Security Tool

2 posters

WiredWX Christian Hobby Weather Tools :: GeekPolice tech support archive :: Technical Support

Security Tool1st September 2010, 9:33 pm

I ran malwarebytes and had it remove all. I still have Security Tool infection. Please help. Thank you.
Debbie

Re: Security Tool1st September 2010, 10:52 pm

Hi Debbie,

Welcome to GeekPolice Forums! I'm Crush but, you can call me Chris too and I will be helping you with your Malware issues.

A few things to keep in mind as we progress:

1. We are all volunteer staff here so we log in and assess threads when real life, work, family, and other obligations permit. Additionally, we are located all over the world. There may be a bit of a time delay due to this.

2. Malware Removal threads are very time intensive. Each entry must be researched until it can be said with 100% certainty whether or not it can stay or needs to be removed. Sometimes additional work is needed to weed out suspect entries

3. This may turn into a long ordeal but, rest assured we will stay with you until you are completely disinfected.

4. Only Tech Officers, Global Moderators, Administrators, and Malware Advisors are allowed to give advice on removing malware from your computer. Do not run any tools unless specifically asked to by a member of one of these usergroups

5. If you are not the original poster of this thread DO NOT run any fixes given to the poster in this thread. They are all custom tailored specifically to this user. It could prove to be disastrous.

6. Please keep responding until I give you the "All Clear". Absence of symptoms does not mean that everything is clear.

7. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

8. If you have any questions or issues please stop and ask! We are all here to help.

IMPORTANT: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

If you follow these instructions, everything should go smoothly Smile...

.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted.

To do this click Security Tool Profil11

, then click Preferences. Make sure Always notify me of replies is set to Yes

With that out of the way:

Download OTL to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Under the Custom Scan box paste this in

Code:
netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %SYSTEMDRIVE%\*.exe %systemroot%\*. /mp /s c:\$recycle.bin\*.* /s HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs /md5start eventlog.dll scecli.dll netlogon.dll cngaudit.dll sceclt.dll ntelogon.dll logevent.dll iaStor.sys nvstor.sys nvstor32.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll explorer.exe svchost.exe userinit.exe qmgr.dll ws2_32.dll proquota.exe imm32.dll kernel32.dll ndis.sys autochk.exe spoolsv.exe xmlprov.dll ntmssvc.dll mswsock.dll Beep.SYS ntfs.sys termsrv.dll sfcfiles.dll st3shark.sys ahcix86.sys srsvc.dll nvrd32.sys /md5stop %systemroot%\system32\*.dll /lockedfiles %systemroot%\Tasks\*.job /lockedfiles

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time

===========

In addition. please post the Malwarebytes log. You can get it by going to the Logs tab of the program

Re: Security Tool2nd September 2010, 5:04 am

When I try to send the OTL.txt it says the posting is too big. What now?

Re: Security Tool2nd September 2010, 5:05 am

OTL Extras logfile created on: 9/1/2010 11:44:59 PM - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\Debbie\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 76.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 60.00 Gb Total Space | 44.18 Gb Free Space | 73.63% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 930.86 Gb Total Space | 692.39 Gb Free Space | 74.38% Space Free | Partition Type: NTFS
Drive P: | 238.09 Gb Total Space | 237.30 Gb Free Space | 99.67% Space Free | Partition Type: NTFS
Drive S: | 1862.36 Gb Total Space | 1281.91 Gb Free Space | 68.83% Space Free | Partition Type: NTFS
Drive X: | 442.98 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive Y: | 442.98 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: DEBBIESG
Current User Name: Debbie
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"56137:TCP" = 56137:TCP:*:Enabled:Pando
"56137:UDP" = 56137:UDP:*:Enabled:Pando

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"P:\AVG\AVG 9\avgemc.exe" = P:\AVG\AVG 9\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"P:\AVG\AVG 9\avgupd.exe" = P:\AVG\AVG 9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"P:\Driver Magic\DriverMagic.exe" = P:\Driver Magic\DriverMagic.exe:*:Enabled:DriverMagic Utilities -- File not found
"I:\Incredimail\IncrediMail\Bin\IncMail.exe" = I:\Incredimail\IncrediMail\Bin\IncMail.exe:*:Enabled:IncrediMail -- File not found
"I:\Incredimail\IncrediMail\Bin\ImApp.exe" = I:\Incredimail\IncrediMail\Bin\ImApp.exe:*:Enabled:IncrediMail -- File not found
"I:\Incredimail\IncrediMail\Bin\ImpCnt.exe" = I:\Incredimail\IncrediMail\Bin\ImpCnt.exe:*:Enabled:IncrediMail -- File not found
"I:\Incredimail\IncrediMail\Bin\ImLc.exe" = I:\Incredimail\IncrediMail\Bin\ImLc.exe:*:Enabled:IncrediMail -- File not found
"I:\Incredimail\IncrediMail\Bin\ImPackr.exe" = I:\Incredimail\IncrediMail\Bin\ImPackr.exe:*:Enabled:IncrediMail -- File not found
"P:\Pando\Pando.exe" = P:\Pando\Pando.exe:*:Enabled:Pando -- (Pando Networks)
"C:\Program Files\IncrediMail\bin\IncMail.exe" = C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)
"C:\Program Files\IncrediMail\bin\ImApp.exe" = C:\Program Files\IncrediMail\bin\ImApp.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)
"C:\Program Files\IncrediMail\bin\ImpCnt.exe" = C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)
"C:\Program Files\IncrediMail\bin\ImLc.exe" = C:\Program Files\IncrediMail\bin\ImLc.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)
"C:\Documents and Settings\Debbie\Local Settings\Temp\ImInstaller\incredimail_installer.exe" = C:\Documents and Settings\Debbie\Local Settings\Temp\ImInstaller\incredimail_installer.exe:*:Enabled:IncrediMail Installer -- (IncrediMail Ltd.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Development Company, L.P.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05C56753-F144-44BC-BA67-83CC5DBF395C}" = F300
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
"{2764CA82-DFB9-4498-AF85-719340BF5305}" = Dell Resource CD
"{2AA48AFA-79CA-4043-BFFC-BB5BA23A9FCF}" = WD SmartWare
"{2E5EEBB7-8B61-4FCC-AF7F-C2E0AC4583BB}" = Rapidshare Auto Downloader 3.7.1
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
"{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1" = Data Lifeguard Diagnostic for Windows 1.21
"{5F00DF7E-418B-4CD9-8EC5-781156BCC49E}" = Microsoft Money Shared Libraries
"{612B9183-67A9-4B44-9877-2F059E35B86A}" = Broadcom 440x 10/100 Integrated Controller
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{6994491D-D491-48F1-AE1F-E179C1FFFC2F}" = HP Photosmart Essential
"{6EEE934B-F292-4995-95BF-4AE871AC42E8}" = Diskeeper 2007 Pro Premier
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{72B1C9BA-16C8-4800-B804-FEEFF087C2BD}_is1" = King's Smith 1.0
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{75AE8014-1184-4BC0-B279-C879540719EE}" = PhotoMail Maker
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EE72D39-DE32-4069-9E72-C1974546EFDD}" = RuneScape Launcher 1.0.2
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AB480DA0-7EE9-465D-9C12-4CDE65BF18FB}" = Pando
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C260D3A3-169C-4DCA-8495-1E12E0D73637}_is1" = Galatron 1.0
"{C7793EE8-F666-4E6B-9827-76468679480E}" = Tweakui Powertoy for Windows XP
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D085A1B6-90A4-11D3-82B7-00C04FA309DE}" = Microsoft Money 2001
"{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7 Try And Buy
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{E1B80DEE-A795-4258-8445-074C06AE3AB8}" = MarketResearch
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{F974D34E-A474-4230-9335-757DD26A09A6}_is1" = Galatron1.1
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"20/20 v2.2" = 20/20 v2.2
"A Gypsys Tale The Tower of Secrets 1.00" = A Gypsys Tale The Tower of Secrets 1.00
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Type Manager 4.1" = Adobe Type Manager 4.1
"Adrianne Stone: Hidden Relics" = Adrianne Stone: Hidden Relics
"Advanced Attachments Processor" = Advanced Attachments Processor
"Agatha Christie 450 from Paddington 1.00" = Agatha Christie 450 from Paddington 1.00
"Al Emmos Postcards from Anozira 1.00" = Al Emmos Postcards from Anozira 1.00
"Ancient Adventures Gift of Zeus 1.00" = Ancient Adventures Gift of Zeus 1.00
"Artifacts of the Past Ancient Mysteries 1.00" = Artifacts of the Past Ancient Mysteries 1.00
"AVG9Uninstall" = AVG Free 9.0
"Barnyard Sherlock Hooves 1.00" = Barnyard Sherlock Hooves 1.00
"Bigfoot Chasing Shadows BFG 1.00" = Bigfoot Chasing Shadows BFG 1.00
"Biggest Little Adventure 1.00" = Biggest Little Adventure 1.00
"Blood Oath 1.00" = Blood Oath 1.00
"Brunhilda and the Dark Crystal 1.00" = Brunhilda and the Dark Crystal 1.00
"BumbleBee Jewel 1.00" = BumbleBee Jewel 1.00
"Classic Adventures The Great Gatsby 1.00" = Classic Adventures The Great Gatsby 1.00
"ClickPotatoLiteSA" = ClickPotato
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"Download Druid_is1" = Download Druid 2.2
"Dr Despicables Dastardly Deeds 1.00" = Dr Despicables Dastardly Deeds 1.00
"Dragon Empire 1.00" = Dragon Empire 1.00
"Drawn 2 Dark Flight Collectors Edition 1.00" = Drawn 2 Dark Flight Collectors Edition 1.00
"Dream Chronicles 4 Book of Air CE 1.00" = Dream Chronicles 4 Book of Air CE 1.00
"Easy Outlook Express Backup_is1" = Easy Outlook Express Backup
"Echoes of the Past The Castle of Shadows Collectors Edition 1.00" = Echoes of the Past The Castle of Shadows Collectors Edition 1.00
"El Sello Magico The False Heiress 1.00" = El Sello Magico The False Heiress 1.00
"Elixir of Immortality 1.00" = Elixir of Immortality 1.00
"Enlightenus 2 The Timeless Tower Collectors Edition 1.00" = Enlightenus 2 The Timeless Tower Collectors Edition 1.00
"eTrust Suite Personal" = CA Internet Security Suite
"Exorcist 1.00" = Exorcist 1.00
"Explorer Contraband Mystery 1.00" = Explorer Contraband Mystery 1.00
"Flux Family Secrets The Rabbit Hole Collectors Edition 1.00" = Flux Family Secrets The Rabbit Hole Collectors Edition 1.00
"GetDiz 4.5" = GetDiz 4.5
"Golden Trails The New Western Rush 1.00" = Golden Trails The New Western Rush 1.00
"Haunted Hotel 3 Lonely Dream 1.00" = Haunted Hotel 3 Lonely Dream 1.00
"Hidden Mysteries Vampire Secrets 1.00" = Hidden Mysteries Vampire Secrets 1.00
"Hotel Collectors Edition 1.00" = Hotel Collectors Edition 1.00
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
"HPExtendedCapabilities" = HP Customer Participation Program 7.0
"I Spy Fantasy 1.00" = I Spy Fantasy 1.00
"I SPY Mystery 1.00" = I SPY Mystery 1.00
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Immortal Lovers 1.00" = Immortal Lovers 1.00
"IncrediMail" = IncrediMail
"Insider Tales Vanished In Rome 1.00" = Insider Tales Vanished In Rome 1.00
"It's All About Masks 1.00" = It's All About Masks 1.00
"Jewel Island 1.00" = Jewel Island 1.00
"Journalistic Investigations Stolen Inheritance 1.00" = Journalistic Investigations Stolen Inheritance 1.00
"Journalistic Stories 1.00" = Journalistic Stories 1.00
"Kate Arrow Deserted Wood 1.00" = Kate Arrow Deserted Wood 1.00
"L Frank Baums The Wonderful Wizard of Oz 1.00" = L Frank Baums The Wonderful Wizard of Oz 1.00
"Laby 1.00" = Laby 1.00
"Legacy Lonesome Mansion 1.00" = Legacy Lonesome Mansion 1.00
"Lost in the City 1.00" = Lost in the City 1.00
"Love Chronicles The Spell Collectors Edition 1.00" = Love Chronicles The Spell Collectors Edition 1.00
"Mahjong Garden To Go 1.00" = Mahjong Garden To Go 1.00
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Media Player - Codec Pack" = Media Player Codec Pack 3.9.5
"Memorabilia Mias Mysterious Memory Machine 1.00" = Memorabilia Mias Mysterious Memory Machine 1.00
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Midnight Mysteries 2 Salem Witch Trials 1.00" = Midnight Mysteries 2 Salem Witch Trials 1.00
"Money2007b" = Microsoft Money 2007
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Mysterious Travel The Magic Diary 1.00" = Mysterious Travel The Magic Diary 1.00
"Mystery Cruise 1.00" = Mystery Cruise 1.00
"Mystery P.I. Stolen in San Francisco 1.00" = Mystery P.I. Stolen in San Francisco 1.00
"Mystic Diary Haunted Island 1.00" = Mystic Diary Haunted Island 1.00
"Nemos Secret The Nautilus 1.00" = Nemos Secret The Nautilus 1.00
"Nightfall Mysteries Asylum Conspiracy 1.00" = Nightfall Mysteries Asylum Conspiracy 1.00
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Paige Harper and the Tome of Mystery 1.00" = Paige Harper and the Tome of Mystery 1.00
"PhotoMail" = PhotoMail Maker
"PJ Pride Pet Detective 2.10" = PJ Pride Pet Detective 2.10
"Puppet Show Souls of the Innocent CE 1.00" = Puppet Show Souls of the Innocent CE 1.00
"Redemption Cemetery Curse of the Raven Collectors Edition 1.00" = Redemption Cemetery Curse of the Raven Collectors Edition 1.00
"Redrum 2 Time Lies 1.00" = Redrum 2 Time Lies 1.00
"Redrum Dead Diary 1.00" = Redrum Dead Diary 1.00
"Reincarnations 2 Uncover the Past Collectors Edition 1.00" = Reincarnations 2 Uncover the Past Collectors Edition 1.00
"Robins Quest 1.00" = Robins Quest 1.00
"Romancing the Seven Wonders Great Pyramids 1.00" = Romancing the Seven Wonders Great Pyramids 1.00
"Samantha Swift and the Fountains of Fate 1.00" = Samantha Swift and the Fountains of Fate 1.00
"Secrets of the Dragon Wheel 1.00" = Secrets of the Dragon Wheel 1.00
"Shaolin Mystery Tale of the Jade Dragon Staff 1.00" = Shaolin Mystery Tale of the Jade Dragon Staff 1.00
"Simajo The Travel Mystery Game 1.00" = Simajo The Travel Mystery Game 1.00
"Skymist The Lost Spirit Stones 1.00" = Skymist The Lost Spirit Stones 1.00
"Snark Busters Welcome to the Club 1.00" = Snark Busters Welcome to the Club 1.00
"SolSuite_is1" = SolSuite 2010 v10.1
"Special Enquiry Detail The Hand that Feeds 1.00" = Special Enquiry Detail The Hand that Feeds 1.00
"Sprill - The Mystery of the Bermuda Triangle 1.00" = Sprill - The Mystery of the Bermuda Triangle 1.00
"Steve The Sheriff 1.00" = Steve The Sheriff 1.00
"Sunset Studio Behind the Scenes 1.00" = Sunset Studio Behind the Scenes 1.00
"Teleport Pro" = Teleport Pro
"The Clockwork Man 2 - Ultimate Edition Game Guide" = The Clockwork Man 2 - Ultimate Edition Game Guide EN v1.0.0.0
"The Clockwork Man 2 The Hidden World Ultimate Edition 1.00" = The Clockwork Man 2 The Hidden World Ultimate Edition 1.00
"The Crop Circles Mystery 1.00" = The Crop Circles Mystery 1.00
"The Dream Voyagers 1.00" = The Dream Voyagers 1.00
"The Font Thing" = The Font Thing
"The Great Pharaoh 1.00" = The Great Pharaoh 1.00
"The Lost Kingdom Prophecy 1.00" = The Lost Kingdom Prophecy 1.00
"The Mysterious Case of Dr. Jekyll and Mr. Hyde 1.00" = The Mysterious Case of Dr. Jekyll and Mr. Hyde 1.00
"The Otherside Realm of Eons 1.00" = The Otherside Realm of Eons 1.00
"The Otherside Realm of Eons 1.10" = The Otherside Realm of Eons 1.10
"The Pirates Treasure An Oliver Hook Mystery 1.00" = The Pirates Treasure An Oliver Hook Mystery 1.00
"The Seawise Chronicles Untamed Legacy 1.00" = The Seawise Chronicles Untamed Legacy 1.00
"The Treasures of Mystery Island The Gates of Fate 1.00" = The Treasures of Mystery Island The Gates of Fate 1.00
"Time Dreamer 1.00" = Time Dreamer 1.00
"Totem Quest 1.00" = Totem Quest 1.00
"Treasure Seekers Follow the Ghosts Collectors Edition 1.00" = Treasure Seekers Follow the Ghosts Collectors Edition 1.00
"TrioTheGreatSettlement_is1" = Trio The Great Settlement
"Tropical Shop Fish Annabels Adventure 1.00" = Tropical Shop Fish Annabels Adventure 1.00
"Unlocker" = Unlocker 1.9.0
"Vampire Brides Love Over Death 1.00" = Vampire Brides Love Over Death 1.00
"Vampireville 1.00" = Vampireville 1.00
"Vaultcracker The Last Safe 1.02" = Vaultcracker The Last Safe 1.02
"Veronica and the Book of Dreams 1.00" = Veronica and the Book of Dreams 1.00
"VLC media player" = VLC media player 0.9.2
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yard Sale Junkie 1.00" = Yard Sale Junkie 1.00
"Youda Legend The Curse of the Amsterdam Diamond1.6" = Youda Legend The Curse of the Amsterdam Diamond

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Spirits of Metropolis v1.10" = Spirits of Metropolis v1.10
"Splotches" = Splotches
"The Sandbox of God Remastered" = The Sandbox of God Remastered

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/19/2010 4:05:32 PM | Computer Name = DEBBIESG | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.17055, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/19/2010 4:05:38 PM | Computer Name = DEBBIESG | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.17055, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/19/2010 4:06:00 PM | Computer Name = DEBBIESG | Source = Application Hang | ID = 1002
Description = Hanging application Roxio_Central36.exe, version 3.70.11.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/19/2010 4:21:26 PM | Computer Name = DEBBIESG | Source = Application Hang | ID = 1002
Description = Hanging application HiddenMysteriesVampireSecrets.exe, version 1.0.0.0,
hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/19/2010 4:22:15 PM | Computer Name = DEBBIESG | Source = Application Hang | ID = 1002
Description = Hanging application HiddenMysteriesVampireSecrets.exe, version 1.0.0.0,
hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/19/2010 4:23:27 PM | Computer Name = DEBBIESG | Source = Application Hang | ID = 1002
Description = Hanging application JournalisticStories.exe, version 1.0.0.0, hang
module hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/19/2010 4:30:06 PM | Computer Name = DEBBIESG | Source = Application Error | ID = 1000
Description = Faulting application msimn.exe, version 6.0.2900.5512, faulting module
kernel32.dll, version 5.1.2600.5781, fault address 0x00012afb.

Error - 7/19/2010 4:30:12 PM | Computer Name = DEBBIESG | Source = Application Error | ID = 1001
Description = Fault bucket 1229220237.

Error - 7/19/2010 5:15:00 PM | Computer Name = DEBBIESG | Source = Application Error | ID = 1000
Description = Faulting application roxio_central36.exe, version 3.70.11.0, faulting
module rcengine.dll, version 3.70.4.0, fault address 0x0004f4be.

Error - 7/19/2010 5:15:15 PM | Computer Name = DEBBIESG | Source = Application Error | ID = 1001
Description = Fault bucket 1121088869.

[ System Events ]
Error - 9/1/2010 8:26:10 PM | Computer Name = DEBBIESG | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\Program Files\Western Digital\WD
SmartWare\Front Parlor\XP\Shadow.dll. Reference error message: The operation completed
successfully. .

Error - 9/1/2010 8:26:17 PM | Computer Name = DEBBIESG | Source = Service Control Manager | ID = 7000
Description = The MBAMService service failed to start due to the following error:
%%2

Error - 9/1/2010 8:43:39 PM | Computer Name = DEBBIESG | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC90.CRT could not be found and Last
Error was The referenced assembly is not installed on your system.

Error - 9/1/2010 8:43:39 PM | Computer Name = DEBBIESG | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error
message: The referenced assembly is not installed on your system. .

Error - 9/1/2010 8:43:39 PM | Computer Name = DEBBIESG | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\Program Files\Western Digital\WD
SmartWare\Front Parlor\XP\Shadow.dll. Reference error message: The operation completed
successfully. .

Error - 9/1/2010 8:43:51 PM | Computer Name = DEBBIESG | Source = Service Control Manager | ID = 7000
Description = The MBAMService service failed to start due to the following error:
%%2

Error - 9/1/2010 9:18:32 PM | Computer Name = DEBBIESG | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC90.CRT could not be found and Last
Error was The referenced assembly is not installed on your system.

Error - 9/1/2010 9:18:32 PM | Computer Name = DEBBIESG | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error
message: The referenced assembly is not installed on your system. .

Error - 9/1/2010 9:18:32 PM | Computer Name = DEBBIESG | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\Program Files\Western Digital\WD
SmartWare\Front Parlor\XP\Shadow.dll. Reference error message: The operation completed
successfully. .

Error - 9/1/2010 9:18:34 PM | Computer Name = DEBBIESG | Source = Service Control Manager | ID = 7000
Description = The MBAMService service failed to start due to the following error:
%%2

< End of report >

Re: Security Tool2nd September 2010, 5:06 am

Malwarebytes' Anti-Malware 1.40
Database version: 2551
Windows 5.1.2600 Service Pack 3

9/1/2010 3:44:11 PM
mbam-log-2010-09-01 (15-44-11).txt

Scan type: Quick Scan
Objects scanned: 96034
Time elapsed: 3 minute(s), 51 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 13
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
C:\WINDOWS\Temp\_ex-08.exe (Trojan.Dropper) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sniffer (Trojan.Dropper) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\Temp\_ex-08.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

Re: Security Tool2nd September 2010, 5:12 am

Try attaching the otl.txt

Re: Security Tool2nd September 2010, 5:19 am

Says uploaded file is not valid.

Re: Security Tool2nd September 2010, 7:05 pm

Ok. Split it into multiple posts

Re: Security Tool2nd September 2010, 7:38 pm

OTL logfile created on: 9/1/2010 11:44:59 PM - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\Debbie\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 76.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 60.00 Gb Total Space | 44.18 Gb Free Space | 73.63% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 930.86 Gb Total Space | 692.39 Gb Free Space | 74.38% Space Free | Partition Type: NTFS
Drive P: | 238.09 Gb Total Space | 237.30 Gb Free Space | 99.67% Space Free | Partition Type: NTFS
Drive S: | 1862.36 Gb Total Space | 1281.91 Gb Free Space | 68.83% Space Free | Partition Type: NTFS
Drive X: | 442.98 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive Y: | 442.98 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: DEBBIESG
Current User Name: Debbie
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/09/01 23:43:13 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Debbie\Desktop\OTL.exe
PRC - [2010/07/21 09:09:17 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- P:\AVG\AVG 9\avgemc.exe
PRC - [2010/07/18 09:53:25 | 002,065,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- P:\AVG\AVG 9\avgtray.exe
PRC - [2010/07/18 09:53:23 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- P:\AVG\AVG 9\avgrsx.exe
PRC - [2010/07/18 09:53:23 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- P:\AVG\AVG 9\avgwdsvc.exe
PRC - [2010/07/18 09:53:20 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- P:\AVG\AVG 9\avgcsrvx.exe
PRC - [2010/07/18 09:53:19 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- P:\AVG\AVG 9\avgchsvx.exe
PRC - [2010/07/04 14:51:26 | 000,017,408 | ---- | M] () -- P:\Unnlocker\UnlockerAssistant.exe
PRC - [2010/06/09 20:44:28 | 000,214,256 | ---- | M] (CA, Inc.) -- P:\CA Internet Security Suite\ccprovsp.exe
PRC - [2010/06/09 20:44:28 | 000,177,392 | ---- | M] (CA, Inc.) -- P:\CA Internet Security Suite\cctray\cctray.exe
PRC - [2010/06/09 20:43:06 | 000,014,088 | ---- | M] (CA) -- P:\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe
PRC - [2010/05/10 11:34:22 | 004,456,448 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
PRC - [2010/05/10 11:33:42 | 000,110,592 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
PRC - [2010/05/10 11:32:36 | 001,858,048 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
PRC - [2010/05/10 11:32:06 | 000,482,304 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
PRC - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
PRC - [2009/08/18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/16 21:10:16 | 000,189,704 | ---- | M] (CA, Inc.) -- P:\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
PRC - [2007/08/16 21:10:14 | 000,218,376 | ---- | M] (CA, Inc.) -- P:\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
PRC - [2007/08/09 02:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2007/01/30 14:58:20 | 000,917,504 | ---- | M] (Diskeeper Corporation) -- P:\Diskeeper\DkService.exe
PRC - [2007/01/04 12:10:22 | 000,280,080 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe

========== Modules (SafeList) ==========

MOD - [2010/09/01 23:43:13 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Debbie\Desktop\OTL.exe
MOD - [2010/07/04 16:32:36 | 000,004,608 | ---- | M] () -- P:\Unnlocker\UnlockerHook.dll
MOD - [2010/06/09 20:43:05 | 000,083,208 | ---- | M] (CA) -- P:\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOEHook.dll
MOD - [2008/04/13 19:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- P:\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/07/21 09:09:17 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- P:\AVG\AVG 9\avgemc.exe -- (avg9emc)
SRV - [2010/07/18 09:53:23 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- P:\AVG\AVG 9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/06/09 20:44:28 | 000,214,256 | ---- | M] (CA, Inc.) [On_Demand | Running] -- P:\CA Internet Security Suite\ccprovsp.exe -- (CaCCProvSP)
SRV - [2010/05/10 11:33:42 | 000,110,592 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2010/05/10 11:32:36 | 001,858,048 | ---- | M] () [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe -- (WDFME)
SRV - [2010/05/10 11:32:06 | 000,482,304 | ---- | M] () [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe -- (WDSC)
SRV - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2007/09/05 21:25:04 | 000,204,800 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\WINDOWS\system32\stacsv.exe -- (STacSV)
SRV - [2007/08/16 21:10:16 | 000,189,704 | ---- | M] (CA, Inc.) [On_Demand | Running] -- P:\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe -- (PPCtlPriv)
SRV - [2007/08/09 02:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2007/01/30 14:58:20 | 000,917,504 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- P:\Diskeeper\DkService.exe -- (Diskeeper)
SRV - [2007/01/04 12:10:22 | 000,280,080 | ---- | M] (CA, Inc.) [Auto | Running] -- C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe -- (ITMRTSVC)
SRV - [2000/05/24 15:20:36 | 000,015,360 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\WINDOWS\system32\ATMsrvc.exe -- (ATMsrvc)

========== Driver Services (SafeList) ==========

DRV - [2010/09/01 15:32:52 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF) WinPcap Packet Driver (NPF)
DRV - [2010/07/18 09:53:25 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/07/18 09:53:20 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/06/07 09:57:39 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/03/10 08:18:20 | 000,024,216 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ivusb.sys -- (ivusb)
DRV - [2009/08/03 13:36:06 | 000,019,096 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2009/02/13 12:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/09/17 08:07:00 | 006,853,088 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2007/09/05 21:25:30 | 001,246,456 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/06/18 03:01:28 | 000,514,560 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2007/04/16 21:46:00 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2006/12/19 08:36:54 | 001,160,504 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha20x2k.sys -- (ha20x2k)
DRV - [2006/12/19 08:36:46 | 000,090,936 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2006/12/19 08:36:42 | 000,156,984 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2006/12/19 08:36:36 | 000,014,648 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2006/12/19 08:36:32 | 000,128,312 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2006/12/19 08:35:40 | 000,511,288 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2006/11/21 04:25:44 | 000,045,568 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/11/02 10:00:50 | 000,347,144 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2003/11/17 15:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 15:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 15:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2001/08/17 13:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://wendysforum.net/index.php/board,4.0.html
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\ClickPotatoLite@ClickPotatoLite.com: C:\Program Files\ClickPotatoLite\bin\10.0.528.0\firefox\extensions

O1 HOSTS File: ([2001/08/23 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AVG9_TRAY] P:\AVG\AVG 9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [cctray] P:\CA Internet Security Suite\cctray\cctray.exe (CA, Inc.)
O4 - HKLM..\Run: [ClickPotatoLiteSA] C:\Program Files\ClickPotatoLite\bin\10.0.528.0\ClickPotatoLiteSA.exe File not found
O4 - HKLM..\Run: [IDTSysTrayApp] C:\WINDOWS\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] P:\Malwarebytes' Anti-Malware\mbamgui.exe File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [QOELOADER] P:\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe (CA)
O4 - HKLM..\Run: [UnlockerAssistant] P:\Unnlocker\UnlockerAssistant.exe ()
O4 - HKCU..\Run: [DriverCure] C:\Program Files\ParetoLogic\DriverCure\DriverCure.exe File not found
O4 - HKCU..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\bin\resources\WebMenuImg.htm ()
O8 - Extra context menu item: Druid: Download All Files - P:\Download Druid\Druid.html ()
O8 - Extra context menu item: Druid: Download Highlighted Files - P:\Download Druid\DruidHighLighted.html ()
O9 - Extra Button: Download - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - P:\Download Druid\Druid.exe (XemiComputers)
O9 - Extra 'Tools' menuitem : Druid: Download All Files - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - P:\Download Druid\Druid.exe (XemiComputers)
O9 - Extra Button: Druid Bar - {A6B25D86-CB76-44C1-8E35-328EE8F4BEF0} - P:\Download Druid\DruidBar.dll ()
O9 - Extra Button: ClickPotato - {B58926D6-CFB0-45d2-9C28-4B5A0F0368AE} - C:\Program Files\ClickPotatoLite\bin\10.0.528.0\ClickPotatoLiteSABHO.dll File not found
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1275856917999 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1275920170750 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.10.1 76.85.229.110 76.85.229.111
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\Debbie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Debbie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/06/06 15:26:19 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/01/28 15:00:27 | 000,000,088 | R--- | M] () - X:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2010/01/28 15:00:27 | 000,000,088 | R--- | M] () - Y:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{ff79e305-aaa6-11df-bfa4-001aa0440a0f}\Shell\AutoRun\command - "" = F:\urDrive.exe -- File not found
O33 - MountPoints2\{ff79e309-aaa6-11df-bfa4-001aa0440a0f}\Shell\AutoRun\command - "" = F:\urDrive.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: UploadMgr - Service
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Re: Security Tool2nd September 2010, 7:39 pm

Drivers32: msacm.ac3filter - C:\WINDOWS\System32\ac3filter.acm ()
Drivers32: msacm.divxa32 - C:\WINDOWS\System32\DivXa32.acm (Packed With Joy !)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.divx - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.ffds - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.vp60 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.vp61 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.vp62 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: wave - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

========== Files/Folders - Created Within 90 Days ==========

[2010/09/01 23:43:12 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Debbie\Desktop\OTL.exe
[2010/09/01 19:15:37 | 000,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/09/01 19:15:36 | 000,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/09/01 18:55:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debbie\Local Settings\Application Data\Threat Expert
[2010/09/01 16:14:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/09/01 16:06:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/09/01 16:06:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debbie\Application Data\PC Tools
[2010/09/01 16:02:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2010/09/01 15:39:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debbie\Application Data\Malwarebytes
[2010/09/01 15:39:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/09/01 15:32:52 | 000,281,104 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\wpcap.dll
[2010/09/01 15:32:52 | 000,100,880 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\Packet.dll
[2010/09/01 15:32:52 | 000,050,704 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\drivers\npf.sys
[2010/09/01 15:26:32 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Money 2007
[2010/09/01 10:58:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ClickPotatoLiteSA
[2010/09/01 10:58:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debbie\Application Data\ClickPotatoLite
[2010/08/31 11:19:08 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2010/08/31 11:19:02 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010/08/31 11:13:00 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft ActiveSync
[2010/08/31 11:12:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010/08/31 11:12:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
[2010/08/31 11:12:43 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010/08/31 11:12:43 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010/08/30 19:47:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TreeCardGames
[2010/08/30 19:47:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debbie\Application Data\SolSuite
[2010/08/30 12:00:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debbie\Application Data\Outertech
[2010/08/29 16:06:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debbie\Application Data\TheGreatPharaoh
[2010/08/28 23:29:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debbie\Application Data\SpinTop Games
[2010/08/28 23:03:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debbie\Local Settings\Application Data\SpiritVG
[2010/08/27 12:50:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debbie\Application Data\Enki Games
[2010/08/25 20:04:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Veronica&BoD
[2010/08/25 13:18:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debbie\Local Settings\Application Data\Microsoft Help
[2010/08/25 13:18:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2010/08/24 14:25:27 | 000,000,000 | -H-D | C] -- C:\Config.Msi
[2010/08/24 13:16:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debbie\Local Settings\Application Data\Yahoo
[2010/08/24 13:15:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debbie\Application Data\vlc
[2010/08/24 13:14:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debbie\Local Settings\Application Data\WeatherBug
[2010/08/24 13:14:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debbie\Application Data\WeatherBug
[2010/08/24 13:14:32 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2010/08/24 13:14:13 | 000,000,000 | ---D | C] -- C:\Program Files\Free Offers from Freeze.com
[2010/08/24 13:14:11 | 000,000,000 | ---D | C] -- C:\Program Files\PriceGong
[2010/08/24 13:14:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[2010/08/24 13:14:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debbie\Application Data\FCSB000062035
[2010/08/24 13:14:00 | 000,000,000 | ---D | C] -- C:\Program Files\Shop to Win 2
[2010/08/24 13:13:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debbie\Application Data\Yahoo!
[2010/08/24 13:13:57 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2010/08/22 22:36:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debbie\Application Data\Gamers Digital
[2010/08/22 22:36:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Gamers Digital
[2010/08/21 13:37:53 | 000,000,000 | ---D | C] -- C:\Program Files\IncrediMail
[2010/08/20 23:00:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debbie\Application Data\TOMI2.THE GATES OF FATE
[2010/08/18 15:41:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Gogii
[2010/08/18 14:42:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debbie\Application Data\SunRay Games
[2010/08/13 13:36:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Exorcist DS 7
[2010/08/12 13:17:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debbie\Application Data\GameHouse
[2010/08/09 09:25:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debbie\Local Settings\Application Data\Thinstall
[2010/08/09 09:25:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debbie\Application Data\Thinstall
[2010/08/08 16:00:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2010/08/08 11:30:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debbie\Application Data\Anarchy
[2010/08/08 10:34:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/08/08 10:32:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/08/08 10:32:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/08/08 10:32:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2010/08/08 10:32:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/08/08 10:31:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2010/08/07 21:22:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debbie\Application Data\Bicyclestudios
[2010/08/07 21:22:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Bicyclestudios
[2010/08/06 15:24:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debbie\Application Data\Enlightenus2_BFG
[2010/08/06 15:04:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debbie\Application Data\Orneon
[2010/08/06 14:51:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debbie\My Documents\My Saved Games
[2010/08/01 13:45:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/08/01 13:45:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/08/01 13:44:22 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/08/01 13:43:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debbie\Application Data\Sun
[2010/08/01 13:35:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debbie\Application Data\RunningPillow
[2010/07/31 12:47:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debbie\Application Data\Trio
[2010/07/30 16:54:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debbie\Application Data\ERS Game Studios
[2010/07/29 15:12:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alawar Stargaze
[2010/07/28 23:45:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debbie\Application Data\Vast Studios
[2010/07/28 13:04:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debbie\Application Data\MysteriousCaseOfJekyllAndHyde
[2010/07/27 13:00:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debbie\Application Data\Total Eclipse
[2010/07/25 13:08:33 | 000,000,000 | ---D | C] -- C:\Program Files\Western Digital Corporation
[2010/07/24 14:27:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debbie\Local Settings\Application Data\TheLostKingdomProphecy
[2010/07/21 15:39:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debbie\Application Data\GameMill Entertainment
[2010/07/21 14:55:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debbie\Application Data\SprillBermudeEng
[2010/07/19 15:27:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Particles
[2010/07/19 15:26:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Far Mills
[2010/07/18 23:51:38 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2010/07/18 09:53:23 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/07/17 20:28:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debbie\Application Data\Vogat Interactive
[2010/07/17 15:41:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debbie\Application Data\CannyGames
[2010/07/15 18:58:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debbie\Saved Games
[2010/07/15 18:58:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debbie\Local Settings\Application Data\Oberon Games
[2010/07/14 12:59:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debbie\Application Data\TikisLab
[2010/07/14 12:50:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debbie\Application Data\OtherSide Realm of Eons
[2010/07/13 22:21:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debbie\Application Data\Big Fish Games
[2010/07/13 18:55:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debbie\Application Data\Floodlight Games
[2010/07/13 18:55:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Floodlight Games
[2010/07/11 19:17:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debbie\Application Data\Silverback Productions
[2010/07/11 16:47:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debbie\Application Data\Pi Eye Games
[2010/07/10 14:15:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debbie\Application Data\KranX Productions
[2010/07/07 13:20:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debbie\My Documents\AntiqueHunter
[2010/07/06 12:31:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Redrum
[2010/07/06 12:31:09 | 000,000,000 | -HSD | C] -- C:\WINDOWS\ftpcache
[2010/07/06 11:26:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\iWin
[2010/07/06 11:15:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debbie\Application Data\Paige Harper and the Tome of Mystery
[2010/07/06 10:58:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debbie\Application Data\VendelGAMES
[2010/07/05 16:10:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debbie\My Documents\My Pando Packages
[2010/07/05 13:34:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debbie\Application Data\PlayFirst
[2010/07/05 13:34:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2010/07/04 23:16:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\GamePlastic
[2010/07/04 15:30:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debbie\Application Data\Brunhilda_Release
[2010/07/04 15:30:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debbie\Application Data\StoneLoops!
[2010/07/04 15:30:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debbie\Application Data\Saqqarah
[2010/07/04 15:30:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debbie\Application Data\MagicMatch
[2010/07/04 15:30:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debbie\Application Data\Brunhilda
[2010/07/04 14:13:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debbie\Application Data\A Gypsy's Tale - The Tower of Secrets
[2010/07/04 13:55:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debbie\Application Data\Finstere Liebschaft
[2010/07/04 13:55:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Finstere Liebschaft
[2010/07/03 20:04:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debbie\Local Settings\Application Data\Pando
[2010/07/03 19:43:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debbie\Application Data\IdeaBoxGame
[2010/07/02 23:07:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debbie\Application Data\Mutant Arcade
[2010/06/27 10:57:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
[2010/06/26 22:48:42 | 000,000,000 | ---D | C] -- C:\Program Files\PhotoMail Maker
[2010/06/26 22:48:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PhotoMail
[2010/06/26 22:47:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\IncrediMail
[2010/06/26 22:47:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\IM
[2010/06/25 19:06:09 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Money
[2010/06/25 18:21:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debbie\Local Settings\Application Data\Help
[2010/06/25 18:21:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debbie\Application Data\Help
[2010/06/24 15:44:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\.jagex_cache_32
[2010/06/24 15:42:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debbie\Local Settings\Application Data\jagexlauncher
[2010/06/24 11:04:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debbie\Application Data\TeleportGamesLtd
[2010/06/24 11:04:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TeleportGamesLtd
[2010/06/23 21:21:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debbie\Application Data\HitPoint Studios
[2010/06/23 21:21:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HitPoint Studios
[2010/06/21 20:31:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debbie\Application Data\SevenSails
[2010/06/21 20:18:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\GameHouse
[2010/06/21 19:12:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Cateia Games
[2010/06/21 15:57:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debbie\Application Data\V-Games
[2010/06/21 12:43:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debbie\Application Data\Magic3
[2010/06/21 12:43:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AlawarWrapper
[2010/06/20 13:09:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debbie\Application Data\YoudaGames
[2010/06/20 13:07:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\Youda Legend The Curse of the Amsterdam Diamond
[2010/06/19 23:08:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debbie\Local Settings\Application Data\MyDownloader
[2010/06/19 23:07:56 | 000,000,000 | ---D | C] -- C:\Downloads
[2010/06/19 22:30:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debbie\Local Settings\Application Data\RapidShare
[2010/06/18 11:42:27 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2010/06/18 11:33:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
[2010/06/17 20:53:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-TW
[2010/06/17 20:53:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-HK
[2010/06/17 20:53:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\tr-TR
[2010/06/17 20:53:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\sv-SE
[2010/06/17 20:53:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\pt-BR
[2010/06/17 20:53:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\nl-NL
[2010/06/17 20:53:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\nb-NO
[2010/06/17 20:53:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ko-KR
[2010/06/17 20:53:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\it-IT
[2010/06/17 20:53:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\he-IL
[2010/06/17 20:53:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\fr-FR
[2010/06/17 20:53:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\fi-FI
[2010/06/17 20:53:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\es-ES
[2010/06/17 20:53:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\el-GR
[2010/06/17 20:53:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\de-DE
[2010/06/17 20:53:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\da-DK
[2010/06/17 20:53:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ar-SA
[2010/06/17 13:43:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debbie\Application Data\ERS G-Studio
[2010/06/16 15:36:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debbie\Application Data\Awem
[2010/06/15 12:02:12 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010/06/15 10:57:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debbie\My Documents\Updater5
[2010/06/14 15:25:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2010/06/13 22:14:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debbie\Application Data\Skunk Studios
[2010/06/12 10:20:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debbie\Application Data\HpUpdate
[2010/06/12 10:20:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\Hewlett-Packard
[2010/06/12 09:50:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debbie\Application Data\HP
[2010/06/11 22:27:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP
[2010/06/11 22:26:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HP
[2010/06/11 22:24:54 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard
[2010/06/11 22:24:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Hewlett-Packard
[2010/06/11 22:22:49 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2010/06/10 12:34:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2010/06/10 12:25:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debbie\Application Data\DivX
[2010/06/09 22:48:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2010/06/09 22:33:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debbie\Local Settings\Application Data\TouchStoneSoftware
[2010/06/09 22:18:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Installations
[2010/06/09 22:17:37 | 000,000,000 | -HSD | C] -- C:\Diskeeper
[2010/06/09 22:15:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debbie\Local Settings\Application Data\XemiComputers
[2010/06/09 22:02:02 | 000,299,520 | ---- | C] (InstallShield Corporation, Inc.) -- C:\WINDOWS\uninst.exe
[2010/06/09 22:02:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debbie\WINDOWS
[2010/06/09 22:01:56 | 000,000,000 | ---D | C] -- C:\temp
[2010/06/09 22:00:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debbie\Local Settings\Application Data\Adobe
[2010/06/09 22:00:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2010/06/09 20:50:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debbie\Local Settings\Application Data\PCHealth
[2010/06/09 20:46:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debbie\Local Settings\Application Data\Qurb4
[2010/06/09 20:42:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Scanner
[2010/06/09 20:42:58 | 000,000,000 | ---D | C] -- C:\Program Files\CA
[2010/06/09 20:42:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CA
[2010/06/09 14:00:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debbie\Local Settings\Application Data\Identities
[2010/06/09 13:53:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debbie\Outlook Express Backups
[2010/06/09 13:00:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\custom matrices
[2010/06/09 13:00:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\QuickTime
[2010/06/09 13:00:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\C2MP
[2010/06/09 12:46:16 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2010/06/08 16:16:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debbie\Local Settings\Application Data\MicroVision Applications
[2010/06/08 16:14:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debbie\Local Settings\Application Data\ApplicationHistory
[2010/06/08 16:05:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debbie\Application Data\Roxio
[2010/06/08 16:03:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Uninstall
[2010/06/08 16:03:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SureThing Shared
[2010/06/08 16:02:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sonic
[2010/06/08 16:02:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Sonic Shared
[2010/06/08 16:02:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Roxio Shared
[2010/06/08 16:02:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2010/06/08 16:02:10 | 000,000,000 | ---D | C] -- C:\Program Files\Roxio
[2010/06/08 12:20:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debbie\Local Settings\Application Data\WDC
[2010/06/08 12:20:20 | 000,011,520 | ---- | C] (Western Digital Technologies) -- C:\WINDOWS\System32\drivers\wdcsam.sys
[2010/06/08 12:20:03 | 000,000,000 | ---D | C] -- C:\Program Files\Western Digital
[2010/06/08 12:19:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debbie\Application Data\Western DigitalTemp
[2010/06/07 22:13:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTEMP
[2010/06/07 22:07:03 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Debbie\My Documents\My Videos
[2010/06/07 20:50:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debbie\Application Data\GOL_byHasbro
[2010/06/07 20:50:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/06/07 20:21:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Trymedia
[2010/06/07 14:18:33 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2010/06/07 14:17:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2010/06/07 14:17:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2010/06/07 13:23:34 | 001,900,544 | ---- | C] (IDT, Inc.) -- C:\WINDOWS\System32\stlang.dll
[2010/06/07 13:23:34 | 000,405,504 | ---- | C] (IDT, Inc.) -- C:\WINDOWS\sttray.exe
[2010/06/07 13:23:34 | 000,204,800 | ---- | C] (IDT, Inc.) -- C:\WINDOWS\System32\stacsv.exe
[2010/06/07 13:23:34 | 000,000,000 | ---D | C] -- C:\Program Files\IDT
[2010/06/07 13:21:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/06/07 10:02:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2010/06/07 10:02:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2010/06/07 10:02:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2010/06/06 23:16:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie7updates
[2010/06/06 23:15:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2010/06/06 23:14:54 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie7
[2010/06/06 23:14:45 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
[2010/06/06 23:14:35 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
[2010/06/06 23:13:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2010/06/06 23:06:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debbie\Application Data\WinRAR
[2010/06/06 19:43:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debbie\Application Data\Adobe
[2010/06/06 19:15:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2010/06/06 19:15:44 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2010/06/06 19:15:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2010/06/06 19:15:40 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2010/06/06 19:14:00 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0
[2010/06/06 18:38:05 | 000,243,024 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/06/06 18:38:01 | 000,216,400 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/06/06 18:38:00 | 000,029,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/06/06 18:37:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2010/06/06 18:37:24 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/06/06 18:37:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/06/06 18:32:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debbie\Application Data\DriverCure
[2010/06/06 18:32:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2010/06/06 18:32:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DriverCure
[2010/06/06 18:27:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debbie\Local Settings\Application Data\Western_Digital
[2010/06/06 18:26:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debbie\Application Data\Western Digital
[2010/06/06 18:26:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ServiceTest
[2010/06/06 18:26:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2010/06/06 18:26:14 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2010/06/06 18:26:03 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
[2010/06/06 18:25:05 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2010/06/06 18:24:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2010/06/06 18:11:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/06/06 18:10:16 | 000,409,600 | ---- | C] (Creative Labs) -- C:\WINDOWS\System32\wrap_oal.dll
[2010/06/06 18:10:16 | 000,114,688 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\WINDOWS\System32\OpenAL32.dll
[2010/06/06 18:10:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debbie\Application Data\Creative
[2010/06/06 18:09:56 | 000,011,776 | ---- | C] (Creative Technology Limited) -- C:\WINDOWS\INRES.DLL
[2010/06/06 18:09:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Data
[2010/06/06 18:08:54 | 000,000,000 | ---D | C] -- C:\Program Files\Creative
[2010/06/06 18:08:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Creative
[2010/06/06 18:06:54 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2010/06/06 18:05:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debbie\Application Data\Macromedia
[2010/06/06 18:03:56 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2010/06/06 18:01:33 | 000,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft
[2010/06/06 15:58:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\provisioning
[2010/06/06 15:58:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\peernet
[2010/06/06 15:57:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2010/06/06 15:56:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2010/06/06 15:55:24 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2010/06/06 15:55:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\EHome
[2010/06/06 15:52:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Western Digital
[2010/06/06 15:49:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2010/06/06 15:47:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debbie\Local Settings\Application Data\Western Digital
[2010/06/06 15:43:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2010/06/06 15:42:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2010/06/06 15:41:55 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Debbie\UserData
[2010/06/06 15:39:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2010/06/06 15:38:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2010/06/06 15:38:25 | 000,000,000 | ---D | C] -- C:\Program Files\Broadcom
[2010/06/06 15:37:23 | 000,000,000 | ---D | C] -- C:\Program Files\CONEXANT
[2010/06/06 15:37:10 | 000,000,000 | ---D | C] -- C:\dell
[2010/06/06 15:36:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\vmm32
[2010/06/06 15:36:46 | 000,000,000 | ---D | C] -- C:\Program Files\Dell
[2010/06/06 15:36:17 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/06/06 15:35:26 | 000,000,000 | -HSD | C] -- C:\WINDOWS\Installer
[2010/06/06 15:35:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debbie\Application Data\Identities
[2010/06/06 15:35:23 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2010/06/06 15:35:22 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Debbie\My Documents\My Pictures
[2010/06/06 15:35:22 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Debbie\My Documents\My Music
[2010/06/06 15:35:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debbie\Local Settings\Application Data\Microsoft
[2010/06/06 15:35:19 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Debbie\Application Data\Microsoft
[2010/06/06 15:35:19 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Debbie\SendTo
[2010/06/06 15:35:19 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Debbie\Recent
[2010/06/06 15:35:19 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Debbie\Application Data
[2010/06/06 15:35:19 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Debbie\Start Menu
[2010/06/06 15:35:19 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Debbie\My Documents
[2010/06/06 15:35:19 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Debbie\Favorites
[2010/06/06 15:35:19 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Debbie\Cookies
[2010/06/06 15:35:19 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Debbie\Templates
[2010/06/06 15:35:19 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Debbie\PrintHood
[2010/06/06 15:35:19 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Debbie\NetHood
[2010/06/06 15:35:19 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Debbie\Local Settings
[2010/06/06 15:35:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debbie\Desktop
[2010/06/06 15:34:51 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2010/06/06 15:34:50 | 000,000,000 | --SD | C] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/06/06 15:34:50 | 000,000,000 | --SD | C] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/06/06 15:34:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/06/06 15:34:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/06/06 15:27:14 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2010/06/06 15:27:14 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2010/06/06 15:26:41 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2010/06/06 15:26:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2010/06/06 15:26:30 | 000,000,000 | ---D | C] -- C:\Program Files\xerox
[2010/06/06 15:26:30 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2010/06/06 15:25:50 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\DRM
[2010/06/06 15:25:46 | 000,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files
[2010/06/06 15:25:46 | 000,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages
[2010/06/06 15:25:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\srchasst
[2010/06/06 15:25:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed
[2010/06/06 15:25:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DirectX
[2010/06/06 15:25:18 | 000,000,000 | ---D | C] -- C:\Program Files\Movie Maker
[2010/06/06 15:24:57 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Player
[2010/06/06 15:24:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Restore
[2010/06/06 15:24:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Services
[2010/06/06 15:24:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\PCHEALTH
[2010/06/06 15:24:53 | 000,000,000 | ---D | C] -- C:\Program Files\NetMeeting
[2010/06/06 15:24:49 | 000,000,000 | ---D | C] -- C:\Program Files\Outlook Express
[2010/06/06 15:24:48 | 000,000,000 | --SD | C] -- C:\WINDOWS\Tasks
[2010/06/06 15:24:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2010/06/06 15:24:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\System
[2010/06/06 15:24:41 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2010/06/06 15:24:41 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2010/06/06 15:24:41 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Explorer
[2010/06/06 15:24:22 | 000,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
[2010/06/06 15:24:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\Registration
[2010/06/06 15:24:15 | 000,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate
[2010/06/06 15:24:15 | 000,000,000 | ---D | C] -- C:\Program Files\Online Services
[2010/06/06 15:24:11 | 000,000,000 | ---D | C] -- C:\Program Files\Messenger
[2010/06/06 15:24:06 | 000,000,000 | ---D | C] -- C:\Program Files\MSN
[2010/06/06 15:24:04 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Gaming Zone
[2010/06/06 15:23:55 | 000,000,000 | ---D | C] -- C:\Program Files\Windows NT
[2010/06/06 15:23:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MsDtc
[2010/06/06 15:23:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Com
[2010/06/06 10:14:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2010/06/06 10:14:44 | 000,000,000 | R--D | C] -- C:\Program Files
[2010/06/06 10:14:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeechEngines
[2010/06/06 10:14:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared
[2010/06/06 10:14:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files
[2010/06/06 10:14:27 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu
[2010/06/06 10:14:27 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents
[2010/06/06 10:14:27 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Templates
[2010/06/06 10:14:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Favorites
[2010/06/06 10:14:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop
[2010/06/06 10:14:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2010/06/06 10:14:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot
[2010/06/06 10:14:14 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2010/06/06 10:14:14 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\All Users\Application Data
[2010/06/06 10:14:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings
[2010/06/06 10:09:52 | 000,000,000 | R-SD | C] -- C:\WINDOWS\Fonts
[2010/06/06 10:09:52 | 000,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2010/06/06 10:09:52 | 000,000,000 | R--D | C] -- C:\WINDOWS\Web
[2010/06/06 10:09:52 | 000,000,000 | -H-D | C] -- C:\WINDOWS\inf
[2010/06/06 10:09:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\WinSxS
[2010/06/06 10:09:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wins
[2010/06/06 10:09:52 | 000,000,000 | ---D | C] -- C:\WINDOWS
[2010/06/06 10:09:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem
[2010/06/06 10:09:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt
[2010/06/06 10:09:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\twain_32
[2010/06/06 10:09:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp
[2010/06/06 10:09:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32
[2010/06/06 10:09:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\system
[2010/06/06 10:09:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\spool
[2010/06/06 10:09:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt
[2010/06/06 10:09:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup
[2010/06/06 10:09:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\security
[2010/06/06 10:09:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\Resources
[2010/06/06 10:09:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\repair
[2010/06/06 10:09:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ras
[2010/06/06 10:09:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe
[2010/06/06 10:09:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\npp
[2010/06/06 10:09:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\mui
[2010/06/06 10:09:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\mui
[2010/06/06 10:09:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\msapps
[2010/06/06 10:09:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\msagent
[2010/06/06 10:09:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\Media
[2010/06/06 10:09:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\java
[2010/06/06 10:09:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv
[2010/06/06 10:09:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\IME
[2010/06/06 10:09:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\ime
[2010/06/06 10:09:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\icsxml
[2010/06/06 10:09:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ias
[2010/06/06 10:09:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\Help
[2010/06/06 10:09:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\export
[2010/06/06 10:09:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\etc
[2010/06/06 10:09:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers
[2010/06/06 10:09:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache
[2010/06/06 10:09:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn
[2010/06/06 10:09:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp
[2010/06/06 10:09:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\Debug
[2010/06/06 10:09:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cursors
[2010/06/06 10:09:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard
[2010/06/06 10:09:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\config
[2010/06/06 10:09:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\Config
[2010/06/06 10:09:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\AppPatch
[2010/06/06 10:09:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\addins
[2010/06/06 10:09:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi
[2010/06/06 10:09:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3076
[2010/06/06 10:09:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\2052
[2010/06/06 10:09:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1054
[2010/06/06 10:09:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1042
[2010/06/06 10:09:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1041
[2010/06/06 10:09:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1037
[2010/06/06 10:09:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1033
[2010/06/06 10:09:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1031
[2010/06/06 10:09:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1028
[2010/06/06 10:09:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1025
[2006/11/02 07:25:40 | 000,034,816 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

Re: Security Tool2nd September 2010, 7:39 pm

========== Files - Modified Within 90 Days ==========

[2010/09/01 23:43:13 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Debbie\Desktop\OTL.exe
[2010/09/01 23:34:30 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/09/01 20:18:15 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/01 20:18:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/01 20:14:57 | 008,912,896 | -H-- | M] () -- C:\Documents and Settings\Debbie\NTUSER.DAT
[2010/09/01 20:14:57 | 000,064,756 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000004-00000000-00000008-00001102-00000005-10031102}.rfx
[2010/09/01 20:14:57 | 000,053,968 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000004-00000000-00000008-00001102-00000005-10031102}.rfx
[2010/09/01 20:14:57 | 000,053,968 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000004-00000000-00000008-00001102-00000005-10031102}.rfx
[2010/09/01 20:14:57 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2010/09/01 20:14:57 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2010/09/01 19:29:25 | 000,000,534 | ---- | M] () -- C:\WINDOWS\tasks\Malwarebytes' Scheduled Update for Debbie.job
[2010/09/01 19:16:40 | 000,000,723 | ---- | M] () -- C:\Documents and Settings\Debbie\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/01 19:11:15 | 000,000,600 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/09/01 19:11:15 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/09/01 19:11:15 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010/09/01 17:04:27 | 064,183,591 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/09/01 16:50:10 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Debbie\ntuser.ini
[2010/09/01 15:32:52 | 000,281,104 | ---- | M] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\wpcap.dll
[2010/09/01 15:32:52 | 000,100,880 | ---- | M] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\Packet.dll
[2010/09/01 15:32:52 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\drivers\npf.sys
[2010/09/01 15:32:50 | 001,154,048 | ---- | M] () -- C:\Documents and Settings\Debbie\Local Settings\Application Data\exp.exe
[2010/09/01 15:01:57 | 000,000,390 | ---- | M] () -- C:\WINDOWS\tasks\CAAntiSpywareScan_Daily as Debbie at 2 43 PM.job
[2010/09/01 01:27:00 | 000,000,382 | ---- | M] () -- C:\WINDOWS\tasks\DriverCure.job
[2010/08/31 12:57:30 | 000,267,008 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/31 11:13:38 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2010/08/30 11:40:49 | 000,067,216 | ---- | M] () -- C:\Documents and Settings\Debbie\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/08/24 14:28:36 | 000,117,537 | ---- | M] () -- C:\WINDOWS\hpoins11.dat
[2010/08/24 13:27:53 | 000,004,608 | ---- | M] () -- C:\Documents and Settings\Debbie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/24 13:19:49 | 019,563,096 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\vlc-1.1.3-win32.exe
[2010/08/21 10:19:11 | 000,000,046 | ---- | M] () -- C:\Documents and Settings\Debbie\jagex_runescape_preferences.dat
[2010/08/21 10:18:50 | 000,000,099 | ---- | M] () -- C:\Documents and Settings\Debbie\jagex_runescape_preferences2.dat
[2010/08/17 16:48:09 | 006,359,546 | -H-- | M] () -- C:\Documents and Settings\Debbie\Local Settings\Application Data\IconCache.db
[2010/08/17 15:24:05 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/08/17 15:20:03 | 000,500,732 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/17 15:20:03 | 000,440,684 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/17 15:20:03 | 000,071,002 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/13 19:37:20 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\Debbie\My Documents\Christmas2009 - for merge.doc
[2010/08/09 20:56:17 | 000,074,972 | ---- | M] () -- C:\Documents and Settings\Debbie\Desktop\me and c.jpg
[2010/08/08 10:06:04 | 000,000,208 | ---- | M] () -- C:\WINDOWS\HpBestModeUpdatePatchLog.ini
[2010/07/18 09:53:25 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/07/18 09:53:23 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/07/18 09:53:20 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/07/18 09:36:17 | 000,032,922 | ---- | M] () -- C:\Documents and Settings\Debbie\Desktop\GreenRice1_320.jpg
[2010/07/11 19:16:49 | 000,004,096 | ---- | M] () -- C:\WINDOWS\d3dx.dat
[2010/06/27 14:30:24 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Debbie\jagex__preferences3.dat
[2010/06/27 14:28:18 | 000,002,043 | ---- | M] () -- C:\Documents and Settings\Debbie\Desktop\RuneScape.lnk
[2010/06/27 10:47:47 | 000,137,613 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/06/25 18:20:28 | 000,000,033 | ---- | M] () -- C:\WINDOWS\iltwain.ini
[2010/06/12 09:55:34 | 000,117,059 | ---- | M] () -- C:\WINDOWS\hpoins11.dat.temp
[2010/06/11 22:26:03 | 000,001,808 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2010/06/09 22:21:52 | 000,000,089 | ---- | M] () -- C:\WINDOWS\vmreg32.dll
[2010/06/09 12:50:40 | 000,000,440 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2010/06/08 16:02:40 | 000,001,931 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Roxio Creator Home.lnk
[2010/06/08 12:20:23 | 000,000,145 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2010/06/08 12:20:20 | 000,001,057 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk
[2010/06/07 14:18:39 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/06/07 14:18:39 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/06/07 14:17:50 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2010/06/07 13:31:36 | 000,001,493 | ---- | M] () -- C:\Documents and Settings\Debbie\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Explorer.lnk
[2010/06/07 13:22:48 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/06/07 09:58:43 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/06/07 09:57:39 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/06/06 23:18:19 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Debbie\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/06/06 18:38:00 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/06/06 18:10:16 | 000,409,600 | ---- | M] (Creative Labs) -- C:\WINDOWS\System32\wrap_oal.dll
[2010/06/06 18:10:16 | 000,114,688 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\WINDOWS\System32\OpenAL32.dll
[2010/06/06 18:09:41 | 000,000,230 | ---- | M] () -- C:\WINDOWS\ctrunonce.reg
[2010/06/06 15:56:43 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010/06/06 15:35:28 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Debbie\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2010/06/06 15:35:26 | 000,025,065 | ---- | M] () -- C:\WINDOWS\System32\wmpscheme.xml
[2010/06/06 15:35:25 | 000,000,780 | ---- | M] () -- C:\Documents and Settings\Debbie\Desktop\Outlook Express.lnk
[2010/06/06 15:35:25 | 000,000,780 | ---- | M] () -- C:\Documents and Settings\Debbie\Application Data\Microsoft\Internet Explorer\Quick Launch\Outlook Express.lnk
[2010/06/06 15:28:06 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2010/06/06 15:27:27 | 000,000,261 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2010/06/06 15:26:19 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/06/06 15:26:19 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/06/06 15:26:19 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/06/06 15:26:19 | 000,000,000 | ---- | M] () -- C:\WINDOWS\control.ini
[2010/06/06 15:26:19 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/06/06 15:26:19 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/06/06 15:26:17 | 000,299,552 | ---- | M] () -- C:\WINDOWS\WMSysPrx.prx
[2010/06/06 15:26:13 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2010/06/06 15:25:46 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2010/06/06 15:25:46 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2010/06/06 15:25:43 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010/06/06 15:25:43 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest
[2010/06/06 15:25:43 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010/06/06 15:25:43 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2010/06/06 15:25:43 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010/06/06 15:25:43 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2010/06/06 15:24:29 | 000,021,640 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/06/06 15:24:21 | 000,000,037 | ---- | M] () -- C:\WINDOWS\vbaddin.ini
[2010/06/06 15:24:21 | 000,000,036 | ---- | M] () -- C:\WINDOWS\vb.ini
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/09/01 19:28:47 | 000,000,534 | ---- | C] () -- C:\WINDOWS\tasks\Malwarebytes' Scheduled Update for Debbie.job
[2010/09/01 19:16:40 | 000,000,723 | ---- | C] () -- C:\Documents and Settings\Debbie\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/01 16:06:11 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctplsg.cat
[2010/09/01 15:32:50 | 001,154,048 | ---- | C] () -- C:\Documents and Settings\Debbie\Local Settings\Application Data\exp.exe
[2010/08/24 13:19:33 | 019,563,096 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\vlc-1.1.3-win32.exe
[2010/08/19 12:04:44 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLX
[2010/08/19 12:04:44 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2010/08/19 12:04:44 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\icmfilter.dll
[2010/08/13 19:37:19 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\Debbie\My Documents\Christmas2009 - for merge.doc
[2010/08/09 20:56:39 | 000,074,972 | ---- | C] () -- C:\Documents and Settings\Debbie\Desktop\me and c.jpg
[2010/08/08 10:06:04 | 000,001,066 | ---- | C] () -- C:\Documents and Settings\Debbie\Application Data\BestModePatch_RubenMain.log
[2010/08/08 10:06:04 | 000,000,208 | ---- | C] () -- C:\WINDOWS\HpBestModeUpdatePatchLog.ini
[2010/08/01 15:04:17 | 000,517,464 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/07/18 09:36:39 | 000,032,922 | ---- | C] () -- C:\Documents and Settings\Debbie\Desktop\GreenRice1_320.jpg
[2010/07/11 19:16:49 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2010/06/27 16:36:32 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\Debbie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/27 14:30:24 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Debbie\jagex__preferences3.dat
[2010/06/27 14:30:23 | 000,000,099 | ---- | C] () -- C:\Documents and Settings\Debbie\jagex_runescape_preferences2.dat
[2010/06/27 14:29:00 | 000,000,046 | ---- | C] () -- C:\Documents and Settings\Debbie\jagex_runescape_preferences.dat
[2010/06/27 14:28:18 | 000,002,043 | ---- | C] () -- C:\Documents and Settings\Debbie\Desktop\RuneScape.lnk
[2010/06/14 15:12:31 | 000,267,008 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/12 09:55:33 | 000,117,059 | ---- | C] () -- C:\WINDOWS\hpoins11.dat.temp
[2010/06/12 09:55:33 | 000,011,634 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat.temp
[2010/06/11 22:26:03 | 000,001,808 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2010/06/11 22:21:27 | 000,002,219 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2010/06/11 22:21:26 | 000,117,537 | ---- | C] () -- C:\WINDOWS\hpoins11.dat
[2010/06/10 16:41:38 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/06/09 22:19:38 | 000,000,089 | ---- | C] () -- C:\WINDOWS\vmreg32.dll
[2010/06/09 21:58:56 | 000,000,033 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2010/06/09 21:57:32 | 000,000,390 | ---- | C] () -- C:\WINDOWS\tasks\CAAntiSpywareScan_Daily as Debbie at 2 43 PM.job
[2010/06/09 12:50:40 | 000,000,440 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2010/06/08 16:02:40 | 000,001,931 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Roxio Creator Home.lnk
[2010/06/08 12:20:23 | 000,000,145 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2010/06/08 12:20:20 | 000,001,057 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk
[2010/06/07 14:17:50 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2010/06/07 09:26:21 | 000,613,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.chm
[2010/06/07 09:26:21 | 000,354,468 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud1.wav
[2010/06/07 09:26:21 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud7.wav
[2010/06/07 09:26:21 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud6.wav
[2010/06/07 09:26:21 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud9.wav
[2010/06/07 09:26:21 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud8.wav
[2010/06/07 09:26:21 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud3.wav
[2010/06/07 09:26:21 | 000,086,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud5.wav
[2010/06/07 09:26:21 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud4.wav
[2010/06/07 09:26:21 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud2.wav
[2010/06/07 09:26:21 | 000,069,612 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.adm
[2010/06/07 09:26:21 | 000,029,070 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmp.inf
[2010/06/07 09:26:21 | 000,023,195 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplay.chm
[2010/06/07 09:26:21 | 000,017,272 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmdm.inf
[2010/06/07 09:26:21 | 000,010,457 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.hta
[2010/06/07 09:26:21 | 000,008,677 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm7.gif
[2010/06/07 09:26:21 | 000,007,892 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm9.gif
[2010/06/07 09:26:21 | 000,007,636 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm2.gif
[2010/06/07 09:26:21 | 000,007,369 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm4.gif
[2010/06/07 09:26:21 | 000,006,769 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmfsdk.inf
[2010/06/07 09:26:21 | 000,006,241 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm3.gif
[2010/06/07 09:26:21 | 000,006,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm6.gif
[2010/06/07 09:26:21 | 000,005,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm1.gif
[2010/06/07 09:26:21 | 000,004,193 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm8.gif
[2010/06/07 09:26:21 | 000,002,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm5.gif
[2010/06/07 09:26:21 | 000,001,771 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.css
[2010/06/07 09:26:21 | 000,000,855 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpocm.inf
[2010/06/07 09:26:21 | 000,000,420 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmploc.js
[2010/06/07 09:26:19 | 000,300,969 | ---- | C] () -- C:\WINDOWS\System32\dllcache\viz.wmv
[2010/06/07 09:26:19 | 000,017,489 | ---- | C] () -- C:\WINDOWS\System32\dllcache\videobg.gif
[2010/06/07 09:26:19 | 000,005,290 | ---- | C] () -- C:\WINDOWS\System32\dllcache\vidsamp.gif
[2010/06/07 09:26:18 | 000,023,829 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tourbg.gif
[2010/06/07 09:26:18 | 000,003,187 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tour.js
[2010/06/07 09:26:18 | 000,002,469 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplay.gif
[2010/06/07 09:26:18 | 000,002,450 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpause.gif
[2010/06/07 09:26:18 | 000,002,375 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplayh.gif
[2010/06/07 09:26:18 | 000,002,371 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpauseh.gif
[2010/06/07 09:26:17 | 000,001,398 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taon.gif
[2010/06/07 09:26:17 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taonh.gif
[2010/06/07 09:26:17 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoff.gif
[2010/06/07 09:26:17 | 000,001,367 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoffh.gif
[2010/06/07 09:26:16 | 000,001,148 | ---- | C] () -- C:\WINDOWS\System32\dllcache\snd.htm
[2010/06/07 09:26:15 | 000,000,908 | ---- | C] () -- C:\WINDOWS\System32\dllcache\skins.inf
[2010/06/07 09:26:14 | 000,572,557 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rtuner.wmv
[2010/06/07 09:26:14 | 000,066,725 | ---- | C] () -- C:\WINDOWS\System32\dllcache\revert.wmz
[2010/06/07 09:26:12 | 000,077,307 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plyr_err.chm
[2010/06/07 09:26:12 | 000,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst6.wpl
[2010/06/07 09:26:12 | 000,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst5.wpl
[2010/06/07 09:26:12 | 000,001,474 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst3.wpl
[2010/06/07 09:26:12 | 000,001,451 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst12.wpl
[2010/06/07 09:26:12 | 000,001,448 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst4.wpl
[2010/06/07 09:26:12 | 000,001,250 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst1.wpl
[2010/06/07 09:26:12 | 000,001,049 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst2.wpl
[2010/06/07 09:26:12 | 000,001,046 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst7.wpl
[2010/06/07 09:26:12 | 000,001,036 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst8.wpl
[2010/06/07 09:26:12 | 000,000,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst11.wpl
[2010/06/07 09:26:12 | 000,000,787 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst10.wpl
[2010/06/07 09:26:12 | 000,000,784 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst9.wpl
[2010/06/07 09:26:12 | 000,000,783 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst13.wpl
[2010/06/07 09:26:12 | 000,000,775 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst14.wpl
[2010/06/07 09:26:12 | 000,000,733 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst15.wpl
[2010/06/07 09:26:11 | 000,375,519 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nuskin.wmv
[2010/06/07 09:26:10 | 000,022,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npds.zip
[2010/06/07 09:26:10 | 000,000,403 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npdrmv2.zip
[2010/06/07 09:26:05 | 000,844,314 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdxm.ocx
[2010/06/07 09:26:05 | 000,004,126 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdxmlc.dll
[2010/06/07 09:26:04 | 000,097,117 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.hlp
[2010/06/07 09:26:04 | 000,018,286 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.inf
[2010/06/07 09:26:04 | 000,002,778 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogoh.gif
[2010/06/07 09:26:04 | 000,002,545 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogo.gif
[2010/06/07 09:26:04 | 000,001,885 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.cnt
[2010/06/07 09:26:02 | 000,457,607 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mdlib.wmv
[2010/06/07 09:25:48 | 000,000,974 | ---- | C] () -- C:\WINDOWS\System32\pid.inf
[2010/06/07 09:25:44 | 000,005,971 | ---- | C] () -- C:\WINDOWS\System32\dllcache\events.js
[2010/06/07 09:25:43 | 000,498,742 | ---- | C] () -- C:\WINDOWS\System32\dllcache\dxmasf.dll
[2010/06/07 09:25:41 | 000,381,425 | ---- | C] () -- C:\WINDOWS\System32\dllcache\copycd.wmv
[2010/06/07 09:25:41 | 000,184,959 | ---- | C] () -- C:\WINDOWS\System32\dllcache\compact.wmz
[2010/06/07 09:25:41 | 000,009,585 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.css
[2010/06/07 09:25:41 | 000,008,298 | ---- | C] () -- C:\WINDOWS\System32\dllcache\contents.htm
[2010/06/07 09:25:41 | 000,006,878 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.js
[2010/06/07 09:25:41 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnth.gif
[2010/06/07 09:25:41 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnt.gif
[2010/06/07 09:25:41 | 000,000,772 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cntd.gif
[2010/06/07 09:25:40 | 000,000,760 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapph.gif
[2010/06/07 09:25:40 | 000,000,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapp.gif
[2010/06/07 09:25:39 | 000,000,999 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bktrh.gif
[2010/06/06 23:17:19 | 000,001,080 | ---- | C] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2010/06/06 23:17:19 | 000,001,080 | ---- | C] () -- C:\WINDOWS\System32\settings.sfm
[2010/06/06 19:47:49 | 000,064,756 | ---- | C] () -- C:\WINDOWS\System32\DVCState-{00000004-00000000-00000008-00001102-00000005-10031102}.rfx
[2010/06/06 19:47:49 | 000,053,968 | ---- | C] () -- C:\WINDOWS\System32\BMXStateBkp-{00000004-00000000-00000008-00001102-00000005-10031102}.rfx
[2010/06/06 19:47:49 | 000,053,968 | ---- | C] () -- C:\WINDOWS\System32\BMXState-{00000004-00000000-00000008-00001102-00000005-10031102}.rfx
[2010/06/06 18:38:00 | 000,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/06/06 18:37:59 | 064,183,591 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/06/06 18:32:49 | 000,000,382 | ---- | C] () -- C:\WINDOWS\tasks\DriverCure.job
[2010/06/06 18:10:21 | 000,003,128 | ---- | C] () -- C:\WINDOWS\System32\XFi.bmp
[2010/06/06 18:10:21 | 000,000,766 | ---- | C] () -- C:\WINDOWS\System32\SBXFi.ico
[2010/06/06 18:09:56 | 000,065,119 | R--- | C] () -- C:\WINDOWS\System32\claptn.ini
[2010/06/06 18:09:56 | 000,003,072 | ---- | C] () -- C:\WINDOWS\CTXFIRES.DLL
[2010/06/06 18:09:56 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2010/06/06 18:09:41 | 000,000,230 | ---- | C] () -- C:\WINDOWS\ctrunonce.reg
[2010/06/06 18:09:04 | 007,572,224 | ---- | C] () -- C:\WINDOWS\System32\CT8MGM.SF2
[2010/06/06 18:09:03 | 004,174,814 | ---- | C] () -- C:\WINDOWS\System32\CT4MGM.SF2
[2010/06/06 18:09:02 | 002,167,684 | ---- | C] () -- C:\WINDOWS\System32\CT2MGM.SF2
[2010/06/06 15:58:25 | 000,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx
[2010/06/06 15:54:29 | 000,007,208 | ---- | C] () -- C:\WINDOWS\System32\secupd.sig
[2010/06/06 15:54:29 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2010/06/06 15:48:18 | 000,000,780 | ---- | C] () -- C:\Documents and Settings\Debbie\Application Data\Microsoft\Internet Explorer\Quick Launch\Outlook Express.lnk
[2010/06/06 15:47:59 | 000,001,493 | ---- | C] () -- C:\Documents and Settings\Debbie\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Explorer.lnk
[2010/06/06 15:47:47 | 000,000,780 | ---- | C] () -- C:\Documents and Settings\Debbie\Desktop\Outlook Express.lnk
[2010/06/06 15:39:12 | 000,137,613 | ---- | C] () -- C:\WINDOWS\System32\nvapps.xml
[2010/06/06 15:39:11 | 000,017,525 | ---- | C] () -- C:\WINDOWS\System32\nvdisp.nvu
[2010/06/06 15:37:17 | 000,128,398 | ---- | C] () -- C:\WINDOWS\System32\drivers\del200f.cty
[2010/06/06 15:35:28 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Debbie\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2010/06/06 15:35:23 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Debbie\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/06/06 15:35:20 | 000,020,480 | -H-- | C] () -- C:\Documents and Settings\Debbie\ntuser.dat.LOG
[2010/06/06 15:35:20 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Debbie\ntuser.ini
[2010/06/06 15:35:19 | 008,912,896 | -H-- | C] () -- C:\Documents and Settings\Debbie\NTUSER.DAT
[2010/06/06 15:28:06 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2010/06/06 15:27:27 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/06/06 15:27:11 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2010/06/06 15:27:04 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2010/06/06 15:26:59 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2010/06/06 15:26:58 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2010/06/06 15:26:57 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2010/06/06 15:26:52 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2010/06/06 15:26:49 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2010/06/06 15:26:42 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2010/06/06 15:26:19 | 000,002,577 | ---- | C] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/06/06 15:26:19 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2010/06/06 15:26:19 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2010/06/06 15:26:19 | 000,000,000 | ---- | C] () -- C:\CONFIG.SYS
[2010/06/06 15:26:19 | 000,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT
[2010/06/06 15:26:18 | 000,025,065 | ---- | C] () -- C:\WINDOWS\System32\wmpscheme.xml
[2010/06/06 15:26:17 | 000,299,552 | ---- | C] () -- C:\WINDOWS\WMSysPrx.prx
[2010/06/06 15:26:17 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/06/06 15:26:17 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/06/06 15:25:46 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2010/06/06 15:25:46 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2010/06/06 15:25:43 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010/06/06 15:25:43 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\WindowsShell.Manifest
[2010/06/06 15:25:43 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010/06/06 15:25:43 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2010/06/06 15:25:43 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010/06/06 15:25:43 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2010/06/06 15:25:34 | 004,399,505 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nls302en.lex
[2010/06/06 15:25:02 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt256.bmp
[2010/06/06 15:25:02 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt.bmp
[2010/06/06 15:24:58 | 000,000,984 | ---- | C] () -- C:\WINDOWS\System32\dllcache\srframe.mmf
[2010/06/06 15:24:29 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/06/06 15:23:51 | 000,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp
[2010/06/06 15:23:51 | 000,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp
[2010/06/06 15:23:51 | 000,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp
[2010/06/06 15:23:51 | 000,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp
[2010/06/06 15:23:51 | 000,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp
[2010/06/06 15:23:51 | 000,017,336 | ---- | C] () -- C:\WINDOWS\Gone Fishing.bmp
[2010/06/06 15:23:51 | 000,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp
[2010/06/06 15:23:50 | 000,093,702 | ---- | C] () -- C:\WINDOWS\System32\subrange.uce
[2010/06/06 15:23:50 | 000,065,978 | ---- | C] () -- C:\WINDOWS\Soap Bubbles.bmp
[2010/06/06 15:23:50 | 000,060,458 | ---- | C] () -- C:\WINDOWS\System32\ideograf.uce
[2010/06/06 15:23:50 | 000,017,062 | ---- | C] () -- C:\WINDOWS\Coffee Bean.bmp
[2010/06/06 15:23:50 | 000,016,740 | ---- | C] () -- C:\WINDOWS\System32\shiftjis.uce
[2010/06/06 15:23:50 | 000,016,730 | ---- | C] () -- C:\WINDOWS\FeatherTexture.bmp
[2010/06/06 15:23:50 | 000,012,876 | ---- | C] () -- C:\WINDOWS\System32\korean.uce
[2010/06/06 15:23:50 | 000,008,484 | ---- | C] () -- C:\WINDOWS\System32\kanji_2.uce
[2010/06/06 15:23:50 | 000,006,948 | ---- | C] () -- C:\WINDOWS\System32\kanji_1.uce
[2010/06/06 15:23:50 | 000,001,272 | ---- | C] () -- C:\WINDOWS\Blue Lace 16.bmp
[2010/06/06 15:23:49 | 000,024,006 | ---- | C] () -- C:\WINDOWS\System32\gb2312.uce
[2010/06/06 15:23:49 | 000,022,984 | ---- | C] () -- C:\WINDOWS\System32\bopomofo.uce
[2010/06/06 15:23:47 | 000,003,286 | ---- | C] () -- C:\WINDOWS\System32\tslabels.h
[2010/06/06 15:23:47 | 000,001,161 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd
[2010/06/06 15:23:45 | 000,000,768 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.h
[2010/06/06 15:23:34 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc
[2010/06/06 10:14:49 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/06/06 10:14:45 | 001,685,606 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.spd
[2010/06/06 10:14:45 | 000,605,050 | ---- | C] () -- C:\WINDOWS\System32\dllcache\r1033tts.lxa
[2010/06/06 10:14:45 | 000,000,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.sdf
[2010/06/06 10:14:44 | 000,643,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ltts1033.lxa
[2010/06/06 10:14:42 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_857.nls
[2010/06/06 10:14:42 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_28599.nls
[2010/06/06 10:14:42 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10081.nls
[2010/06/06 10:14:40 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28595.NLS
[2010/06/06 10:14:40 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10017.nls
[2010/06/06 10:14:40 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10007.nls
[2010/06/06 10:14:39 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_869.nls
[2010/06/06 10:14:39 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_737.nls
[2010/06/06 10:14:39 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_875.nls
[2010/06/06 10:14:39 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28597.NLS
[2010/06/06 10:14:39 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10006.nls
[2010/06/06 10:14:38 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_866.nls
[2010/06/06 10:14:38 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_855.nls
[2010/06/06 10:14:38 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28594.NLS
[2010/06/06 10:14:36 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_852.nls
[2010/06/06 10:14:36 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10082.nls
[2010/06/06 10:14:36 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10029.nls
[2010/06/06 10:14:36 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10010.nls
[2010/06/06 10:14:35 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_20127.nls
[2010/06/06 10:14:32 | 000,001,688 | ---- | C] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2010/06/06 10:14:26 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2010/06/06 10:14:26 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2010/06/06 10:14:26 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2010/06/06 10:14:26 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2010/06/06 10:14:26 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2010/06/06 10:14:26 | 000,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2010/06/06 10:13:13 | 000,000,211 | -HS- | C] () -- C:\boot.ini
[2010/06/06 10:13:11 | 000,000,261 | ---- | C] () -- C:\WINDOWS\System32\$winnt$.inf
[2010/03/02 19:00:00 | 004,555,278 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2010/03/02 19:00:00 | 001,449,935 | ---- | C] () -- C:\WINDOWS\System32\ffmpegmt.dll
[2010/03/02 19:00:00 | 000,877,385 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2010/03/02 19:00:00 | 000,556,491 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2010/03/02 19:00:00 | 000,336,384 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2010/03/02 19:00:00 | 000,324,096 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2010/03/02 19:00:00 | 000,248,320 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
[2010/03/02 19:00:00 | 000,216,576 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2010/03/02 19:00:00 | 000,169,984 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2010/03/02 19:00:00 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2010/03/02 19:00:00 | 000,145,408 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2010/03/02 19:00:00 | 000,121,856 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2010/03/02 19:00:00 | 000,116,736 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll
[2010/03/02 19:00:00 | 000,100,864 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2010/03/02 19:00:00 | 000,097,792 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2010/03/02 19:00:00 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/11/14 13:37:08 | 000,154,112 | ---- | C] () -- C:\WINDOWS\System32\ts.dll
[2009/11/14 13:33:38 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll
[2009/11/14 13:11:50 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\avss.dll
[2009/11/14 13:11:42 | 000,150,016 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll
[2009/11/14 13:11:42 | 000,141,824 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll
[2009/11/14 13:11:40 | 000,123,392 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll
[2009/11/14 13:11:40 | 000,109,568 | ---- | C] () -- C:\WINDOWS\System32\avi.dll
[2009/11/14 13:11:38 | 000,097,792 | ---- | C] () -- C:\WINDOWS\System32\avs.dll
[2009/11/14 13:11:32 | 000,080,384 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll
[2009/11/14 13:11:32 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/01/10 17:15:44 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\mmfinfo.dll
[2008/11/06 11:37:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/10/13 04:30:20 | 000,000,137 | ---- | C] () -- C:\WINDOWS\System32\Registration.ini
[2006/12/19 07:15:20 | 000,065,154 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2006/11/02 07:27:38 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CTBurst.dll
[2006/05/18 02:03:24 | 000,000,269 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2006/01/03 12:12:04 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2002/07/01 09:13:30 | 000,000,224 | -HS- | C] () -- C:\Documents and Settings\Debbie\Application Data\brun_nbeta12.dat
[2001/07/07 03:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

Re: Security Tool2nd September 2010, 7:40 pm

========== LOP Check ==========

[2010/07/29 15:12:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alawar Stargaze
[2010/08/20 23:00:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AlawarWrapper
[2010/06/06 18:37:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/08/07 21:22:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bicyclestudios
[2010/06/09 20:46:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CA
[2010/06/21 19:12:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cateia Games
[2010/09/01 11:20:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ClickPotatoLiteSA
[2010/06/06 19:48:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverCure
[2010/08/13 13:36:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Exorcist DS 7
[2010/07/19 15:26:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Far Mills
[2010/07/04 13:55:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Finstere Liebschaft
[2010/07/13 18:55:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Floodlight Games
[2010/08/12 13:17:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse
[2010/07/04 23:16:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GamePlastic
[2010/08/22 22:36:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gamers Digital
[2010/08/18 15:41:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gogii
[2010/06/23 21:21:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HitPoint Studios
[2010/06/26 22:48:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IM
[2010/06/26 22:47:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IncrediMail
[2010/08/23 19:30:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2010/06/06 18:32:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2010/07/19 15:27:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Particles
[2010/06/26 22:48:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PhotoMail
[2010/07/14 12:50:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2010/07/06 12:31:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Redrum
[2010/06/24 11:04:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TeleportGamesLtd
[2010/09/01 19:41:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/08/30 19:47:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TreeCardGames
[2010/06/08 16:03:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
[2010/08/25 20:04:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Veronica&BoD
[2010/06/08 12:20:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Western Digital
[2010/07/04 14:15:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debbie\Application Data\A Gypsy's Tale - The Tower of Secrets
[2010/08/08 11:30:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debbie\Application Data\Anarchy
[2010/06/16 15:36:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debbie\Application Data\Awem
[2010/08/07 21:22:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debbie\Application Data\Bicyclestudios
[2010/08/31 13:12:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debbie\Application Data\Big Fish Games
[2010/07/04 15:30:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debbie\Application Data\Brunhilda
[2010/07/04 15:31:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debbie\Application Data\Brunhilda_Release
[2010/07/17 15:41:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debbie\Application Data\CannyGames
[2010/09/01 10:58:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debbie\Application Data\ClickPotatoLite
[2010/06/06 18:33:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debbie\Application Data\DriverCure
[2010/08/27 12:50:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debbie\Application Data\Enki Games
[2010/08/06 15:24:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debbie\Application Data\Enlightenus2_BFG
[2010/07/06 11:33:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debbie\Application Data\ERS G-Studio
[2010/07/30 16:54:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debbie\Application Data\ERS Game Studios
[2010/08/24 13:14:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debbie\Application Data\FCSB000062035
[2010/07/04 13:55:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debbie\Application Data\Finstere Liebschaft
[2010/07/13 18:55:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debbie\Application Data\Floodlight Games
[2010/08/12 13:17:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debbie\Application Data\GameHouse
[2010/07/21 15:39:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debbie\Application Data\GameMill Entertainment
[2010/08/22 22:36:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debbie\Application Data\Gamers Digital
[2010/06/07 20:50:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debbie\Application Data\GOL_byHasbro
[2010/06/23 21:21:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debbie\Application Data\HitPoint Studios
[2010/07/03 19:54:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debbie\Application Data\IdeaBoxGame
[2010/07/10 14:15:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debbie\Application Data\KranX Productions
[2010/06/21 13:27:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debbie\Application Data\Magic3
[2010/07/04 15:30:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debbie\Application Data\MagicMatch
[2010/07/02 23:07:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debbie\Application Data\Mutant Arcade
[2010/07/28 13:04:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debbie\Application Data\MysteriousCaseOfJekyllAndHyde
[2010/08/06 15:04:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debbie\Application Data\Orneon
[2010/07/14 12:57:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debbie\Application Data\OtherSide Realm of Eons
[2010/08/30 12:00:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debbie\Application Data\Outertech
[2010/07/06 11:25:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debbie\Application Data\Paige Harper and the Tome of Mystery
[2010/07/11 16:47:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debbie\Application Data\Pi Eye Games
[2010/07/14 12:50:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debbie\Application Data\PlayFirst
[2010/08/15 23:50:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debbie\Application Data\RunningPillow
[2010/07/04 15:30:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debbie\Application Data\Saqqarah
[2010/06/21 20:31:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debbie\Application Data\SevenSails
[2010/07/11 19:17:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debbie\Application Data\Silverback Productions
[2010/06/13 22:14:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debbie\Application Data\Skunk Studios
[2010/08/30 19:48:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debbie\Application Data\SolSuite
[2010/08/28 23:29:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debbie\Application Data\SpinTop Games
[2010/07/21 14:56:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debbie\Application Data\SprillBermudeEng
[2010/07/04 15:30:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debbie\Application Data\StoneLoops!
[2010/06/24 11:04:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debbie\Application Data\TeleportGamesLtd
[2010/08/29 16:06:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debbie\Application Data\TheGreatPharaoh
[2010/08/09 09:25:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debbie\Application Data\Thinstall
[2010/07/14 12:59:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debbie\Application Data\TikisLab
[2010/08/20 23:00:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debbie\Application Data\TOMI2.THE GATES OF FATE
[2010/07/27 18:48:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debbie\Application Data\Total Eclipse
[2010/07/31 12:48:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debbie\Application Data\Trio
[2010/06/21 15:57:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debbie\Application Data\V-Games
[2010/07/28 23:45:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debbie\Application Data\Vast Studios
[2010/07/06 10:58:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debbie\Application Data\VendelGAMES
[2010/07/17 20:28:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debbie\Application Data\Vogat Interactive
[2010/08/24 13:14:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debbie\Application Data\WeatherBug
[2010/06/06 18:26:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debbie\Application Data\Western Digital
[2010/06/08 12:20:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debbie\Application Data\Western DigitalTemp
[2010/06/20 13:09:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debbie\Application Data\YoudaGames
[2010/09/01 15:01:57 | 000,000,390 | ---- | M] () -- C:\WINDOWS\Tasks\CAAntiSpywareScan_Daily as Debbie at 2 43 PM.job
[2010/09/01 01:27:00 | 000,000,382 | ---- | M] () -- C:\WINDOWS\Tasks\DriverCure.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< %systemroot%\*. /mp /s >

< c:\$recycle.bin\*.* /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-08-08 15:18:11

< MD5 for: AGP440.SYS >
[2010/06/06 15:55:22 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2010/06/07 09:56:24 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2010/06/06 15:55:22 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2010/06/07 09:56:24 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 01:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2010/06/06 15:55:22 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2010/06/07 09:56:24 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2010/06/06 15:55:22 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2010/06/07 09:56:24 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 00:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2008/04/13 19:12:12 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\ServicePackFiles\i386\autochk.exe
[2008/04/13 19:12:12 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\system32\autochk.exe
[2004/08/04 02:56:47 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=B3415B9D6026F65E43089ABED096C38C -- C:\WINDOWS\$NtServicePackUninstall$\autochk.exe

< MD5 for: BEEP.SYS >
[2001/08/23 07:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\dllcache\beep.sys
[2001/08/23 07:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 02:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004/08/04 02:56:49 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: IMM32.DLL >
[2008/04/13 19:11:54 | 000,110,080 | ---- | M] (Microsoft Corporation) MD5=0DA85218E92526972A821587E6A8BF8F -- C:\WINDOWS\ServicePackFiles\i386\imm32.dll
[2008/04/13 19:11:54 | 000,110,080 | ---- | M] (Microsoft Corporation) MD5=0DA85218E92526972A821587E6A8BF8F -- C:\WINDOWS\system32\imm32.dll
[2004/08/04 02:56:42 | 000,110,080 | ---- | M] (Microsoft Corporation) MD5=87CA7CE6469577F059297B9D6556D66D -- C:\WINDOWS\$NtServicePackUninstall$\imm32.dll

< MD5 for: KERNEL32.DLL >
[2009/03/21 08:54:07 | 000,989,184 | ---- | M] (Microsoft Corporation) MD5=80202858D245FF07DAA1739C57A3E19B -- C:\WINDOWS\$hf_mig$\KB959426\SP2QFE\kernel32.dll
[2004/08/04 02:56:42 | 000,983,552 | ---- | M] (Microsoft Corporation) MD5=888190E31455FAD793312F8D087146EB -- C:\WINDOWS\$NtUninstallKB959426_0$\kernel32.dll
[2009/03/21 09:18:57 | 000,986,112 | ---- | M] (Microsoft Corporation) MD5=B6ACAED7588295129791E0E6A2B0FADE -- C:\WINDOWS\$NtServicePackUninstall$\kernel32.dll
[2009/03/21 09:06:58 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=B921FB870C9AC0D509B2CCABBBBE95F3 -- C:\WINDOWS\$hf_mig$\KB959426\SP3GDR\kernel32.dll
[2009/03/21 09:06:58 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=B921FB870C9AC0D509B2CCABBBBE95F3 -- C:\WINDOWS\system32\dllcache\kernel32.dll
[2009/03/21 09:06:58 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=B921FB870C9AC0D509B2CCABBBBE95F3 -- C:\WINDOWS\system32\kernel32.dll
[2008/04/13 19:11:56 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=C24B983D211C34DA8FCC1AC38477971D -- C:\WINDOWS\$NtUninstallKB959426$\kernel32.dll
[2008/04/13 19:11:56 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=C24B983D211C34DA8FCC1AC38477971D -- C:\WINDOWS\ServicePackFiles\i386\kernel32.dll
[2009/03/21 08:59:23 | 000,991,744 | ---- | M] (Microsoft Corporation) MD5=DA11D9D6ECBDF0F93436A4B7C13F7BEC -- C:\WINDOWS\$hf_mig$\KB959426\SP3QFE\kernel32.dll

< MD5 for: MSWSOCK.DLL >
[2008/06/20 12:41:10 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=097722F235A1FB698BF9234E01B52637 -- C:\WINDOWS\$NtServicePackUninstall$\mswsock.dll
[2008/06/20 12:36:11 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=1DFCA7713EA5A70D5D93B436AEA0317A -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\mswsock.dll
[2004/08/04 02:56:44 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=4E74AF063C3271FBEA20DD940CFD1184 -- C:\WINDOWS\$NtUninstallKB951748_0$\mswsock.dll
[2008/06/20 12:46:57 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\mswsock.dll
[2008/06/20 12:46:57 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\system32\dllcache\mswsock.dll
[2008/06/20 12:46:57 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\system32\mswsock.dll
[2008/04/13 19:12:01 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=B4138E99236F0F57D4CF49BAE98A0746 -- C:\WINDOWS\$NtUninstallKB951748$\mswsock.dll
[2008/04/13 19:12:01 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=B4138E99236F0F57D4CF49BAE98A0746 -- C:\WINDOWS\ServicePackFiles\i386\mswsock.dll
[2008/06/20 12:43:05 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=FCEE5FCB99F7C724593365C706D28388 -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\mswsock.dll

< MD5 for: NDIS.SYS >
[2008/04/13 14:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008/04/13 14:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
[2004/08/04 01:14:28 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2009/02/06 13:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 13:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2004/08/04 02:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: NTFS.SYS >
[2008/04/13 14:15:53 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\ServicePackFiles\i386\ntfs.sys
[2008/04/13 14:15:53 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\system32\drivers\ntfs.sys
[2004/08/04 01:15:09 | 000,574,592 | ---- | M] (Microsoft Corporation) MD5=B78BE402C3F63DD55521F73876951CDD -- C:\WINDOWS\$NtServicePackUninstall$\ntfs.sys

< MD5 for: NTMSSVC.DLL >
[2008/04/13 19:12:02 | 000,435,200 | ---- | M] (Microsoft Corporation) MD5=156F64A3345BD23C600655FB4D10BC08 -- C:\WINDOWS\ServicePackFiles\i386\ntmssvc.dll
[2008/04/13 19:12:02 | 000,435,200 | ---- | M] (Microsoft Corporation) MD5=156F64A3345BD23C600655FB4D10BC08 -- C:\WINDOWS\system32\ntmssvc.dll
[2004/08/04 02:56:44 | 000,435,200 | ---- | M] (Microsoft Corporation) MD5=B62F29C00AC55A761B2E45877D85EA0F -- C:\WINDOWS\$NtServicePackUninstall$\ntmssvc.dll

< MD5 for: PROQUOTA.EXE >
[2004/08/04 02:56:55 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=4D9D45A4370E0C2AD00C362B7118E2A4 -- C:\WINDOWS\$NtServicePackUninstall$\proquota.exe
[2008/04/13 19:12:32 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=F6465A2EEF75468988A4FCF124148FA8 -- C:\WINDOWS\ServicePackFiles\i386\proquota.exe
[2008/04/13 19:12:32 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=F6465A2EEF75468988A4FCF124148FA8 -- C:\WINDOWS\system32\proquota.exe

< MD5 for: QMGR.DLL >
[2004/08/04 02:56:44 | 000,382,464 | ---- | M] (Microsoft Corporation) MD5=2C69EC7E5A311334D10DD95F338FCCEA -- C:\WINDOWS\$NtServicePackUninstall$\qmgr.dll
[2001/08/23 07:00:00 | 000,179,200 | ---- | M] (Microsoft Corporation) MD5=3E6ACF2CD2E8C19B16E4B42D08CA3838 -- C:\WINDOWS\$NtUninstallKB842773$\qmgr.dll
[2008/04/13 19:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\ServicePackFiles\i386\qmgr.dll
[2008/04/13 19:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\bits\qmgr.dll
[2008/04/13 19:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\qmgr.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 02:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SFCFILES.DLL >
[2004/08/04 02:56:45 | 001,580,544 | ---- | M] (Microsoft Corporation) MD5=30A609E00BD1D4FFC49D6B5A432BE7F2 -- C:\WINDOWS\$NtServicePackUninstall$\sfcfiles.dll
[2008/04/13 19:12:05 | 001,614,848 | ---- | M] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D29CE79 -- C:\WINDOWS\ServicePackFiles\i386\sfcfiles.dll
[2008/04/13 19:12:05 | 001,614,848 | ---- | M] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D29CE79 -- C:\WINDOWS\system32\sfcfiles.dll

< MD5 for: SPOOLSV.EXE >
[2004/08/04 02:56:57 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=7435B108B935E42EA92CA94F59C8E717 -- C:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe
[2008/04/13 19:12:36 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=D8E14A61ACC1D4A6CD0D38AEBAC7FA3B -- C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe
[2008/04/13 19:12:36 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=D8E14A61ACC1D4A6CD0D38AEBAC7FA3B -- C:\WINDOWS\system32\spoolsv.exe

< MD5 for: SRSVC.DLL >
[2008/04/13 19:12:07 | 000,171,008 | ---- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- C:\WINDOWS\ServicePackFiles\i386\srsvc.dll
[2008/04/13 19:12:07 | 000,171,008 | ---- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- C:\WINDOWS\system32\srsvc.dll
[2004/08/04 02:56:45 | 000,170,496 | ---- | M] (Microsoft Corporation) MD5=92BDF74F12D6CBEC43C94D4B7F804838 -- C:\WINDOWS\$NtServicePackUninstall$\srsvc.dll

< MD5 for: SVCHOST.EXE >
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/04 02:56:57 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: TERMSRV.DLL >
[2004/08/04 02:56:46 | 000,295,424 | ---- | M] (Microsoft Corporation) MD5=B60C877D16D9C880B952FDA04ADF16E6 -- C:\WINDOWS\$NtServicePackUninstall$\termsrv.dll
[2008/04/13 19:12:07 | 000,295,424 | ---- | M] (Microsoft Corporation) MD5=FF3477C03BE7201C294C35F684B3479F -- C:\WINDOWS\ServicePackFiles\i386\termsrv.dll
[2008/04/13 19:12:07 | 000,295,424 | ---- | M] (Microsoft Corporation) MD5=FF3477C03BE7201C294C35F684B3479F -- C:\WINDOWS\system32\termsrv.dll

< MD5 for: USERINIT.EXE >
[2004/08/04 02:56:57 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WS2_32.DLL >
[2008/04/13 19:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
[2008/04/13 19:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll
[2004/08/04 02:56:46 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=2ED0B7F12A60F90092081C50FA0EC2B2 -- C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll

< MD5 for: XMLPROV.DLL >
[2008/04/13 19:12:11 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=295D21F14C335B53CB8154E5B1F892B9 -- C:\WINDOWS\ServicePackFiles\i386\xmlprov.dll
[2008/04/13 19:12:11 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=295D21F14C335B53CB8154E5B1F892B9 -- C:\WINDOWS\system32\xmlprov.dll
[2004/08/04 02:56:46 | 000,129,536 | ---- | M] (Microsoft Corporation) MD5=EEF46DAB68229A14DA3D8E73C99E2959 -- C:\WINDOWS\$NtServicePackUninstall$\xmlprov.dll

< %systemroot%\system32\*.dll /lockedfiles >
[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

========== Alternate Data Streams ==========

@Alternate Data Stream - 97 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:65929158
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:53384F1D
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C62640AC
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7DEEF6B3
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5154845A
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A296A63F
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84
< End of report >

Re: Security Tool2nd September 2010, 7:53 pm

Hi,

Are things split into multiple partitions? C and P?

Re: Security Tool2nd September 2010, 8:51 pm

Yes

Re: Security Tool2nd September 2010, 10:34 pm

You are operating your computer with multiple Anti Virus programs:
AVG
CA Anti-Virus

Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

Please Uninstall all but one of them using Control Panel, Add/Remove Programs.
==========

I see that WeatherBug is installed

WeatherBug is a system tray icon that offers weather information and includes built-in ads.

WeatherBug is controlled by AWS Convergence Technologies (weatherbugmedia.com).

There is some controversy over whether WeatherBug should be targeted by anti-parasite software. AWS strongly deny their software is 'spyware', and by the definition used here, it is not, as it does not leak information back to its controlling servers.

However, WeatherBug has in the past been silently installed by the FavoriteMan parasite and Freeze.com screensavers, and more recently has been bundled by software such as AIM and Blubster.

This makes it 'unsolicited', and since it is installed to raise money for its creators through the built-in ads it is certainly 'commercial'. So it does meet the definition for 'parasite': unsolicited commercial software. It is nonetheless listed as a borderline case because it is not overtly harmful and many people do install it deliberately.

WeatherBug bundles the MySearch parasite in its standalone distribution and has in the past, installed Gator and SVAPlayer.

I recommend that you uninstall WeatherBugand choose one of these alternatives:
Weather Pulse

Weather Watcher

Alternatively, you could download M[URL="http://www.mozilla.com/"]ozilla Firefox[/URL] and then get [URL="https://addons.mozilla.org/firefox/398/"]FORECASTFOX [/URL]

Another option: You can check the weather at these websites:
Weather Street: US Weather
Intellicast

To uninstall WeatherBug:

Click Start, point to Settings, and then click Control Panel.
In Control Panel, double-click Add or Remove Programs.
In Add or Remove Programs, highlight WeatherBug, click Remove.
Close the Add or Remove Programs and the Control Panel windows.

========

Please download ComboFix Security Tool Combofix

from BleepingComputer.com

Alternate link: GeeksToGo.com

Rename ComboFix.exe to commy.exe before you save it to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Security Tool RC_successful

Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

Re: Security Tool3rd September 2010, 12:07 am

ComboFix 10-09-01.04 - Debbie 09/02/2010 18:58:17.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2257 [GMT -5:00]
Running from: c:\documents and settings\Debbie\desktop\commy.exe
Command switches used :: /stepdel
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\wpcap.dll
c:\documents and settings\All Users\Application Data\vlc-1.1.3-win32.exe
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
c:\windows\vmreg32.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_NPF

((((((((((((((((((((((((( Files Created from 2010-08-03 to 2010-09-03 )))))))))))))))))))))))))))))))
.

2010-09-02 19:45 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-02 19:45 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-02 17:53 . 2010-09-02 17:54 -------- d-----w- c:\program files\Microsoft Money 2007
2010-09-01 23:55 . 2010-09-01 23:55 -------- d-----w- c:\documents and settings\Debbie\Local Settings\Application Data\Threat Expert
2010-09-01 21:06 . 2010-09-02 00:42 -------- d-----w- c:\program files\Common Files\PC Tools
2010-09-01 21:06 . 2010-09-01 21:06 -------- d-----w- c:\documents and settings\Debbie\Application Data\PC Tools
2010-09-01 21:02 . 2010-09-01 21:04 80729096 ----a-w- c:\documents and settings\All Users\Application Data\PC Tools\DownloadManager\Spyware Doctor8.0\sdsetup_aff_dl.exe
2010-09-01 21:02 . 2010-09-02 00:41 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-09-01 20:39 . 2010-09-01 20:39 -------- d-----w- c:\documents and settings\Debbie\Application Data\Malwarebytes
2010-09-01 20:39 . 2010-09-01 20:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-08-31 16:19 . 2010-08-31 17:39 -------- d-----w- c:\program files\Microsoft
2010-08-31 16:19 . 2010-08-31 16:19 -------- d-----w- c:\program files\Microsoft Silverlight
2010-08-31 16:13 . 2010-08-31 16:13 -------- d-----w- c:\program files\Microsoft ActiveSync
2010-08-31 16:12 . 2010-08-31 16:13 -------- d-----w- c:\windows\SHELLNEW
2010-08-31 16:12 . 2010-08-31 16:12 -------- d-----w- c:\program files\Microsoft.NET
2010-08-31 00:47 . 2010-08-31 00:48 -------- d-----w- c:\documents and settings\Debbie\Application Data\SolSuite
2010-08-31 00:47 . 2010-08-31 00:47 -------- d-----w- c:\documents and settings\All Users\Application Data\TreeCardGames
2010-08-30 17:00 . 2010-08-30 17:00 -------- d-----w- c:\documents and settings\Debbie\Application Data\Outertech
2010-08-29 21:06 . 2010-08-29 21:06 -------- d-----w- c:\documents and settings\Debbie\Application Data\TheGreatPharaoh
2010-08-29 04:29 . 2010-08-29 04:29 -------- d-----w- c:\documents and settings\Debbie\Application Data\SpinTop Games
2010-08-29 04:03 . 2010-08-29 04:03 -------- d-----w- c:\documents and settings\Debbie\Local Settings\Application Data\SpiritVG
2010-08-27 17:50 . 2010-08-27 17:50 -------- d-----w- c:\documents and settings\Debbie\Application Data\Enki Games
2010-08-26 01:04 . 2010-08-26 01:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Veronica&BoD
2010-08-25 18:24 . 2006-10-27 00:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2010-08-25 18:24 . 2008-11-10 16:41 32656 ----a-w- c:\windows\system32\msonpmon.dll
2010-08-25 18:18 . 2010-08-25 18:18 -------- d-----w- c:\documents and settings\Debbie\Local Settings\Application Data\Microsoft Help
2010-08-25 18:18 . 2010-08-27 15:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-08-24 18:16 . 2010-08-24 18:16 -------- d-----w- c:\documents and settings\Debbie\Local Settings\Application Data\Yahoo
2010-08-24 18:15 . 2010-08-24 18:18 -------- d-----w- c:\documents and settings\Debbie\Application Data\vlc
2010-08-24 18:14 . 2010-08-24 18:14 -------- d-----w- c:\documents and settings\Debbie\Local Settings\Application Data\WeatherBug
2010-08-24 18:14 . 2010-08-24 18:14 -------- d-----w- c:\documents and settings\Debbie\Application Data\WeatherBug
2010-08-24 18:14 . 2010-08-24 18:14 18944 ----a-r- c:\documents and settings\Debbie\Application Data\Microsoft\Installer\{8F018A9E-56DE-4A79-A5EF-25F413F1D538}\IconBB6A16301.exe
2010-08-24 18:14 . 2010-08-24 18:14 -------- d-----w- c:\program files\VideoLAN
2010-08-24 18:14 . 2010-08-24 18:14 -------- d-----w- c:\program files\Free Offers from Freeze.com
2010-08-24 18:14 . 2010-08-24 19:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-08-24 18:14 . 2010-08-24 18:14 646144 ----a-w- c:\documents and settings\Debbie\Application Data\FCSB000062035\Toolbar\ShoppingBHO.dll
2010-08-24 18:14 . 2010-08-24 18:14 -------- d-----w- c:\documents and settings\Debbie\Application Data\FCSB000062035
2010-08-24 18:13 . 2010-08-24 18:13 -------- d-----w- c:\documents and settings\Debbie\Application Data\Yahoo!
2010-08-23 03:36 . 2010-08-23 03:36 -------- d-----w- c:\documents and settings\Debbie\Application Data\Gamers Digital
2010-08-23 03:36 . 2010-08-23 03:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Gamers Digital
2010-08-21 04:00 . 2010-08-21 04:00 -------- d-----w- c:\documents and settings\Debbie\Application Data\TOMI2.THE GATES OF FATE
2010-08-19 17:04 . 2004-03-08 23:40 57344 ----a-w- c:\windows\system32\icmfilter.dll
2010-08-19 17:04 . 2004-03-08 23:40 32768 ----a-w- c:\windows\system32\plugin.dll
2010-08-19 17:04 . 2004-03-08 23:40 210944 ----a-w- c:\windows\system32\Msvcrt10.dll
2010-08-18 20:41 . 2010-08-18 20:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Gogii
2010-08-18 19:42 . 2010-08-18 19:42 -------- d-----w- c:\documents and settings\Debbie\Application Data\SunRay Games
2010-08-13 18:36 . 2010-08-13 18:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Exorcist DS 7
2010-08-12 18:17 . 2010-08-12 18:17 -------- d-----w- c:\documents and settings\Debbie\Application Data\GameHouse
2010-08-09 14:25 . 2010-08-09 14:25 -------- d-----w- c:\documents and settings\Debbie\Local Settings\Application Data\Thinstall
2010-08-09 14:25 . 2010-08-09 14:25 -------- d-----w- c:\documents and settings\Debbie\Application Data\Thinstall
2010-08-08 21:00 . 2010-08-08 21:00 -------- d-----w- c:\windows\Sun
2010-08-08 16:30 . 2010-08-08 16:30 -------- d-----w- c:\documents and settings\Debbie\Application Data\Anarchy
2010-08-08 15:34 . 2010-08-08 15:34 -------- d-----w- c:\program files\Common Files\Adobe
2010-08-08 15:32 . 2010-08-08 15:32 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-08-08 15:32 . 2010-08-08 15:32 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2010-08-08 15:31 . 2010-08-08 15:31 77184 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2010-08-08 15:31 . 2010-08-17 21:56 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-08-08 02:22 . 2010-08-08 02:22 -------- d-----w- c:\documents and settings\Debbie\Application Data\Bicyclestudios
2010-08-08 02:22 . 2010-08-08 02:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Bicyclestudios
2010-08-06 20:24 . 2010-08-06 20:24 -------- d-----w- c:\documents and settings\Debbie\Application Data\Enlightenus2_BFG
2010-08-06 20:04 . 2010-08-06 20:04 -------- d-----w- c:\documents and settings\Debbie\Application Data\Orneon
2010-08-05 04:27 . 2010-08-05 04:27 503808 ----a-w- c:\documents and settings\Debbie\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-30d79a20-n\msvcp71.dll
2010-08-05 04:27 . 2010-08-05 04:27 499712 ----a-w- c:\documents and settings\Debbie\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-30d79a20-n\jmc.dll
2010-08-05 04:27 . 2010-08-05 04:27 348160 ----a-w- c:\documents and settings\Debbie\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-30d79a20-n\msvcr71.dll
2010-08-05 04:27 . 2010-08-05 04:27 61440 ----a-w- c:\documents and settings\Debbie\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-4e9dda51-n\decora-sse.dll
2010-08-05 04:27 . 2010-08-05 04:27 12800 ----a-w- c:\documents and settings\Debbie\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-4e9dda51-n\decora-d3d.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-03 00:01 . 2010-06-07 18:23 8544 ----a-w- c:\windows\system32\drivers\sthdae.log
2010-09-02 00:41 . 2010-06-08 01:50 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-08-31 18:12 . 2010-07-14 03:21 -------- d-----w- c:\documents and settings\Debbie\Application Data\Big Fish Games
2010-08-30 16:51 . 2010-06-12 15:20 -------- d-----w- c:\documents and settings\Debbie\Application Data\HpUpdate
2010-08-30 16:40 . 2010-06-06 20:47 67216 ----a-w- c:\documents and settings\Debbie\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-30 16:21 . 2010-08-01 20:04 517464 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-08-27 15:31 . 2010-06-07 00:15 -------- d-----w- c:\program files\MSBuild
2010-08-24 19:28 . 2010-06-12 03:21 117537 ----a-w- c:\windows\hpoins11.dat
2010-08-24 00:30 . 2010-06-14 20:25 -------- d-----w- c:\documents and settings\All Users\Application Data\MumboJumbo
2010-08-21 15:19 . 2010-06-27 19:29 46 ----a-w- c:\documents and settings\Debbie\jagex_runescape_preferences.dat
2010-08-21 15:18 . 2010-06-27 19:30 99 ----a-w- c:\documents and settings\Debbie\jagex_runescape_preferences2.dat
2010-08-21 04:00 . 2010-06-21 17:43 -------- d-----w- c:\documents and settings\All Users\Application Data\AlawarWrapper
2010-08-16 04:50 . 2010-08-01 18:35 -------- d-----w- c:\documents and settings\Debbie\Application Data\RunningPillow
2010-08-12 18:17 . 2010-06-22 01:18 -------- d-----w- c:\documents and settings\All Users\Application Data\GameHouse
2010-08-01 18:45 . 2010-08-01 18:45 -------- d-----w- c:\program files\Common Files\Java
2010-08-01 18:44 . 2010-08-01 18:44 61440 ----a-w- c:\documents and settings\Debbie\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-4fdb862f-n\decora-sse.dll
2010-08-01 18:44 . 2010-08-01 18:44 12800 ----a-w- c:\documents and settings\Debbie\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-4fdb862f-n\decora-d3d.dll
2010-08-01 18:44 . 2010-08-01 18:44 503808 ----a-w- c:\documents and settings\Debbie\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5eeab882-n\msvcp71.dll
2010-08-01 18:44 . 2010-08-01 18:44 499712 ----a-w- c:\documents and settings\Debbie\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5eeab882-n\jmc.dll
2010-08-01 18:44 . 2010-08-01 18:44 348160 ----a-w- c:\documents and settings\Debbie\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5eeab882-n\msvcr71.dll
2010-08-01 18:44 . 2010-08-01 18:44 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-01 18:44 . 2010-08-01 18:44 -------- d-----w- c:\program files\Java
2010-07-31 17:48 . 2010-07-31 17:47 -------- d-----w- c:\documents and settings\Debbie\Application Data\Trio
2010-07-30 21:54 . 2010-07-30 21:54 -------- d-----w- c:\documents and settings\Debbie\Application Data\ERS Game Studios
2010-07-29 20:12 . 2010-07-29 20:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Alawar Stargaze
2010-07-29 04:45 . 2010-07-29 04:45 -------- d-----w- c:\documents and settings\Debbie\Application Data\Vast Studios
2010-07-28 18:04 . 2010-07-28 18:04 -------- d-----w- c:\documents and settings\Debbie\Application Data\MysteriousCaseOfJekyllAndHyde
2010-07-27 23:48 . 2010-07-27 18:00 -------- d-----w- c:\documents and settings\Debbie\Application Data\Total Eclipse
2010-07-25 18:08 . 2010-07-25 18:08 -------- d-----w- c:\program files\Western Digital Corporation
2010-07-21 20:39 . 2010-07-21 20:39 -------- d-----w- c:\documents and settings\Debbie\Application Data\GameMill Entertainment
2010-07-21 19:56 . 2010-07-21 19:55 -------- d-----w- c:\documents and settings\Debbie\Application Data\SprillBermudeEng
2010-07-19 20:27 . 2010-07-19 20:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Particles
2010-07-19 20:26 . 2010-07-19 20:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Far Mills
2010-07-18 14:53 . 2010-06-06 23:38 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-18 14:53 . 2010-07-18 14:53 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-18 14:53 . 2010-06-06 23:38 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-18 01:28 . 2010-07-18 01:28 -------- d-----w- c:\documents and settings\Debbie\Application Data\Vogat Interactive
2010-07-17 20:41 . 2010-07-17 20:41 -------- d-----w- c:\documents and settings\Debbie\Application Data\CannyGames
2010-07-14 17:59 . 2010-07-14 17:59 -------- d-----w- c:\documents and settings\Debbie\Application Data\TikisLab
2010-07-14 17:57 . 2010-07-14 17:50 -------- d-----w- c:\documents and settings\Debbie\Application Data\OtherSide Realm of Eons
2010-07-14 17:50 . 2010-07-05 18:34 -------- d-----w- c:\documents and settings\Debbie\Application Data\PlayFirst
2010-07-14 17:50 . 2010-07-05 18:34 -------- d-----w- c:\documents and settings\All Users\Application Data\PlayFirst
2010-07-13 23:55 . 2010-07-13 23:55 -------- d-----w- c:\documents and settings\Debbie\Application Data\Floodlight Games
2010-07-13 23:55 . 2010-07-13 23:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Floodlight Games
2010-07-12 00:17 . 2010-07-12 00:17 -------- d-----w- c:\documents and settings\Debbie\Application Data\Silverback Productions
2010-07-12 00:16 . 2010-07-12 00:16 4096 ----a-w- c:\windows\d3dx.dat
2010-07-11 21:47 . 2010-07-11 21:47 -------- d-----w- c:\documents and settings\Debbie\Application Data\Pi Eye Games
2010-07-10 19:15 . 2010-07-10 19:15 -------- d-----w- c:\documents and settings\Debbie\Application Data\KranX Productions
2010-07-06 17:31 . 2010-07-06 17:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Redrum
2010-07-06 16:33 . 2010-06-17 18:43 -------- d-----w- c:\documents and settings\Debbie\Application Data\ERS G-Studio
2010-07-06 16:25 . 2010-07-06 16:15 -------- d-----w- c:\documents and settings\Debbie\Application Data\Paige Harper and the Tome of Mystery
2010-07-06 15:58 . 2010-07-06 15:58 -------- d-----w- c:\documents and settings\Debbie\Application Data\VendelGAMES
2010-07-05 04:16 . 2010-07-05 04:16 -------- d-----w- c:\documents and settings\All Users\Application Data\GamePlastic
2010-06-30 12:31 . 2001-08-23 12:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-27 19:30 . 2010-06-27 19:30 0 ----a-w- c:\documents and settings\Debbie\jagex__preferences3.dat
2010-06-27 19:28 . 2010-06-27 19:28 33982 ----a-r- c:\documents and settings\Debbie\Application Data\Microsoft\Installer\{8EE72D39-DE32-4069-9E72-C1974546EFDD}\runescape.exe
2010-06-26 00:06 . 2010-06-26 00:06 16384 ----a-r- c:\documents and settings\Debbie\Application Data\Microsoft\Installer\{D085A1B6-90A4-11D3-82B7-00C04FA309DE}\MnyIco.exe
2010-06-24 12:15 . 2001-08-23 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 12:15 . 2004-08-04 07:56 78336 ------w- c:\windows\system32\ieencode.dll
2010-06-24 12:15 . 2001-08-23 12:00 17408 ------w- c:\windows\system32\corpol.dll
2010-06-23 13:44 . 2001-08-23 12:00 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2001-08-23 12:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2001-08-23 12:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2010-06-06 20:25 744448 ----a-w- c:\windows\PCHEALTH\HELPCTR\Binaries\helpsvc.exe
2010-06-14 07:41 . 2001-08-23 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-07 15:04 . 2010-06-06 20:25 86327 ----a-w- c:\windows\PCHEALTH\HELPCTR\OfflineCache\index.dat
2010-06-07 14:57 . 2010-06-06 23:38 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-06-07 00:43 . 2010-06-07 00:43 1956808 ----a-w- c:\documents and settings\Debbie\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2010-06-06 23:10 . 2010-06-06 23:10 409600 ----a-w- c:\windows\system32\wrap_oal.dll
2010-06-06 23:10 . 2010-06-06 23:10 114688 ----a-w- c:\windows\system32\OpenAL32.dll
2010-06-06 23:09 . 2010-06-06 23:09 230 ----a-w- c:\windows\ctrunonce.reg
2010-06-06 20:36 . 2010-06-06 20:36 45056 ----a-r- c:\documents and settings\Debbie\Application Data\Microsoft\Installer\{2764CA82-DFB9-4498-AF85-719340BF5305}\NewShortcut1_2764CA82DFB94498AF85719340BF5305.exe
2010-06-06 20:36 . 2010-06-06 20:36 10134 ----a-r- c:\documents and settings\Debbie\Application Data\Microsoft\Installer\{2764CA82-DFB9-4498-AF85-719340BF5305}\ARPPRODUCTICON.exe
2010-06-06 20:24 . 2010-06-06 20:24 21640 ----a-w- c:\windows\system32\emptyregdb.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-17 8491008]
"AVG9_TRAY"="p:\avg\AVG9~1\avgtray.exe" [2010-07-18 2065760]
"IDTSysTrayApp"="sttray.exe" [2007-09-06 405504]
"cctray"="p:\ca internet security suite\cctray\cctray.exe" [2010-06-10 177392]
"QOELOADER"="p:\ca internet security suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe" [2010-06-10 14088]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"UnlockerAssistant"="p:\unnlocker\UnlockerAssistant.exe" [2010-07-04 17408]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2010-5-10 4456448]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-18 14:53 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"p:\\AVG\\AVG 9\\avgemc.exe"=
"p:\\AVG\\AVG 9\\avgupd.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"p:\\Pando\\Pando.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56137:TCP"= 56137:TCP:Pando
"56137:UDP"= 56137:UDP:Pando

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/6/2010 6:38 PM 216400]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [6/6/2010 6:38 PM 243024]
R2 avg9emc;AVG Free E-mail Scanner;p:\avg\AVG 9\avgemc.exe [7/18/2010 9:53 AM 921952]
R2 avg9wd;AVG Free WatchDog;p:\avg\AVG 9\avgwdsvc.exe [7/18/2010 9:53 AM 308136]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [5/10/2010 11:33 AM 110592]
R2 WDFME;WD File Management Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [5/10/2010 11:32 AM 1858048]
R2 WDSC;WD File Management Shadow Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [5/10/2010 11:32 AM 482304]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [9/2/2010 2:45 PM 20952]
R3 PPCtlPriv;PPCtlPriv;p:\ca internet security suite\CA Anti-Spyware\PPCtlPriv.exe [8/16/2007 9:10 PM 189704]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [6/8/2010 12:20 PM 11520]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 MBAMService;MBAMService;"p:\malwarebytes' anti-malware\mbamservice.exe" --> p:\malwarebytes' anti-malware\mbamservice.exe [?]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [3/10/2010 8:18 AM 24216]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
.
Contents of the 'Scheduled Tasks' folder

2010-09-02 c:\windows\Tasks\CAAntiSpywareScan_Daily as Debbie at 2 43 PM.job
- p:\ca internet security suite\CA Anti-Spyware\CAAntiSpyware.exe [2007-08-17 02:10]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://wendysforum.net/index.php/board,4.0.html
IE: Druid: Download All Files - p:\download druid\Druid.html
IE: Druid: Download Highlighted Files - p:\download druid\DruidHighLighted.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Weather - c:\program files\AWS\WeatherBug\Weather.exe
HKCU-Run-DriverCure - c:\program files\ParetoLogic\DriverCure\DriverCure.exe
HKLM-Run-Malwarebytes' Anti-Malware - p:\malwarebytes' anti-malware\mbamgui.exe
AddRemove-A Gypsys Tale The Tower of Secrets 1.00 - g:\wendysforum\A Gypsy's Tale - The Tower of Secrets\A Gypsy's Tale - The Tower of Secrets\Uninstall.exe
AddRemove-Adrianne Stone: Hidden Relics - g:\!hogs #a\Adrianne Stone Hidden Relics\Adrianne Stone Hidden Relics\uninstall.exe
AddRemove-Agatha Christie 450 from Paddington 1.00 - g:\wendysforum\Agatha Christie - 450 from Paddington\Agatha Christie - 450 from Paddington\Uninstall.exe
AddRemove-Al Emmos Postcards from Anozira 1.00 - g:\wendysforum\Al Emmo's Postcards from Anozira\Al Emmo's Postcards from Anozira\Uninstall.exe
AddRemove-Ancient Adventures Gift of Zeus 1.00 - g:\wendysforum\Ancient Adventures - Gift of Zeus\Ancient Adventures - Gift of Zeus\Uninstall.exe
AddRemove-Artifacts of the Past Ancient Mysteries 1.00 - g:\wendysforum\Artifacts of The Past - Ancient Mysteries\Artifacts of The Past - Ancient Mysteries\Uninstall.exe
AddRemove-Barnyard Sherlock Hooves 1.00 - g:\wendysforum\Barnyard Sherlock Hooves\Barnyard Sherlock Hooves\Uninstall.exe
AddRemove-Biggest Little Adventure 1.00 - g:\wendysforum\Biggest Little Adventure\Biggest Little Adventure\Uninstall.exe
AddRemove-Blood Oath 1.00 - g:\wendysforum\Blood Oath\Blood Oath\Uninstall.exe
AddRemove-Brunhilda and the Dark Crystal 1.00 - g:\wendysforum\Brunhilda and The Dark Crystal\Brunhilda and The Dark Crystal\Uninstall.exe
AddRemove-BumbleBee Jewel 1.00 - g:\wendysforum\_Match 3\Bumblebee Jewel\Bumblebee Jewel\Uninstall.exe
AddRemove-Classic Adventures The Great Gatsby 1.00 - g:\wendysforum\Classic Adventures - The Great Gatsby\Classic Adventures - The Great Gatsby\Uninstall.exe
AddRemove-Dr Despicables Dastardly Deeds 1.00 - g:\wendysforum\_Match 3\Dr Despicable's Dastardly Deeds\Dr Despicable's Dastardly Deeds\Uninstall.exe
AddRemove-Drawn 2 Dark Flight Collectors Edition 1.00 - i:\wendysforum\Drawn 2 - Dark Flight CE\Drawn 2 - Dark Flight CE\Uninstall.exe
AddRemove-Dream Chronicles 4 Book of Air CE 1.00 - g:\wendysforum\Dream Chronicles 4 - Book of Air CE\Dream Chronicles 4 - Book of Air CE\Uninstall.exe
AddRemove-Echoes of the Past The Castle of Shadows Collectors Edition 1.00 - g:\wendysforum\Echoes of The Past - The Castle of Shodows CE\Echoes of The Past - The Castle of Shadows CE\Uninstall.exe
AddRemove-El Sello Magico The False Heiress 1.00 - i:\wendysforum\_Match 3\El Sello Magico - The False Heiress\El Sello Magico - The False Heiress\Uninstall.exe
AddRemove-Elixir of Immortality 1.00 - g:\wendysforum\Elixir of Immortality\Elixir of Immortality\Uninstall.exe
AddRemove-Enlightenus 2 The Timeless Tower Collectors Edition 1.00 - g:\wendysforum\Enlightenus 2 - The Timeless Tower CE\Enlightenus 2 - The Timeless Tower CE\Uninstall.exe
AddRemove-Exorcist 1.00 - g:\wendysforum\Exorcist\Exorcist\Uninstall.exe
AddRemove-Explorer Contraband Mystery 1.00 - g:\wendysforum\Explorer - Contraband Mystery\Explorer - Contraband Mystery\Uninstall.exe
AddRemove-Flux Family Secrets The Rabbit Hole Collectors Edition 1.00 - g:\wendysforum\Flux Family Secrets - The Rabbit Hole\Flux Family Secrets - The Rabbit Hole\Uninstall.exe
AddRemove-Golden Trails The New Western Rush 1.00 - g:\wendysforum\Golden Trails - The New Western Rush\Golden Trails - The New Western Rush\Uninstall.exe
AddRemove-Haunted Hotel 3 Lonely Dream 1.00 - i:\wendysforum\Haunted Hotel 3 - Lonely Dream\Haunted Hotel 3 - Lonely Dream\Uninstall.exe
AddRemove-Hidden Mysteries Vampire Secrets 1.00 - g:\wendysforum\Hidden Mysteries - Vampire Secrets\Hidden Mysteries - Vampire Secrets\Uninstall.exe
AddRemove-Hotel Collectors Edition 1.00 - g:\wendysforum\Hotel Collectors Edition\Hotel Collectors Edition\Uninstall.exe
AddRemove-I Spy Fantasy 1.00 - g:\wendysforum\I Spy Fantasy\I Spy Fantasy\Uninstall.exe
AddRemove-I SPY Mystery 1.00 - g:\wendysforum\I Spy Mystery\I Spy Mystery\Uninstall.exe
AddRemove-Immortal Lovers 1.00 - g:\wendysforum\Immortal Lovers\Immortal Lovers\Uninstall.exe
AddRemove-Insider Tales Vanished In Rome 1.00 - g:\wendysforum\Insider Tales - Vanished in Rome\Insider Tales - Vanished in Rome\Uninstall.exe
AddRemove-It's All About Masks 1.00 - g:\wendysforum\It's All About Masks\It's All About Masks\Uninstall.exe
AddRemove-Journalistic Investigations Stolen Inheritance 1.00 - g:\wendysforum\Journalistic Investigations - Stolen Inheritance\Journalistic Investigations - Stolen Inheritance\Uninstall.exe
AddRemove-Journalistic Stories 1.00 - g:\wendysforum\Journalistic Stories\Journalistic Stories\Uninstall.exe
AddRemove-Kate Arrow Deserted Wood 1.00 - g:\wendysforum\Kate Arrow - Deserted Wood\Kate Arrow - Deserted Wood\Uninstall.exe
AddRemove-Laby 1.00 - g:\wendysforum\_Match 3\Laby\Laby\Uninstall.exe
AddRemove-Legacy Lonesome Mansion 1.00 - g:\wendysforum\_Match 3\Legacy - Lonesome Mansion\Legacy - Lonesome Mansion\Uninstall.exe
AddRemove-Love Chronicles The Spell Collectors Edition 1.00 - g:\wendysforum\Love Chronicles - The Spell CE\Love Chronicles - The Spell CE\Uninstall.exe
AddRemove-Memorabilia Mias Mysterious Memory Machine 1.00 - g:\wendysforum\Memorabilia - Mia's Mysterious Memory Machine\Memorabilia - Mia's Mysterious Memory Machine\Uninstall.exe
AddRemove-Midnight Mysteries 2 Salem Witch Trials 1.00 - g:\wendysforum\Midnight Mysteries 2 - Salem Witch Trials\Midnight Mysteries 2 - Salem Witch Trials\Uninstall.exe
AddRemove-Mysterious Travel The Magic Diary 1.00 - g:\wendysforum\Mysterious Travel - The Magic Diary\Mysterious Travel - The Magic Diary\Uninstall.exe
AddRemove-Mystery P.I. Stolen in San Francisco 1.00 - i:\wendysforum\Mystery PI - Stolen in San Francisco\Mystery PI - Stolen in San Francisco\Uninstall.exe
AddRemove-Mystic Diary Haunted Island 1.00 - g:\wendysforum\Mystic Diary - Haunted Island\Mystic Diary - Haunted Island\Uninstall.exe
AddRemove-Nemos Secret The Nautilus 1.00 - g:\wendysforum\Nemo's Secret - The Nautilus\Nemo's Secret - The Nautilus\Uninstall.exe
AddRemove-Nightfall Mysteries Asylum Conspiracy 1.00 - g:\wendysforum\Nightfall Mysteries - Asylum Conspiracy\Nightfall Mysteries - Asylum Conspiracy\Uninstall.exe
AddRemove-Paige Harper and the Tome of Mystery 1.00 - g:\wendysforum\Paige Harper and The Tome of Mystery\Paige Harper and The Tome of Mystery\Uninstall.exe
AddRemove-PJ Pride Pet Detective 2.10 - g:\wendysforum\PJ Pride Pet Detective\PJ Pride Pet Detective\Uninstall.exe
AddRemove-Puppet Show Souls of the Innocent CE 1.00 - g:\wendysforum\Puppet Show - Souls of The Innocent CE\Puppet Show - Souls of The Innocent CE\Uninstall.exe
AddRemove-Redemption Cemetery Curse of the Raven Collectors Edition 1.00 - g:\wendysforum\Redemption Cemetery - Curse of the Raven CE\Redemption Cemetery - Curse of the Raven CE\Uninstall.exe
AddRemove-Redrum 2 Time Lies 1.00 - g:\wendysforum\Redrum 2 - Time Lies\Redrum 2 - Time Lies\Uninstall.exe
AddRemove-Redrum Dead Diary 1.00 - g:\wendysforum\Redrum - Dead Diary\Redrum - Dead Diary\Uninstall.exe
AddRemove-Reincarnations 2 Uncover the Past Collectors Edition 1.00 - i:\wendysforum\Reincarnations 2 - Uncover the Past CE\Reincarnations 2 - Uncover the Past CE\Uninstall.exe
AddRemove-Robins Quest 1.00 - g:\wendysforum\Robin's Quest - A Legend Born\Robin's Quest - A Legend Born\Uninstall.exe
AddRemove-Romancing the Seven Wonders Great Pyramids 1.00 - g:\wendysforum\Romancing the Seven Wonders 2 - Great Pyramids\Romancing the Seven Wonders 2 - Great Pyramids\Uninstall.exe
AddRemove-Samantha Swift and the Fountains of Fate 1.00 - g:\wendysforum\Samantha Swift and The Fountains of Fate\Samantha Swift and The Fountains of Fate\Uninstall.exe
AddRemove-Secrets of the Dragon Wheel 1.00 - g:\wendysforum\Secrets of The Dragon Wheel\Secrets of The Dragon Wheel\Uninstall.exe
AddRemove-Shaolin Mystery Tale of the Jade Dragon Staff 1.00 - g:\wendysforum\Shaolin Mystery Tale of The Jade Dragon Staff\Shaolin Mystery Tale of The Jade Dragon Staff\Uninstall.exe
AddRemove-Skymist The Lost Spirit Stones 1.00 - g:\wendysforum\Skymist - The Lost Spirit Stones\Skymist - The Lost Spirit Stones\Uninstall.exe
AddRemove-Snark Busters Welcome to the Club 1.00 - g:\wendysforum\Snark Busters - Welcome to The Club\Snark Busters - Welcome to The Club\Uninstall.exe
AddRemove-Special Enquiry Detail The Hand that Feeds 1.00 - g:\wendysforum\Special Enquiry Detail - The Hand that Feeds\Special Enquiry Detail - The Hand that Feeds\Uninstall.exe
AddRemove-Sprill - The Mystery of the Bermuda Triangle 1.00 - g:\wendysforum\Sprill 2 - The Mystery of The Bermuda Triangle\Sprill 2 - The Mystery of The Bermuda Triangle\Uninstall.exe
AddRemove-The Clockwork Man 2 - Ultimate Edition Game Guide - g:\wendysforum\The Clockwork Man 2 - The Hidden World Ultimate Edition\Guide\Uninstall The Clockwork Man 2 - Ultimate Edition Game Guide.exe
AddRemove-The Clockwork Man 2 The Hidden World Ultimate Edition 1.00 - g:\wendysforum\The Clockwork Man 2 - The Hidden World\The Clockwork Man 2 - The Hidden World Ultimate Edition\Uninstall.exe
AddRemove-The Crop Circles Mystery 1.00 - g:\wendysforum\The Crop Circles Mystery\The Crop Circles Mystery\Uninstall.exe
AddRemove-The Great Pharaoh 1.00 - i:\wendysforum\_Match 3\The Great Pharaoh\The Great Pharaoh\Uninstall.exe
AddRemove-The Lost Kingdom Prophecy 1.00 - g:\wendysforum\The Lost Kingdom Prophecy\The Lost Kingdom Prophecy\Uninstall.exe
AddRemove-The Mysterious Case of Dr. Jekyll and Mr. Hyde 1.00 - g:\wendysforum\The Mysterious Case of Dr Jekyll and Mr Hyde\The Mysterious Case of Dr Jekyll and Mr Hyde\Uninstall.exe
AddRemove-The Otherside Realm of Eons 1.00 - g:\wendysforum\The Otherside - Realms of Eons\The Otherside - Realms of Eons\Uninstall.exe
AddRemove-The Otherside Realm of Eons 1.10 - g:\wendysforum\The Otherside - Realms of Eons (BFG)\The Otherside - Realm of Eons\Uninstall.exe
AddRemove-The Seawise Chronicles Untamed Legacy 1.00 - g:\wendysforum\The Seawise Chronicles - Untamed Legacy\The Seawise Chronicles - Untamed Legacy\Uninstall.exe
AddRemove-The Treasures of Mystery Island The Gates of Fate 1.00 - g:\wendysforum\The Treasures of Mystery Island 2 - The Gates of Fate\The Treasures of Mystery Island 2 - The Gates of Fate\Uninstall.exe
AddRemove-Time Dreamer 1.00 - g:\wendysforum\Time Dreamer\Time Dreamer\Uninstall.exe
AddRemove-Tropical Shop Fish Annabels Adventure 1.00 - g:\wendysforum\_Match 3\Tropical Fish Shop - Annabel's Adventures\Tropical Fish Shop - Annabel's Adventure\Uninstall.exe
AddRemove-Vampire Brides Love Over Death 1.00 - g:\wendysforum\Vampire Brides - Love Over Death\Vampire Brides - Love Over Death\Uninstall.exe
AddRemove-Veronica and the Book of Dreams 1.00 - i:\wendysforum\_Match 3\Veronica and The Book of Dreams\Veronica and The Book of Dreams\Uninstall.exe
AddRemove-{72B1C9BA-16C8-4800-B804-FEEFF087C2BD}_is1 - g:\giveawayoftheday\King's Smith\King's Smith\unins000.exe
AddRemove-Splotches - i:\giveawayoftheday\Splotches\Splotches\Uninstal.exe
AddRemove-The Sandbox of God Remastered - g:\giveawayoftheday\The Sandbox of God\The Sandbox of God\Uninstal.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-02 19:03
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(640)
c:\program files\CA\SharedComponents\PPRT\bin\CACheck.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAHook.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll

- - - - - - - > 'explorer.exe'(3524)
c:\windows\system32\WININET.dll
c:\program files\CA\SharedComponents\PPRT\bin\CACheck.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAHook.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
p:\avg\AVG 9\avgchsvx.exe
p:\avg\AVG 9\avgrsx.exe
p:\avg\AVG 9\avgcsrvx.exe
p:\diskeeper\DkService.exe
c:\program files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
c:\program files\Java\jre6\bin\jqs.exe
p:\ca internet security suite\CA Anti-Spyware\CAPPActiveProtection.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
p:\avg\AVG 9\avgcsrvx.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wscntfy.exe
p:\ca internet security suite\ccprovsp.exe
.
**************************************************************************
.
Completion time: 2010-09-02 19:05:21 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-03 00:05

Pre-Run: 45,909,008,384 bytes free
Post-Run: 48,780,193,792 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

- - End Of File - - DBD57EC8FCB9D01196476DF936B72924

Re: Security Tool3rd September 2010, 12:14 am

How are things running now?

Re: Security Tool3rd September 2010, 12:29 am

Security tool is no longer in c docs programs. I am having no pop ups about it. Seems like it is gone.

Re: Security Tool3rd September 2010, 12:35 am

Congratulations!! Your PC is all clean! Big Grin

To uninstall ComboFix

Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
In the field, type in ComboFix /uninstall

(Note: Make sure there's a space between the word ComboFix and the forward-slash.)

Then, press Enter, or click OK.
This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.

There are many things you can do to keep this from happening again. You can think of a computer like a car. It requires basic maintenance to keep in tip top shape and ready to go. Would you drive your car 100,000 miles without changing the oil? The same principle applies here.

Cleaning

Now that your PC is free of malware, it is important to clean up your PC. There are several good free cleaners available. You should make sure to clean up your temp files regularly, at least once a week.

ATF Cleaner
CCleaner

Defragmenting Your Hard Disk

Over time your PC can become fragmented, Windows comes with a defragmenting utility, however, it is very slow, and there are other options available.

To use the defragmenter included with Windows either go to Start/Run and type dfrg.msc, hit enter; or
right-click My Computer, choose Manage, Storage, Disk Defragmenter.

In the Defragmenter utility, select your main partition/HD, generally C:\ and select analyze . The analysis report will tell you whether or not your disk needs to be defragmented, if it does, click defragment. Be patient, this can take a long time.

Repeat for multiple partitions/hard disks.

System Restore Cleanup Instructions

If you are using Windows ME or XP then it is good to disable and re-enable system restore to make sure there are no infected files left in a restore point. (All restore points will be deleted that way)
You can find instructions on how to disable and re-enable system restore here:

Windows ME System Restore Guide

Windows XP System Restore Guide

Reading Tip:
Computer Health
Keep Your System Updated

Microsoft releases patches for Windows and Office products regularly to patch up Windows and Office products loopholes and fix any bugs found. Please ensure that you visit the following websites regularly or do update your system regularly.

Install the updates immediately, if they are found. Reboot your computer if necessary, revisit Windows Update and Office update sites until there are no more updates to be installed.

To update Windows and office

Go to Start > All Programs > Microsoft Update

Alternatively, you can visit the link below to update Windows and Office products.

Microsoft Update

If you are forgetful, you can change some settings so that you will be informed of updates. Here's how:

1. Go to Start > Control Panel > Automatic Updates
2. Select Automatic (recommended) radio button if you want the updates to be downloaded and installed without prompting you.
3. Select Download updates for me, but let me chose when to install them radio button if you want the updates to be downloaded automatically but to be installed at another time.4. Select Notify me but don't automatically download or install them radio button if you want to be notified of the updates.

Please make sure that you update your antivirus, firewall and anti-spyware programs at least once a week.

Be careful when opening attachments and downloading files.

1. Never open email attachments, not even if they are from someone you know. If you need to open them, scan them with your antivirus program before opening.
2. Never open emails from unknown senders.
3. Beware of emails that warn about viruses that are spreading, especially those from antivirus vendors. These are called hoaxes. The email addresses used in the hoaxes can be easily spoofed. Check the antivirus vendor websites to be sure.
4. Be careful of what you download. Only download files from known sources. Also, avoid cracked programs. If you need a particular program that costs too much for you, try finding free alternatives on Sourceforge or Pricelessware.

Surf safely

Many security exploits on websites are directed to users of Internet Explorer and Firefox.

If you use Firefox, try the No-script Add On - which, by default, disables all scripts on all websites. If you trust the website, you can manually allow scripts to work.

Backup regularly

You never know when your PC will become unstable or become so infected that you can't recover it. Follow this Microsoft Article to learn how to backup. Follow This Article by Microsoft to restore your backups.

Alternatively, you can use 3rd-party programs to back up your data. Examples of these can be found at
Bleeping Computer

Avoid P2P

I see you have P2P software installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It is certainly contributing to your current situation.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

Prevent A Re-infection

1. Winpatrol

Winpatrol is a heuristic protection program, meaning it looks for patterns in codes that work like malware. It also takes a snapshot of your system's critical resources and alerts you to any changes that may occur without you knowing. You can read more about Winpatrol's features Here

You can get a Free Copy of Winpatrol or use the Plus Version for more features.

You can read Win Patrol FAQ if you run into problems.

2. Hosts File

A Hosts file is like a phone book. You look up someone's name in the phone book before calling him/her. Similarly, your PC will look up the website's IP address before you can view the website.

Hosts file will replace your current Hosts file with another one containing well-known advertisement sites, spyware sites and other bad sites. This new Hosts file will protect you by re-directing these bad sites to 127.0.0.1.

Here are some Hosts files:
MVPS Hosts File
Blue Tack’s Hosts File
Blue Tack’s Hosts Manager

3. Spybot Search and Destroy

Spybot Search & Destroy is another program for scanning spyware and adware. You are strongly encouraged to run a scan at least once per week.

Spybot Search & Destroy can be downloaded from here.

If you need help in using Spybot Search & Destroy, you can read Spybot Search and Destroy tutorial at Bleeping Computer.

4. SiteHound Toolbar

SiteHound is a toolbar that warns you if you go to a site that is known to scam people, that has potentially lots of viruses or spyware or other questionable content. If you know the site, you can enter it; if you don't, it will bring you back to the previous page. Currently, SiteHound works for Internet Explorer and Firefox only.

====

Stand Up and Be Counted ---> Malware Complaints<--- where you can make difference!

The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.
============================================================
See this page for more info about malware and prevention.
Thank you for choosing GeekPolice. Please see this page if you would like to leave feedback or contribute to our site.
Before the thread is archived, do you have any more questions?

Happy surfing and stay clean!

Re: Security Tool3rd September 2010, 12:42 am

Thank you very much for all of your help.

Security Tool

descriptionSecurity Tool1st September 2010, 9:33 pm

descriptionRe: Security Tool1st September 2010, 10:52 pm

descriptionRe: Security Tool2nd September 2010, 5:04 am

descriptionRe: Security Tool2nd September 2010, 5:05 am

descriptionRe: Security Tool2nd September 2010, 5:06 am

descriptionRe: Security Tool2nd September 2010, 5:12 am

descriptionRe: Security Tool2nd September 2010, 5:19 am

descriptionRe: Security Tool2nd September 2010, 7:05 pm

descriptionRe: Security Tool2nd September 2010, 7:38 pm

descriptionRe: Security Tool2nd September 2010, 7:39 pm

descriptionRe: Security Tool2nd September 2010, 7:39 pm

descriptionRe: Security Tool2nd September 2010, 7:40 pm

descriptionRe: Security Tool2nd September 2010, 7:53 pm

descriptionRe: Security Tool2nd September 2010, 8:51 pm

descriptionRe: Security Tool2nd September 2010, 10:34 pm

descriptionRe: Security Tool3rd September 2010, 12:07 am

descriptionRe: Security Tool3rd September 2010, 12:14 am

descriptionRe: Security Tool3rd September 2010, 12:29 am

descriptionRe: Security Tool3rd September 2010, 12:35 am

descriptionRe: Security Tool3rd September 2010, 12:42 am

descriptionRe: Security Tool

Security Tool1st September 2010, 9:33 pm

Re: Security Tool1st September 2010, 10:52 pm

Re: Security Tool2nd September 2010, 5:04 am

Re: Security Tool2nd September 2010, 5:05 am

Re: Security Tool2nd September 2010, 5:06 am

Re: Security Tool2nd September 2010, 5:12 am

Re: Security Tool2nd September 2010, 5:19 am

Re: Security Tool2nd September 2010, 7:05 pm

Re: Security Tool2nd September 2010, 7:38 pm

Re: Security Tool2nd September 2010, 7:39 pm

Re: Security Tool2nd September 2010, 7:39 pm

Re: Security Tool2nd September 2010, 7:40 pm

Re: Security Tool2nd September 2010, 7:53 pm

Re: Security Tool2nd September 2010, 8:51 pm

Re: Security Tool2nd September 2010, 10:34 pm

Re: Security Tool3rd September 2010, 12:07 am

Re: Security Tool3rd September 2010, 12:14 am

Re: Security Tool3rd September 2010, 12:29 am

Re: Security Tool3rd September 2010, 12:35 am

Re: Security Tool3rd September 2010, 12:42 am

Re: Security Tool