both logs in this thread.
  • You may need multiple posts to get it all.

====================

Please download aswMBR by Alwil Software from here and save it to your desktop.

  • Double click aswMBR.exe to run the tool
  • Click the Scan button to start the scan
  • Don´t panic if you see any **Rootkit** entries. The tool sometimes produces false alarms
  • Once the scan finishes click Save log to save the log to your desktop
  • Copy and paste the contents of this log (aswMBR.txt) into your next reply.

descriptionMS Removal Tool Help EmptyRe: MS Removal Tool Help

more_horiz
Hello again,
Thank you for being patient with me, I downloaded OTL, and as I ran the scan it stopped responding at scanning Firefox( or Mozilla) settings. I downloaded the Avast virus protection and did the scan and it completed but I cant figure out how to copy the log from the scan.
The below is the status section of all logs files that came up. Hopefully it helps Thanks for the time and help again.
Threat:WMA:Wimad [Drp]
Threat:WMA:Wimad [Drp]
Threat:INF AutoRun-gen3@bhv [Wrm]
Threat:Win32:Malware-gen
Threat:Win32:Malware-gen
Threat:Win32:Malware-gen
Threat:JS:Pdfka-gen [Expl]
Threat:Win32:Patched-TI [Trj]
Threat:Win32:Patched-TI [Trj]
Threat:Win32:Patched-TI [Trj]
Threat:Win32:Patched-TI [Trj]
Threat:Win32:Small-NTF [Trj]

descriptionMS Removal Tool Help EmptyRe: MS Removal Tool Help

more_horiz
The OTL scan did not finish? That is the first time I see that happening Sad tearing

Try this then:

Please download DDS by sUBs from one of the locations below and save it to your desktop:
Download Mirror #1
Download Mirror #2
Download Mirror #3

Your antivirus software might protest. Tell it to allow the program. It is quite safe.
Scanning instructions:
  • Before scanning, make sure all other running programs are closed.
  • If possible, temporarily disable your antivirus.
  • Do not use your computer for anything else during the scan.
  • Double click on the DDS icon and allow it to run.
  • When finished it will open two text files: Attach.txt and DDS.txt
  • Please include the text of both logs in your next reply.
  • If you disabled your antivirus, re-enable it after the scan.

descriptionMS Removal Tool Help EmptyRe: MS Removal Tool Help

more_horiz
Hello Again here are the results that you asked for thanks again and hopefully it helps. I wasn't able to disable the avast anti-virus, probably because I'm not too great with computers. As I look over this I hope I didnt just copy and paste the same thing twice if so please let me know.

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23
Run by Liz at 11:00:38 on 2011-11-28
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.381 [GMT -8:00]
.
AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page =
uSearch Bar =
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant =
mWinlogon: Userinit=c:\windows\system32\userinit.exe,wulmwgb.exe,
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: {82ddb4f8-716f-72c8-4101-28f07bbe3de5} - c:\windows\system32\get.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo layers client\YontooIEClient.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [reywn] c:\windows\system32\vpnemb.exe reg_run
uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1
uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [vhrvmy] c:\windows\system32\vpnemb.exe reg_run
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe"
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Anti-phishing Domain Advisor] "c:\documents and settings\all users\application data\anti-phishing domain advisor\visicom_antiphishing.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
dRun: [swg] c:\program files\google\googletoolbarnotifier\1.0.720.3640\GoogleToolbarNotifier.exe
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\liz\startm~1\programs\startup\imvu.lnk - c:\documents and settings\liz\application data\imvuclient\IMVUQualityAgent.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\liz\start menu\programs\imvu\Run IMVU.lnk
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} - hxxp://www.worldwinner.com/games/v47/scrabblecubes/scrabblecubes.cab
DPF: {038E2507-7A48-41E2-94AD-7F23D199AF4E} - hxxp://www.worldwinner.com/games/v54/zengems/zengems.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab
DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} - hxxp://gsn.worldwinner.com/games/v47/shared/FunGamesLoader.cab
DPF: {1D082E71-DF20-4AAF-863B-596428C49874} - hxxp://www.worldwinner.com/games/v50/tpir/tpir.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {2C153C75-8476-434B-B3C3-57B63A3D1939} - hxxp://www.worldwinner.com/games/v48/brickout/brickout.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} - hxxp://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photos.walmart.com/WalmartActivia.cab
DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} - hxxp://www.worldwinner.com/games/v63/bjattack/bja.cab
DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} - hxxp://www.worldwinner.com/games/v46/bejeweled/bejeweled.cab
DPF: {61900274-3323-4446-BDCD-91548D32AF1B} - hxxp://www.worldwinner.com/games/v56/spidersolitaire/spidersolitaire.cab
DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} - hxxp://www.worldwinner.com/games/v41/freecell/freecell.cab
DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - hxxp://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {94299420-321F-4FF9-A247-62A23EBB640B} - hxxp://www.worldwinner.com/games/v46/wordmojo/wordmojo.cab
DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} - hxxp://www.worldwinner.com/games/v57/wof/wof.cab
DPF: {A91FB93D-7561-4524-8484-5C27C8FA8D42} - hxxp://www.worldwinner.com/games/v49/luxor/luxor.cab
DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} - hxxp://www.worldwinner.com/games/v67/swapit/swapit.cab
DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} - hxxp://www.worldwinner.com/games/v41/hangman/hangman.cab
DPF: {BA94245D-2AA0-4953-9D9F-B0EE4CC02C43} - hxxp://www.worldwinner.com/games/v42/tilecity/tilecity.cab
DPF: {C5326A4D-E9AA-40AD-A09A-E74304D86B47} - hxxp://www.worldwinner.com/games/v50/dinerdash/dinerdash.cab
DPF: {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} - hxxp://www.worldwinner.com/games/v43/paint/paint.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} - hxxp://www.worldwinner.com/games/v47/familyfeud/familyfeud.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://www.popcap.com/games/popcaploader_v6.cab
DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} - hxxp://www.worldwinner.com/games/v53/wwspades/wwspades.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{892900FC-9814-4488-99C0-81491C1EE93D} : DhcpNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
TCP: Interfaces\{8EE6A457-418A-46FE-A437-0CD9467D2767} : DhcpNameServer = 192.168.1.1
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, IdbuwjiLmodq.dll
.
================= FIREFOX ===================
.
FF - ProfilePath -
.
============= SERVICES / DRIVERS ===============
.
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-11-25 320856]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-11-25 20568]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-11-25 44768]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-11-20 366152]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-11-20 22216]
S0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys --> c:\windows\system32\drivers\mfehidk.sys [?]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-11-25 442200]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-29 136176]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-7-4 148520]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-5-29 136176]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 SCR131C;SCRx31 Serial Smart Card Reader;c:\windows\system32\drivers\SCR131C.sys [2002-11-7 181875]
S3 SCR33X USB Smart Card Reader;SCR33X USB Smart Card Reader;c:\windows\system32\drivers\SCR33X2K.sys [2004-4-6 64088]
S3 XIRLINK;Veo PC Camera;c:\windows\system32\drivers\ucdnt.sys [2006-12-30 899884]
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
.
============= FINISH: 11:01:46.45 ===============





.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 6/11/2006 5:20:13 PM
System Uptime: 11/20/2011 2:47:14 PM (189 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | Onyx2
Processor: Intel(R) Celeron(R) M processor 1.70GHz | CPU 1 | 1697/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 224 GiB total, 152.716 GiB free.
D: is FIXED (FAT32) - 8 GiB total, 0.421 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP2178: 8/28/2011 7:36:31 AM - System Checkpoint
RP2179: 8/29/2011 7:40:48 AM - System Checkpoint
RP2180: 8/30/2011 8:40:53 AM - System Checkpoint
RP2181: 8/31/2011 9:40:47 AM - System Checkpoint
RP2182: 9/1/2011 10:40:16 AM - System Checkpoint
RP2183: 9/2/2011 11:40:14 AM - System Checkpoint
RP2184: 9/3/2011 12:38:20 PM - System Checkpoint
RP2185: 9/4/2011 12:41:17 PM - System Checkpoint
RP2186: 9/5/2011 1:40:11 PM - System Checkpoint
RP2187: 9/6/2011 2:40:10 PM - System Checkpoint
RP2188: 9/7/2011 4:43:23 PM - System Checkpoint
RP2189: 9/9/2011 2:10:18 AM - System Checkpoint
RP2190: 9/10/2011 2:18:03 AM - System Checkpoint
RP2191: 9/11/2011 3:03:43 AM - System Checkpoint
RP2192: 9/12/2011 4:03:47 AM - System Checkpoint
RP2193: 9/13/2011 5:03:44 AM - System Checkpoint
RP2194: 9/14/2011 6:03:41 AM - System Checkpoint
RP2195: 9/15/2011 7:04:46 AM - System Checkpoint
RP2196: 9/16/2011 8:03:38 AM - System Checkpoint
RP2197: 9/17/2011 8:37:07 AM - System Checkpoint
RP2198: 9/17/2011 10:06:57 AM - Removed Skype™ 5.0
RP2199: 9/18/2011 11:52:08 AM - System Checkpoint
RP2200: 9/19/2011 12:00:36 PM - System Checkpoint
RP2201: 9/20/2011 12:07:06 PM - System Checkpoint
RP2202: 9/21/2011 1:00:33 PM - System Checkpoint
RP2203: 9/22/2011 2:00:32 PM - System Checkpoint
RP2204: 9/23/2011 3:00:31 PM - System Checkpoint
RP2205: 9/24/2011 3:01:36 PM - System Checkpoint
RP2206: 9/25/2011 4:18:07 PM - System Checkpoint
RP2207: 9/26/2011 5:04:33 PM - System Checkpoint
RP2208: 9/27/2011 6:00:28 PM - System Checkpoint
RP2209: 9/28/2011 6:24:15 PM - System Checkpoint
RP2210: 9/29/2011 7:00:26 PM - System Checkpoint
RP2211: 9/30/2011 7:17:12 PM - System Checkpoint
RP2212: 10/1/2011 10:34:14 PM - System Checkpoint
RP2213: 10/2/2011 11:00:25 PM - System Checkpoint
RP2214: 10/4/2011 12:00:22 AM - System Checkpoint
RP2215: 10/5/2011 1:00:21 AM - System Checkpoint
RP2216: 10/6/2011 2:00:21 AM - System Checkpoint
RP2217: 10/7/2011 3:00:20 AM - System Checkpoint
RP2218: 10/8/2011 4:00:19 AM - System Checkpoint
RP2219: 10/9/2011 5:00:18 AM - System Checkpoint
RP2220: 10/10/2011 5:04:47 AM - System Checkpoint
RP2221: 10/11/2011 6:04:49 AM - System Checkpoint
RP2222: 10/12/2011 7:04:45 AM - System Checkpoint
RP2223: 10/13/2011 8:11:50 AM - System Checkpoint
RP2224: 10/14/2011 9:04:43 AM - System Checkpoint
RP2225: 10/15/2011 9:25:21 AM - System Checkpoint
RP2226: 10/16/2011 10:04:46 AM - System Checkpoint
RP2227: 10/17/2011 11:04:44 AM - System Checkpoint
RP2228: 10/18/2011 12:04:40 PM - System Checkpoint
RP2229: 10/19/2011 1:04:39 PM - System Checkpoint
RP2230: 10/20/2011 2:04:42 PM - System Checkpoint
RP2231: 10/21/2011 3:04:37 PM - System Checkpoint
RP2232: 10/22/2011 3:05:42 PM - System Checkpoint
RP2233: 10/23/2011 4:04:37 PM - System Checkpoint
RP2234: 10/24/2011 4:24:02 PM - System Checkpoint
RP2235: 10/25/2011 5:04:33 PM - System Checkpoint
RP2236: 10/26/2011 5:08:38 PM - System Checkpoint
RP2237: 10/27/2011 6:04:32 PM - System Checkpoint
RP2238: 10/28/2011 7:04:30 PM - System Checkpoint
RP2239: 10/29/2011 8:04:29 PM - System Checkpoint
RP2240: 10/30/2011 9:09:58 PM - System Checkpoint
RP2241: 10/31/2011 9:14:09 PM - System Checkpoint
RP2242: 11/1/2011 10:04:26 PM - System Checkpoint
RP2243: 11/2/2011 11:04:25 PM - System Checkpoint
RP2244: 11/4/2011 12:04:24 AM - System Checkpoint
RP2245: 11/5/2011 1:04:23 AM - System Checkpoint
RP2246: 11/5/2011 1:53:23 PM - Installed Java(TM) 6 Update 23
RP2247: 11/6/2011 1:04:23 PM - System Checkpoint
RP2248: 11/7/2011 1:05:26 PM - System Checkpoint
RP2249: 11/7/2011 3:03:15 PM - Removed Driver Medic.
RP2250: 11/8/2011 3:08:41 PM - System Checkpoint
RP2251: 11/9/2011 3:27:15 PM - System Checkpoint
RP2252: 11/10/2011 4:04:18 PM - System Checkpoint
RP2253: 11/11/2011 5:04:17 PM - System Checkpoint
RP2254: 11/12/2011 6:04:16 PM - System Checkpoint
RP2255: 11/13/2011 7:04:15 PM - System Checkpoint
RP2256: 11/14/2011 9:14:14 PM - System Checkpoint
RP2257: 11/15/2011 10:38:07 PM - System Checkpoint
RP2258: 11/16/2011 11:04:16 PM - System Checkpoint
RP2259: 11/18/2011 12:07:10 AM - System Checkpoint
RP2260: 11/19/2011 1:04:11 AM - System Checkpoint
RP2261: 11/20/2011 1:14:27 AM - System Checkpoint
RP2262: 11/20/2011 2:45:33 PM - Removed Microsoft Office Professional Plus 2007
RP2263: 11/20/2011 2:48:30 PM - Restore Operation
RP2264: 11/21/2011 2:51:53 PM - System Checkpoint
RP2265: 11/22/2011 3:51:51 PM - System Checkpoint
RP2266: 11/23/2011 3:52:10 PM - System Checkpoint
RP2267: 11/24/2011 4:51:48 PM - System Checkpoint
RP2268: 11/25/2011 5:05:08 PM - avast! Free Antivirus Setup
.
==== Installed Programs ======================
.
2570
2570_Help
2570Trb
Acrobat.com
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.6
Adobe® Photoshop® Album Starter Edition 3.2
Agere Systems PCI-SV92PP Soft Modem
AiO_Scan
AiO_Scan_CDA
AiOSoftware
AiOSoftwareNPI
American Greetings Scrapbooks and More!
Anti-phishing Domain Advisor
Apple Application Support
Apple Mobile Device Support
Apple Software Update
avast! Free Antivirus
BufferChm
CameraDrivers
CardRd81
CCScore
Coupon Printer for Windows
CP_AtenaShokunin1Config
CP_CalendarTemplates1
cp_LightScribeConfig
cp_OnlineProjectsConfig
CP_Package_Basic1
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CP_Panorama1Config
cp_PosterPrintConfig
cp_UpdateProjectsConfig
CR2
CueTour
CustomerResearchQFolder
Data Fax SoftModem with SmartCP
Destinations
DocProc
DocumentViewer
DocumentViewerQFolder
ebgcInfra
ebgcRes
ebgcSDK
ESSBrwr
ESSCDBK
ESScore
ESSCT
ESSgui
ESShelp
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
ESSTUTOR
ESSvpaht
ESSvpot
Fax
Fax_CDA
Free Realms
FullDPAppQFolder
GdiplusUpgrade
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
High Definition Audio Driver Package - KB888111
HLPIndex
HLPPDOCK
HLPRFO
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 10 (KB910393)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Boot Optimizer
HP Deskjet Printer Preload
HP DigitalMedia Archive
HP Document Viewer 5.3
HP DVD Play 1.0
HP Extended Capabilities 5.3
HP Game Console and games
HP Imaging Device Functions 6.0
HP Multimedia Keyboard Software
HP Photosmart 330,380,420,470,7800,8000,8200 Series
HP Photosmart Cameras 5.0
HP Photosmart for Media Center PC
HP Photosmart Premier Software 6.0
HP PSC & OfficeJet 5.3.A
HP PSC & OfficeJet 5.3.B
HP Software Update
HP Solution Center & Imaging Support Tools 5.3
HPProductAssistant
HpSdpAppCoreApp
InstantShareDevices
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections Drivers
InterVideo WinDVD Player
iTunes
J2SE Runtime Environment 5.0 Update 5
J2SE Runtime Environment 5.0 Update 6
Java Auto Updater
Java(TM) 6 Update 23
Kodak EasyShare software
KSU
LightScribe 1.4.62.1
Malwarebytes' Anti-Malware version 1.51.2.1300
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Away Mode
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2004
Microsoft Money 2004 System Pack
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Web Publishing Wizard 1.52
Microsoft Works
Mozilla Firefox (3.6.24)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB954459)
My HP Games
NewCopy
NewCopy_CDA
Notifier
OptionalContentQFolder
OTtBP
OTtBPSDK
PanoStandAlone
PhotoGallery
ProductContextNPI
PSPrinters08
PSTAPlugin
QuickTime
RandMap
Readme
Realtek High Definition Audio Driver
Roblox for Liz
Roxio Media Manager
Scan
ScannerCopy
SCR531 Smartcard Reader
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SFR
SHASTA
Shockwave
SKIN0001
SkinsHP1
SKINXSDK
SolutionCenter
Sonic Express Labeler
Sonic MyDVD Plus
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Sonic_PrimoSDK
Spelling Dictionaries Support For Adobe Reader 9
Status
SUPERAntiSpyware
Symantec Network Drivers Update
The Print Shop 20
TrayApp
Unity Web Player
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
Updates from HP (remove only)
VPRINTOL
WebFldrs XP
WebReg
Windows Defender Signatures
Windows Genuine Advantage Notifications (KB905474)
Windows Imaging Component
Windows Internet Explorer 8
Windows Live ID Sign-in Assistant
Windows Media Format 11 runtime
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB908250
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
WIRELESS
Yahoo! Toolbar
Yontoo Layers Client 1.10.01
.
==== Event Viewer Messages From Past Week ========
.
11/22/2011 8:52:32 PM, error: Print [6161] - The document A guide and tutorial on using ComboFix owned by Liz failed to print on printer HP Photosmart 2570 series. Data type: NT EMF 1.008. Size of the spool file in bytes: 0. Number of bytes printed: 0. Total number of pages in the document: 0. Number of pages printed: 0. Client machine: \\YOUR-4DACD0EA75. Win32 error code returned by the print processor: 259 (0x103).
.
==== End Of File ===========================

descriptionMS Removal Tool Help EmptyRe: MS Removal Tool Help

more_horiz
  • Please run OTL.exe again
  • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

Code:

:files
c:\windows\system32\vpnemb.exe

:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

:commands
[reboot]

  • CAREFUL NOW! You must click the Run Fix button, NOT the Run Scan!
  • If it asks to reboot the computer, please allow that.
  • Finally, post the contents of the log. (Located at C:\_OTL\Moved Files)

====================

Please download SystemLook by jpshortstuff from one of the locations below and save it to your desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook.exe to run it.
  • Copy the following text into the main textfield:

:filefind
wulmwgb.exe

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop (SystemLook.txt.)

descriptionMS Removal Tool Help EmptyRe: MS Removal Tool Help

more_horiz
========== FILES ==========
File\Folder c:\windows\system32\vpnemb.exe not found.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\"Userinit"|"C:\\WINDOWS\\system32\\userinit.exe," /E : value set successfully!
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.31.0 log created on 11292011_061756


SystemLook 30.07.11 by jpshortstuff
Log created at 06:23 on 29/11/2011 by Liz
Administrator - Elevation successful

========== filefind ==========

Searching for "wulmwgb.exe"
No files found.

-= EOF =-

descriptionMS Removal Tool Help EmptyRe: MS Removal Tool Help

more_horiz
if you restart now, do you get the original OTL scan to work?

descriptionMS Removal Tool Help EmptyRe: MS Removal Tool Help

more_horiz
OTL logfile created on: 11/30/2011 6:56:24 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Liz\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1015.30 Mb Total Physical Memory | 494.73 Mb Available Physical Memory | 48.73% Memory free
2.38 Gb Paging File | 2.04 Gb Available in Paging File | 85.40% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 224.43 Gb Total Space | 152.88 Gb Free Space | 68.12% Space Free | Partition Type: NTFS
Drive D: | 8.43 Gb Total Space | 0.42 Gb Free Space | 4.99% Space Free | Partition Type: FAT32

Computer Name: YOUR-4DACD0EA75 | User Name: Liz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/25 11:10:06 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Liz\Desktop\OTL.exe
PRC - [2011/09/06 13:45:30 | 003,722,416 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/09/06 13:45:28 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/08/11 15:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/07/05 08:04:34 | 000,217,256 | -H-- | M] (Visicom Media Inc. (Powered by Panda Security)) -- C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe
PRC - [2011/04/27 12:51:38 | 000,200,152 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing-tray.exe
PRC - [2008/04/13 16:12:19 | 001,033,728 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/03/09 10:09:58 | 000,063,712 | -H-- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
PRC - [2005/08/02 16:19:16 | 000,058,880 | -H-- | M] (Microsoft) -- C:\WINDOWS\arservice.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/30 00:16:37 | 001,643,008 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\11113000\algo.dll
MOD - [2011/11/29 07:40:55 | 000,241,528 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\11113000\aswRep.dll
MOD - [2011/04/27 12:51:38 | 000,200,152 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing-tray.exe
MOD - [2011/02/04 17:48:30 | 000,291,840 | -H-- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2010/02/05 10:27:45 | 001,291,776 | -H-- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2009/11/03 15:51:42 | 000,067,872 | -H-- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2008/04/13 16:11:59 | 000,014,336 | -H-- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 16:11:51 | 000,059,904 | -H-- | M] () -- C:\WINDOWS\system32\devenum.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/09/06 13:45:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/08/11 15:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/03/13 10:45:14 | 000,148,520 | -H-- | M] (McAfee, Inc.) [Unknown | Stopped] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)
SRV - [2005/08/02 16:19:16 | 000,058,880 | -H-- | M] (Microsoft) [Auto | Running] -- C:\WINDOWS\arservice.exe -- (ARSVC)
SRV - [2005/04/05 10:17:22 | 000,206,552 | -H-- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2005/03/30 15:46:56 | 000,411,920 | -H-- | M] (Eastman Kodak Company) [On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\KodakCCS.exe -- (KodakCCS)
SRV - [2004/09/29 11:14:36 | 000,069,632 | -H-- | M] (HP) [Boot | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2011/09/06 13:38:05 | 000,442,200 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/09/06 13:37:53 | 000,320,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/09/06 13:36:38 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/09/06 13:36:36 | 000,052,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/09/06 13:36:23 | 000,110,552 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/09/06 13:36:12 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/09/06 13:33:11 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/07/22 08:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 13:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/09/27 23:07:04 | 000,049,904 | RH-- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2006/01/31 13:35:34 | 000,123,248 | -H-- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2005/12/12 08:27:00 | 000,019,072 | -H-- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2005/12/06 03:20:50 | 000,241,664 | -H-- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2005/12/06 03:20:40 | 000,936,448 | -H-- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSX_DP.sys -- (HSX_DP)
DRV - [2005/10/20 08:01:56 | 001,095,009 | -H-- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/10/18 05:15:42 | 004,034,048 | -H-- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005/06/29 09:03:18 | 000,175,104 | -H-- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ftsata2.sys -- (ftsata2)
DRV - [2005/06/16 13:41:02 | 000,037,150 | -H-- | M] (Eastman Kodak Company) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\DcCam.sys -- (DcCam)
DRV - [2005/04/05 10:17:02 | 000,267,192 | -H-- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2005/04/05 10:17:00 | 000,017,976 | -H-- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2005/04/05 10:16:58 | 000,036,984 | -H-- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS -- (SYMIDS)
DRV - [2005/04/05 10:16:56 | 000,047,192 | -H-- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS -- (SYMNDIS)
DRV - [2005/04/05 10:16:54 | 000,173,208 | -H-- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMFW.SYS -- (SYMFW)
DRV - [2005/04/05 10:16:52 | 000,011,512 | -H-- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV - [2005/03/31 07:00:08 | 000,152,081 | -H-- | M] (Eastman Kodak Company) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ExportIt.sys -- (Exportit)
DRV - [2005/03/31 06:47:56 | 000,070,262 | -H-- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcPtp.sys -- (DcPTP)
DRV - [2005/03/31 06:47:50 | 000,008,022 | -H-- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcLps.sys -- (DcLps)
DRV - [2005/03/31 06:47:48 | 000,038,673 | -H-- | M] (Eastman Kodak Company) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\DCFS2k.sys -- (DCFS2K)
DRV - [2005/03/31 06:47:42 | 000,061,564 | -H-- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcFpoint.sys -- (DcFpoint)
DRV - [2005/01/07 17:07:16 | 000,145,920 | -H-- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2004/09/29 12:36:29 | 000,015,360 | RH-- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NetMotCM.sys -- (ndiscm)
DRV - [2004/08/03 06:31:34 | 000,020,992 | -H-- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/04/06 03:24:00 | 000,064,088 | -H-- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SCR33X2K.sys -- (SCR33X USB Smart Card Reader)
DRV - [2003/11/04 23:45:12 | 000,017,408 | -H-- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\bb-run.sys -- (bb-run)
DRV - [2002/11/07 03:04:00 | 000,181,875 | -H-- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SCR131C.sys -- (SCR131C)
DRV - [2002/03/12 05:50:50 | 000,899,884 | RH-- | M] (Xirlink, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ucdnt.sys -- (XIRLINK)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaultthis.engineName: "OurWorld.com Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "Bing"
FF - prefs.js..browser.search.order.1: "Bing"
FF - prefs.js..browser.search.order.2: ""
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=524517"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-msgr"
FF - prefs.js..browser.search.selectedEngine: "Search"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/?fr=fptb-msgr"
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.2.20080910
FF - prefs.js..extensions.enabledItems: 2pffxtbr@CouponAlert_2p.com:1.1
FF - prefs.js..extensions.enabledItems: toolbar@shopathome.com:6.0.3.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..keyword.URL: "http://www.wicso.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=ckC97PN8&q="

FF - user.js..browser.search.selectedEngine: "Search"
FF - user.js..keyword.URL: "http://www.wicso.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=ckC97PN8&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/npracplug;version=1.0.0.0: C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll (RealNetworks)
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Documents and Settings\Liz\Application Data\Mozilla\Firefox\Profiles\ba3m2qj2.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer: C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\Liz\Application Data\Facebook\npfbplugin_1_0_3.dll File not found
FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Documents and Settings\Liz\Local Settings\Application Data\RobloxVersions\version-f23119393382428e\\NPRobloxProxy.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\Documents and Settings\All Users\Application Data\Mozilla\Firefox Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2007/12/20 18:45:42 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/11/25 17:05:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/13 19:10:37 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/08 18:43:59 | 000,000,000 | -H-D | M]

[2011/01/17 16:57:35 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Liz\Application Data\Mozilla\Extensions
[2011/01/17 16:57:35 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Liz\Application Data\Mozilla\Extensions\IMVUClientXUL@imvu.com
[2011/11/21 19:41:12 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Liz\Application Data\Mozilla\Firefox\Profiles\ba3m2qj2.default\extensions
[2010/06/03 12:01:19 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Liz\Application Data\Mozilla\Firefox\Profiles\ba3m2qj2.default\extensions\{00b58d20-c62a-4aea-8eb0-7c92a87b9c4b}
[2011/06/17 13:26:45 | 000,000,000 | -H-D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Liz\Application Data\Mozilla\Firefox\Profiles\ba3m2qj2.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/06/16 19:04:02 | 000,000,000 | -H-D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Liz\Application Data\Mozilla\Firefox\Profiles\ba3m2qj2.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/11/19 16:55:40 | 000,000,000 | -H-D | M] (CouponAlert) -- C:\Documents and Settings\Liz\Application Data\Mozilla\Firefox\Profiles\ba3m2qj2.default\extensions\2pffxtbr@CouponAlert_2p.com
[2011/11/05 13:10:39 | 000,000,000 | -H-D | M] (ShopAtHome.com Toolbar) -- C:\Documents and Settings\Liz\Application Data\Mozilla\Firefox\Profiles\ba3m2qj2.default\extensions\toolbar@shopathome.com
[2011/07/03 14:53:11 | 000,002,574 | -H-- | M] () -- C:\Documents and Settings\Liz\Application Data\Mozilla\Firefox\Profiles\ba3m2qj2.default\searchplugins\askcom.xml
[2011/09/16 14:47:03 | 000,001,945 | -H-- | M] () -- C:\Documents and Settings\Liz\Application Data\Mozilla\Firefox\Profiles\ba3m2qj2.default\searchplugins\bing-zugo.xml
[2010/02/15 10:54:09 | 000,002,186 | -H-- | M] () -- C:\Documents and Settings\Liz\Application Data\Mozilla\Firefox\Profiles\ba3m2qj2.default\searchplugins\bing.xml
[2011/05/18 15:24:52 | 000,000,927 | -H-- | M] () -- C:\Documents and Settings\Liz\Application Data\Mozilla\Firefox\Profiles\ba3m2qj2.default\searchplugins\conduit.xml
[2011/03/04 17:09:52 | 000,002,197 | -H-- | M] () -- C:\Documents and Settings\Liz\Application Data\Mozilla\Firefox\Profiles\ba3m2qj2.default\searchplugins\google-search.xml
[2010/06/12 10:24:49 | 000,009,985 | -H-- | M] () -- C:\Documents and Settings\Liz\Application Data\Mozilla\Firefox\Profiles\ba3m2qj2.default\searchplugins\mywebsearch.xml
[2011/11/21 19:41:12 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2008/04/17 16:15:13 | 000,000,000 | -H-D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/11/05 12:53:51 | 000,000,000 | -H-D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/11/05 12:53:31 | 000,000,000 | -H-D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2009/09/04 02:00:29 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/11/07 15:58:44 | 000,466,944 | -H-- | M] (Catalina Marketing Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol400.dll
[2011/03/18 10:32:12 | 000,091,552 | -H-- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/11/05 12:53:31 | 000,472,808 | -H-- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/03/18 10:32:14 | 000,091,552 | -H-- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2011/03/04 17:09:52 | 000,002,197 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google-search.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.230.5 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U23 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPcol400.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
CHR - plugin: Roblox Launcher Plugin (Enabled) = C:\Documents and Settings\Liz\Local Settings\Application Data\RobloxVersions\version-f23119393382428e\\NPRobloxProxy.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: RealArcade Mozilla Plugin (Enabled) = C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
CHR - plugin: Unity Player (Enabled) = C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: avast! WebRep = C:\Documents and Settings\Liz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1289_0\

O1 HOSTS File: ([2004/08/09 20:00:00 | 000,000,734 | -H-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Reg Error: Value error.) - {82DDB4F8-716F-72C8-4101-28F07BBE3DE5} - C:\WINDOWS\system32\get.dll File not found
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Client\YontooIEClient.dll (Yontoo Technology, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Anti-phishing Domain Advisor] C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe (Visicom Media Inc. (Powered by Panda Security))
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [vhrvmy] C:\WINDOWS\system32\vpnemb.exe reg_run File not found
O4 - HKCU..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe" File not found
O4 - HKCU..\Run: [reywn] C:\WINDOWS\system32\vpnemb.exe reg_run File not found
O4 - HKCU..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1 File not found
O4 - Startup: C:\Documents and Settings\Liz\Start Menu\Programs\Startup\IMVU.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Liz\Start Menu\Programs\IMVU\Run IMVU.lnk ()
O9 - Extra Button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: internet ([]about in Local intranet)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} http://www.worldwinner.com/games/v47/scrabblecubes/scrabblecubes.cab (ScrabbleCubes Control)
O16 - DPF: {038E2507-7A48-41E2-94AD-7F23D199AF4E} http://www.worldwinner.com/games/v54/zengems/zengems.cab (ZenGems Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} http://gsn.worldwinner.com/games/v47/shared/FunGamesLoader.cab (FunGamesLoader Object)
O16 - DPF: {1D082E71-DF20-4AAF-863B-596428C49874} http://www.worldwinner.com/games/v50/tpir/tpir.cab (TPIR Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {2C153C75-8476-434B-B3C3-57B63A3D1939} http://www.worldwinner.com/games/v48/brickout/brickout.cab (Brickout Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} http://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab (Disney Online Games ActiveX Control)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photos.walmart.com/WalmartActivia.cab (Snapfish Activia)
O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} http://www.worldwinner.com/games/v63/bjattack/bja.cab (BJA Control)
O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} http://www.worldwinner.com/games/v46/bejeweled/bejeweled.cab (Bejeweled Control)
O16 - DPF: {61900274-3323-4446-BDCD-91548D32AF1B} http://www.worldwinner.com/games/v56/spidersolitaire/spidersolitaire.cab (SpiderSolitaire Control)
O16 - DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} http://www.worldwinner.com/games/v41/freecell/freecell.cab (FreeCell Control)
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} http://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab (Reg Error: Key error.)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinner.com/games/shared/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} http://www.worldwinner.com/games/v46/wordmojo/wordmojo.cab (WordMojo Control)
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} http://www.worldwinner.com/games/v57/wof/wof.cab (WoF Control)
O16 - DPF: {A91FB93D-7561-4524-8484-5C27C8FA8D42} http://www.worldwinner.com/games/v49/luxor/luxor.cab (WwLuxor Control)
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} http://www.worldwinner.com/games/v67/swapit/swapit.cab (SwapIt Control)
O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} http://www.worldwinner.com/games/v41/hangman/hangman.cab (Hangman Control)
O16 - DPF: {BA94245D-2AA0-4953-9D9F-B0EE4CC02C43} http://www.worldwinner.com/games/v42/tilecity/tilecity.cab (Tilecity Control)
O16 - DPF: {C5326A4D-E9AA-40AD-A09A-E74304D86B47} http://www.worldwinner.com/games/v50/dinerdash/dinerdash.cab (DinerDash Control)
O16 - DPF: {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} http://www.worldwinner.com/games/v43/paint/paint.cab (Paint Control)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Java Plug-in 1.5.0_05)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} http://www.worldwinner.com/games/v47/familyfeud/familyfeud.cab (FamilyFeud Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.popcap.com/games/popcaploader_v6.cab (PopCapLoader Object)
O16 - DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} http://www.worldwinner.com/games/v53/wwspades/wwspades.cab (WWSpades Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{892900FC-9814-4488-99C0-81491C1EE93D}: DhcpNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8EE6A457-418A-46FE-A437-0CD9467D2767}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\avgrsstarter: DllName - (avgrsstx.dll) - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Liz\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Liz\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O29 - HKLM SecurityProviders - (IdbuwjiLmodq.dll) -C:\WINDOWS\System32\IdbuwjiLmodq.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/28 02:36:48 | 000,000,100 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 15:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 07:01:14 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{0649ecb4-d30e-11db-8529-0017310f5abf}\Shell - "" = AutoRun
O33 - MountPoints2\{0649ecb4-d30e-11db-8529-0017310f5abf}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0649ecb4-d30e-11db-8529-0017310f5abf}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RIuOM.EXe
O33 - MountPoints2\{2a36188f-1fa1-11dc-8533-0017310f5abf}\Shell\Auto\command - "" = J:\RavMonE.exe e
O33 - MountPoints2\{2a36188f-1fa1-11dc-8533-0017310f5abf}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2a36188f-1fa1-11dc-8533-0017310f5abf}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMonE.exe e
O33 - MountPoints2\{adb3ba60-e0c7-11dd-85a1-0014e8e025c7}\Shell - "" = AutoRun
O33 - MountPoints2\{adb3ba60-e0c7-11dd-85a1-0014e8e025c7}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{adb3ba60-e0c7-11dd-85a1-0014e8e025c7}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O33 - MountPoints2\{c3e5a746-f182-11de-85f5-0017310f5abf}\Shell - "" = AutoRun
O33 - MountPoints2\{c3e5a746-f182-11de-85f5-0017310f5abf}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c3e5a746-f182-11de-85f5-0017310f5abf}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL qaouGo.EXE
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\D\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (stera)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk - - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Forget Me Not.lnk - C:\Program Files\Broderbund\AG Scrapbooks\AGremind.exe - (Broderbund Properties LLC)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe - ()
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe - ()
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^owafs.exe - - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates From HP.lnk - C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe - (Hewlett-Packard)
MsConfig - StartUpReg: AlwaysReady Power Message APP - hkey= - key= - C:\WINDOWS\arpwrmsg.exe (Microsoft)
MsConfig - StartUpReg: Crwf - hkey= - key= - File not found
MsConfig - StartUpReg: ctfmon.exe - hkey= - key= - File not found
MsConfig - StartUpReg: DISCover - hkey= - key= - File not found
MsConfig - StartUpReg: DiscUpdateManager - hkey= - key= - File not found
MsConfig - StartUpReg: DMAScheduler - hkey= - key= - c:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe (Sonic Solutions)
MsConfig - StartUpReg: DropSpam Lifestyle - hkey= - key= - File not found
MsConfig - StartUpReg: DXM6Patch_981116 - hkey= - key= - C:\WINDOWS\p_981116.exe (Microsoft Corporation)
MsConfig - StartUpReg: ehTray - hkey= - key= - C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
MsConfig - StartUpReg: High Definition Audio Property Page Shortcut - hkey= - key= - File not found
MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.)
MsConfig - StartUpReg: HPBootOp - hkey= - key= - C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
MsConfig - StartUpReg: igfxhkcmd - hkey= - key= - File not found
MsConfig - StartUpReg: igfxpers - hkey= - key= - File not found
MsConfig - StartUpReg: iiqm - hkey= - key= - File not found
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
MsConfig - StartUpReg: My Web Search Bar - hkey= - key= - File not found
MsConfig - StartUpReg: MyWebSearch Email Plugin - hkey= - key= - File not found
MsConfig - StartUpReg: oe_drop_spam - hkey= - key= - File not found
MsConfig - StartUpReg: PCDrProfiler - hkey= - key= - File not found
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
MsConfig - StartUpReg: Recguard - hkey= - key= - C:\WINDOWS\SMINST\Recguard.exe ()
MsConfig - StartUpReg: Reminder - hkey= - key= - C:\Windows\Creator\Remind_XP.exe (SoftThinks)
MsConfig - StartUpReg: reywn - hkey= - key= - File not found
MsConfig - StartUpReg: Scbu - hkey= - key= - File not found
MsConfig - StartUpReg: SoundMan - hkey= - key= - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: Symantec NetDriver Monitor - hkey= - key= - C:\Program Files\SymNetDrv\SNDMon.exe (Symantec Corporation)
MsConfig - StartUpReg: TkBellExe - hkey= - key= - File not found
MsConfig - StartUpReg: vhrvmy - hkey= - key= - File not found
MsConfig - StartUpReg: webHancer Agent - hkey= - key= - File not found
MsConfig - StartUpReg: webHancer Survey Companion - hkey= - key= - File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

SafeBootMin: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: MCODS - Reg Error: Value error.
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: MCODS - Reg Error: Value error.
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PEVSystemStart - Service
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: procexp90.Sys - Driver
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 9.0
ActiveX: {1BC46932-21B2-4130-86E0-B4EB4F7A7A7B} - Microsoft .NET Framework 1.0 Hotfix (KB887998)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0.3
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {29E7D24F-BF30-45E7-8A40-AD27AFD8F5C6} - Microsoft .NET Framework 1.0 Hotfix (KB979904)
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0.3
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {407408d4-94ed-4d86-ab69-a7f649d112ee} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA851-CC51-11CF-AAFA-00AA00B6015C} - rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\wpie4x86.inf,PerUserStub
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {BDE0FA43-6952-4BA8-8C58-09AF690F88E1} - Microsoft .NET Framework 1.0 Hotfix (KB930494)
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Flash Player 8
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E8EA5BD6-D931-4001-ABF6-81BAA500360A} - Microsoft .NET Framework 1.0 Hotfix (KB953295)
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EA29D410-CE41-4953-A862-2DE706A1DAD7} - Microsoft .NET Framework 1.0 Service Pack 3
ActiveX: {FDC11A6F-17D1-48f9-9EA3-9051954BAA24} - .NET Framework
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: KB910393 - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\EasyCDBlock.inf,PerUserInstall

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.JDCT - jl_jdct.drv File not found
Drivers32: vidc.LEAD - C:\WINDOWS\System32\LCodcCMP.dll (LEAD Technologies, Inc.)
Drivers32: VIDC.XJPG - C:\WINDOWS\System32\CamFC.dll (Xirlink)
Drivers32: VIDC.YV12 - C:\WINDOWS\System32\xl_yv12.dll (Xirlink, Inc.)

descriptionMS Removal Tool Help EmptyRe: MS Removal Tool Help

more_horiz
CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/11/29 06:17:56 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/11/25 17:06:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
[2011/11/25 17:05:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2011/11/25 17:05:52 | 000,320,856 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/11/25 17:05:52 | 000,020,568 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/11/25 17:05:50 | 000,052,568 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/11/25 17:05:50 | 000,034,392 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/11/25 17:05:49 | 000,442,200 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/11/25 17:05:48 | 000,110,552 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/11/25 17:05:48 | 000,104,536 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/11/25 17:05:48 | 000,030,808 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/11/25 17:05:25 | 000,199,304 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/11/25 17:05:25 | 000,041,184 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/11/25 17:05:08 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/11/25 17:05:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/11/25 11:10:06 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Liz\Desktop\OTL.exe
[2011/11/22 21:11:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/11/22 21:11:00 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/11/22 21:01:34 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/22 21:01:28 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Liz\Start Menu\Programs\Administrative Tools
[2011/11/20 13:05:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Liz\Application Data\Malwarebytes
[2011/11/20 12:12:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/20 12:12:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/11/20 12:12:21 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/11/20 12:12:20 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/11/20 10:01:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/11/20 10:01:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/11/20 10:01:51 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/11/20 09:56:22 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2011/11/19 21:03:11 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Liz\Recent
[2011/11/19 17:05:44 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Liz\Start Menu\Programs\System Fix
[2011/11/18 21:28:51 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Local Settings
[2011/11/18 19:59:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Liz\Desktop\TMS
[2011/11/07 15:58:44 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Liz\Application Data\Catalina Marketing Corp
[2011/11/07 15:58:42 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Liz\Start Menu\Programs\Catalina Marketing Corp
[2011/11/05 12:54:05 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2011/11/05 12:53:49 | 000,472,808 | -H-- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/11/05 12:53:49 | 000,157,472 | -H-- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/11/05 12:53:49 | 000,145,184 | -H-- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/11/05 12:53:49 | 000,145,184 | -H-- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/11/05 12:53:49 | 000,073,728 | -H-- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2007/02/03 22:33:00 | 000,774,144 | -H-- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll
[42 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/30 15:00:25 | 000,000,886 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/30 10:27:15 | 000,000,882 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/30 08:59:09 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{D9FE9395-3A27-43D4-9673-54E7E4E77818}.job
[2011/11/30 06:54:33 | 000,001,158 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/30 06:52:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/25 17:51:05 | 000,001,802 | ---- | M] () -- C:\Documents and Settings\Liz\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/11/25 17:06:51 | 000,001,824 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2011/11/25 17:05:53 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/11/25 17:03:42 | 061,657,064 | ---- | M] () -- C:\Documents and Settings\Liz\Desktop\setup_av_free_cnet.exe
[2011/11/25 11:10:06 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Liz\Desktop\OTL.exe
[2011/11/23 23:38:01 | 000,000,284 | -H-- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/11/20 12:12:27 | 000,000,795 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/20 10:01:54 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/11/19 20:59:54 | 008,509,440 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2011/11/19 20:59:53 | 006,301,696 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2011/11/19 20:39:58 | 000,000,022 | -H-- | M] () -- C:\WINDOWS\kodakpcd.HP_Administrator.ini
[2011/11/19 17:08:47 | 000,446,812 | -H-- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/19 17:08:47 | 000,073,574 | -H-- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/11/19 17:08:18 | 000,000,448 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\epSmiWdo1fgPAc
[2011/11/19 17:05:45 | 000,000,288 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~epSmiWdo1fgPAc
[2011/11/19 17:05:45 | 000,000,216 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~epSmiWdo1fgPAcr
[2011/11/19 16:55:26 | 000,864,800 | -H-- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/11/19 00:39:38 | 000,013,824 | -H-- | M] () -- C:\WINDOWS\System32\IdbuwjiLmodq.dll
[2011/11/18 19:59:40 | 000,017,408 | -H-- | M] () -- C:\Documents and Settings\Liz\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/09 23:57:41 | 000,010,504 | -H-- | M] () -- C:\Documents and Settings\Liz\Application Data\wklnhst.dat
[2011/11/09 23:57:35 | 000,022,016 | ---- | M] () -- C:\Documents and Settings\Liz\My Documents\MID TERM ESSAY.wps
[2011/11/05 20:34:24 | 000,546,000 | ---- | M] () -- C:\Documents and Settings\Liz\My Documents\SSPX9999.jpg
[2011/11/05 12:53:30 | 000,472,808 | -H-- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/11/05 12:53:30 | 000,157,472 | -H-- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/11/05 12:53:30 | 000,145,184 | -H-- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/11/05 12:53:30 | 000,145,184 | -H-- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/11/05 12:53:30 | 000,073,728 | -H-- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/11/04 14:37:46 | 000,016,896 | ---- | M] () -- C:\Documents and Settings\Liz\My Documents\Exxon.wps
[2011/11/04 12:32:59 | 000,016,384 | ---- | M] () -- C:\Documents and Settings\Liz\My Documents\Rules.wps
[42 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/25 17:06:51 | 000,001,824 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2011/11/25 17:06:51 | 000,001,802 | ---- | C] () -- C:\Documents and Settings\Liz\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/11/25 17:05:53 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/11/25 17:03:11 | 061,657,064 | ---- | C] () -- C:\Documents and Settings\Liz\Desktop\setup_av_free_cnet.exe
[2011/11/20 12:12:27 | 000,000,795 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/20 10:01:54 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/11/19 20:39:58 | 000,000,022 | -H-- | C] () -- C:\WINDOWS\kodakpcd.HP_Administrator.ini
[2011/11/19 17:05:45 | 000,000,288 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~epSmiWdo1fgPAc
[2011/11/19 17:05:45 | 000,000,216 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~epSmiWdo1fgPAcr
[2011/11/19 17:05:36 | 000,000,448 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\epSmiWdo1fgPAc
[2011/11/19 00:39:38 | 000,013,824 | -H-- | C] () -- C:\WINDOWS\System32\IdbuwjiLmodq.dll
[2011/11/09 14:32:28 | 000,022,016 | ---- | C] () -- C:\Documents and Settings\Liz\My Documents\MID TERM ESSAY.wps
[2011/11/07 19:35:20 | 000,546,000 | ---- | C] () -- C:\Documents and Settings\Liz\My Documents\SSPX9999.jpg
[2011/11/07 19:26:22 | 002,215,914 | ---- | C] () -- C:\Documents and Settings\Liz\My Documents\100_0061.JPG
[2011/11/04 12:49:29 | 000,016,896 | ---- | C] () -- C:\Documents and Settings\Liz\My Documents\Exxon.wps
[2011/11/04 12:32:59 | 000,016,384 | ---- | C] () -- C:\Documents and Settings\Liz\My Documents\Rules.wps
[2011/08/01 17:32:32 | 000,001,129 | -H-- | C] () -- C:\WINDOWS\HBCIKRNL.INI
[2011/06/28 19:40:04 | 000,000,022 | -H-- | C] () -- C:\WINDOWS\kodakpcd.Liz.ini
[2011/06/10 13:18:14 | 000,012,378 | -HS- | C] () -- C:\Documents and Settings\Liz\Local Settings\Application Data\q4ta1hu2fuke6yb3bssy4t2ab
[2011/06/10 13:18:14 | 000,012,378 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\q4ta1hu2fuke6yb3bssy4t2ab
[2010/10/18 08:14:17 | 000,032,608 | -H-- | C] () -- C:\WINDOWS\king-uninstall.exe
[2010/06/19 07:02:50 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\MSDraw.ini
[2010/01/06 12:38:34 | 000,153,880 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/07/05 09:50:40 | 000,000,256 | -H-- | C] () -- C:\WINDOWS\System32\pool.bin
[2008/12/20 20:26:38 | 000,870,128 | -H-- | C] () -- C:\Documents and Settings\Liz\Application Data\mcs.rma
[2008/12/20 20:26:38 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\Liz\Application Data\DF54DB
[2008/11/15 20:03:06 | 000,001,222 | -H-- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/04/08 12:18:25 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\PTWebCam.INI
[2008/02/26 23:19:03 | 000,000,000 | -H-- | C] () -- C:\Program Files\temp01
[2007/12/20 18:45:57 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\nsreg.dat
[2007/11/29 19:14:32 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\Game.INI
[2007/08/12 17:40:20 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\popcreg.dat
[2007/07/04 18:20:44 | 000,000,112 | -H-- | C] () -- C:\WINDOWS\popcinfot.dat
[2007/06/14 02:01:32 | 000,000,127 | -H-- | C] () -- C:\WINDOWS\System32\MRT.INI
[2006/12/22 22:49:21 | 000,002,180 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/11/19 12:09:06 | 000,010,504 | -H-- | C] () -- C:\Documents and Settings\Liz\Application Data\wklnhst.dat
[2006/10/05 16:52:40 | 000,000,042 | -H-- | C] () -- C:\WINDOWS\VistaEmail.ini
[2006/09/23 21:27:29 | 000,017,408 | -H-- | C] () -- C:\Documents and Settings\Liz\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/09/23 20:37:56 | 000,000,126 | -H-- | C] () -- C:\Documents and Settings\Liz\Local Settings\Application Data\fusioncache.dat
[2006/09/21 00:02:07 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\invupd.exe
[2006/09/20 22:08:32 | 000,000,419 | -H-- | C] () -- C:\WINDOWS\ukuld.dll
[2006/09/20 22:08:32 | 000,000,053 | -H-- | C] () -- C:\WINDOWS\qoowle.dat
[2006/09/20 22:02:05 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\invupdate.exe
[2006/09/19 17:04:50 | 000,000,227 | -H-- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2006/09/19 17:04:37 | 000,000,214 | -H-- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2006/09/19 17:02:19 | 000,204,800 | -H-- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/09/19 17:02:19 | 000,200,704 | -H-- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/09/19 17:02:19 | 000,192,512 | -H-- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/09/19 17:02:19 | 000,192,512 | -H-- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/09/19 17:02:19 | 000,188,416 | -H-- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/09/19 17:02:19 | 000,020,480 | -H-- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006/09/19 16:56:49 | 000,000,206 | -H-- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/09/14 13:57:25 | 000,004,096 | -H-- | C] () -- C:\WINDOWS\d3dx.dat
[2006/09/07 15:05:04 | 000,010,240 | -H-- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2006/08/15 11:10:32 | 000,000,221 | -H-- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2006/07/30 18:05:11 | 000,000,316 | -H-- | C] () -- C:\WINDOWS\bbbconfig.dat
[2006/07/21 21:17:53 | 000,000,029 | -H-- | C] () -- C:\WINDOWS\TLCAPPS.INI
[2006/07/21 21:12:32 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\SETUP32.INI
[2006/06/17 14:20:22 | 000,000,199 | -H-- | C] () -- C:\WINDOWS\popcinfo.dat
[2006/06/11 17:48:46 | 000,077,824 | RH-- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2006/06/11 17:48:09 | 000,087,989 | -H-- | C] () -- C:\WINDOWS\hpoins06.dat.temp
[2006/06/11 17:48:09 | 000,005,389 | -H-- | C] () -- C:\WINDOWS\hpomdl06.dat.temp
[2006/06/11 17:21:59 | 000,000,037 | -H-- | C] () -- C:\WINDOWS\Acroread.ini
[2006/03/28 03:10:28 | 000,000,061 | -H-- | C] () -- C:\WINDOWS\smscfg.ini
[2006/03/28 02:45:17 | 000,028,848 | -H-- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2006/03/28 02:40:42 | 000,118,842 | RH-- | C] () -- C:\WINDOWS\HPCPCUninstaller-6.3.2.116-9972322.exe
[2006/03/28 02:39:54 | 000,014,316 | -H-- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2006/03/28 02:39:47 | 000,045,056 | -H-- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2006/03/28 02:37:23 | 000,000,031 | -H-- | C] () -- C:\WINDOWS\Quicken.ini
[2006/03/28 02:34:22 | 000,000,376 | -H-- | C] () -- C:\WINDOWS\ODBC.INI
[2006/03/28 02:23:03 | 000,000,108 | -H-- | C] () -- C:\WINDOWS\WININIT.INI
[2006/03/28 02:21:31 | 000,045,929 | -H-- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.EXE
[2006/03/28 02:21:31 | 000,000,698 | -H-- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/03/28 02:16:01 | 000,080,417 | -H-- | C] () -- C:\WINDOWS\HPHins08.dat
[2006/03/28 02:16:01 | 000,004,011 | -H-- | C] () -- C:\WINDOWS\hphmdl08.dat
[2006/03/28 02:14:57 | 000,072,881 | -H-- | C] () -- C:\WINDOWS\hpiins01.dat
[2006/03/28 02:14:57 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\hpimdl01.dat
[2006/03/28 02:10:34 | 000,087,276 | -H-- | C] () -- C:\WINDOWS\hpqins69.dat
[2006/03/28 02:08:47 | 000,112,873 | -H-- | C] () -- C:\WINDOWS\hpoins07.dat
[2006/03/28 02:08:47 | 000,021,124 | -H-- | C] () -- C:\WINDOWS\hpomdl07.dat
[2006/03/28 02:05:23 | 000,087,974 | -H-- | C] () -- C:\WINDOWS\hpoins06.dat
[2006/03/28 02:05:23 | 000,005,389 | -H-- | C] () -- C:\WINDOWS\hpomdl06.dat
[2006/03/28 02:04:14 | 000,001,793 | -H-- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/03/28 01:59:55 | 000,000,791 | -H-- | C] () -- C:\WINDOWS\orun32.ini
[2006/03/28 01:36:10 | 000,016,896 | -H-- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2005/12/09 06:03:52 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/30 13:17:40 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/08/30 13:07:46 | 000,446,812 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/08/30 13:07:46 | 000,073,574 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/08/30 13:05:30 | 000,864,800 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/08/30 13:01:42 | 000,004,161 | -H-- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/30 12:58:02 | 000,021,640 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/08/05 14:01:54 | 000,239,104 | -H-- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/02 16:19:16 | 000,050,176 | -H-- | C] () -- C:\WINDOWS\armcex.dll
[2004/08/09 20:00:00 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/09 13:00:00 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/09 13:00:00 | 000,272,128 | -H-- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/09 13:00:00 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/09 13:00:00 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/09 13:00:00 | 000,028,626 | -H-- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/09 13:00:00 | 000,001,804 | -H-- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/09 13:00:00 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/07/25 23:51:38 | 000,000,560 | -H-- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2001/08/23 00:12:28 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 00:11:02 | 000,004,490 | -H-- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/07/06 15:30:00 | 000,003,399 | -H-- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2000/09/08 16:53:50 | 000,073,839 | -H-- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll

========== Custom Scans ==========


< %APPDATA%\Microsoft\*.* >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %USERPROFILE%\Desktop\*.exe >
[2011/11/25 11:10:06 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Liz\Desktop\OTL.exe
[2011/11/25 17:03:42 | 061,657,064 | ---- | M] () -- C:\Documents and Settings\Liz\Desktop\setup_av_free_cnet.exe

< %PROGRAMFILES%\Common Files\*.* >
[2006/11/24 17:52:28 | 000,000,000 | -H-- | M] () -- C:\Program Files\Common Files\err.log

< %systemroot%\winn32\*.* >

< %USERPROFILE%\My Documents\*.exe >
[2007/08/02 17:22:20 | 015,505,200 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Liz\My Documents\IE7-WindowsXP-x86-enu.exe
[2006/10/15 15:28:06 | 036,656,704 | ---- | M] (Apple Computer, Inc.) -- C:\Documents and Settings\Liz\My Documents\iTunesSetup.exe

< %USERPROFILE%\*.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >
[2011/11/08 18:43:57 | 000,110,040 | -H-- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\crashreporter.exe
[2011/11/08 18:43:57 | 000,912,856 | -H-- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2011/11/08 18:43:57 | 000,016,856 | -H-- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
[2011/11/08 18:43:58 | 000,247,768 | -H-- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\updater.exe

< %ProgramFiles%\TinyProxy. >

< %systemroot%\system32\*.* /lockedfiles >
[42 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.* /lockedfiles >

< %PROGRAMFILES%\*. >
[2006/07/23 12:13:56 | 000,000,000 | -H-D | M] -- C:\Program Files\Activision Value
[2011/07/10 10:05:04 | 000,000,000 | -H-D | M] -- C:\Program Files\Adobe
[2006/08/12 15:56:30 | 000,000,000 | -H-D | M] -- C:\Program Files\Alphaqueue
[2006/12/17 22:32:22 | 000,000,000 | -H-D | M] -- C:\Program Files\AntiVerminsPro
[2011/07/05 21:03:52 | 000,000,000 | -H-D | M] -- C:\Program Files\Apple Software Update
[2011/11/25 17:05:08 | 000,000,000 | ---D | M] -- C:\Program Files\AVAST Software
[2011/07/03 18:43:48 | 000,000,000 | -H-D | M] -- C:\Program Files\AVS4YOU
[2006/07/21 21:01:53 | 000,000,000 | -H-D | M] -- C:\Program Files\Broderbund
[2011/09/17 09:07:18 | 000,000,000 | -H-D | M] -- C:\Program Files\Common Files
[2005/11/11 07:56:40 | 000,000,000 | -H-D | M] -- C:\Program Files\ComPlus Applications
[2006/03/28 02:02:11 | 000,000,000 | -H-D | M] -- C:\Program Files\CONEXANT
[2011/05/03 12:19:44 | 000,000,000 | -H-D | M] -- C:\Program Files\CouponAlert_2pEI
[2011/05/02 13:24:24 | 000,000,000 | -H-D | M] -- C:\Program Files\Coupons
[2010/12/28 00:27:39 | 000,000,000 | -H-D | M] -- C:\Program Files\CyberLink
[2008/04/20 11:53:25 | 000,000,000 | -H-D | M] -- C:\Program Files\Disney
[2006/07/21 21:23:22 | 000,000,000 | -H-D | M] -- C:\Program Files\DK Interactive Learning
[2009/07/15 02:02:56 | 000,000,000 | -H-D | M] -- C:\Program Files\driver
[2009/07/27 21:46:30 | 000,000,000 | -H-D | M] -- C:\Program Files\Free Offers from Freeze.com
[2010/06/03 12:01:01 | 000,000,000 | -H-D | M] -- C:\Program Files\FreshGames
[2008/06/09 10:30:33 | 000,000,000 | -H-D | M] -- C:\Program Files\GameHouse
[2007/12/18 19:16:31 | 000,000,000 | -H-D | M] -- C:\Program Files\Games
[2011/11/25 17:06:38 | 000,000,000 | -H-D | M] -- C:\Program Files\Google
[2009/06/28 10:00:14 | 000,000,000 | -H-D | M] -- C:\Program Files\Groove Games
[2006/03/28 03:03:43 | 000,000,000 | -H-D | M] -- C:\Program Files\Hewlett-Packard
[2006/03/28 02:29:05 | 000,000,000 | -H-D | M] -- C:\Program Files\HP
[2008/12/10 16:51:58 | 000,000,000 | -H-D | M] -- C:\Program Files\HP Games
[2006/09/20 22:03:06 | 000,000,000 | -H-D | M] -- C:\Program Files\Icon Drop
[2011/07/03 20:06:46 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2006/12/17 22:19:19 | 000,000,000 | -H-D | M] -- C:\Program Files\IntelliMoverDemo
[2011/04/13 02:11:51 | 000,000,000 | -H-D | M] -- C:\Program Files\Internet Explorer
[2006/09/19 17:02:10 | 000,000,000 | -H-D | M] -- C:\Program Files\InterVideo
[2011/07/04 10:40:40 | 000,000,000 | -H-D | M] -- C:\Program Files\iPod
[2011/07/04 10:41:37 | 000,000,000 | -H-D | M] -- C:\Program Files\iTunes
[2008/09/30 19:24:10 | 000,000,000 | -H-D | M] -- C:\Program Files\iWin.com
[2011/11/05 12:53:26 | 000,000,000 | -H-D | M] -- C:\Program Files\Java
[2009/06/28 09:43:57 | 000,000,000 | -H-D | M] -- C:\Program Files\Kids Cam Show and Share Creativity Center
[2006/09/22 14:10:45 | 000,000,000 | -H-D | M] -- C:\Program Files\Kodak
[2008/05/20 09:02:26 | 000,000,000 | -H-D | M] -- C:\Program Files\LEGO Software
[2007/10/03 10:48:40 | 000,000,000 | -H-D | M] -- C:\Program Files\LimeWire
[2009/07/16 17:55:53 | 000,000,000 | -H-D | M] -- C:\Program Files\Lost Fortunes
[2007/02/03 18:16:48 | 000,000,000 | -H-D | M] -- C:\Program Files\Luxor
[2011/11/20 12:12:28 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2006/11/25 11:13:30 | 000,000,000 | -H-D | M] -- C:\Program Files\MalwareWiper
[2006/09/07 15:04:33 | 000,000,000 | -H-D | M] -- C:\Program Files\Mattel Media
[2010/11/13 22:41:25 | 000,000,000 | -H-D | M] -- C:\Program Files\Media Widget
[2009/06/28 10:19:22 | 000,000,000 | -H-D | M] -- C:\Program Files\Messenger
[2010/11/13 22:49:17 | 000,000,000 | -H-D | M] -- C:\Program Files\Microsoft
[2009/06/29 02:05:26 | 000,000,000 | -H-D | M] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2005/11/14 10:06:48 | 000,000,000 | -H-D | M] -- C:\Program Files\microsoft frontpage
[2007/08/03 16:22:13 | 000,000,000 | -H-D | M] -- C:\Program Files\Microsoft Money
[2011/07/28 20:58:36 | 000,000,000 | -H-D | M] -- C:\Program Files\Microsoft Office
[2006/03/28 02:33:17 | 000,000,000 | -H-D | M] -- C:\Program Files\Microsoft Visual Studio
[2011/07/28 20:53:55 | 000,000,000 | -H-D | M] -- C:\Program Files\Microsoft Visual Studio 8
[2011/07/28 20:59:08 | 000,000,000 | -H-D | M] -- C:\Program Files\Microsoft Works
[2011/07/28 20:57:28 | 000,000,000 | -H-D | M] -- C:\Program Files\Microsoft.NET
[2010/08/13 02:02:00 | 000,000,000 | -H-D | M] -- C:\Program Files\Movie Maker
[2011/11/17 21:59:28 | 000,000,000 | -H-D | M] -- C:\Program Files\Mozilla Firefox
[2011/07/28 20:58:53 | 000,000,000 | -H-D | M] -- C:\Program Files\MSBuild
[2010/05/16 08:52:40 | 000,000,000 | -H-D | M] -- C:\Program Files\MSN
[2006/03/28 02:19:53 | 000,000,000 | -H-D | M] -- C:\Program Files\MSN Encarta Standard
[2005/11/14 10:07:16 | 000,000,000 | -H-D | M] -- C:\Program Files\MSN Gaming Zone
[2006/11/16 03:00:51 | 000,000,000 | -H-D | M] -- C:\Program Files\MSXML 4.0
[2007/08/15 02:02:15 | 000,000,000 | -H-D | M] -- C:\Program Files\MSXML 6.0
[2006/03/28 02:21:05 | 000,000,000 | -H-D | M] -- C:\Program Files\music_now
[2010/05/16 08:53:13 | 000,000,000 | -H-D | M] -- C:\Program Files\muvee Technologies
[2009/05/19 15:38:29 | 000,000,000 | -H-D | M] -- C:\Program Files\MySpace
[2009/06/28 10:08:39 | 000,000,000 | -H-D | M] -- C:\Program Files\NetMeeting
[2006/03/28 02:21:19 | 000,000,000 | -H-D | M] -- C:\Program Files\Netscape
[2008/04/25 19:09:18 | 000,000,000 | -H-D | M] -- C:\Program Files\Nick Arcade
[2011/06/29 10:12:02 | 000,000,000 | -H-D | M] -- C:\Program Files\NortonInstaller
[2006/03/28 02:50:09 | 000,000,000 | -H-D | M] -- C:\Program Files\Online Services
[2010/12/15 03:02:02 | 000,000,000 | -H-D | M] -- C:\Program Files\Outlook Express
[2007/02/01 20:44:45 | 000,000,000 | -H-D | M] -- C:\Program Files\Paparazzi
[2006/03/28 02:45:18 | 000,000,000 | -H-D | M] -- C:\Program Files\PC-Doctor for DOS
[2011/07/03 20:29:38 | 000,000,000 | -H-D | M] -- C:\Program Files\PopCap Games
[2009/06/21 21:23:56 | 000,000,000 | -H-D | M] -- C:\Program Files\Quicken
[2011/07/04 10:37:33 | 000,000,000 | -H-D | M] -- C:\Program Files\QuickTime
[2011/07/03 20:35:21 | 000,000,000 | -H-D | M] -- C:\Program Files\Real
[2011/07/03 20:19:39 | 000,000,000 | -H-D | M] -- C:\Program Files\RealArcade
[2009/08/21 02:05:21 | 000,000,000 | -H-D | M] -- C:\Program Files\Reference Assemblies
[2007/02/01 19:01:08 | 000,000,000 | -H-D | M] -- C:\Program Files\ReflexiveArcade
[2010/05/16 08:55:23 | 000,000,000 | -H-D | M] -- C:\Program Files\Rhapsody
[2009/07/05 09:21:00 | 000,000,000 | -H-D | M] -- C:\Program Files\Roxio
[2011/07/03 20:23:25 | 000,000,000 | -H-D | M] -- C:\Program Files\Safari
[2009/06/28 10:04:01 | 000,000,000 | -H-D | M] -- C:\Program Files\Saints & Sinners Bowling
[2011/08/01 17:32:24 | 000,000,000 | -H-D | M] -- C:\Program Files\SCM Microsystems
[2006/03/28 02:27:30 | 000,000,000 | -H-D | M] -- C:\Program Files\Sonic
[2010/12/11 08:12:16 | 000,000,000 | -H-D | M] -- C:\Program Files\Sony Online Entertainment
[2006/12/07 17:48:39 | 000,000,000 | -H-D | M] -- C:\Program Files\Spyware Doctor
[2011/11/20 10:02:38 | 000,000,000 | ---D | M] -- C:\Program Files\SUPERAntiSpyware
[2009/06/21 21:22:20 | 000,000,000 | -H-D | M] -- C:\Program Files\Symantec
[2006/08/26 02:42:01 | 000,000,000 | -H-D | M] -- C:\Program Files\SymNetDrv
[2010/11/13 22:54:24 | 000,000,000 | -H-D | M] -- C:\Program Files\The Learning Company
[2006/07/21 19:12:37 | 000,000,000 | -H-D | M] -- C:\Program Files\The Print Shop 20
[2009/12/17 13:27:41 | 000,000,000 | -H-D | M] -- C:\Program Files\Trillian
[2006/08/05 14:40:36 | 000,000,000 | -H-D | M] -- C:\Program Files\TryMedia
[2005/11/11 07:56:28 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2009/10/24 16:27:25 | 000,000,000 | -H-D | M] -- C:\Program Files\Unity
[2006/03/28 02:40:39 | 000,000,000 | -H-D | M] -- C:\Program Files\Updates from HP
[2006/07/21 22:56:15 | 000,000,000 | -H-D | M] -- C:\Program Files\ValuSoft
[2008/10/01 20:07:14 | 000,000,000 | -H-D | M] -- C:\Program Files\Virtual Earth 3D
[2006/09/23 22:00:41 | 000,000,000 | -H-D | M] -- C:\Program Files\Web Publish
[2008/12/10 16:52:03 | 000,000,000 | -H-D | M] -- C:\Program Files\WildTangent
[2009/06/28 10:08:37 | 000,000,000 | -H-D | M] -- C:\Program Files\Windows Media Player
[2009/06/28 10:08:37 | 000,000,000 | -H-D | M] -- C:\Program Files\Windows NT
[2005/11/14 10:08:32 | 000,000,000 | -H-D | M] -- C:\Program Files\Windows Plus
[2005/11/11 07:56:16 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2005/11/14 10:08:44 | 000,000,000 | -H-D | M] -- C:\Program Files\xerox
[2006/12/30 14:36:41 | 000,000,000 | -H-D | M] -- C:\Program Files\Yahoo!
[2011/11/20 14:43:06 | 000,000,000 | -H-D | M] -- C:\Program Files\Yahoo! Games
[2009/05/24 15:00:49 | 000,000,000 | -H-D | M] -- C:\Program Files\Yard Sale Hidden Treasures - Lucky Junction
[2010/11/06 17:08:08 | 000,000,000 | -H-D | M] -- C:\Program Files\Yontoo Layers Client


< MD5 for: AGP440.SYS >
[2004/08/09 20:00:00 | 016,971,599 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/06/28 10:00:56 | 023,852,652 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/09 13:00:00 | 016,971,599 | -H-- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys
[2009/06/28 10:00:56 | 023,852,652 | -H-- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 10:36:38 | 000,042,368 | -H-- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 10:36:38 | 000,042,368 | -H-- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/09 20:00:00 | 016,971,599 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/06/28 10:00:56 | 023,852,652 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/09 13:00:00 | 016,971,599 | -H-- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2009/06/28 10:00:56 | 023,852,652 | -H-- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 10:40:30 | 000,096,512 | -H-- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 10:40:30 | 000,096,512 | -H-- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | -H-- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/09 13:00:00 | 000,095,360 | -H-- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0009\DriverFiles\i386\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | -H-- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\i386\atapi.sys

< MD5 for: DISK.SYS >
[2004/08/09 20:00:00 | 016,971,599 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2009/06/28 10:00:56 | 023,852,652 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2004/08/09 13:00:00 | 016,971,599 | -H-- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:disk.sys
[2009/06/28 10:00:56 | 023,852,652 | -H-- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2004/08/09 13:00:00 | 000,036,352 | -H-- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/13 10:40:47 | 000,036,352 | -H-- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/13 10:40:47 | 000,036,352 | -H-- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: EXPLORER.EXE >
[2008/04/13 16:12:19 | 001,033,728 | -H-- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 16:12:19 | 001,033,728 | -H-- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 03:26:03 | 001,033,216 | -H-- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 02:23:07 | 001,033,216 | -H-- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004/08/09 13:00:00 | 001,032,192 | -H-- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

< MD5 for: IASTOR.SYS >
[2005/06/16 22:33:40 | 000,872,064 | -H-- | M] (Intel Corporation) MD5=9A65E42664D1534B68512CAAD0EFE963 -- C:\hp\drivers\Intel_5_1_0_1022_PV\iastor.sys
[2005/06/16 22:33:40 | 000,872,064 | -H-- | M] (Intel Corporation) MD5=9A65E42664D1534B68512CAAD0EFE963 -- C:\WINDOWS\system32\drivers\iaStor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 16:12:01 | 000,407,040 | -H-- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 16:12:01 | 000,407,040 | -H-- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/09 13:00:00 | 000,407,040 | -H-- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: USERINIT.EXE >
[2004/08/09 13:00:00 | 000,024,576 | -H-- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 16:12:38 | 000,026,112 | -H-- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 16:12:38 | 000,026,112 | -H-- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/09 13:00:00 | 000,502,272 | -H-- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 16:12:39 | 000,507,904 | -H-- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 16:12:39 | 000,507,904 | -H-- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
H

descriptionMS Removal Tool Help EmptyRe: MS Removal Tool Help

more_horiz
KEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-05-11 10:28:54

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2011/11/14 21:39:56 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/11/08 18:43:58 | 000,552,464 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/11/08 18:43:58 | 000,552,464 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/11/08 18:43:58 | 000,552,464 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/11/08 18:43:57 | 000,912,856 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/11/08 18:43:57 | 000,912,856 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/11/08 18:43:57 | 000,912,856 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2011/11/14 21:39:56 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2011/11/14 21:39:56 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/11/14 21:39:56 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2011/11/14 21:39:56 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/02/18 03:49:53 | 000,173,568 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/02/18 03:49:53 | 000,173,568 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/02/18 03:49:53 | 000,173,568 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 13:09:26 | 000,638,816 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: iexplore.exe

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2011/11/14 21:39:56 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/11/08 18:43:58 | 000,552,464 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/11/08 18:43:58 | 000,552,464 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/11/08 18:43:58 | 000,552,464 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/11/08 18:43:57 | 000,912,856 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/11/08 18:43:57 | 000,912,856 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/11/08 18:43:57 | 000,912,856 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2011/11/14 21:39:56 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2011/11/14 21:39:56 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/11/14 21:39:56 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2011/11/14 21:39:56 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/02/18 03:49:53 | 000,173,568 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/02/18 03:49:53 | 000,173,568 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/02/18 03:49:53 | 000,173,568 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 13:09:26 | 000,638,816 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: iexplore.exe

========== Files - Unicode (All) ==========
[2006/11/24 18:52:15 | 000,000,000 | -H-D | M](C:\Program Files\??curity) -- C:\Program Files\ѕеcurity
[2006/11/24 18:52:15 | 000,000,000 | -H-D | M](C:\Program Files\??curity) -- C:\Program Files\ѕеcurity
[2006/11/24 18:52:08 | 000,000,000 | -H-D | M](C:\WINDOWS\M?crosoft) -- C:\WINDOWS\Mіcrosoft
[2006/09/20 22:09:37 | 000,000,000 | -H-D | C](C:\WINDOWS\M?crosoft) -- C:\WINDOWS\Mіcrosoft
(C:\Program Files\??curity) -- C:\Program Files\ѕеcurity

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CC7738DB
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:02169594
@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BF3D0EA3
@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:920E58B7
@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8BA6C9F8
@Alternate Data Stream - 94 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BD13A410
@Alternate Data Stream - 94 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:89C2A42C
@Alternate Data Stream - 240 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0A74923C
@Alternate Data Stream - 236 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:76466F4C
@Alternate Data Stream - 232 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9D6EAEC3
@Alternate Data Stream - 227 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9033BDFB
@Alternate Data Stream - 221 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2BC498A4
@Alternate Data Stream - 220 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EA7D76BE
@Alternate Data Stream - 219 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B2735F9E
@Alternate Data Stream - 218 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D31BE97C
@Alternate Data Stream - 217 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2871B698
@Alternate Data Stream - 216 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ED9B661E
@Alternate Data Stream - 216 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D48500F8
@Alternate Data Stream - 216 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6425A235
@Alternate Data Stream - 215 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AA6CA4C7
@Alternate Data Stream - 215 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:164FA86E
@Alternate Data Stream - 215 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:09064307
@Alternate Data Stream - 214 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B722BCE5
@Alternate Data Stream - 212 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:98DFF516
@Alternate Data Stream - 210 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A3B8F70C
@Alternate Data Stream - 210 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8C1EFEB8
@Alternate Data Stream - 210 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:453190EC
@Alternate Data Stream - 209 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5433DBEF
@Alternate Data Stream - 207 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E91ADC66
@Alternate Data Stream - 207 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A31B5E9B
@Alternate Data Stream - 207 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:58C9BCAC
@Alternate Data Stream - 207 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:57CC1FDC
@Alternate Data Stream - 205 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:561B1D2B
@Alternate Data Stream - 204 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:70E897B5
@Alternate Data Stream - 204 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:63CFD724
@Alternate Data Stream - 204 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1F67CD26
@Alternate Data Stream - 200 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C22674B6
@Alternate Data Stream - 199 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EEB25EAE
@Alternate Data Stream - 199 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:969C0C96
@Alternate Data Stream - 198 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EC0A74A1
@Alternate Data Stream - 198 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:260575F1
@Alternate Data Stream - 196 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E73B14E2
@Alternate Data Stream - 196 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:538B96B5
@Alternate Data Stream - 195 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3A008627
@Alternate Data Stream - 194 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:28CDD861
@Alternate Data Stream - 192 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C66222F3
@Alternate Data Stream - 192 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5E9B629B
@Alternate Data Stream - 191 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0AC32449
@Alternate Data Stream - 188 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FC4EA67C
@Alternate Data Stream - 148 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A5264343
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:908A1B53
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9812B773
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CEE4A457
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EE7AAC75
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8924043A
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:99C301D0
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:56F368C9
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:895A78C5
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C9B27A06
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BAC2F271
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0915A718
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:393F7B1E
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:96646EC1
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:25249477
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:063969F8
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A59DD4AD
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A296A63F
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A18121AD
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8C37BA2F
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:53DF4438
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:04BB186B
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BB0256E7
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6FD36C4B
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:68B61847
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:53659035
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4DDCE10B
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:439E3411
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:10D45FC3
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07241935
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:067F588D
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:799F5445
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6FBD5837
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5A908367
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4F6A4D11
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A97FF73C
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A02025CE
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3BFA9622
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2BFCDF84
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:19C3C515
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F7120F9A
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E5294695
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DDD1277F
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D8669B93
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C15969A6
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F67AAFC5
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:80E965A3
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:737160C1
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3539CD43
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:27D1368B
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F9E46E4C
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EC7C9796
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E0290D16
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5AE33054
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:417B6FAC
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:38B32B54
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:08D8BB20
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:03D08225
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:943E8182
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7CC608E0
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2CC3B9D1
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:268BA8AB
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:13DF9DD1
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0DFE2AE1
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F422F8F1
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6C5EC3CD
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1505883A
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:101708D3
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9ACB70D7
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:831C6B2D
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:48429D0E
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:19C3BC3A
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CF33321C
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AA60673F
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9B2BD056
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7F4DB476
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:70A1462A
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6E8472D2
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6C491D31
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:59846E5E
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3C5ABDC7
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:16C16B18
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FF333535
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8401B6D5
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7C412B92
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:66DA2E27
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:63C1C73E
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:409A775B
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B093E177
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9FE5FC48
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6FE17A89
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:517B507A
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:490BCC52
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3E06C78F
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0860D6D6
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FEEEFFAD
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BE40C8A2
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:98F6F85C
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:52A22573
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05BF1B63
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D46ECFD5
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4E6B8D68
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:357E6D3B
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:27012B21
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2342AE46
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E717F65C
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E1D818F7
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BE6DC701
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:848CC150
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:78E0DF72
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:708BB0FA
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4754A5B0
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DD24DCF8
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DA9A5EA8
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D3EFD0C3
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8E3698DB
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:82EEB5A1
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7E3BDDC4
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4D01D823
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:89C6F032
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:60A4BB64
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:40D8F125
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:077F4C77
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D0668210
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A7DA2BCD
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:663B62CA
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:57EE48CA
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E2B84483
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D055FC10
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BD27B7FC
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A561576B
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:961B4D58
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:89E1BAF5
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:753A0081
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:598E0FFA
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4F96D8E6
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4AD2C54D
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E3F37A7D
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BBF60A29
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A65DC98A
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4249A835
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3C4C57F9
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EC2381A4
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D387C245
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B845F669
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:957E9765
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:918B7566
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7A0EFE63
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5550B299
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:37994DBE
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:18173A8E
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4673E9EA
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:289041F7
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1AFC2166
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:00811B66
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D507B5A8
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:729F5FF8
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B9F8237A
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B1FBBD09
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9EF92A1A
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:90B52091
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:43301D1D
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2836460B
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E32966C0
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D8134D8F
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB16385F
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0EB1DE
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C48B1BA5
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:938EC881
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8F4E260C
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:349CACE5
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:88698068
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0C988F7D
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C07A6A6B
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BDF08FAF
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5D351BC6
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:354E094D
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:32BD974D
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:275AA066
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:145EE4E0
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EF71CAB5
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ECCE99EF
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B904C348
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:85C3B823
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:546EE13B
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:43982D5E

< End of report >

descriptionMS Removal Tool Help EmptyRe: MS Removal Tool Help

more_horiz
OTL Extras logfile created on: 11/30/2011 6:56:24 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Liz\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1015.30 Mb Total Physical Memory | 494.73 Mb Available Physical Memory | 48.73% Memory free
2.38 Gb Paging File | 2.04 Gb Available in Paging File | 85.40% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 224.43 Gb Total Space | 152.88 Gb Free Space | 68.12% Space Free | Partition Type: NTFS
Drive D: | 8.43 Gb Total Space | 0.42 Gb Free Space | 4.99% Space Free | Partition Type: FAT32

Computer Name: YOUR-4DACD0EA75 | User Name: Liz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 0
"ANTIVIRUSDISABLENOTIFY" = 0
"FIREWALLDISABLENOTIFY" = 0
"UPDATESDISABLENOTIFY" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe" = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP -- (Hewlett-Packard)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Disabled:Earthlink
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Disabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Disabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Disabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Disabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Disabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Disabled:hpqcopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Disabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Disabled:hpqphunl.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Disabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\StubInstaller.exe" = C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer -- (LimeWire)
"C:\Program Files\HP Games\Rock & Roll JEOPARDY\Rock & Roll JEOPARDY!.exe" = C:\Program Files\HP Games\Rock & Roll JEOPARDY\Rock & Roll JEOPARDY!.exe:*:Enabled:Rock & Roll JEOPARDY!
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\Yahoo! Games\Wheel of Fortune\Wheel of Fortune.exe" = C:\Program Files\Yahoo! Games\Wheel of Fortune\Wheel of Fortune.exe:*:Enabled:Wheel of Fortune
"C:\Program Files\GameHouse\CollapseCrunch\Collapse3.exe" = C:\Program Files\GameHouse\CollapseCrunch\Collapse3.exe:*:Enabled:Collapse! Crunch
"C:\Program Files\Yahoo! Games\Puzzle Express\PuzzleExpress.exe" = C:\Program Files\Yahoo! Games\Puzzle Express\PuzzleExpress.exe:*:Enabled:PuzzleExpress
"C:\Program Files\Yahoo! Games\PuzzleInlay\PuzzleInlay.exe" = C:\Program Files\Yahoo! Games\PuzzleInlay\PuzzleInlay.exe:*:Enabled:Puzzle Inlay
"C:\Program Files\EA GAMES\Medal of Honor Pacific Assault(tm)\mohpa.exe" = C:\Program Files\EA GAMES\Medal of Honor Pacific Assault(tm)\mohpa.exe:*:Enabled:Medal of Honor Pacific Assault(tm)
"C:\Program Files\Yahoo! Games\Poppit To Go\PoppitToGo.exe" = C:\Program Files\Yahoo! Games\Poppit To Go\PoppitToGo.exe:*:Enabled:PoppitToGo
"C:\Program Files\Yahoo! Games\Incredible Ink\IncredibleInk.exe" = C:\Program Files\Yahoo! Games\Incredible Ink\IncredibleInk.exe:*:Enabled:Incredible Ink
"C:\Program Files\GameHouse\Combo Chaos\ComboChaos.exe" = C:\Program Files\GameHouse\Combo Chaos\ComboChaos.exe:*:Enabled:Combo Chaos!
"C:\Program Files\Yahoo! Games\Jig Jag!\Jig Jag!.exe" = C:\Program Files\Yahoo! Games\Jig Jag!\Jig Jag!.exe:*:Enabled:Jig Jag!
"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe" = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater -- ()
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- ()
"C:\Program Files\Online Services\Aol\InstallAol.exe" = C:\Program Files\Online Services\Aol\InstallAol.exe:*:Disabled:AOL Canada -- (Hewlett Packard)
"C:\Program Files\Alphaqueue\alphaqueue.exe" = C:\Program Files\Alphaqueue\alphaqueue.exe:*:Disabled:Macromedia Projector
"C:\Program Files\GameHouse\MagicInlay\MagicInlay.exe" = C:\Program Files\GameHouse\MagicInlay\MagicInlay.exe:*:Disabled:Magic Inlay
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe" = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Disabled:Updates from HP -- (Hewlett-Packard)
"C:\Program Files\Yahoo! Games\Pixelus Deluxe\Pixelus.exe" = C:\Program Files\Yahoo! Games\Pixelus Deluxe\Pixelus.exe:*:Enabled:Pixelus Game
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
"C:\Program Files\Yahoo! Games\Ancient Tripeaks\Tripeaks.exe" = C:\Program Files\Yahoo! Games\Ancient Tripeaks\Tripeaks.exe:*:Enabled:Macromedia Projector
"C:\My Games\Wheel of Fortune\Wheel of Fortune.exe" = C:\My Games\Wheel of Fortune\Wheel of Fortune.exe:*:Enabled:Wheel of Fortune
"C:\My Games\The Game of Life\life.exe" = C:\My Games\The Game of Life\life.exe:*:Enabled:The Game Of Life
"C:\Program Files\AVG\AVG8\avgdiag.exe" = C:\Program Files\AVG\AVG8\avgdiag.exe:*:Enabled:avgdiag.exe
"C:\Program Files\Dogpile Bundle Toolbar\TroubleShooter.exe" = C:\Program Files\Dogpile Bundle Toolbar\TroubleShooter.exe:*:Enabled:Dogpile Bundle Toolbar (Helper)
"C:\Program Files\Dogpile Bundle Toolbar\ToolbarUpdate.exe" = C:\Program Files\Dogpile Bundle Toolbar\ToolbarUpdate.exe:*:Enabled:Dogpile Bundle Toolbar (Update)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype
"C:\Program Files\World of Warcraft\Launcher.exe" = C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher
"C:\Program Files\World of Warcraft\Launcher.patch.exe" = C:\Program Files\World of Warcraft\Launcher.patch.exe:*:Enabled:Blizzard Launcher


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan
"{13AD768A-9E04-499D-AE80-967A65DCCBA5}" = ebgcSDK
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{152BF35B-56D7-4652-B519-1661AAC270EE}" = The Print Shop 20
"{154508C0-07C5-4659-A7A0-E49968750D21}" = HLPPDOCK
"{172975EB-9465-4861-95B5-C7BB6D3DE62A}" = DocumentViewer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1CB34CE9-0E6B-493F-BB66-3425E5DF76E5}" = CP_CalendarTemplates1
"{1D643CD4-4DD6-11D7-A4E0-000874180BB3}" = Microsoft Money 2004
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23B35809-5E4A-4F14-8332-1CDEDDFAC089}" = CP_Package_Variety2
"{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}" = Destinations
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 23
"{2A548002-9042-4083-A270-B67473DE1073}" = SkinsHP1
"{2C5D07FB-31A2-4F2D-9FDA-0B24ACD42BD0}" = HP Deskjet Printer Preload
"{2DE65DF3-E614-4D5C-B5F9-BF3464DBEBD5}" = ebgcRes
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{3248F0A8-6813-11D6-A77B-00B0D0150050}" = J2SE Runtime Environment 5.0 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{33D6CC28-9F75-4d1b-A11D-98895B3A3729}" = HP Photosmart 330,380,420,470,7800,8000,8200 Series
"{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36D620AD-EEBA-4973-BA86-0C9AE6396620}" = OptionalContentQFolder
"{38441BE7-79B0-42B8-8297-833704F949FE}" = HLPIndex
"{3912A629-0020-0005-3757-2FBA74D4DF0A}" = InterVideo WinDVD Player
"{39B1BD87-561E-4762-AED9-7C5213B06C24}" = ebgcInfra
"{3BA95526-6AE0-4B87-A62D-17187EF565FC}" = HP Boot Optimizer
"{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}" = OTtBPSDK
"{3E386744-10FA-44b2-98C9-DF7A270DECB3}" = HP PSC & OfficeJet 5.3.A
"{3FE0CFAB-584A-4AA5-B8CD-C32284CFA308}" = RandMap
"{4041C245-7099-4C96-9738-5EBC23827B3C}" = BufferChm
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{432C3720-37BF-4BD7-8E49-F38E090246D0}" = CR2
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 1.0
"{48C82F7A-F100-4DAB-A310-8E18BF2159E1}" = ESSvpot
"{494D17B5-3369-4905-8C4B-80C972C5E0FF}" = CP_Panorama1Config
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CD67A02-DF59-43f7-8E8F-86DCF40543EF}" = 2570_Help
"{4DA4012B-39AF-48c2-B23B-A4D570D233A6}" = cp_LightScribeConfig
"{4F677FC7-7AA8-412B-A957-F13CBE1C7331}" = ESSSONIC
"{50E7BB78-02B4-469a-9D8B-B2F42835F90E}" = ProductContextNPI
"{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}" = CP_Package_Variety1
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{5421155F-B033-49DB-9B33-8F80F233D4D5}" = GdiplusUpgrade
"{54C8FE84-89C4-40E8-976C-439EB0729BD6}" = CardRd81
"{54E3707F-808E-4fd4-95C9-15D1AB077E5D}" = NewCopy
"{54F0998F-73C8-4b51-8286-FE903C231BED}" = cp_PosterPrintConfig
"{567C23E1-7580-4185-B8C2-30805677297C}" = NewCopy_CDA
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}" = HP PSC & OfficeJet 5.3.B
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}" = DocProc
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{74BCC862-CCD6-4A58-BDF9-7BB59FC31AB3}" = American Greetings Scrapbooks and More!
"{755EC5E3-FD51-46bd-A57F-7A2D56FBF061}" = PSTAPlugin
"{766633B3-1AFA-44B6-A3FC-1DE991CD9C52}" = CP_Package_Basic1
"{769A295C-DCF4-41d6-AFBA-7D9394B23AFE}" = PSPrinters08
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7850A6D2-CBEA-4728-9877-F1BEDEA9F619}" = AiOSoftware
"{79F8E1D4-36C1-439C-95FA-F695050B5B07}" = Sonic_PrimoSDK
"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder
"{7E6066E6-8B5B-4100-B0FA-1D9E9B663CBA}" = iTunes
"{80AE27BA-B0ED-4288-A8B9-D8194BCF4115}" = cp_UpdateProjectsConfig
"{869C3062-4745-4949-B6C9-98AF24D89030}" = PhotoGallery
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87843A41-7808-4F2E-B13F-25C1E67CF2FD}" = ESShelp
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Client 1.10.01
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
"{8BB4B58A-A402-4DE8-8FCD-287E60B88DD8}" = ESSCT
"{8C64E145-54BA-11D6-91B1-00500462BE80}" = Microsoft Money 2004 System Pack
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD Player
"{923A7F5A-1E8C-4FBE-8DF6-85940A60A79F}" = Readme
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D4ABB0C-F60B-44A6-956C-A4A63D5495C9}" = CueTour
"{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}" = ESScore
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3455242-DAE0-4523-8242-FD82706ABF4B}" = CameraDrivers
"{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}" = ESSvpaht
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{A8D91906-4032-4443-8C49-69F90E38F39D}" = 2570
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADAC983-FDE9-42FA-8FD9-7BB324155593}" = HLPRFO
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{ABB2901A-3D0A-4F21-8324-2F13C3EFE163}" = LightScribe 1.4.62.1
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.6
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B11E71BA-498C-42D4-9F1A-9D7A89D9DA61}" = CP_AtenaShokunin1Config
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B276997E-4367-4b1b-A39C-4CAE7464337A}" = AiO_Scan_CDA
"{B28759B8-5FC6-4F56-9C6C-6EDAD36455A9}" = Roxio Media Manager
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B4D279F1-4309-49cc-A4B5-3A0D2E59C7B5}" = PanoStandAlone
"{B57F2FF0-5A25-4332-B503-4592B370C02F}" = CP_Package_Variety3
"{B60E7826-F117-4d26-8165-D2DC5A494AB0}" = Fax_CDA
"{B64E3AFC-59EF-4f18-BF11-E751462450D3}" = AiOSoftwareNPI
"{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}" = KSU
"{BBD3BF67-5B89-4CBB-BA58-5818ED5F3290}" = cp_OnlineProjectsConfig
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C83A12B9-B31B-461A-BBD4-CE9B988094F1}" = HP Photosmart Cameras 5.0
"{CA0A1E54-CE0F-4366-B09C-A87B61DC5633}" = Symantec Network Drivers Update
"{CA60320D-6A16-49C8-A34F-84EEF4799567}" = ESSTUTOR
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}" = Fax
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D518592A-0F1E-40ca-BECB-3D3F026C6B0D}" = CameraDrivers
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{EBEBDE9F-78FA-4E68-820D-78CAF9DD46FF}" = SCR531 Smartcard Reader
"{ECFDD6BD-E0C0-41CC-A171-E6D6AF4C0E93}" = HP Software Update
"{EE55FD52-0D47-4c5a-96EC-48F70FF30520}" = 2570Trb
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}" = OTtBP
"{F80239D8-7811-4D5E-B033-0D0BBFE32920}" = HP DigitalMedia Archive
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FC8D25A7-FF1B-41BB-BB3B-9A06C0A60AE0}" = InstantShareDevices
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FDF9943A-3D5C-46B3-9679-586BD237DDEE}" = SKIN0001
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"Agere Systems Soft Modem" = Agere Systems PCI-SV92PP Soft Modem
"Anti-phishing Domain Advisor" = Anti-phishing Domain Advisor
"avast" = avast! Free Antivirus
"AwayMode160" = Microsoft Away Mode
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Data Fax SoftModem with SmartCP
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"Google Chrome" = Google Chrome
"HP Document Viewer" = HP Document Viewer 5.3
"HP Game Console" = HP Game Console and games
"HP Imaging Device Functions" = HP Imaging Device Functions 6.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.0
"HP Photosmart for Media Center PC" = HP Photosmart for Media Center PC
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3
"HPExtendedCapabilities" = HP Extended Capabilities 5.3
"HPOOVClient-9972322 Uninstaller" = Updates from HP (remove only)
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.24)" = Mozilla Firefox (3.6.24)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PROPLUS" = Microsoft Office Professional Plus 2007
"PROSet" = Intel(R) PRO Network Connections Drivers
"Shockwave" = Shockwave
"UnityWebPlayer" = Unity Web Player
"WebPost" = Microsoft Web Publishing Wizard 1.52
"WIC" = Windows Imaging Component
"WildTangent hp Master Uninstall" = My HP Games
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{373B1718-8CC5-4567-8EE2-9033AD08A680}" = Roblox for Liz
"SOE-Free Realms" = Free Realms

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

descriptionMS Removal Tool Help EmptyRe: MS Removal Tool Help

more_horiz
  • Please run OTL.exe again
  • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

Code:

:files
C:\Documents and Settings\All Users\Application Data\epSmiWdo1fgPAc
C:\Documents and Settings\All Users\Application Data\~epSmiWdo1fgPAc
C:\Documents and Settings\All Users\Application Data\~epSmiWdo1fgPAcr
C:\WINDOWS\System32\IdbuwjiLmodq.dll
C:\Documents and Settings\Liz\Local Settings\Application Data\q4ta1hu2fuke6yb3bssy4t2ab
C:\Documents and Settings\All Users\Application Data\q4ta1hu2fuke6yb3bssy4t2ab
@C:\Documents and Settings\All Users\Application Data\TEMP:CC7738DB
@C:\Documents and Settings\All Users\Application Data\TEMP:02169594
@C:\Documents and Settings\All Users\Application Data\TEMP:BF3D0EA3
@C:\Documents and Settings\All Users\Application Data\TEMP:920E58B7
@C:\Documents and Settings\All Users\Application Data\TEMP:8BA6C9F8
@C:\Documents and Settings\All Users\Application Data\TEMP:BD13A410
@C:\Documents and Settings\All Users\Application Data\TEMP:89C2A42C
@C:\Documents and Settings\All Users\Application Data\TEMP:0A74923C
@C:\Documents and Settings\All Users\Application Data\TEMP:76466F4C
@C:\Documents and Settings\All Users\Application Data\TEMP:9D6EAEC3
@C:\Documents and Settings\All Users\Application Data\TEMP:9033BDFB
@C:\Documents and Settings\All Users\Application Data\TEMP:2BC498A4
@C:\Documents and Settings\All Users\Application Data\TEMP:EA7D76BE
@C:\Documents and Settings\All Users\Application Data\TEMP:B2735F9E
@C:\Documents and Settings\All Users\Application Data\TEMP:D31BE97C
@C:\Documents and Settings\All Users\Application Data\TEMP:2871B698
@C:\Documents and Settings\All Users\Application Data\TEMP:ED9B661E
@C:\Documents and Settings\All Users\Application Data\TEMP:D48500F8
@C:\Documents and Settings\All Users\Application Data\TEMP:6425A235
@C:\Documents and Settings\All Users\Application Data\TEMP:AA6CA4C7
@C:\Documents and Settings\All Users\Application Data\TEMP:164FA86E
@C:\Documents and Settings\All Users\Application Data\TEMP:09064307
@C:\Documents and Settings\All Users\Application Data\TEMP:B722BCE5
@C:\Documents and Settings\All Users\Application Data\TEMP:98DFF516
@C:\Documents and Settings\All Users\Application Data\TEMP:A3B8F70C
@C:\Documents and Settings\All Users\Application Data\TEMP:8C1EFEB8
@C:\Documents and Settings\All Users\Application Data\TEMP:453190EC
@C:\Documents and Settings\All Users\Application Data\TEMP:5433DBEF
@C:\Documents and Settings\All Users\Application Data\TEMP:E91ADC66
@C:\Documents and Settings\All Users\Application Data\TEMP:A31B5E9B
@C:\Documents and Settings\All Users\Application Data\TEMP:58C9BCAC
@C:\Documents and Settings\All Users\Application Data\TEMP:57CC1FDC
@C:\Documents and Settings\All Users\Application Data\TEMP:561B1D2B
@C:\Documents and Settings\All Users\Application Data\TEMP:70E897B5
@C:\Documents and Settings\All Users\Application Data\TEMP:63CFD724
@C:\Documents and Settings\All Users\Application Data\TEMP:1F67CD26
@C:\Documents and Settings\All Users\Application Data\TEMP:C22674B6
@C:\Documents and Settings\All Users\Application Data\TEMP:EEB25EAE
@C:\Documents and Settings\All Users\Application Data\TEMP:969C0C96
@C:\Documents and Settings\All Users\Application Data\TEMP:EC0A74A1
@C:\Documents and Settings\All Users\Application Data\TEMP:260575F1
@C:\Documents and Settings\All Users\Application Data\TEMP:E73B14E2
@C:\Documents and Settings\All Users\Application Data\TEMP:538B96B5
@C:\Documents and Settings\All Users\Application Data\TEMP:3A008627
@C:\Documents and Settings\All Users\Application Data\TEMP:28CDD861
@C:\Documents and Settings\All Users\Application Data\TEMP:C66222F3
@C:\Documents and Settings\All Users\Application Data\TEMP:5E9B629B
@C:\Documents and Settings\All Users\Application Data\TEMP:0AC32449
@C:\Documents and Settings\All Users\Application Data\TEMP:FC4EA67C
@C:\Documents and Settings\All Users\Application Data\TEMP:A5264343
@C:\Documents and Settings\All Users\Application Data\TEMP:908A1B53
@C:\Documents and Settings\All Users\Application Data\TEMP:9812B773
@C:\Documents and Settings\All Users\Application Data\TEMP:CEE4A457
@C:\Documents and Settings\All Users\Application Data\TEMP:EE7AAC75
@C:\Documents and Settings\All Users\Application Data\TEMP:8924043A
@C:\Documents and Settings\All Users\Application Data\TEMP:99C301D0
@C:\Documents and Settings\All Users\Application Data\TEMP:56F368C9
@C:\Documents and Settings\All Users\Application Data\TEMP:895A78C5
@C:\Documents and Settings\All Users\Application Data\TEMP:C9B27A06
@C:\Documents and Settings\All Users\Application Data\TEMP:BAC2F271
@C:\Documents and Settings\All Users\Application Data\TEMP:0915A718
@C:\Documents and Settings\All Users\Application Data\TEMP:393F7B1E
@C:\Documents and Settings\All Users\Application Data\TEMP:96646EC1
@C:\Documents and Settings\All Users\Application Data\TEMP:25249477
@C:\Documents and Settings\All Users\Application Data\TEMP:063969F8
@C:\Documents and Settings\All Users\Application Data\TEMP:A59DD4AD
@C:\Documents and Settings\All Users\Application Data\TEMP:A296A63F
@C:\Documents and Settings\All Users\Application Data\TEMP:A18121AD
@C:\Documents and Settings\All Users\Application Data\TEMP:8C37BA2F
@C:\Documents and Settings\All Users\Application Data\TEMP:53DF4438
@C:\Documents and Settings\All Users\Application Data\TEMP:04BB186B
@C:\Documents and Settings\All Users\Application Data\TEMP:BB0256E7
@C:\Documents and Settings\All Users\Application Data\TEMP:6FD36C4B
@C:\Documents and Settings\All Users\Application Data\TEMP:68B61847
@C:\Documents and Settings\All Users\Application Data\TEMP:53659035
@C:\Documents and Settings\All Users\Application Data\TEMP:4DDCE10B
@C:\Documents and Settings\All Users\Application Data\TEMP:439E3411
@C:\Documents and Settings\All Users\Application Data\TEMP:10D45FC3
@C:\Documents and Settings\All Users\Application Data\TEMP:07241935
@C:\Documents and Settings\All Users\Application Data\TEMP:067F588D
@C:\Documents and Settings\All Users\Application Data\TEMP:799F5445
@C:\Documents and Settings\All Users\Application Data\TEMP:6FBD5837
@C:\Documents and Settings\All Users\Application Data\TEMP:5A908367
@C:\Documents and Settings\All Users\Application Data\TEMP:4F6A4D11
@C:\Documents and Settings\All Users\Application Data\TEMP:A97FF73C
@C:\Documents and Settings\All Users\Application Data\TEMP:A02025CE
@C:\Documents and Settings\All Users\Application Data\TEMP:3BFA9622
@C:\Documents and Settings\All Users\Application Data\TEMP:2BFCDF84
@C:\Documents and Settings\All Users\Application Data\TEMP:19C3C515
@C:\Documents and Settings\All Users\Application Data\TEMP:F7120F9A
@C:\Documents and Settings\All Users\Application Data\TEMP:E5294695
@C:\Documents and Settings\All Users\Application Data\TEMP:DDD1277F
@C:\Documents and Settings\All Users\Application Data\TEMP:D8669B93
@C:\Documents and Settings\All Users\Application Data\TEMP:C15969A6
@C:\Documents and Settings\All Users\Application Data\TEMP:F67AAFC5
@C:\Documents and Settings\All Users\Application Data\TEMP:80E965A3
@C:\Documents and Settings\All Users\Application Data\TEMP:737160C1
@C:\Documents and Settings\All Users\Application Data\TEMP:3539CD43
@C:\Documents and Settings\All Users\Application Data\TEMP:27D1368B
@C:\Documents and Settings\All Users\Application Data\TEMP:F9E46E4C
@C:\Documents and Settings\All Users\Application Data\TEMP:EC7C9796
@C:\Documents and Settings\All Users\Application Data\TEMP:E0290D16
@C:\Documents and Settings\All Users\Application Data\TEMP:5AE33054
@C:\Documents and Settings\All Users\Application Data\TEMP:417B6FAC
@C:\Documents and Settings\All Users\Application Data\TEMP:38B32B54
@C:\Documents and Settings\All Users\Application Data\TEMP:08D8BB20
@C:\Documents and Settings\All Users\Application Data\TEMP:03D08225
@C:\Documents and Settings\All Users\Application Data\TEMP:943E8182
@C:\Documents and Settings\All Users\Application Data\TEMP:7CC608E0
@C:\Documents and Settings\All Users\Application Data\TEMP:2CC3B9D1
@C:\Documents and Settings\All Users\Application Data\TEMP:268BA8AB
@C:\Documents and Settings\All Users\Application Data\TEMP:13DF9DD1
@C:\Documents and Settings\All Users\Application Data\TEMP:0DFE2AE1
@C:\Documents and Settings\All Users\Application Data\TEMP:F422F8F1
@C:\Documents and Settings\All Users\Application Data\TEMP:6C5EC3CD
@C:\Documents and Settings\All Users\Application Data\TEMP:1505883A
@C:\Documents and Settings\All Users\Application Data\TEMP:101708D3
@C:\Documents and Settings\All Users\Application Data\TEMP:9ACB70D7
@C:\Documents and Settings\All Users\Application Data\TEMP:831C6B2D
@C:\Documents and Settings\All Users\Application Data\TEMP:48429D0E
@C:\Documents and Settings\All Users\Application Data\TEMP:19C3BC3A
@C:\Documents and Settings\All Users\Application Data\TEMP:CF33321C
@C:\Documents and Settings\All Users\Application Data\TEMP:AA60673F
@C:\Documents and Settings\All Users\Application Data\TEMP:9B2BD056
@C:\Documents and Settings\All Users\Application Data\TEMP:7F4DB476
@C:\Documents and Settings\All Users\Application Data\TEMP:70A1462A
@C:\Documents and Settings\All Users\Application Data\TEMP:6E8472D2
@C:\Documents and Settings\All Users\Application Data\TEMP:6C491D31
@C:\Documents and Settings\All Users\Application Data\TEMP:59846E5E
@C:\Documents and Settings\All Users\Application Data\TEMP:3C5ABDC7
@C:\Documents and Settings\All Users\Application Data\TEMP:16C16B18
@C:\Documents and Settings\All Users\Application Data\TEMP:FF333535
@C:\Documents and Settings\All Users\Application Data\TEMP:8401B6D5
@C:\Documents and Settings\All Users\Application Data\TEMP:7C412B92
@C:\Documents and Settings\All Users\Application Data\TEMP:66DA2E27
@C:\Documents and Settings\All Users\Application Data\TEMP:63C1C73E
@C:\Documents and Settings\All Users\Application Data\TEMP:409A775B
@C:\Documents and Settings\All Users\Application Data\TEMP:B093E177
@C:\Documents and Settings\All Users\Application Data\TEMP:9FE5FC48
@C:\Documents and Settings\All Users\Application Data\TEMP:6FE17A89
@C:\Documents and Settings\All Users\Application Data\TEMP:517B507A
@C:\Documents and Settings\All Users\Application Data\TEMP:490BCC52
@C:\Documents and Settings\All Users\Application Data\TEMP:3E06C78F
@C:\Documents and Settings\All Users\Application Data\TEMP:0860D6D6
@C:\Documents and Settings\All Users\Application Data\TEMP:FEEEFFAD
@C:\Documents and Settings\All Users\Application Data\TEMP:BE40C8A2
@C:\Documents and Settings\All Users\Application Data\TEMP:98F6F85C
@C:\Documents and Settings\All Users\Application Data\TEMP:52A22573
@C:\Documents and Settings\All Users\Application Data\TEMP:05BF1B63
@C:\Documents and Settings\All Users\Application Data\TEMP:D46ECFD5
@C:\Documents and Settings\All Users\Application Data\TEMP:4E6B8D68
@C:\Documents and Settings\All Users\Application Data\TEMP:357E6D3B
@C:\Documents and Settings\All Users\Application Data\TEMP:27012B21
@C:\Documents and Settings\All Users\Application Data\TEMP:2342AE46
@C:\Documents and Settings\All Users\Application Data\TEMP:E717F65C
@C:\Documents and Settings\All Users\Application Data\TEMP:E1D818F7
@C:\Documents and Settings\All Users\Application Data\TEMP:BE6DC701
@C:\Documents and Settings\All Users\Application Data\TEMP:848CC150
@C:\Documents and Settings\All Users\Application Data\TEMP:78E0DF72
@C:\Documents and Settings\All Users\Application Data\TEMP:708BB0FA
@C:\Documents and Settings\All Users\Application Data\TEMP:4754A5B0
@C:\Documents and Settings\All Users\Application Data\TEMP:DD24DCF8
@C:\Documents and Settings\All Users\Application Data\TEMP:DA9A5EA8
@C:\Documents and Settings\All Users\Application Data\TEMP:D3EFD0C3
@C:\Documents and Settings\All Users\Application Data\TEMP:8E3698DB
@C:\Documents and Settings\All Users\Application Data\TEMP:82EEB5A1
@C:\Documents and Settings\All Users\Application Data\TEMP:7E3BDDC4
@C:\Documents and Settings\All Users\Application Data\TEMP:4D01D823
@C:\Documents and Settings\All Users\Application Data\TEMP:89C6F032
@C:\Documents and Settings\All Users\Application Data\TEMP:60A4BB64
@C:\Documents and Settings\All Users\Application Data\TEMP:40D8F125
@C:\Documents and Settings\All Users\Application Data\TEMP:077F4C77
@C:\Documents and Settings\All Users\Application Data\TEMP:D0668210
@C:\Documents and Settings\All Users\Application Data\TEMP:A7DA2BCD
@C:\Documents and Settings\All Users\Application Data\TEMP:663B62CA
@C:\Documents and Settings\All Users\Application Data\TEMP:57EE48CA
@C:\Documents and Settings\All Users\Application Data\TEMP:E2B84483
@C:\Documents and Settings\All Users\Application Data\TEMP:D055FC10
@C:\Documents and Settings\All Users\Application Data\TEMP:BD27B7FC
@C:\Documents and Settings\All Users\Application Data\TEMP:A561576B
@C:\Documents and Settings\All Users\Application Data\TEMP:961B4D58
@C:\Documents and Settings\All Users\Application Data\TEMP:89E1BAF5
@C:\Documents and Settings\All Users\Application Data\TEMP:753A0081
@C:\Documents and Settings\All Users\Application Data\TEMP:598E0FFA
@C:\Documents and Settings\All Users\Application Data\TEMP:4F96D8E6
@C:\Documents and Settings\All Users\Application Data\TEMP:4AD2C54D
@C:\Documents and Settings\All Users\Application Data\TEMP:E3F37A7D
@C:\Documents and Settings\All Users\Application Data\TEMP:BBF60A29
@C:\Documents and Settings\All Users\Application Data\TEMP:A65DC98A
@C:\Documents and Settings\All Users\Application Data\TEMP:4249A835
@C:\Documents and Settings\All Users\Application Data\TEMP:3C4C57F9
@C:\Documents and Settings\All Users\Application Data\TEMP:EC2381A4
@C:\Documents and Settings\All Users\Application Data\TEMP:D387C245
@C:\Documents and Settings\All Users\Application Data\TEMP:B845F669
@C:\Documents and Settings\All Users\Application Data\TEMP:957E9765
@C:\Documents and Settings\All Users\Application Data\TEMP:918B7566
@C:\Documents and Settings\All Users\Application Data\TEMP:7A0EFE63
@C:\Documents and Settings\All Users\Application Data\TEMP:5550B299
@C:\Documents and Settings\All Users\Application Data\TEMP:37994DBE
@C:\Documents and Settings\All Users\Application Data\TEMP:18173A8E
@C:\Documents and Settings\All Users\Application Data\TEMP:4673E9EA
@C:\Documents and Settings\All Users\Application Data\TEMP:289041F7
@C:\Documents and Settings\All Users\Application Data\TEMP:1AFC2166
@C:\Documents and Settings\All Users\Application Data\TEMP:00811B66
@C:\Documents and Settings\All Users\Application Data\TEMP:D507B5A8
@C:\Documents and Settings\All Users\Application Data\TEMP:729F5FF8
@C:\Documents and Settings\All Users\Application Data\TEMP:B9F8237A
@C:\Documents and Settings\All Users\Application Data\TEMP:B1FBBD09
@C:\Documents and Settings\All Users\Application Data\TEMP:9EF92A1A
@C:\Documents and Settings\All Users\Application Data\TEMP:90B52091
@C:\Documents and Settings\All Users\Application Data\TEMP:43301D1D
@C:\Documents and Settings\All Users\Application Data\TEMP:2836460B
@C:\Documents and Settings\All Users\Application Data\TEMP:E32966C0
@C:\Documents and Settings\All Users\Application Data\TEMP:D8134D8F
@C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@C:\Documents and Settings\All Users\Application Data\TEMP:CB16385F
@C:\Documents and Settings\All Users\Application Data\TEMP:CB0EB1DE
@C:\Documents and Settings\All Users\Application Data\TEMP:C48B1BA5
@C:\Documents and Settings\All Users\Application Data\TEMP:938EC881
@C:\Documents and Settings\All Users\Application Data\TEMP:8F4E260C
@C:\Documents and Settings\All Users\Application Data\TEMP:349CACE5
@C:\Documents and Settings\All Users\Application Data\TEMP:88698068
@C:\Documents and Settings\All Users\Application Data\TEMP:0C988F7D
@C:\Documents and Settings\All Users\Application Data\TEMP:C07A6A6B
@C:\Documents and Settings\All Users\Application Data\TEMP:BDF08FAF
@C:\Documents and Settings\All Users\Application Data\TEMP:5D351BC6
@C:\Documents and Settings\All Users\Application Data\TEMP:354E094D
@C:\Documents and Settings\All Users\Application Data\TEMP:32BD974D
@C:\Documents and Settings\All Users\Application Data\TEMP:275AA066
@C:\Documents and Settings\All Users\Application Data\TEMP:145EE4E0
@C:\Documents and Settings\All Users\Application Data\TEMP:EF71CAB5
@C:\Documents and Settings\All Users\Application Data\TEMP:ECCE99EF
@C:\Documents and Settings\All Users\Application Data\TEMP:B904C348
@C:\Documents and Settings\All Users\Application Data\TEMP:85C3B823
@C:\Documents and Settings\All Users\Application Data\TEMP:546EE13B
@C:\Documents and Settings\All Users\Application Data\TEMP:43982D5E


:otl
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No CLSID value found.
O4 - HKLM..\Run: [vhrvmy] C:\WINDOWS\system32\vpnemb.exe reg_run File not found
O4 - HKCU..\Run: [reywn] C:\WINDOWS\system32\vpnemb.exe reg_run File not found
O4 - HKCU..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1 File not found
O33 - MountPoints2\{0649ecb4-d30e-11db-8529-0017310f5abf}\Shell - "" = AutoRun
O33 - MountPoints2\{0649ecb4-d30e-11db-8529-0017310f5abf}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0649ecb4-d30e-11db-8529-0017310f5abf}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RIuOM.EXe
O33 - MountPoints2\{2a36188f-1fa1-11dc-8533-0017310f5abf}\Shell\Auto\command - "" = J:\RavMonE.exe e
O33 - MountPoints2\{2a36188f-1fa1-11dc-8533-0017310f5abf}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2a36188f-1fa1-11dc-8533-0017310f5abf}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMonE.exe e
O33 - MountPoints2\{adb3ba60-e0c7-11dd-85a1-0014e8e025c7}\Shell - "" = AutoRun
O33 - MountPoints2\{adb3ba60-e0c7-11dd-85a1-0014e8e025c7}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{adb3ba60-e0c7-11dd-85a1-0014e8e025c7}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O33 - MountPoints2\{c3e5a746-f182-11de-85f5-0017310f5abf}\Shell - "" = AutoRun
O33 - MountPoints2\{c3e5a746-f182-11de-85f5-0017310f5abf}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c3e5a746-f182-11de-85f5-0017310f5abf}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL qaouGo.EXE
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\D\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

:commands
[reboot]

  • CAREFUL NOW! You must click the Run Fix button, NOT the Run Scan!
  • If it asks to reboot the computer, please allow that.
  • Finally, post the contents of the log. (Located at C:\_OTL\Moved Files)

====================

Please open Malwarebytes' Anti-Malware, click the Update tab and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan and click Scan. Please post the resulting log in your next reply.

descriptionMS Removal Tool Help EmptyRe: MS Removal Tool Help

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum