MS Removal Tool Help

Hello,
So my computer started going crazy and said critical had drive failure and some other things, and popped up with the MS removal tool, which I didn't buy or even attempt to look at I just googled the critical hard drive failure and it came back that it was a virus from malware, so I followed the instructions on the read this before you post, post. I downloaded the OTL and copied and pasted the info into the custom scan, and during the scan it got stuck on the mozilla settings and, stopped responding, I tried it again with the same results. I downloaded Malwarebytes' anti-malware and scanned my pc, this of course before I found this site. I will paste the results from that in this post. Hopefully you can help me fix this problem any advice is greatly appreciated. Thanks for your time.

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8201

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

11/20/2011 2:27:13 PM
mbam-log-2011-11-20 (14-27-13).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)
Objects scanned: 402690
Time elapsed: 1 hour(s), 18 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 18
Registry Values Infected: 6
Registry Data Items Infected: 7
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{09971cee-01b8-42bc-9d91-456b1faad6be} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF6-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{7B9F8C21-46EC-4C0B-8683-E755EF84577A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7B9F8C21-46EC-4C0B-8683-E755EF84577A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{F02FABCB-92DD-475A-98AF-14217BD50746} (Adware.Gamevance) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{F02FABCB-92DD-475A-98AF-14217BD50746} (Adware.Gamevance) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3462C343-BE19-4143-AF70-CEFB56F46FC6} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3A421C8F-E238-4AEB-8874-B8B5F2CC4772} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{549B5CA7-4A86-11D7-A4DF-000874180BB3} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{60E91567-EF8A-4520-BCE2-83ABA5256799} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.TryMedia) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\CouponAlert_2p (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\AppDataLow\gvtl (Adware.GameVance) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MENUEXT\&SEARCH (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{7B9F8C21-46EC-4C0B-8683-E755EF84577A} (Adware.MyWebSearch) -> Value: {7B9F8C21-46EC-4C0B-8683-E755EF84577A} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{3462C343-BE19-4143-AF70-CEFB56F46FC6} (Adware.MyWebSearch) -> Value: {3462C343-BE19-4143-AF70-CEFB56F46FC6} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{3462C343-BE19-4143-AF70-CEFB56F46FC6} (Adware.MyWebSearch) -> Value: {3462C343-BE19-4143-AF70-CEFB56F46FC6} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{7b9f8c21-46ec-4c0b-8683-e755ef84577a} (Adware.MyWebSearch) -> Value: {7b9f8c21-46ec-4c0b-8683-e755ef84577a} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\don't load\scui.cpl (Hijack.SecurityCenter) -> Value: scui.cpl -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Search\(default) (Adware.MyWebSearch) -> Value: (default) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowControlPanel (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowRun (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDesktop (PUM.Hidden.Desktop) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\Liz\local settings\Temp\dealiotoolbarinstall.exe (PUP.Dealio.TB) -> Not selected for removal.
c:\system volume information\_restore{106cf321-99a3-4e3a-9103-1bd027606a99}\RP2261\A0226078.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\system volume information\_restore{106cf321-99a3-4e3a-9103-1bd027606a99}\RP2261\A0226084.exe (Adware.TryMedia) -> Quarantined and deleted successfully.

Hi there draysmith11 and welcome to GeekPolice!

I am Gabethebabe and I will be helping you with this issue. Before we start some general remarks/rules:

• Whilst I´m helping you, please follow my instructions carefully and do not experiment on your own or accept help from other persons.
  
• Feel free to ask questions! Especially if my instructions are not clear. I´m here to help, not confuse you.
  
• I will try and respond quickly, but please understand I do have a real life (job, wife, 3 kids, kinky hobbies).
  
• Stick with me till the end. If your computer starts running better, doesn´t mean it is clean yet!

====================

Time to use ComboFix by sUBs, a powerful tool that you are advised not to run without supervision of a trained malware helper. Please visit this webpage and read the tutorial on using ComboFix very carefully. After that download the tool and save it to your desktop.

Doubleclick ComboFix.exe to run the tool. Please post its log back here.

Hello Gabethebabe,
Thank you for the response and help I will do the things you have asked and then repost the findings, again thank you so much.

I have started the download of Combofix and a warning tab popped up which says combo fix has detected a security scanner which must be diabled so it will not cause interference with the program, and to click ok after the AVG Free was disabled, however I uninstalled AVG many months ago, or so I thought, because I have Mcaffe now. It doesn't show up on the add/remove programs files. I just want to know where to go from here so I don't mess anything up more than it already is. Again thank you for your time and help. the download screens where no on point with the bleepingcomputer.com breakdown, but it did have the save tab, maybe due to the Mozilla downloading it? Im just saying so you see what I see if it helps or not.

This is a known problem of AVG. It uninstalls terribly.

We´ll try something else then.

Please download OTL by OldTimer from here and save it to your desktop.

• Close all windows and double click OTL.exe.
  
• The Extra Registry setting should be Use Safelist
  
• Copy and paste the following text into the Custom Scans/Fixes box:

• Click the Run Scan button and allow it to run.
  
• It will produce two logs for you, OTL.txt and Extras.txt. Please post both logs in this thread.
  
• You may need multiple posts to get it all.

====================

Please download aswMBR by Alwil Software from here and save it to your desktop.

• Double click aswMBR.exe to run the tool
  
• Click the Scan button to start the scan
  
• Don´t panic if you see any **Rootkit** entries. The tool sometimes produces false alarms
  
• Once the scan finishes click Save log to save the log to your desktop
  
• Copy and paste the contents of this log (aswMBR.txt) into your next reply.

Hello again,
Thank you for being patient with me, I downloaded OTL, and as I ran the scan it stopped responding at scanning Firefox( or Mozilla) settings. I downloaded the Avast virus protection and did the scan and it completed but I cant figure out how to copy the log from the scan.
The below is the status section of all logs files that came up. Hopefully it helps Thanks for the time and help again.
Threat:WMA:Wimad [Drp]
Threat:WMA:Wimad [Drp]
Threat:INF AutoRun-gen3@bhv [Wrm]
Threat:Win32:Malware-gen
Threat:Win32:Malware-gen
Threat:Win32:Malware-gen
Threat:JS:Pdfka-gen [Expl]
Threat:Win32:Patched-TI [Trj]
Threat:Win32:Patched-TI [Trj]
Threat:Win32:Patched-TI [Trj]
Threat:Win32:Patched-TI [Trj]
Threat:Win32:Small-NTF [Trj]

The OTL scan did not finish? That is the first time I see that happening

Try this then:

Please download DDS by sUBs from one of the locations below and save it to your desktop:
Download Mirror #1
Download Mirror #2
Download Mirror #3

Your antivirus software might protest. Tell it to allow the program. It is quite safe.
Scanning instructions:

• Before scanning, make sure all other running programs are closed.
  
• If possible, temporarily disable your antivirus.
  
• Do not use your computer for anything else during the scan.
  
• Double click on the DDS icon and allow it to run.
  
• When finished it will open two text files: Attach.txt and DDS.txt
  
• Please include the text of both logs in your next reply.
  
• If you disabled your antivirus, re-enable it after the scan.

Hello Again here are the results that you asked for thanks again and hopefully it helps. I wasn't able to disable the avast anti-virus, probably because I'm not too great with computers. As I look over this I hope I didnt just copy and paste the same thing twice if so please let me know.

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23
Run by Liz at 11:00:38 on 2011-11-28
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.381 [GMT -8:00]
.
AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page =
uSearch Bar =
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant =
mWinlogon: Userinit=c:\windows\system32\userinit.exe,wulmwgb.exe,
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: {82ddb4f8-716f-72c8-4101-28f07bbe3de5} - c:\windows\system32\get.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo layers client\YontooIEClient.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [reywn] c:\windows\system32\vpnemb.exe reg_run
uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1
uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [vhrvmy] c:\windows\system32\vpnemb.exe reg_run
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe"
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Anti-phishing Domain Advisor] "c:\documents and settings\all users\application data\anti-phishing domain advisor\visicom_antiphishing.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
dRun: [swg] c:\program files\google\googletoolbarnotifier\1.0.720.3640\GoogleToolbarNotifier.exe
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\liz\startm~1\programs\startup\imvu.lnk - c:\documents and settings\liz\application data\imvuclient\IMVUQualityAgent.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\liz\start menu\programs\imvu\Run IMVU.lnk
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} - hxxp://www.worldwinner.com/games/v47/scrabblecubes/scrabblecubes.cab
DPF: {038E2507-7A48-41E2-94AD-7F23D199AF4E} - hxxp://www.worldwinner.com/games/v54/zengems/zengems.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab
DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} - hxxp://gsn.worldwinner.com/games/v47/shared/FunGamesLoader.cab
DPF: {1D082E71-DF20-4AAF-863B-596428C49874} - hxxp://www.worldwinner.com/games/v50/tpir/tpir.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {2C153C75-8476-434B-B3C3-57B63A3D1939} - hxxp://www.worldwinner.com/games/v48/brickout/brickout.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} - hxxp://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photos.walmart.com/WalmartActivia.cab
DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} - hxxp://www.worldwinner.com/games/v63/bjattack/bja.cab
DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} - hxxp://www.worldwinner.com/games/v46/bejeweled/bejeweled.cab
DPF: {61900274-3323-4446-BDCD-91548D32AF1B} - hxxp://www.worldwinner.com/games/v56/spidersolitaire/spidersolitaire.cab
DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} - hxxp://www.worldwinner.com/games/v41/freecell/freecell.cab
DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - hxxp://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {94299420-321F-4FF9-A247-62A23EBB640B} - hxxp://www.worldwinner.com/games/v46/wordmojo/wordmojo.cab
DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} - hxxp://www.worldwinner.com/games/v57/wof/wof.cab
DPF: {A91FB93D-7561-4524-8484-5C27C8FA8D42} - hxxp://www.worldwinner.com/games/v49/luxor/luxor.cab
DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} - hxxp://www.worldwinner.com/games/v67/swapit/swapit.cab
DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} - hxxp://www.worldwinner.com/games/v41/hangman/hangman.cab
DPF: {BA94245D-2AA0-4953-9D9F-B0EE4CC02C43} - hxxp://www.worldwinner.com/games/v42/tilecity/tilecity.cab
DPF: {C5326A4D-E9AA-40AD-A09A-E74304D86B47} - hxxp://www.worldwinner.com/games/v50/dinerdash/dinerdash.cab
DPF: {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} - hxxp://www.worldwinner.com/games/v43/paint/paint.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} - hxxp://www.worldwinner.com/games/v47/familyfeud/familyfeud.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://www.popcap.com/games/popcaploader_v6.cab
DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} - hxxp://www.worldwinner.com/games/v53/wwspades/wwspades.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{892900FC-9814-4488-99C0-81491C1EE93D} : DhcpNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
TCP: Interfaces\{8EE6A457-418A-46FE-A437-0CD9467D2767} : DhcpNameServer = 192.168.1.1
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, IdbuwjiLmodq.dll
.
================= FIREFOX ===================
.
FF - ProfilePath -
.
============= SERVICES / DRIVERS ===============
.
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-11-25 320856]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-11-25 20568]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-11-25 44768]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-11-20 366152]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-11-20 22216]
S0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys --> c:\windows\system32\drivers\mfehidk.sys [?]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-11-25 442200]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-29 136176]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-7-4 148520]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-5-29 136176]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 SCR131C;SCRx31 Serial Smart Card Reader;c:\windows\system32\drivers\SCR131C.sys [2002-11-7 181875]
S3 SCR33X USB Smart Card Reader;SCR33X USB Smart Card Reader;c:\windows\system32\drivers\SCR33X2K.sys [2004-4-6 64088]
S3 XIRLINK;Veo PC Camera;c:\windows\system32\drivers\ucdnt.sys [2006-12-30 899884]
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
.
============= FINISH: 11:01:46.45 ===============





.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 6/11/2006 5:20:13 PM
System Uptime: 11/20/2011 2:47:14 PM (189 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | Onyx2
Processor: Intel(R) Celeron(R) M processor 1.70GHz | CPU 1 | 1697/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 224 GiB total, 152.716 GiB free.
D: is FIXED (FAT32) - 8 GiB total, 0.421 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP2178: 8/28/2011 7:36:31 AM - System Checkpoint
RP2179: 8/29/2011 7:40:48 AM - System Checkpoint
RP2180: 8/30/2011 8:40:53 AM - System Checkpoint
RP2181: 8/31/2011 9:40:47 AM - System Checkpoint
RP2182: 9/1/2011 10:40:16 AM - System Checkpoint
RP2183: 9/2/2011 11:40:14 AM - System Checkpoint
RP2184: 9/3/2011 12:38:20 PM - System Checkpoint
RP2185: 9/4/2011 12:41:17 PM - System Checkpoint
RP2186: 9/5/2011 1:40:11 PM - System Checkpoint
RP2187: 9/6/2011 2:40:10 PM - System Checkpoint
RP2188: 9/7/2011 4:43:23 PM - System Checkpoint
RP2189: 9/9/2011 2:10:18 AM - System Checkpoint
RP2190: 9/10/2011 2:18:03 AM - System Checkpoint
RP2191: 9/11/2011 3:03:43 AM - System Checkpoint
RP2192: 9/12/2011 4:03:47 AM - System Checkpoint
RP2193: 9/13/2011 5:03:44 AM - System Checkpoint
RP2194: 9/14/2011 6:03:41 AM - System Checkpoint
RP2195: 9/15/2011 7:04:46 AM - System Checkpoint
RP2196: 9/16/2011 8:03:38 AM - System Checkpoint
RP2197: 9/17/2011 8:37:07 AM - System Checkpoint
RP2198: 9/17/2011 10:06:57 AM - Removed Skype™ 5.0
RP2199: 9/18/2011 11:52:08 AM - System Checkpoint
RP2200: 9/19/2011 12:00:36 PM - System Checkpoint
RP2201: 9/20/2011 12:07:06 PM - System Checkpoint
RP2202: 9/21/2011 1:00:33 PM - System Checkpoint
RP2203: 9/22/2011 2:00:32 PM - System Checkpoint
RP2204: 9/23/2011 3:00:31 PM - System Checkpoint
RP2205: 9/24/2011 3:01:36 PM - System Checkpoint
RP2206: 9/25/2011 4:18:07 PM - System Checkpoint
RP2207: 9/26/2011 5:04:33 PM - System Checkpoint
RP2208: 9/27/2011 6:00:28 PM - System Checkpoint
RP2209: 9/28/2011 6:24:15 PM - System Checkpoint
RP2210: 9/29/2011 7:00:26 PM - System Checkpoint
RP2211: 9/30/2011 7:17:12 PM - System Checkpoint
RP2212: 10/1/2011 10:34:14 PM - System Checkpoint
RP2213: 10/2/2011 11:00:25 PM - System Checkpoint
RP2214: 10/4/2011 12:00:22 AM - System Checkpoint
RP2215: 10/5/2011 1:00:21 AM - System Checkpoint
RP2216: 10/6/2011 2:00:21 AM - System Checkpoint
RP2217: 10/7/2011 3:00:20 AM - System Checkpoint
RP2218: 10/8/2011 4:00:19 AM - System Checkpoint
RP2219: 10/9/2011 5:00:18 AM - System Checkpoint
RP2220: 10/10/2011 5:04:47 AM - System Checkpoint
RP2221: 10/11/2011 6:04:49 AM - System Checkpoint
RP2222: 10/12/2011 7:04:45 AM - System Checkpoint
RP2223: 10/13/2011 8:11:50 AM - System Checkpoint
RP2224: 10/14/2011 9:04:43 AM - System Checkpoint
RP2225: 10/15/2011 9:25:21 AM - System Checkpoint
RP2226: 10/16/2011 10:04:46 AM - System Checkpoint
RP2227: 10/17/2011 11:04:44 AM - System Checkpoint
RP2228: 10/18/2011 12:04:40 PM - System Checkpoint
RP2229: 10/19/2011 1:04:39 PM - System Checkpoint
RP2230: 10/20/2011 2:04:42 PM - System Checkpoint
RP2231: 10/21/2011 3:04:37 PM - System Checkpoint
RP2232: 10/22/2011 3:05:42 PM - System Checkpoint
RP2233: 10/23/2011 4:04:37 PM - System Checkpoint
RP2234: 10/24/2011 4:24:02 PM - System Checkpoint
RP2235: 10/25/2011 5:04:33 PM - System Checkpoint
RP2236: 10/26/2011 5:08:38 PM - System Checkpoint
RP2237: 10/27/2011 6:04:32 PM - System Checkpoint
RP2238: 10/28/2011 7:04:30 PM - System Checkpoint
RP2239: 10/29/2011 8:04:29 PM - System Checkpoint
RP2240: 10/30/2011 9:09:58 PM - System Checkpoint
RP2241: 10/31/2011 9:14:09 PM - System Checkpoint
RP2242: 11/1/2011 10:04:26 PM - System Checkpoint
RP2243: 11/2/2011 11:04:25 PM - System Checkpoint
RP2244: 11/4/2011 12:04:24 AM - System Checkpoint
RP2245: 11/5/2011 1:04:23 AM - System Checkpoint
RP2246: 11/5/2011 1:53:23 PM - Installed Java(TM) 6 Update 23
RP2247: 11/6/2011 1:04:23 PM - System Checkpoint
RP2248: 11/7/2011 1:05:26 PM - System Checkpoint
RP2249: 11/7/2011 3:03:15 PM - Removed Driver Medic.
RP2250: 11/8/2011 3:08:41 PM - System Checkpoint
RP2251: 11/9/2011 3:27:15 PM - System Checkpoint
RP2252: 11/10/2011 4:04:18 PM - System Checkpoint
RP2253: 11/11/2011 5:04:17 PM - System Checkpoint
RP2254: 11/12/2011 6:04:16 PM - System Checkpoint
RP2255: 11/13/2011 7:04:15 PM - System Checkpoint
RP2256: 11/14/2011 9:14:14 PM - System Checkpoint
RP2257: 11/15/2011 10:38:07 PM - System Checkpoint
RP2258: 11/16/2011 11:04:16 PM - System Checkpoint
RP2259: 11/18/2011 12:07:10 AM - System Checkpoint
RP2260: 11/19/2011 1:04:11 AM - System Checkpoint
RP2261: 11/20/2011 1:14:27 AM - System Checkpoint
RP2262: 11/20/2011 2:45:33 PM - Removed Microsoft Office Professional Plus 2007
RP2263: 11/20/2011 2:48:30 PM - Restore Operation
RP2264: 11/21/2011 2:51:53 PM - System Checkpoint
RP2265: 11/22/2011 3:51:51 PM - System Checkpoint
RP2266: 11/23/2011 3:52:10 PM - System Checkpoint
RP2267: 11/24/2011 4:51:48 PM - System Checkpoint
RP2268: 11/25/2011 5:05:08 PM - avast! Free Antivirus Setup
.
==== Installed Programs ======================
.
2570
2570_Help
2570Trb
Acrobat.com
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.6
Adobe® Photoshop® Album Starter Edition 3.2
Agere Systems PCI-SV92PP Soft Modem
AiO_Scan
AiO_Scan_CDA
AiOSoftware
AiOSoftwareNPI
American Greetings Scrapbooks and More!
Anti-phishing Domain Advisor
Apple Application Support
Apple Mobile Device Support
Apple Software Update
avast! Free Antivirus
BufferChm
CameraDrivers
CardRd81
CCScore
Coupon Printer for Windows
CP_AtenaShokunin1Config
CP_CalendarTemplates1
cp_LightScribeConfig
cp_OnlineProjectsConfig
CP_Package_Basic1
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CP_Panorama1Config
cp_PosterPrintConfig
cp_UpdateProjectsConfig
CR2
CueTour
CustomerResearchQFolder
Data Fax SoftModem with SmartCP
Destinations
DocProc
DocumentViewer
DocumentViewerQFolder
ebgcInfra
ebgcRes
ebgcSDK
ESSBrwr
ESSCDBK
ESScore
ESSCT
ESSgui
ESShelp
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
ESSTUTOR
ESSvpaht
ESSvpot
Fax
Fax_CDA
Free Realms
FullDPAppQFolder
GdiplusUpgrade
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
High Definition Audio Driver Package - KB888111
HLPIndex
HLPPDOCK
HLPRFO
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 10 (KB910393)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Boot Optimizer
HP Deskjet Printer Preload
HP DigitalMedia Archive
HP Document Viewer 5.3
HP DVD Play 1.0
HP Extended Capabilities 5.3
HP Game Console and games
HP Imaging Device Functions 6.0
HP Multimedia Keyboard Software
HP Photosmart 330,380,420,470,7800,8000,8200 Series
HP Photosmart Cameras 5.0
HP Photosmart for Media Center PC
HP Photosmart Premier Software 6.0
HP PSC & OfficeJet 5.3.A
HP PSC & OfficeJet 5.3.B
HP Software Update
HP Solution Center & Imaging Support Tools 5.3
HPProductAssistant
HpSdpAppCoreApp
InstantShareDevices
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections Drivers
InterVideo WinDVD Player
iTunes
J2SE Runtime Environment 5.0 Update 5
J2SE Runtime Environment 5.0 Update 6
Java Auto Updater
Java(TM) 6 Update 23
Kodak EasyShare software
KSU
LightScribe 1.4.62.1
Malwarebytes' Anti-Malware version 1.51.2.1300
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Away Mode
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2004
Microsoft Money 2004 System Pack
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Web Publishing Wizard 1.52
Microsoft Works
Mozilla Firefox (3.6.24)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB954459)
My HP Games
NewCopy
NewCopy_CDA
Notifier
OptionalContentQFolder
OTtBP
OTtBPSDK
PanoStandAlone
PhotoGallery
ProductContextNPI
PSPrinters08
PSTAPlugin
QuickTime
RandMap
Readme
Realtek High Definition Audio Driver
Roblox for Liz
Roxio Media Manager
Scan
ScannerCopy
SCR531 Smartcard Reader
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SFR
SHASTA
Shockwave
SKIN0001
SkinsHP1
SKINXSDK
SolutionCenter
Sonic Express Labeler
Sonic MyDVD Plus
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Sonic_PrimoSDK
Spelling Dictionaries Support For Adobe Reader 9
Status
SUPERAntiSpyware
Symantec Network Drivers Update
The Print Shop 20
TrayApp
Unity Web Player
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
Updates from HP (remove only)
VPRINTOL
WebFldrs XP
WebReg
Windows Defender Signatures
Windows Genuine Advantage Notifications (KB905474)
Windows Imaging Component
Windows Internet Explorer 8
Windows Live ID Sign-in Assistant
Windows Media Format 11 runtime
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB908250
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
WIRELESS
Yahoo! Toolbar
Yontoo Layers Client 1.10.01
.
==== Event Viewer Messages From Past Week ========
.
11/22/2011 8:52:32 PM, error: Print [6161] - The document A guide and tutorial on using ComboFix owned by Liz failed to print on printer HP Photosmart 2570 series. Data type: NT EMF 1.008. Size of the spool file in bytes: 0. Number of bytes printed: 0. Total number of pages in the document: 0. Number of pages printed: 0. Client machine: \\YOUR-4DACD0EA75. Win32 error code returned by the print processor: 259 (0x103).
.
==== End Of File ===========================

• Please run OTL.exe again
  
• Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

• CAREFUL NOW! You must click the Run Fix button, NOT the Run Scan!
  
• If it asks to reboot the computer, please allow that.
  
• Finally, post the contents of the log. (Located at C:\_OTL\Moved Files)

====================

Please download SystemLook by jpshortstuff from one of the locations below and save it to your desktop.
Download Mirror #1
Download Mirror #2

• Double-click SystemLook.exe to run it.
  
• Copy the following text into the main textfield:

:filefind
wulmwgb.exe

• Click the Look button to start the scan.
  
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop (SystemLook.txt.)

========== FILES ==========
File\Folder c:\windows\system32\vpnemb.exe not found.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\"Userinit"|"C:\\WINDOWS\\system32\\userinit.exe," /E : value set successfully!
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.31.0 log created on 11292011_061756


SystemLook 30.07.11 by jpshortstuff
Log created at 06:23 on 29/11/2011 by Liz
Administrator - Elevation successful

========== filefind ==========

Searching for "wulmwgb.exe"
No files found.

-= EOF =-

if you restart now, do you get the original OTL scan to work?

OTL logfile created on: 11/30/2011 6:56:24 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Liz\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1015.30 Mb Total Physical Memory | 494.73 Mb Available Physical Memory | 48.73% Memory free
2.38 Gb Paging File | 2.04 Gb Available in Paging File | 85.40% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 224.43 Gb Total Space | 152.88 Gb Free Space | 68.12% Space Free | Partition Type: NTFS
Drive D: | 8.43 Gb Total Space | 0.42 Gb Free Space | 4.99% Space Free | Partition Type: FAT32

Computer Name: YOUR-4DACD0EA75 | User Name: Liz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/25 11:10:06 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Liz\Desktop\OTL.exe
PRC - [2011/09/06 13:45:30 | 003,722,416 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/09/06 13:45:28 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/08/11 15:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/07/05 08:04:34 | 000,217,256 | -H-- | M] (Visicom Media Inc. (Powered by Panda Security)) -- C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe
PRC - [2011/04/27 12:51:38 | 000,200,152 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing-tray.exe
PRC - [2008/04/13 16:12:19 | 001,033,728 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/03/09 10:09:58 | 000,063,712 | -H-- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
PRC - [2005/08/02 16:19:16 | 000,058,880 | -H-- | M] (Microsoft) -- C:\WINDOWS\arservice.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/30 00:16:37 | 001,643,008 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\11113000\algo.dll
MOD - [2011/11/29 07:40:55 | 000,241,528 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\11113000\aswRep.dll
MOD - [2011/04/27 12:51:38 | 000,200,152 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing-tray.exe
MOD - [2011/02/04 17:48:30 | 000,291,840 | -H-- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2010/02/05 10:27:45 | 001,291,776 | -H-- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2009/11/03 15:51:42 | 000,067,872 | -H-- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2008/04/13 16:11:59 | 000,014,336 | -H-- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 16:11:51 | 000,059,904 | -H-- | M] () -- C:\WINDOWS\system32\devenum.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/09/06 13:45:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/08/11 15:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/03/13 10:45:14 | 000,148,520 | -H-- | M] (McAfee, Inc.) [Unknown | Stopped] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)
SRV - [2005/08/02 16:19:16 | 000,058,880 | -H-- | M] (Microsoft) [Auto | Running] -- C:\WINDOWS\arservice.exe -- (ARSVC)
SRV - [2005/04/05 10:17:22 | 000,206,552 | -H-- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2005/03/30 15:46:56 | 000,411,920 | -H-- | M] (Eastman Kodak Company) [On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\KodakCCS.exe -- (KodakCCS)
SRV - [2004/09/29 11:14:36 | 000,069,632 | -H-- | M] (HP) [Boot | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2011/09/06 13:38:05 | 000,442,200 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/09/06 13:37:53 | 000,320,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/09/06 13:36:38 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/09/06 13:36:36 | 000,052,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/09/06 13:36:23 | 000,110,552 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/09/06 13:36:12 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/09/06 13:33:11 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/07/22 08:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 13:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/09/27 23:07:04 | 000,049,904 | RH-- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2006/01/31 13:35:34 | 000,123,248 | -H-- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2005/12/12 08:27:00 | 000,019,072 | -H-- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2005/12/06 03:20:50 | 000,241,664 | -H-- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2005/12/06 03:20:40 | 000,936,448 | -H-- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSX_DP.sys -- (HSX_DP)
DRV - [2005/10/20 08:01:56 | 001,095,009 | -H-- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/10/18 05:15:42 | 004,034,048 | -H-- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005/06/29 09:03:18 | 000,175,104 | -H-- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ftsata2.sys -- (ftsata2)
DRV - [2005/06/16 13:41:02 | 000,037,150 | -H-- | M] (Eastman Kodak Company) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\DcCam.sys -- (DcCam)
DRV - [2005/04/05 10:17:02 | 000,267,192 | -H-- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2005/04/05 10:17:00 | 000,017,976 | -H-- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2005/04/05 10:16:58 | 000,036,984 | -H-- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS -- (SYMIDS)
DRV - [2005/04/05 10:16:56 | 000,047,192 | -H-- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS -- (SYMNDIS)
DRV - [2005/04/05 10:16:54 | 000,173,208 | -H-- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMFW.SYS -- (SYMFW)
DRV - [2005/04/05 10:16:52 | 000,011,512 | -H-- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV - [2005/03/31 07:00:08 | 000,152,081 | -H-- | M] (Eastman Kodak Company) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ExportIt.sys -- (Exportit)
DRV - [2005/03/31 06:47:56 | 000,070,262 | -H-- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcPtp.sys -- (DcPTP)
DRV - [2005/03/31 06:47:50 | 000,008,022 | -H-- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcLps.sys -- (DcLps)
DRV - [2005/03/31 06:47:48 | 000,038,673 | -H-- | M] (Eastman Kodak Company) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\DCFS2k.sys -- (DCFS2K)
DRV - [2005/03/31 06:47:42 | 000,061,564 | -H-- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcFpoint.sys -- (DcFpoint)
DRV - [2005/01/07 17:07:16 | 000,145,920 | -H-- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2004/09/29 12:36:29 | 000,015,360 | RH-- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NetMotCM.sys -- (ndiscm)
DRV - [2004/08/03 06:31:34 | 000,020,992 | -H-- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/04/06 03:24:00 | 000,064,088 | -H-- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SCR33X2K.sys -- (SCR33X USB Smart Card Reader)
DRV - [2003/11/04 23:45:12 | 000,017,408 | -H-- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\bb-run.sys -- (bb-run)
DRV - [2002/11/07 03:04:00 | 000,181,875 | -H-- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SCR131C.sys -- (SCR131C)
DRV - [2002/03/12 05:50:50 | 000,899,884 | RH-- | M] (Xirlink, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ucdnt.sys -- (XIRLINK)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaultthis.engineName: "OurWorld.com Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "Bing"
FF - prefs.js..browser.search.order.1: "Bing"
FF - prefs.js..browser.search.order.2: ""
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=524517"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-msgr"
FF - prefs.js..browser.search.selectedEngine: "Search"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/?fr=fptb-msgr"
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.2.20080910
FF - prefs.js..extensions.enabledItems: 2pffxtbr@CouponAlert_2p.com:1.1
FF - prefs.js..extensions.enabledItems: toolbar@shopathome.com:6.0.3.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..keyword.URL: "http://www.wicso.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=ckC97PN8&q="

FF - user.js..browser.search.selectedEngine: "Search"
FF - user.js..keyword.URL: "http://www.wicso.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=ckC97PN8&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/npracplug;version=1.0.0.0: C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll (RealNetworks)
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Documents and Settings\Liz\Application Data\Mozilla\Firefox\Profiles\ba3m2qj2.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer: C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\Liz\Application Data\Facebook\npfbplugin_1_0_3.dll File not found
FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Documents and Settings\Liz\Local Settings\Application Data\RobloxVersions\version-f23119393382428e\\NPRobloxProxy.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\Documents and Settings\All Users\Application Data\Mozilla\Firefox Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2007/12/20 18:45:42 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/11/25 17:05:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/13 19:10:37 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/08 18:43:59 | 000,000,000 | -H-D | M]

[2011/01/17 16:57:35 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Liz\Application Data\Mozilla\Extensions
[2011/01/17 16:57:35 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Liz\Application Data\Mozilla\Extensions\IMVUClientXUL@imvu.com
[2011/11/21 19:41:12 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Liz\Application Data\Mozilla\Firefox\Profiles\ba3m2qj2.default\extensions
[2010/06/03 12:01:19 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Liz\Application Data\Mozilla\Firefox\Profiles\ba3m2qj2.default\extensions\{00b58d20-c62a-4aea-8eb0-7c92a87b9c4b}
[2011/06/17 13:26:45 | 000,000,000 | -H-D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Liz\Application Data\Mozilla\Firefox\Profiles\ba3m2qj2.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/06/16 19:04:02 | 000,000,000 | -H-D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Liz\Application Data\Mozilla\Firefox\Profiles\ba3m2qj2.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/11/19 16:55:40 | 000,000,000 | -H-D | M] (CouponAlert) -- C:\Documents and Settings\Liz\Application Data\Mozilla\Firefox\Profiles\ba3m2qj2.default\extensions\2pffxtbr@CouponAlert_2p.com
[2011/11/05 13:10:39 | 000,000,000 | -H-D | M] (ShopAtHome.com Toolbar) -- C:\Documents and Settings\Liz\Application Data\Mozilla\Firefox\Profiles\ba3m2qj2.default\extensions\toolbar@shopathome.com
[2011/07/03 14:53:11 | 000,002,574 | -H-- | M] () -- C:\Documents and Settings\Liz\Application Data\Mozilla\Firefox\Profiles\ba3m2qj2.default\searchplugins\askcom.xml
[2011/09/16 14:47:03 | 000,001,945 | -H-- | M] () -- C:\Documents and Settings\Liz\Application Data\Mozilla\Firefox\Profiles\ba3m2qj2.default\searchplugins\bing-zugo.xml
[2010/02/15 10:54:09 | 000,002,186 | -H-- | M] () -- C:\Documents and Settings\Liz\Application Data\Mozilla\Firefox\Profiles\ba3m2qj2.default\searchplugins\bing.xml
[2011/05/18 15:24:52 | 000,000,927 | -H-- | M] () -- C:\Documents and Settings\Liz\Application Data\Mozilla\Firefox\Profiles\ba3m2qj2.default\searchplugins\conduit.xml
[2011/03/04 17:09:52 | 000,002,197 | -H-- | M] () -- C:\Documents and Settings\Liz\Application Data\Mozilla\Firefox\Profiles\ba3m2qj2.default\searchplugins\google-search.xml
[2010/06/12 10:24:49 | 000,009,985 | -H-- | M] () -- C:\Documents and Settings\Liz\Application Data\Mozilla\Firefox\Profiles\ba3m2qj2.default\searchplugins\mywebsearch.xml
[2011/11/21 19:41:12 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2008/04/17 16:15:13 | 000,000,000 | -H-D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/11/05 12:53:51 | 000,000,000 | -H-D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/11/05 12:53:31 | 000,000,000 | -H-D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2009/09/04 02:00:29 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/11/07 15:58:44 | 000,466,944 | -H-- | M] (Catalina Marketing Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol400.dll
[2011/03/18 10:32:12 | 000,091,552 | -H-- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/11/05 12:53:31 | 000,472,808 | -H-- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/03/18 10:32:14 | 000,091,552 | -H-- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2011/03/04 17:09:52 | 000,002,197 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google-search.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.230.5 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U23 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPcol400.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
CHR - plugin: Roblox Launcher Plugin (Enabled) = C:\Documents and Settings\Liz\Local Settings\Application Data\RobloxVersions\version-f23119393382428e\\NPRobloxProxy.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: RealArcade Mozilla Plugin (Enabled) = C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
CHR - plugin: Unity Player (Enabled) = C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: avast! WebRep = C:\Documents and Settings\Liz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1289_0\

O1 HOSTS File: ([2004/08/09 20:00:00 | 000,000,734 | -H-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Reg Error: Value error.) - {82DDB4F8-716F-72C8-4101-28F07BBE3DE5} - C:\WINDOWS\system32\get.dll File not found
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Client\YontooIEClient.dll (Yontoo Technology, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Anti-phishing Domain Advisor] C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe (Visicom Media Inc. (Powered by Panda Security))
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [vhrvmy] C:\WINDOWS\system32\vpnemb.exe reg_run File not found
O4 - HKCU..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe" File not found
O4 - HKCU..\Run: [reywn] C:\WINDOWS\system32\vpnemb.exe reg_run File not found
O4 - HKCU..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1 File not found
O4 - Startup: C:\Documents and Settings\Liz\Start Menu\Programs\Startup\IMVU.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Liz\Start Menu\Programs\IMVU\Run IMVU.lnk ()
O9 - Extra Button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: internet ([]about in Local intranet)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} http://www.worldwinner.com/games/v47/scrabblecubes/scrabblecubes.cab (ScrabbleCubes Control)
O16 - DPF: {038E2507-7A48-41E2-94AD-7F23D199AF4E} http://www.worldwinner.com/games/v54/zengems/zengems.cab (ZenGems Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} http://gsn.worldwinner.com/games/v47/shared/FunGamesLoader.cab (FunGamesLoader Object)
O16 - DPF: {1D082E71-DF20-4AAF-863B-596428C49874} http://www.worldwinner.com/games/v50/tpir/tpir.cab (TPIR Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {2C153C75-8476-434B-B3C3-57B63A3D1939} http://www.worldwinner.com/games/v48/brickout/brickout.cab (Brickout Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} http://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab (Disney Online Games ActiveX Control)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photos.walmart.com/WalmartActivia.cab (Snapfish Activia)
O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} http://www.worldwinner.com/games/v63/bjattack/bja.cab (BJA Control)
O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} http://www.worldwinner.com/games/v46/bejeweled/bejeweled.cab (Bejeweled Control)
O16 - DPF: {61900274-3323-4446-BDCD-91548D32AF1B} http://www.worldwinner.com/games/v56/spidersolitaire/spidersolitaire.cab (SpiderSolitaire Control)
O16 - DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} http://www.worldwinner.com/games/v41/freecell/freecell.cab (FreeCell Control)
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} http://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab (Reg Error: Key error.)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinner.com/games/shared/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} http://www.worldwinner.com/games/v46/wordmojo/wordmojo.cab (WordMojo Control)
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} http://www.worldwinner.com/games/v57/wof/wof.cab (WoF Control)
O16 - DPF: {A91FB93D-7561-4524-8484-5C27C8FA8D42} http://www.worldwinner.com/games/v49/luxor/luxor.cab (WwLuxor Control)
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} http://www.worldwinner.com/games/v67/swapit/swapit.cab (SwapIt Control)
O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} http://www.worldwinner.com/games/v41/hangman/hangman.cab (Hangman Control)
O16 - DPF: {BA94245D-2AA0-4953-9D9F-B0EE4CC02C43} http://www.worldwinner.com/games/v42/tilecity/tilecity.cab (Tilecity Control)
O16 - DPF: {C5326A4D-E9AA-40AD-A09A-E74304D86B47} http://www.worldwinner.com/games/v50/dinerdash/dinerdash.cab (DinerDash Control)
O16 - DPF: {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} http://www.worldwinner.com/games/v43/paint/paint.cab (Paint Control)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Java Plug-in 1.5.0_05)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} http://www.worldwinner.com/games/v47/familyfeud/familyfeud.cab (FamilyFeud Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.popcap.com/games/popcaploader_v6.cab (PopCapLoader Object)
O16 - DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} http://www.worldwinner.com/games/v53/wwspades/wwspades.cab (WWSpades Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{892900FC-9814-4488-99C0-81491C1EE93D}: DhcpNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8EE6A457-418A-46FE-A437-0CD9467D2767}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\avgrsstarter: DllName - (avgrsstx.dll) - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Liz\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Liz\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O29 - HKLM SecurityProviders - (IdbuwjiLmodq.dll) -C:\WINDOWS\System32\IdbuwjiLmodq.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/28 02:36:48 | 000,000,100 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 15:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 07:01:14 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{0649ecb4-d30e-11db-8529-0017310f5abf}\Shell - "" = AutoRun
O33 - MountPoints2\{0649ecb4-d30e-11db-8529-0017310f5abf}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0649ecb4-d30e-11db-8529-0017310f5abf}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RIuOM.EXe
O33 - MountPoints2\{2a36188f-1fa1-11dc-8533-0017310f5abf}\Shell\Auto\command - "" = J:\RavMonE.exe e
O33 - MountPoints2\{2a36188f-1fa1-11dc-8533-0017310f5abf}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2a36188f-1fa1-11dc-8533-0017310f5abf}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMonE.exe e
O33 - MountPoints2\{adb3ba60-e0c7-11dd-85a1-0014e8e025c7}\Shell - "" = AutoRun
O33 - MountPoints2\{adb3ba60-e0c7-11dd-85a1-0014e8e025c7}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{adb3ba60-e0c7-11dd-85a1-0014e8e025c7}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O33 - MountPoints2\{c3e5a746-f182-11de-85f5-0017310f5abf}\Shell - "" = AutoRun
O33 - MountPoints2\{c3e5a746-f182-11de-85f5-0017310f5abf}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c3e5a746-f182-11de-85f5-0017310f5abf}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL qaouGo.EXE
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\D\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (stera)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk - - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Forget Me Not.lnk - C:\Program Files\Broderbund\AG Scrapbooks\AGremind.exe - (Broderbund Properties LLC)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe - ()
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe - ()
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^owafs.exe - - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates From HP.lnk - C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe - (Hewlett-Packard)
MsConfig - StartUpReg: AlwaysReady Power Message APP - hkey= - key= - C:\WINDOWS\arpwrmsg.exe (Microsoft)
MsConfig - StartUpReg: Crwf - hkey= - key= - File not found
MsConfig - StartUpReg: ctfmon.exe - hkey= - key= - File not found
MsConfig - StartUpReg: DISCover - hkey= - key= - File not found
MsConfig - StartUpReg: DiscUpdateManager - hkey= - key= - File not found
MsConfig - StartUpReg: DMAScheduler - hkey= - key= - c:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe (Sonic Solutions)
MsConfig - StartUpReg: DropSpam Lifestyle - hkey= - key= - File not found
MsConfig - StartUpReg: DXM6Patch_981116 - hkey= - key= - C:\WINDOWS\p_981116.exe (Microsoft Corporation)
MsConfig - StartUpReg: ehTray - hkey= - key= - C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
MsConfig - StartUpReg: High Definition Audio Property Page Shortcut - hkey= - key= - File not found
MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.)
MsConfig - StartUpReg: HPBootOp - hkey= - key= - C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
MsConfig - StartUpReg: igfxhkcmd - hkey= - key= - File not found
MsConfig - StartUpReg: igfxpers - hkey= - key= - File not found
MsConfig - StartUpReg: iiqm - hkey= - key= - File not found
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
MsConfig - StartUpReg: My Web Search Bar - hkey= - key= - File not found
MsConfig - StartUpReg: MyWebSearch Email Plugin - hkey= - key= - File not found
MsConfig - StartUpReg: oe_drop_spam - hkey= - key= - File not found
MsConfig - StartUpReg: PCDrProfiler - hkey= - key= - File not found
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
MsConfig - StartUpReg: Recguard - hkey= - key= - C:\WINDOWS\SMINST\Recguard.exe ()
MsConfig - StartUpReg: Reminder - hkey= - key= - C:\Windows\Creator\Remind_XP.exe (SoftThinks)
MsConfig - StartUpReg: reywn - hkey= - key= - File not found
MsConfig - StartUpReg: Scbu - hkey= - key= - File not found
MsConfig - StartUpReg: SoundMan - hkey= - key= - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: Symantec NetDriver Monitor - hkey= - key= - C:\Program Files\SymNetDrv\SNDMon.exe (Symantec Corporation)
MsConfig - StartUpReg: TkBellExe - hkey= - key= - File not found
MsConfig - StartUpReg: vhrvmy - hkey= - key= - File not found
MsConfig - StartUpReg: webHancer Agent - hkey= - key= - File not found
MsConfig - StartUpReg: webHancer Survey Companion - hkey= - key= - File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

SafeBootMin: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: MCODS - Reg Error: Value error.
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: MCODS - Reg Error: Value error.
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PEVSystemStart - Service
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: procexp90.Sys - Driver
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 9.0
ActiveX: {1BC46932-21B2-4130-86E0-B4EB4F7A7A7B} - Microsoft .NET Framework 1.0 Hotfix (KB887998)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0.3
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {29E7D24F-BF30-45E7-8A40-AD27AFD8F5C6} - Microsoft .NET Framework 1.0 Hotfix (KB979904)
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0.3
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {407408d4-94ed-4d86-ab69-a7f649d112ee} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA851-CC51-11CF-AAFA-00AA00B6015C} - rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\wpie4x86.inf,PerUserStub
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {BDE0FA43-6952-4BA8-8C58-09AF690F88E1} - Microsoft .NET Framework 1.0 Hotfix (KB930494)
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Flash Player 8
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E8EA5BD6-D931-4001-ABF6-81BAA500360A} - Microsoft .NET Framework 1.0 Hotfix (KB953295)
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EA29D410-CE41-4953-A862-2DE706A1DAD7} - Microsoft .NET Framework 1.0 Service Pack 3
ActiveX: {FDC11A6F-17D1-48f9-9EA3-9051954BAA24} - .NET Framework
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: KB910393 - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\EasyCDBlock.inf,PerUserInstall

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.JDCT - jl_jdct.drv File not found
Drivers32: vidc.LEAD - C:\WINDOWS\System32\LCodcCMP.dll (LEAD Technologies, Inc.)
Drivers32: VIDC.XJPG - C:\WINDOWS\System32\CamFC.dll (Xirlink)
Drivers32: VIDC.YV12 - C:\WINDOWS\System32\xl_yv12.dll (Xirlink, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/11/29 06:17:56 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/11/25 17:06:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
[2011/11/25 17:05:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2011/11/25 17:05:52 | 000,320,856 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/11/25 17:05:52 | 000,020,568 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/11/25 17:05:50 | 000,052,568 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/11/25 17:05:50 | 000,034,392 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/11/25 17:05:49 | 000,442,200 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/11/25 17:05:48 | 000,110,552 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/11/25 17:05:48 | 000,104,536 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/11/25 17:05:48 | 000,030,808 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/11/25 17:05:25 | 000,199,304 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/11/25 17:05:25 | 000,041,184 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/11/25 17:05:08 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/11/25 17:05:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/11/25 11:10:06 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Liz\Desktop\OTL.exe
[2011/11/22 21:11:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/11/22 21:11:00 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/11/22 21:01:34 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/22 21:01:28 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Liz\Start Menu\Programs\Administrative Tools
[2011/11/20 13:05:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Liz\Application Data\Malwarebytes
[2011/11/20 12:12:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/20 12:12:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/11/20 12:12:21 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/11/20 12:12:20 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/11/20 10:01:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/11/20 10:01:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/11/20 10:01:51 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/11/20 09:56:22 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2011/11/19 21:03:11 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Liz\Recent
[2011/11/19 17:05:44 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Liz\Start Menu\Programs\System Fix
[2011/11/18 21:28:51 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Local Settings
[2011/11/18 19:59:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Liz\Desktop\TMS
[2011/11/07 15:58:44 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Liz\Application Data\Catalina Marketing Corp
[2011/11/07 15:58:42 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Liz\Start Menu\Programs\Catalina Marketing Corp
[2011/11/05 12:54:05 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2011/11/05 12:53:49 | 000,472,808 | -H-- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/11/05 12:53:49 | 000,157,472 | -H-- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/11/05 12:53:49 | 000,145,184 | -H-- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/11/05 12:53:49 | 000,145,184 | -H-- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/11/05 12:53:49 | 000,073,728 | -H-- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2007/02/03 22:33:00 | 000,774,144 | -H-- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll
[42 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/30 15:00:25 | 000,000,886 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/30 10:27:15 | 000,000,882 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/30 08:59:09 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{D9FE9395-3A27-43D4-9673-54E7E4E77818}.job
[2011/11/30 06:54:33 | 000,001,158 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/30 06:52:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/25 17:51:05 | 000,001,802 | ---- | M] () -- C:\Documents and Settings\Liz\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/11/25 17:06:51 | 000,001,824 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2011/11/25 17:05:53 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/11/25 17:03:42 | 061,657,064 | ---- | M] () -- C:\Documents and Settings\Liz\Desktop\setup_av_free_cnet.exe
[2011/11/25 11:10:06 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Liz\Desktop\OTL.exe
[2011/11/23 23:38:01 | 000,000,284 | -H-- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/11/20 12:12:27 | 000,000,795 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/20 10:01:54 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/11/19 20:59:54 | 008,509,440 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2011/11/19 20:59:53 | 006,301,696 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2011/11/19 20:39:58 | 000,000,022 | -H-- | M] () -- C:\WINDOWS\kodakpcd.HP_Administrator.ini
[2011/11/19 17:08:47 | 000,446,812 | -H-- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/19 17:08:47 | 000,073,574 | -H-- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/11/19 17:08:18 | 000,000,448 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\epSmiWdo1fgPAc
[2011/11/19 17:05:45 | 000,000,288 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~epSmiWdo1fgPAc
[2011/11/19 17:05:45 | 000,000,216 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~epSmiWdo1fgPAcr
[2011/11/19 16:55:26 | 000,864,800 | -H-- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/11/19 00:39:38 | 000,013,824 | -H-- | M] () -- C:\WINDOWS\System32\IdbuwjiLmodq.dll
[2011/11/18 19:59:40 | 000,017,408 | -H-- | M] () -- C:\Documents and Settings\Liz\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/09 23:57:41 | 000,010,504 | -H-- | M] () -- C:\Documents and Settings\Liz\Application Data\wklnhst.dat
[2011/11/09 23:57:35 | 000,022,016 | ---- | M] () -- C:\Documents and Settings\Liz\My Documents\MID TERM ESSAY.wps
[2011/11/05 20:34:24 | 000,546,000 | ---- | M] () -- C:\Documents and Settings\Liz\My Documents\SSPX9999.jpg
[2011/11/05 12:53:30 | 000,472,808 | -H-- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/11/05 12:53:30 | 000,157,472 | -H-- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/11/05 12:53:30 | 000,145,184 | -H-- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/11/05 12:53:30 | 000,145,184 | -H-- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/11/05 12:53:30 | 000,073,728 | -H-- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/11/04 14:37:46 | 000,016,896 | ---- | M] () -- C:\Documents and Settings\Liz\My Documents\Exxon.wps
[2011/11/04 12:32:59 | 000,016,384 | ---- | M] () -- C:\Documents and Settings\Liz\My Documents\Rules.wps
[42 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/25 17:06:51 | 000,001,824 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2011/11/25 17:06:51 | 000,001,802 | ---- | C] () -- C:\Documents and Settings\Liz\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/11/25 17:05:53 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/11/25 17:03:11 | 061,657,064 | ---- | C] () -- C:\Documents and Settings\Liz\Desktop\setup_av_free_cnet.exe
[2011/11/20 12:12:27 | 000,000,795 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/20 10:01:54 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/11/19 20:39:58 | 000,000,022 | -H-- | C] () -- C:\WINDOWS\kodakpcd.HP_Administrator.ini
[2011/11/19 17:05:45 | 000,000,288 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~epSmiWdo1fgPAc
[2011/11/19 17:05:45 | 000,000,216 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~epSmiWdo1fgPAcr
[2011/11/19 17:05:36 | 000,000,448 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\epSmiWdo1fgPAc
[2011/11/19 00:39:38 | 000,013,824 | -H-- | C] () -- C:\WINDOWS\System32\IdbuwjiLmodq.dll
[2011/11/09 14:32:28 | 000,022,016 | ---- | C] () -- C:\Documents and Settings\Liz\My Documents\MID TERM ESSAY.wps
[2011/11/07 19:35:20 | 000,546,000 | ---- | C] () -- C:\Documents and Settings\Liz\My Documents\SSPX9999.jpg
[2011/11/07 19:26:22 | 002,215,914 | ---- | C] () -- C:\Documents and Settings\Liz\My Documents\100_0061.JPG
[2011/11/04 12:49:29 | 000,016,896 | ---- | C] () -- C:\Documents and Settings\Liz\My Documents\Exxon.wps
[2011/11/04 12:32:59 | 000,016,384 | ---- | C] () -- C:\Documents and Settings\Liz\My Documents\Rules.wps
[2011/08/01 17:32:32 | 000,001,129 | -H-- | C] () -- C:\WINDOWS\HBCIKRNL.INI
[2011/06/28 19:40:04 | 000,000,022 | -H-- | C] () -- C:\WINDOWS\kodakpcd.Liz.ini
[2011/06/10 13:18:14 | 000,012,378 | -HS- | C] () -- C:\Documents and Settings\Liz\Local Settings\Application Data\q4ta1hu2fuke6yb3bssy4t2ab
[2011/06/10 13:18:14 | 000,012,378 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\q4ta1hu2fuke6yb3bssy4t2ab
[2010/10/18 08:14:17 | 000,032,608 | -H-- | C] () -- C:\WINDOWS\king-uninstall.exe
[2010/06/19 07:02:50 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\MSDraw.ini
[2010/01/06 12:38:34 | 000,153,880 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/07/05 09:50:40 | 000,000,256 | -H-- | C] () -- C:\WINDOWS\System32\pool.bin
[2008/12/20 20:26:38 | 000,870,128 | -H-- | C] () -- C:\Documents and Settings\Liz\Application Data\mcs.rma
[2008/12/20 20:26:38 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\Liz\Application Data\DF54DB
[2008/11/15 20:03:06 | 000,001,222 | -H-- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/04/08 12:18:25 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\PTWebCam.INI
[2008/02/26 23:19:03 | 000,000,000 | -H-- | C] () -- C:\Program Files\temp01
[2007/12/20 18:45:57 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\nsreg.dat
[2007/11/29 19:14:32 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\Game.INI
[2007/08/12 17:40:20 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\popcreg.dat
[2007/07/04 18:20:44 | 000,000,112 | -H-- | C] () -- C:\WINDOWS\popcinfot.dat
[2007/06/14 02:01:32 | 000,000,127 | -H-- | C] () -- C:\WINDOWS\System32\MRT.INI
[2006/12/22 22:49:21 | 000,002,180 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/11/19 12:09:06 | 000,010,504 | -H-- | C] () -- C:\Documents and Settings\Liz\Application Data\wklnhst.dat
[2006/10/05 16:52:40 | 000,000,042 | -H-- | C] () -- C:\WINDOWS\VistaEmail.ini
[2006/09/23 21:27:29 | 000,017,408 | -H-- | C] () -- C:\Documents and Settings\Liz\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/09/23 20:37:56 | 000,000,126 | -H-- | C] () -- C:\Documents and Settings\Liz\Local Settings\Application Data\fusioncache.dat
[2006/09/21 00:02:07 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\invupd.exe
[2006/09/20 22:08:32 | 000,000,419 | -H-- | C] () -- C:\WINDOWS\ukuld.dll
[2006/09/20 22:08:32 | 000,000,053 | -H-- | C] () -- C:\WINDOWS\qoowle.dat
[2006/09/20 22:02:05 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\invupdate.exe
[2006/09/19 17:04:50 | 000,000,227 | -H-- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2006/09/19 17:04:37 | 000,000,214 | -H-- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2006/09/19 17:02:19 | 000,204,800 | -H-- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/09/19 17:02:19 | 000,200,704 | -H-- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/09/19 17:02:19 | 000,192,512 | -H-- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/09/19 17:02:19 | 000,192,512 | -H-- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/09/19 17:02:19 | 000,188,416 | -H-- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/09/19 17:02:19 | 000,020,480 | -H-- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006/09/19 16:56:49 | 000,000,206 | -H-- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/09/14 13:57:25 | 000,004,096 | -H-- | C] () -- C:\WINDOWS\d3dx.dat
[2006/09/07 15:05:04 | 000,010,240 | -H-- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2006/08/15 11:10:32 | 000,000,221 | -H-- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2006/07/30 18:05:11 | 000,000,316 | -H-- | C] () -- C:\WINDOWS\bbbconfig.dat
[2006/07/21 21:17:53 | 000,000,029 | -H-- | C] () -- C:\WINDOWS\TLCAPPS.INI
[2006/07/21 21:12:32 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\SETUP32.INI
[2006/06/17 14:20:22 | 000,000,199 | -H-- | C] () -- C:\WINDOWS\popcinfo.dat
[2006/06/11 17:48:46 | 000,077,824 | RH-- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2006/06/11 17:48:09 | 000,087,989 | -H-- | C] () -- C:\WINDOWS\hpoins06.dat.temp
[2006/06/11 17:48:09 | 000,005,389 | -H-- | C] () -- C:\WINDOWS\hpomdl06.dat.temp
[2006/06/11 17:21:59 | 000,000,037 | -H-- | C] () -- C:\WINDOWS\Acroread.ini
[2006/03/28 03:10:28 | 000,000,061 | -H-- | C] () -- C:\WINDOWS\smscfg.ini
[2006/03/28 02:45:17 | 000,028,848 | -H-- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2006/03/28 02:40:42 | 000,118,842 | RH-- | C] () -- C:\WINDOWS\HPCPCUninstaller-6.3.2.116-9972322.exe
[2006/03/28 02:39:54 | 000,014,316 | -H-- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2006/03/28 02:39:47 | 000,045,056 | -H-- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2006/03/28 02:37:23 | 000,000,031 | -H-- | C] () -- C:\WINDOWS\Quicken.ini
[2006/03/28 02:34:22 | 000,000,376 | -H-- | C] () -- C:\WINDOWS\ODBC.INI
[2006/03/28 02:23:03 | 000,000,108 | -H-- | C] () -- C:\WINDOWS\WININIT.INI
[2006/03/28 02:21:31 | 000,045,929 | -H-- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.EXE
[2006/03/28 02:21:31 | 000,000,698 | -H-- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/03/28 02:16:01 | 000,080,417 | -H-- | C] () -- C:\WINDOWS\HPHins08.dat
[2006/03/28 02:16:01 | 000,004,011 | -H-- | C] () -- C:\WINDOWS\hphmdl08.dat
[2006/03/28 02:14:57 | 000,072,881 | -H-- | C] () -- C:\WINDOWS\hpiins01.dat
[2006/03/28 02:14:57 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\hpimdl01.dat
[2006/03/28 02:10:34 | 000,087,276 | -H-- | C] () -- C:\WINDOWS\hpqins69.dat
[2006/03/28 02:08:47 | 000,112,873 | -H-- | C] () -- C:\WINDOWS\hpoins07.dat
[2006/03/28 02:08:47 | 000,021,124 | -H-- | C] () -- C:\WINDOWS\hpomdl07.dat
[2006/03/28 02:05:23 | 000,087,974 | -H-- | C] () -- C:\WINDOWS\hpoins06.dat
[2006/03/28 02:05:23 | 000,005,389 | -H-- | C] () -- C:\WINDOWS\hpomdl06.dat
[2006/03/28 02:04:14 | 000,001,793 | -H-- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/03/28 01:59:55 | 000,000,791 | -H-- | C] () -- C:\WINDOWS\orun32.ini
[2006/03/28 01:36:10 | 000,016,896 | -H-- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2005/12/09 06:03:52 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/30 13:17:40 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/08/30 13:07:46 | 000,446,812 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/08/30 13:07:46 | 000,073,574 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/08/30 13:05:30 | 000,864,800 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/08/30 13:01:42 | 000,004,161 | -H-- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/30 12:58:02 | 000,021,640 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/08/05 14:01:54 | 000,239,104 | -H-- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/02 16:19:16 | 000,050,176 | -H-- | C] () -- C:\WINDOWS\armcex.dll
[2004/08/09 20:00:00 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/09 13:00:00 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/09 13:00:00 | 000,272,128 | -H-- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/09 13:00:00 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/09 13:00:00 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/09 13:00:00 | 000,028,626 | -H-- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/09 13:00:00 | 000,001,804 | -H-- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/09 13:00:00 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/07/25 23:51:38 | 000,000,560 | -H-- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2001/08/23 00:12:28 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 00:11:02 | 000,004,490 | -H-- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/07/06 15:30:00 | 000,003,399 | -H-- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2000/09/08 16:53:50 | 000,073,839 | -H-- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll

========== Custom Scans ==========


< %APPDATA%\Microsoft\*.* >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %USERPROFILE%\Desktop\*.exe >
[2011/11/25 11:10:06 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Liz\Desktop\OTL.exe
[2011/11/25 17:03:42 | 061,657,064 | ---- | M] () -- C:\Documents and Settings\Liz\Desktop\setup_av_free_cnet.exe

< %PROGRAMFILES%\Common Files\*.* >
[2006/11/24 17:52:28 | 000,000,000 | -H-- | M] () -- C:\Program Files\Common Files\err.log

< %systemroot%\winn32\*.* >

< %USERPROFILE%\My Documents\*.exe >
[2007/08/02 17:22:20 | 015,505,200 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Liz\My Documents\IE7-WindowsXP-x86-enu.exe
[2006/10/15 15:28:06 | 036,656,704 | ---- | M] (Apple Computer, Inc.) -- C:\Documents and Settings\Liz\My Documents\iTunesSetup.exe

< %USERPROFILE%\*.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >
[2011/11/08 18:43:57 | 000,110,040 | -H-- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\crashreporter.exe
[2011/11/08 18:43:57 | 000,912,856 | -H-- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2011/11/08 18:43:57 | 000,016,856 | -H-- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
[2011/11/08 18:43:58 | 000,247,768 | -H-- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\updater.exe

< %ProgramFiles%\TinyProxy. >

< %systemroot%\system32\*.* /lockedfiles >
[42 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.* /lockedfiles >

< %PROGRAMFILES%\*. >
[2006/07/23 12:13:56 | 000,000,000 | -H-D | M] -- C:\Program Files\Activision Value
[2011/07/10 10:05:04 | 000,000,000 | -H-D | M] -- C:\Program Files\Adobe
[2006/08/12 15:56:30 | 000,000,000 | -H-D | M] -- C:\Program Files\Alphaqueue
[2006/12/17 22:32:22 | 000,000,000 | -H-D | M] -- C:\Program Files\AntiVerminsPro
[2011/07/05 21:03:52 | 000,000,000 | -H-D | M] -- C:\Program Files\Apple Software Update
[2011/11/25 17:05:08 | 000,000,000 | ---D | M] -- C:\Program Files\AVAST Software
[2011/07/03 18:43:48 | 000,000,000 | -H-D | M] -- C:\Program Files\AVS4YOU
[2006/07/21 21:01:53 | 000,000,000 | -H-D | M] -- C:\Program Files\Broderbund
[2011/09/17 09:07:18 | 000,000,000 | -H-D | M] -- C:\Program Files\Common Files
[2005/11/11 07:56:40 | 000,000,000 | -H-D | M] -- C:\Program Files\ComPlus Applications
[2006/03/28 02:02:11 | 000,000,000 | -H-D | M] -- C:\Program Files\CONEXANT
[2011/05/03 12:19:44 | 000,000,000 | -H-D | M] -- C:\Program Files\CouponAlert_2pEI
[2011/05/02 13:24:24 | 000,000,000 | -H-D | M] -- C:\Program Files\Coupons
[2010/12/28 00:27:39 | 000,000,000 | -H-D | M] -- C:\Program Files\CyberLink
[2008/04/20 11:53:25 | 000,000,000 | -H-D | M] -- C:\Program Files\Disney
[2006/07/21 21:23:22 | 000,000,000 | -H-D | M] -- C:\Program Files\DK Interactive Learning
[2009/07/15 02:02:56 | 000,000,000 | -H-D | M] -- C:\Program Files\driver
[2009/07/27 21:46:30 | 000,000,000 | -H-D | M] -- C:\Program Files\Free Offers from Freeze.com
[2010/06/03 12:01:01 | 000,000,000 | -H-D | M] -- C:\Program Files\FreshGames
[2008/06/09 10:30:33 | 000,000,000 | -H-D | M] -- C:\Program Files\GameHouse
[2007/12/18 19:16:31 | 000,000,000 | -H-D | M] -- C:\Program Files\Games
[2011/11/25 17:06:38 | 000,000,000 | -H-D | M] -- C:\Program Files\Google
[2009/06/28 10:00:14 | 000,000,000 | -H-D | M] -- C:\Program Files\Groove Games
[2006/03/28 03:03:43 | 000,000,000 | -H-D | M] -- C:\Program Files\Hewlett-Packard
[2006/03/28 02:29:05 | 000,000,000 | -H-D | M] -- C:\Program Files\HP
[2008/12/10 16:51:58 | 000,000,000 | -H-D | M] -- C:\Program Files\HP Games
[2006/09/20 22:03:06 | 000,000,000 | -H-D | M] -- C:\Program Files\Icon Drop
[2011/07/03 20:06:46 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2006/12/17 22:19:19 | 000,000,000 | -H-D | M] -- C:\Program Files\IntelliMoverDemo
[2011/04/13 02:11:51 | 000,000,000 | -H-D | M] -- C:\Program Files\Internet Explorer
[2006/09/19 17:02:10 | 000,000,000 | -H-D | M] -- C:\Program Files\InterVideo
[2011/07/04 10:40:40 | 000,000,000 | -H-D | M] -- C:\Program Files\iPod
[2011/07/04 10:41:37 | 000,000,000 | -H-D | M] -- C:\Program Files\iTunes
[2008/09/30 19:24:10 | 000,000,000 | -H-D | M] -- C:\Program Files\iWin.com
[2011/11/05 12:53:26 | 000,000,000 | -H-D | M] -- C:\Program Files\Java
[2009/06/28 09:43:57 | 000,000,000 | -H-D | M] -- C:\Program Files\Kids Cam Show and Share Creativity Center
[2006/09/22 14:10:45 | 000,000,000 | -H-D | M] -- C:\Program Files\Kodak
[2008/05/20 09:02:26 | 000,000,000 | -H-D | M] -- C:\Program Files\LEGO Software
[2007/10/03 10:48:40 | 000,000,000 | -H-D | M] -- C:\Program Files\LimeWire
[2009/07/16 17:55:53 | 000,000,000 | -H-D | M] -- C:\Program Files\Lost Fortunes
[2007/02/03 18:16:48 | 000,000,000 | -H-D | M] -- C:\Program Files\Luxor
[2011/11/20 12:12:28 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2006/11/25 11:13:30 | 000,000,000 | -H-D | M] -- C:\Program Files\MalwareWiper
[2006/09/07 15:04:33 | 000,000,000 | -H-D | M] -- C:\Program Files\Mattel Media
[2010/11/13 22:41:25 | 000,000,000 | -H-D | M] -- C:\Program Files\Media Widget
[2009/06/28 10:19:22 | 000,000,000 | -H-D | M] -- C:\Program Files\Messenger
[2010/11/13 22:49:17 | 000,000,000 | -H-D | M] -- C:\Program Files\Microsoft
[2009/06/29 02:05:26 | 000,000,000 | -H-D | M] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2005/11/14 10:06:48 | 000,000,000 | -H-D | M] -- C:\Program Files\microsoft frontpage
[2007/08/03 16:22:13 | 000,000,000 | -H-D | M] -- C:\Program Files\Microsoft Money
[2011/07/28 20:58:36 | 000,000,000 | -H-D | M] -- C:\Program Files\Microsoft Office
[2006/03/28 02:33:17 | 000,000,000 | -H-D | M] -- C:\Program Files\Microsoft Visual Studio
[2011/07/28 20:53:55 | 000,000,000 | -H-D | M] -- C:\Program Files\Microsoft Visual Studio 8
[2011/07/28 20:59:08 | 000,000,000 | -H-D | M] -- C:\Program Files\Microsoft Works
[2011/07/28 20:57:28 | 000,000,000 | -H-D | M] -- C:\Program Files\Microsoft.NET
[2010/08/13 02:02:00 | 000,000,000 | -H-D | M] -- C:\Program Files\Movie Maker
[2011/11/17 21:59:28 | 000,000,000 | -H-D | M] -- C:\Program Files\Mozilla Firefox
[2011/07/28 20:58:53 | 000,000,000 | -H-D | M] -- C:\Program Files\MSBuild
[2010/05/16 08:52:40 | 000,000,000 | -H-D | M] -- C:\Program Files\MSN
[2006/03/28 02:19:53 | 000,000,000 | -H-D | M] -- C:\Program Files\MSN Encarta Standard
[2005/11/14 10:07:16 | 000,000,000 | -H-D | M] -- C:\Program Files\MSN Gaming Zone
[2006/11/16 03:00:51 | 000,000,000 | -H-D | M] -- C:\Program Files\MSXML 4.0
[2007/08/15 02:02:15 | 000,000,000 | -H-D | M] -- C:\Program Files\MSXML 6.0
[2006/03/28 02:21:05 | 000,000,000 | -H-D | M] -- C:\Program Files\music_now
[2010/05/16 08:53:13 | 000,000,000 | -H-D | M] -- C:\Program Files\muvee Technologies
[2009/05/19 15:38:29 | 000,000,000 | -H-D | M] -- C:\Program Files\MySpace
[2009/06/28 10:08:39 | 000,000,000 | -H-D | M] -- C:\Program Files\NetMeeting
[2006/03/28 02:21:19 | 000,000,000 | -H-D | M] -- C:\Program Files\Netscape
[2008/04/25 19:09:18 | 000,000,000 | -H-D | M] -- C:\Program Files\Nick Arcade
[2011/06/29 10:12:02 | 000,000,000 | -H-D | M] -- C:\Program Files\NortonInstaller
[2006/03/28 02:50:09 | 000,000,000 | -H-D | M] -- C:\Program Files\Online Services
[2010/12/15 03:02:02 | 000,000,000 | -H-D | M] -- C:\Program Files\Outlook Express
[2007/02/01 20:44:45 | 000,000,000 | -H-D | M] -- C:\Program Files\Paparazzi
[2006/03/28 02:45:18 | 000,000,000 | -H-D | M] -- C:\Program Files\PC-Doctor for DOS
[2011/07/03 20:29:38 | 000,000,000 | -H-D | M] -- C:\Program Files\PopCap Games
[2009/06/21 21:23:56 | 000,000,000 | -H-D | M] -- C:\Program Files\Quicken
[2011/07/04 10:37:33 | 000,000,000 | -H-D | M] -- C:\Program Files\QuickTime
[2011/07/03 20:35:21 | 000,000,000 | -H-D | M] -- C:\Program Files\Real
[2011/07/03 20:19:39 | 000,000,000 | -H-D | M] -- C:\Program Files\RealArcade
[2009/08/21 02:05:21 | 000,000,000 | -H-D | M] -- C:\Program Files\Reference Assemblies
[2007/02/01 19:01:08 | 000,000,000 | -H-D | M] -- C:\Program Files\ReflexiveArcade
[2010/05/16 08:55:23 | 000,000,000 | -H-D | M] -- C:\Program Files\Rhapsody
[2009/07/05 09:21:00 | 000,000,000 | -H-D | M] -- C:\Program Files\Roxio
[2011/07/03 20:23:25 | 000,000,000 | -H-D | M] -- C:\Program Files\Safari
[2009/06/28 10:04:01 | 000,000,000 | -H-D | M] -- C:\Program Files\Saints & Sinners Bowling
[2011/08/01 17:32:24 | 000,000,000 | -H-D | M] -- C:\Program Files\SCM Microsystems
[2006/03/28 02:27:30 | 000,000,000 | -H-D | M] -- C:\Program Files\Sonic
[2010/12/11 08:12:16 | 000,000,000 | -H-D | M] -- C:\Program Files\Sony Online Entertainment
[2006/12/07 17:48:39 | 000,000,000 | -H-D | M] -- C:\Program Files\Spyware Doctor
[2011/11/20 10:02:38 | 000,000,000 | ---D | M] -- C:\Program Files\SUPERAntiSpyware
[2009/06/21 21:22:20 | 000,000,000 | -H-D | M] -- C:\Program Files\Symantec
[2006/08/26 02:42:01 | 000,000,000 | -H-D | M] -- C:\Program Files\SymNetDrv
[2010/11/13 22:54:24 | 000,000,000 | -H-D | M] -- C:\Program Files\The Learning Company
[2006/07/21 19:12:37 | 000,000,000 | -H-D | M] -- C:\Program Files\The Print Shop 20
[2009/12/17 13:27:41 | 000,000,000 | -H-D | M] -- C:\Program Files\Trillian
[2006/08/05 14:40:36 | 000,000,000 | -H-D | M] -- C:\Program Files\TryMedia
[2005/11/11 07:56:28 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2009/10/24 16:27:25 | 000,000,000 | -H-D | M] -- C:\Program Files\Unity
[2006/03/28 02:40:39 | 000,000,000 | -H-D | M] -- C:\Program Files\Updates from HP
[2006/07/21 22:56:15 | 000,000,000 | -H-D | M] -- C:\Program Files\ValuSoft
[2008/10/01 20:07:14 | 000,000,000 | -H-D | M] -- C:\Program Files\Virtual Earth 3D
[2006/09/23 22:00:41 | 000,000,000 | -H-D | M] -- C:\Program Files\Web Publish
[2008/12/10 16:52:03 | 000,000,000 | -H-D | M] -- C:\Program Files\WildTangent
[2009/06/28 10:08:37 | 000,000,000 | -H-D | M] -- C:\Program Files\Windows Media Player
[2009/06/28 10:08:37 | 000,000,000 | -H-D | M] -- C:\Program Files\Windows NT
[2005/11/14 10:08:32 | 000,000,000 | -H-D | M] -- C:\Program Files\Windows Plus
[2005/11/11 07:56:16 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2005/11/14 10:08:44 | 000,000,000 | -H-D | M] -- C:\Program Files\xerox
[2006/12/30 14:36:41 | 000,000,000 | -H-D | M] -- C:\Program Files\Yahoo!
[2011/11/20 14:43:06 | 000,000,000 | -H-D | M] -- C:\Program Files\Yahoo! Games
[2009/05/24 15:00:49 | 000,000,000 | -H-D | M] -- C:\Program Files\Yard Sale Hidden Treasures - Lucky Junction
[2010/11/06 17:08:08 | 000,000,000 | -H-D | M] -- C:\Program Files\Yontoo Layers Client


< MD5 for: AGP440.SYS >
[2004/08/09 20:00:00 | 016,971,599 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/06/28 10:00:56 | 023,852,652 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/09 13:00:00 | 016,971,599 | -H-- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys
[2009/06/28 10:00:56 | 023,852,652 | -H-- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 10:36:38 | 000,042,368 | -H-- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 10:36:38 | 000,042,368 | -H-- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/09 20:00:00 | 016,971,599 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/06/28 10:00:56 | 023,852,652 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/09 13:00:00 | 016,971,599 | -H-- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2009/06/28 10:00:56 | 023,852,652 | -H-- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 10:40:30 | 000,096,512 | -H-- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 10:40:30 | 000,096,512 | -H-- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | -H-- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/09 13:00:00 | 000,095,360 | -H-- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0009\DriverFiles\i386\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | -H-- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\i386\atapi.sys

< MD5 for: DISK.SYS >
[2004/08/09 20:00:00 | 016,971,599 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2009/06/28 10:00:56 | 023,852,652 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2004/08/09 13:00:00 | 016,971,599 | -H-- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:disk.sys
[2009/06/28 10:00:56 | 023,852,652 | -H-- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2004/08/09 13:00:00 | 000,036,352 | -H-- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/13 10:40:47 | 000,036,352 | -H-- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/13 10:40:47 | 000,036,352 | -H-- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: EXPLORER.EXE >
[2008/04/13 16:12:19 | 001,033,728 | -H-- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 16:12:19 | 001,033,728 | -H-- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 03:26:03 | 001,033,216 | -H-- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 02:23:07 | 001,033,216 | -H-- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004/08/09 13:00:00 | 001,032,192 | -H-- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

< MD5 for: IASTOR.SYS >
[2005/06/16 22:33:40 | 000,872,064 | -H-- | M] (Intel Corporation) MD5=9A65E42664D1534B68512CAAD0EFE963 -- C:\hp\drivers\Intel_5_1_0_1022_PV\iastor.sys
[2005/06/16 22:33:40 | 000,872,064 | -H-- | M] (Intel Corporation) MD5=9A65E42664D1534B68512CAAD0EFE963 -- C:\WINDOWS\system32\drivers\iaStor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 16:12:01 | 000,407,040 | -H-- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 16:12:01 | 000,407,040 | -H-- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/09 13:00:00 | 000,407,040 | -H-- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: USERINIT.EXE >
[2004/08/09 13:00:00 | 000,024,576 | -H-- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 16:12:38 | 000,026,112 | -H-- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 16:12:38 | 000,026,112 | -H-- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/09 13:00:00 | 000,502,272 | -H-- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 16:12:39 | 000,507,904 | -H-- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 16:12:39 | 000,507,904 | -H-- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
H

KEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-05-11 10:28:54

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2011/11/14 21:39:56 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/11/08 18:43:58 | 000,552,464 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/11/08 18:43:58 | 000,552,464 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/11/08 18:43:58 | 000,552,464 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/11/08 18:43:57 | 000,912,856 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/11/08 18:43:57 | 000,912,856 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/11/08 18:43:57 | 000,912,856 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2011/11/14 21:39:56 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2011/11/14 21:39:56 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/11/14 21:39:56 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2011/11/14 21:39:56 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/02/18 03:49:53 | 000,173,568 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/02/18 03:49:53 | 000,173,568 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/02/18 03:49:53 | 000,173,568 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 13:09:26 | 000,638,816 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: iexplore.exe

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2011/11/14 21:39:56 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/11/08 18:43:58 | 000,552,464 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/11/08 18:43:58 | 000,552,464 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/11/08 18:43:58 | 000,552,464 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/11/08 18:43:57 | 000,912,856 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/11/08 18:43:57 | 000,912,856 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/11/08 18:43:57 | 000,912,856 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2011/11/14 21:39:56 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2011/11/14 21:39:56 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/11/14 21:39:56 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2011/11/14 21:39:56 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/02/18 03:49:53 | 000,173,568 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/02/18 03:49:53 | 000,173,568 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/02/18 03:49:53 | 000,173,568 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 13:09:26 | 000,638,816 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: iexplore.exe

========== Files - Unicode (All) ==========
[2006/11/24 18:52:15 | 000,000,000 | -H-D | M](C:\Program Files\??curity) -- C:\Program Files\ѕеcurity
[2006/11/24 18:52:15 | 000,000,000 | -H-D | M](C:\Program Files\??curity) -- C:\Program Files\ѕеcurity
[2006/11/24 18:52:08 | 000,000,000 | -H-D | M](C:\WINDOWS\M?crosoft) -- C:\WINDOWS\Mіcrosoft
[2006/09/20 22:09:37 | 000,000,000 | -H-D | C](C:\WINDOWS\M?crosoft) -- C:\WINDOWS\Mіcrosoft
(C:\Program Files\??curity) -- C:\Program Files\ѕеcurity

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CC7738DB
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:02169594
@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BF3D0EA3
@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:920E58B7
@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8BA6C9F8
@Alternate Data Stream - 94 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BD13A410
@Alternate Data Stream - 94 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:89C2A42C
@Alternate Data Stream - 240 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0A74923C
@Alternate Data Stream - 236 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:76466F4C
@Alternate Data Stream - 232 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9D6EAEC3
@Alternate Data Stream - 227 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9033BDFB
@Alternate Data Stream - 221 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2BC498A4
@Alternate Data Stream - 220 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EA7D76BE
@Alternate Data Stream - 219 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B2735F9E
@Alternate Data Stream - 218 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D31BE97C
@Alternate Data Stream - 217 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2871B698
@Alternate Data Stream - 216 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ED9B661E
@Alternate Data Stream - 216 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D48500F8
@Alternate Data Stream - 216 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6425A235
@Alternate Data Stream - 215 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AA6CA4C7
@Alternate Data Stream - 215 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:164FA86E
@Alternate Data Stream - 215 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:09064307
@Alternate Data Stream - 214 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B722BCE5
@Alternate Data Stream - 212 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:98DFF516
@Alternate Data Stream - 210 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A3B8F70C
@Alternate Data Stream - 210 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8C1EFEB8
@Alternate Data Stream - 210 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:453190EC
@Alternate Data Stream - 209 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5433DBEF
@Alternate Data Stream - 207 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E91ADC66
@Alternate Data Stream - 207 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A31B5E9B
@Alternate Data Stream - 207 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:58C9BCAC
@Alternate Data Stream - 207 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:57CC1FDC
@Alternate Data Stream - 205 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:561B1D2B
@Alternate Data Stream - 204 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:70E897B5
@Alternate Data Stream - 204 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:63CFD724
@Alternate Data Stream - 204 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1F67CD26
@Alternate Data Stream - 200 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C22674B6
@Alternate Data Stream - 199 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EEB25EAE
@Alternate Data Stream - 199 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:969C0C96
@Alternate Data Stream - 198 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EC0A74A1
@Alternate Data Stream - 198 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:260575F1
@Alternate Data Stream - 196 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E73B14E2
@Alternate Data Stream - 196 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:538B96B5
@Alternate Data Stream - 195 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3A008627
@Alternate Data Stream - 194 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:28CDD861
@Alternate Data Stream - 192 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C66222F3
@Alternate Data Stream - 192 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5E9B629B
@Alternate Data Stream - 191 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0AC32449
@Alternate Data Stream - 188 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FC4EA67C
@Alternate Data Stream - 148 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A5264343
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:908A1B53
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9812B773
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CEE4A457
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EE7AAC75
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8924043A
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:99C301D0
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:56F368C9
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:895A78C5
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C9B27A06
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BAC2F271
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0915A718
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:393F7B1E
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:96646EC1
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:25249477
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:063969F8
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A59DD4AD
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A296A63F
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A18121AD
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8C37BA2F
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:53DF4438
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:04BB186B
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BB0256E7
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6FD36C4B
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:68B61847
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:53659035
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4DDCE10B
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:439E3411
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:10D45FC3
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07241935
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:067F588D
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:799F5445
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6FBD5837
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5A908367
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4F6A4D11
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A97FF73C
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A02025CE
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3BFA9622
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2BFCDF84
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:19C3C515
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F7120F9A
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E5294695
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DDD1277F
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D8669B93
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C15969A6
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F67AAFC5
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:80E965A3
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:737160C1
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3539CD43
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:27D1368B
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F9E46E4C
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EC7C9796
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E0290D16
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5AE33054
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:417B6FAC
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:38B32B54
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:08D8BB20
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:03D08225
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:943E8182
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7CC608E0
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2CC3B9D1
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:268BA8AB
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:13DF9DD1
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0DFE2AE1
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F422F8F1
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6C5EC3CD
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1505883A
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:101708D3
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9ACB70D7
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:831C6B2D
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:48429D0E
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:19C3BC3A
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CF33321C
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AA60673F
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9B2BD056
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7F4DB476
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:70A1462A
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6E8472D2
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6C491D31
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:59846E5E
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3C5ABDC7
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:16C16B18
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FF333535
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8401B6D5
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7C412B92
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:66DA2E27
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:63C1C73E
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:409A775B
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B093E177
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9FE5FC48
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6FE17A89
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:517B507A
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:490BCC52
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3E06C78F
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0860D6D6
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FEEEFFAD
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BE40C8A2
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:98F6F85C
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:52A22573
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05BF1B63
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D46ECFD5
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4E6B8D68
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:357E6D3B
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:27012B21
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2342AE46
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E717F65C
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E1D818F7
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BE6DC701
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:848CC150
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:78E0DF72
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:708BB0FA
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4754A5B0
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DD24DCF8
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DA9A5EA8
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D3EFD0C3
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8E3698DB
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:82EEB5A1
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7E3BDDC4
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4D01D823
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:89C6F032
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:60A4BB64
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:40D8F125
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:077F4C77
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D0668210
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A7DA2BCD
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:663B62CA
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:57EE48CA
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E2B84483
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D055FC10
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BD27B7FC
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A561576B
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:961B4D58
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:89E1BAF5
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:753A0081
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:598E0FFA
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4F96D8E6
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4AD2C54D
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E3F37A7D
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BBF60A29
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A65DC98A
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4249A835
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3C4C57F9
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EC2381A4
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D387C245
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B845F669
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:957E9765
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:918B7566
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7A0EFE63
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5550B299
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:37994DBE
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:18173A8E
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4673E9EA
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:289041F7
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1AFC2166
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:00811B66
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D507B5A8
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:729F5FF8
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B9F8237A
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B1FBBD09
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9EF92A1A
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:90B52091
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:43301D1D
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2836460B
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E32966C0
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D8134D8F
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB16385F
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0EB1DE
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C48B1BA5
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:938EC881
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8F4E260C
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:349CACE5
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:88698068
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0C988F7D
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C07A6A6B
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BDF08FAF
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5D351BC6
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:354E094D
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:32BD974D
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:275AA066
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:145EE4E0
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EF71CAB5
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ECCE99EF
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B904C348
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:85C3B823
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:546EE13B
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:43982D5E

< End of report >

OTL Extras logfile created on: 11/30/2011 6:56:24 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Liz\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1015.30 Mb Total Physical Memory | 494.73 Mb Available Physical Memory | 48.73% Memory free
2.38 Gb Paging File | 2.04 Gb Available in Paging File | 85.40% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 224.43 Gb Total Space | 152.88 Gb Free Space | 68.12% Space Free | Partition Type: NTFS
Drive D: | 8.43 Gb Total Space | 0.42 Gb Free Space | 4.99% Space Free | Partition Type: FAT32

Computer Name: YOUR-4DACD0EA75 | User Name: Liz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 0
"ANTIVIRUSDISABLENOTIFY" = 0
"FIREWALLDISABLENOTIFY" = 0
"UPDATESDISABLENOTIFY" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe" = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP -- (Hewlett-Packard)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Disabled:Earthlink
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Disabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Disabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Disabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Disabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Disabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Disabled:hpqcopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Disabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Disabled:hpqphunl.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Disabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\StubInstaller.exe" = C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer -- (LimeWire)
"C:\Program Files\HP Games\Rock & Roll JEOPARDY\Rock & Roll JEOPARDY!.exe" = C:\Program Files\HP Games\Rock & Roll JEOPARDY\Rock & Roll JEOPARDY!.exe:*:Enabled:Rock & Roll JEOPARDY!
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\Yahoo! Games\Wheel of Fortune\Wheel of Fortune.exe" = C:\Program Files\Yahoo! Games\Wheel of Fortune\Wheel of Fortune.exe:*:Enabled:Wheel of Fortune
"C:\Program Files\GameHouse\CollapseCrunch\Collapse3.exe" = C:\Program Files\GameHouse\CollapseCrunch\Collapse3.exe:*:Enabled:Collapse! Crunch
"C:\Program Files\Yahoo! Games\Puzzle Express\PuzzleExpress.exe" = C:\Program Files\Yahoo! Games\Puzzle Express\PuzzleExpress.exe:*:Enabled:PuzzleExpress
"C:\Program Files\Yahoo! Games\PuzzleInlay\PuzzleInlay.exe" = C:\Program Files\Yahoo! Games\PuzzleInlay\PuzzleInlay.exe:*:Enabled:Puzzle Inlay
"C:\Program Files\EA GAMES\Medal of Honor Pacific Assault(tm)\mohpa.exe" = C:\Program Files\EA GAMES\Medal of Honor Pacific Assault(tm)\mohpa.exe:*:Enabled:Medal of Honor Pacific Assault(tm)
"C:\Program Files\Yahoo! Games\Poppit To Go\PoppitToGo.exe" = C:\Program Files\Yahoo! Games\Poppit To Go\PoppitToGo.exe:*:Enabled:PoppitToGo
"C:\Program Files\Yahoo! Games\Incredible Ink\IncredibleInk.exe" = C:\Program Files\Yahoo! Games\Incredible Ink\IncredibleInk.exe:*:Enabled:Incredible Ink
"C:\Program Files\GameHouse\Combo Chaos\ComboChaos.exe" = C:\Program Files\GameHouse\Combo Chaos\ComboChaos.exe:*:Enabled:Combo Chaos!
"C:\Program Files\Yahoo! Games\Jig Jag!\Jig Jag!.exe" = C:\Program Files\Yahoo! Games\Jig Jag!\Jig Jag!.exe:*:Enabled:Jig Jag!
"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe" = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater -- ()
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- ()
"C:\Program Files\Online Services\Aol\InstallAol.exe" = C:\Program Files\Online Services\Aol\InstallAol.exe:*:Disabled:AOL Canada -- (Hewlett Packard)
"C:\Program Files\Alphaqueue\alphaqueue.exe" = C:\Program Files\Alphaqueue\alphaqueue.exe:*:Disabled:Macromedia Projector
"C:\Program Files\GameHouse\MagicInlay\MagicInlay.exe" = C:\Program Files\GameHouse\MagicInlay\MagicInlay.exe:*:Disabled:Magic Inlay
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe" = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Disabled:Updates from HP -- (Hewlett-Packard)
"C:\Program Files\Yahoo! Games\Pixelus Deluxe\Pixelus.exe" = C:\Program Files\Yahoo! Games\Pixelus Deluxe\Pixelus.exe:*:Enabled:Pixelus Game
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
"C:\Program Files\Yahoo! Games\Ancient Tripeaks\Tripeaks.exe" = C:\Program Files\Yahoo! Games\Ancient Tripeaks\Tripeaks.exe:*:Enabled:Macromedia Projector
"C:\My Games\Wheel of Fortune\Wheel of Fortune.exe" = C:\My Games\Wheel of Fortune\Wheel of Fortune.exe:*:Enabled:Wheel of Fortune
"C:\My Games\The Game of Life\life.exe" = C:\My Games\The Game of Life\life.exe:*:Enabled:The Game Of Life
"C:\Program Files\AVG\AVG8\avgdiag.exe" = C:\Program Files\AVG\AVG8\avgdiag.exe:*:Enabled:avgdiag.exe
"C:\Program Files\Dogpile Bundle Toolbar\TroubleShooter.exe" = C:\Program Files\Dogpile Bundle Toolbar\TroubleShooter.exe:*:Enabled:Dogpile Bundle Toolbar (Helper)
"C:\Program Files\Dogpile Bundle Toolbar\ToolbarUpdate.exe" = C:\Program Files\Dogpile Bundle Toolbar\ToolbarUpdate.exe:*:Enabled:Dogpile Bundle Toolbar (Update)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype
"C:\Program Files\World of Warcraft\Launcher.exe" = C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher
"C:\Program Files\World of Warcraft\Launcher.patch.exe" = C:\Program Files\World of Warcraft\Launcher.patch.exe:*:Enabled:Blizzard Launcher


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan
"{13AD768A-9E04-499D-AE80-967A65DCCBA5}" = ebgcSDK
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{152BF35B-56D7-4652-B519-1661AAC270EE}" = The Print Shop 20
"{154508C0-07C5-4659-A7A0-E49968750D21}" = HLPPDOCK
"{172975EB-9465-4861-95B5-C7BB6D3DE62A}" = DocumentViewer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1CB34CE9-0E6B-493F-BB66-3425E5DF76E5}" = CP_CalendarTemplates1
"{1D643CD4-4DD6-11D7-A4E0-000874180BB3}" = Microsoft Money 2004
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23B35809-5E4A-4F14-8332-1CDEDDFAC089}" = CP_Package_Variety2
"{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}" = Destinations
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 23
"{2A548002-9042-4083-A270-B67473DE1073}" = SkinsHP1
"{2C5D07FB-31A2-4F2D-9FDA-0B24ACD42BD0}" = HP Deskjet Printer Preload
"{2DE65DF3-E614-4D5C-B5F9-BF3464DBEBD5}" = ebgcRes
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{3248F0A8-6813-11D6-A77B-00B0D0150050}" = J2SE Runtime Environment 5.0 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{33D6CC28-9F75-4d1b-A11D-98895B3A3729}" = HP Photosmart 330,380,420,470,7800,8000,8200 Series
"{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36D620AD-EEBA-4973-BA86-0C9AE6396620}" = OptionalContentQFolder
"{38441BE7-79B0-42B8-8297-833704F949FE}" = HLPIndex
"{3912A629-0020-0005-3757-2FBA74D4DF0A}" = InterVideo WinDVD Player
"{39B1BD87-561E-4762-AED9-7C5213B06C24}" = ebgcInfra
"{3BA95526-6AE0-4B87-A62D-17187EF565FC}" = HP Boot Optimizer
"{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}" = OTtBPSDK
"{3E386744-10FA-44b2-98C9-DF7A270DECB3}" = HP PSC & OfficeJet 5.3.A
"{3FE0CFAB-584A-4AA5-B8CD-C32284CFA308}" = RandMap
"{4041C245-7099-4C96-9738-5EBC23827B3C}" = BufferChm
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{432C3720-37BF-4BD7-8E49-F38E090246D0}" = CR2
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 1.0
"{48C82F7A-F100-4DAB-A310-8E18BF2159E1}" = ESSvpot
"{494D17B5-3369-4905-8C4B-80C972C5E0FF}" = CP_Panorama1Config
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CD67A02-DF59-43f7-8E8F-86DCF40543EF}" = 2570_Help
"{4DA4012B-39AF-48c2-B23B-A4D570D233A6}" = cp_LightScribeConfig
"{4F677FC7-7AA8-412B-A957-F13CBE1C7331}" = ESSSONIC
"{50E7BB78-02B4-469a-9D8B-B2F42835F90E}" = ProductContextNPI
"{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}" = CP_Package_Variety1
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{5421155F-B033-49DB-9B33-8F80F233D4D5}" = GdiplusUpgrade
"{54C8FE84-89C4-40E8-976C-439EB0729BD6}" = CardRd81
"{54E3707F-808E-4fd4-95C9-15D1AB077E5D}" = NewCopy
"{54F0998F-73C8-4b51-8286-FE903C231BED}" = cp_PosterPrintConfig
"{567C23E1-7580-4185-B8C2-30805677297C}" = NewCopy_CDA
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}" = HP PSC & OfficeJet 5.3.B
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}" = DocProc
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{74BCC862-CCD6-4A58-BDF9-7BB59FC31AB3}" = American Greetings Scrapbooks and More!
"{755EC5E3-FD51-46bd-A57F-7A2D56FBF061}" = PSTAPlugin
"{766633B3-1AFA-44B6-A3FC-1DE991CD9C52}" = CP_Package_Basic1
"{769A295C-DCF4-41d6-AFBA-7D9394B23AFE}" = PSPrinters08
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7850A6D2-CBEA-4728-9877-F1BEDEA9F619}" = AiOSoftware
"{79F8E1D4-36C1-439C-95FA-F695050B5B07}" = Sonic_PrimoSDK
"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder
"{7E6066E6-8B5B-4100-B0FA-1D9E9B663CBA}" = iTunes
"{80AE27BA-B0ED-4288-A8B9-D8194BCF4115}" = cp_UpdateProjectsConfig
"{869C3062-4745-4949-B6C9-98AF24D89030}" = PhotoGallery
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87843A41-7808-4F2E-B13F-25C1E67CF2FD}" = ESShelp
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Client 1.10.01
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
"{8BB4B58A-A402-4DE8-8FCD-287E60B88DD8}" = ESSCT
"{8C64E145-54BA-11D6-91B1-00500462BE80}" = Microsoft Money 2004 System Pack
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD Player
"{923A7F5A-1E8C-4FBE-8DF6-85940A60A79F}" = Readme
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D4ABB0C-F60B-44A6-956C-A4A63D5495C9}" = CueTour
"{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}" = ESScore
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3455242-DAE0-4523-8242-FD82706ABF4B}" = CameraDrivers
"{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}" = ESSvpaht
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{A8D91906-4032-4443-8C49-69F90E38F39D}" = 2570
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADAC983-FDE9-42FA-8FD9-7BB324155593}" = HLPRFO
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{ABB2901A-3D0A-4F21-8324-2F13C3EFE163}" = LightScribe 1.4.62.1
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.6
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B11E71BA-498C-42D4-9F1A-9D7A89D9DA61}" = CP_AtenaShokunin1Config
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B276997E-4367-4b1b-A39C-4CAE7464337A}" = AiO_Scan_CDA
"{B28759B8-5FC6-4F56-9C6C-6EDAD36455A9}" = Roxio Media Manager
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B4D279F1-4309-49cc-A4B5-3A0D2E59C7B5}" = PanoStandAlone
"{B57F2FF0-5A25-4332-B503-4592B370C02F}" = CP_Package_Variety3
"{B60E7826-F117-4d26-8165-D2DC5A494AB0}" = Fax_CDA
"{B64E3AFC-59EF-4f18-BF11-E751462450D3}" = AiOSoftwareNPI
"{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}" = KSU
"{BBD3BF67-5B89-4CBB-BA58-5818ED5F3290}" = cp_OnlineProjectsConfig
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C83A12B9-B31B-461A-BBD4-CE9B988094F1}" = HP Photosmart Cameras 5.0
"{CA0A1E54-CE0F-4366-B09C-A87B61DC5633}" = Symantec Network Drivers Update
"{CA60320D-6A16-49C8-A34F-84EEF4799567}" = ESSTUTOR
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}" = Fax
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D518592A-0F1E-40ca-BECB-3D3F026C6B0D}" = CameraDrivers
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{EBEBDE9F-78FA-4E68-820D-78CAF9DD46FF}" = SCR531 Smartcard Reader
"{ECFDD6BD-E0C0-41CC-A171-E6D6AF4C0E93}" = HP Software Update
"{EE55FD52-0D47-4c5a-96EC-48F70FF30520}" = 2570Trb
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}" = OTtBP
"{F80239D8-7811-4D5E-B033-0D0BBFE32920}" = HP DigitalMedia Archive
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FC8D25A7-FF1B-41BB-BB3B-9A06C0A60AE0}" = InstantShareDevices
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FDF9943A-3D5C-46B3-9679-586BD237DDEE}" = SKIN0001
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"Agere Systems Soft Modem" = Agere Systems PCI-SV92PP Soft Modem
"Anti-phishing Domain Advisor" = Anti-phishing Domain Advisor
"avast" = avast! Free Antivirus
"AwayMode160" = Microsoft Away Mode
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Data Fax SoftModem with SmartCP
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"Google Chrome" = Google Chrome
"HP Document Viewer" = HP Document Viewer 5.3
"HP Game Console" = HP Game Console and games
"HP Imaging Device Functions" = HP Imaging Device Functions 6.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.0
"HP Photosmart for Media Center PC" = HP Photosmart for Media Center PC
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3
"HPExtendedCapabilities" = HP Extended Capabilities 5.3
"HPOOVClient-9972322 Uninstaller" = Updates from HP (remove only)
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.24)" = Mozilla Firefox (3.6.24)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PROPLUS" = Microsoft Office Professional Plus 2007
"PROSet" = Intel(R) PRO Network Connections Drivers
"Shockwave" = Shockwave
"UnityWebPlayer" = Unity Web Player
"WebPost" = Microsoft Web Publishing Wizard 1.52
"WIC" = Windows Imaging Component
"WildTangent hp Master Uninstall" = My HP Games
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{373B1718-8CC5-4567-8EE2-9033AD08A680}" = Roblox for Liz
"SOE-Free Realms" = Free Realms

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

• Please run OTL.exe again
  
• Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

• CAREFUL NOW! You must click the Run Fix button, NOT the Run Scan!
  
• If it asks to reboot the computer, please allow that.
  
• Finally, post the contents of the log. (Located at C:\_OTL\Moved Files)

====================

Please open Malwarebytes' Anti-Malware, click the Update tab and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan and click Scan. Please post the resulting log in your next reply.

========== FILES ==========
C:\Documents and Settings\All Users\Application Data\epSmiWdo1fgPAc moved successfully.
C:\Documents and Settings\All Users\Application Data\~epSmiWdo1fgPAc moved successfully.
C:\Documents and Settings\All Users\Application Data\~epSmiWdo1fgPAcr moved successfully.
C:\WINDOWS\System32\IdbuwjiLmodq.dll moved successfully.
C:\Documents and Settings\Liz\Local Settings\Application Data\q4ta1hu2fuke6yb3bssy4t2ab moved successfully.
C:\Documents and Settings\All Users\Application Data\q4ta1hu2fuke6yb3bssy4t2ab moved successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:CC7738DB deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:02169594 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:BF3D0EA3 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:920E58B7 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:8BA6C9F8 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:BD13A410 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:89C2A42C deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:0A74923C deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:76466F4C deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:9D6EAEC3 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:9033BDFB deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:2BC498A4 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:EA7D76BE deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:B2735F9E deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D31BE97C deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:2871B698 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:ED9B661E deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D48500F8 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:6425A235 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:AA6CA4C7 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:164FA86E deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:09064307 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:B722BCE5 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:98DFF516 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A3B8F70C deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:8C1EFEB8 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:453190EC deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5433DBEF deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:E91ADC66 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A31B5E9B deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:58C9BCAC deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:57CC1FDC deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:561B1D2B deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:70E897B5 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:63CFD724 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:1F67CD26 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:C22674B6 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:EEB25EAE deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:969C0C96 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:EC0A74A1 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:260575F1 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:E73B14E2 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:538B96B5 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:3A008627 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:28CDD861 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:C66222F3 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5E9B629B deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:0AC32449 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:FC4EA67C deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A5264343 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:908A1B53 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:9812B773 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:CEE4A457 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:EE7AAC75 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:8924043A deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:99C301D0 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:56F368C9 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:895A78C5 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:C9B27A06 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:BAC2F271 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:0915A718 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:393F7B1E deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:96646EC1 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:25249477 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:063969F8 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A59DD4AD deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A296A63F deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A18121AD deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:8C37BA2F deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:53DF4438 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:04BB186B deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:BB0256E7 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:6FD36C4B deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:68B61847 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:53659035 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:4DDCE10B deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:439E3411 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:10D45FC3 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:07241935 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:067F588D deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:799F5445 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:6FBD5837 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5A908367 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:4F6A4D11 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A97FF73C deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A02025CE deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:3BFA9622 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:2BFCDF84 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:19C3C515 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:F7120F9A deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:E5294695 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:DDD1277F deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D8669B93 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:C15969A6 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:F67AAFC5 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:80E965A3 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:737160C1 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:3539CD43 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:27D1368B deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:F9E46E4C deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:EC7C9796 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:E0290D16 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5AE33054 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:417B6FAC deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:38B32B54 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:08D8BB20 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:03D08225 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:943E8182 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:7CC608E0 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:2CC3B9D1 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:268BA8AB deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:13DF9DD1 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:0DFE2AE1 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:F422F8F1 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:6C5EC3CD deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:1505883A deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:101708D3 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:9ACB70D7 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:831C6B2D deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:48429D0E deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:19C3BC3A deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:CF33321C deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:AA60673F deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:9B2BD056 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:7F4DB476 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:70A1462A deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:6E8472D2 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:6C491D31 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:59846E5E deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:3C5ABDC7 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:16C16B18 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:FF333535 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:8401B6D5 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:7C412B92 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:66DA2E27 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:63C1C73E deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:409A775B deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:B093E177 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:9FE5FC48 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:6FE17A89 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:517B507A deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:490BCC52 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:3E06C78F deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:0860D6D6 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:FEEEFFAD deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:BE40C8A2 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:98F6F85C deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:52A22573 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:05BF1B63 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D46ECFD5 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:4E6B8D68 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:357E6D3B deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:27012B21 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:2342AE46 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:E717F65C deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:E1D818F7 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:BE6DC701 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:848CC150 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:78E0DF72 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:708BB0FA deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:4754A5B0 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:DD24DCF8 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:DA9A5EA8 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D3EFD0C3 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:8E3698DB deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:82EEB5A1 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:7E3BDDC4 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:4D01D823 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:89C6F032 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:60A4BB64 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:40D8F125 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:077F4C77 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D0668210 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A7DA2BCD deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:663B62CA deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:57EE48CA deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:E2B84483 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D055FC10 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:BD27B7FC deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A561576B deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:961B4D58 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:89E1BAF5 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:753A0081 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:598E0FFA deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:4F96D8E6 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:4AD2C54D deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:E3F37A7D deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:BBF60A29 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A65DC98A deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:4249A835 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:3C4C57F9 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:EC2381A4 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D387C245 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:B845F669 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:957E9765 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:918B7566 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:7A0EFE63 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5550B299 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:37994DBE deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:18173A8E deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:4673E9EA deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:289041F7 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:1AFC2166 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:00811B66 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D507B5A8 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:729F5FF8 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:B9F8237A deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:B1FBBD09 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:9EF92A1A deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:90B52091 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:43301D1D deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:2836460B deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:E32966C0 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D8134D8F deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:CB16385F deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:CB0EB1DE deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:C48B1BA5 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:938EC881 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:8F4E260C deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:349CACE5 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:88698068 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:0C988F7D deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:C07A6A6B deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:BDF08FAF deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5D351BC6 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:354E094D deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:32BD974D deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:275AA066 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:145EE4E0 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:EF71CAB5 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:ECCE99EF deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:B904C348 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:85C3B823 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:546EE13B deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:43982D5E deleted successfully.
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\vhrvmy deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\reywn deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Weather deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0649ecb4-d30e-11db-8529-0017310f5abf}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0649ecb4-d30e-11db-8529-0017310f5abf}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0649ecb4-d30e-11db-8529-0017310f5abf}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0649ecb4-d30e-11db-8529-0017310f5abf}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0649ecb4-d30e-11db-8529-0017310f5abf}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0649ecb4-d30e-11db-8529-0017310f5abf}\ not found.
File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RIuOM.EXe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2a36188f-1fa1-11dc-8533-0017310f5abf}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2a36188f-1fa1-11dc-8533-0017310f5abf}\ not found.
File J:\RavMonE.exe e not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2a36188f-1fa1-11dc-8533-0017310f5abf}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2a36188f-1fa1-11dc-8533-0017310f5abf}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2a36188f-1fa1-11dc-8533-0017310f5abf}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2a36188f-1fa1-11dc-8533-0017310f5abf}\ not found.
File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMonE.exe e not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{adb3ba60-e0c7-11dd-85a1-0014e8e025c7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{adb3ba60-e0c7-11dd-85a1-0014e8e025c7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{adb3ba60-e0c7-11dd-85a1-0014e8e025c7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{adb3ba60-e0c7-11dd-85a1-0014e8e025c7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{adb3ba60-e0c7-11dd-85a1-0014e8e025c7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{adb3ba60-e0c7-11dd-85a1-0014e8e025c7}\ not found.
File J:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c3e5a746-f182-11de-85f5-0017310f5abf}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c3e5a746-f182-11de-85f5-0017310f5abf}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c3e5a746-f182-11de-85f5-0017310f5abf}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c3e5a746-f182-11de-85f5-0017310f5abf}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c3e5a746-f182-11de-85f5-0017310f5abf}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c3e5a746-f182-11de-85f5-0017310f5abf}\ not found.
File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL qaouGo.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ not found.
File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480 not found.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.31.0 log created on 12012011_163035

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8290

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/2/2011 9:28:36 AM
mbam-log-2011-12-02 (09-28-28).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)
Objects scanned: 405373
Time elapsed: 1 hour(s), 16 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\documents and settings\Liz\application data\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@gamevance.com (Adware.GamesVance) -> No action taken.

Files Infected:
c:\documents and settings\Liz\local settings\Temp\dealiotoolbarinstall.exe (PUP.Dealio.TB) -> No action taken.

I see that the malware has hidden a bunch of folders and files, so we´re going to unhide that.

• Please download Unhide by Grinler from here and save it to your desktop.
  
• Double click unhide.exe to run the tool.
  
• It will take some time to go through all your files, so please be patient.

====================

You need to install the latest version of Java. Having the latest version is important to take advantage of fixes that have eliminated security vulnerabilities.

• Go to Start > Control Panel
  
• Double-click on Add or Remove Programs
  
• Look for entries that say Java, Java RunTime Environment or J2SE.
  
• Uninstall all of them that are not named Java (TM) 6 Update 29

After doing this, you can go to java.com, click on Free Java Download and proceed from there to install the latest version of Java (currently Version 6 Update 29).

After installing Java, go to Start > Control Panel > Java to open the Java Control Panel.
Under the General tab, Temporary Internet Files click Settings, then click Delete Files.
Select both options and click OK to delete the Java cache.

====================

Please download aswMBR by Alwil Software from here and save it to your desktop.

• Double click aswMBR.exe to run the tool
  
• Click the Scan button to start the scan
  
• Don´t panic if you see any **Rootkit** entries. The tool sometimes produces false alarms
  
• Once the scan finishes click Save log to save the log to your desktop
  
• Copy and paste the contents of this log (aswMBR.txt) into your next reply.

====================

How is your computer running now?

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8325

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/6/2011 4:40:39 PM
mbam-log-2011-12-06 (16-40-34).txt

Scan type: Quick scan
Objects scanned: 248438
Time elapsed: 15 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\documents and settings\Liz\application data\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@gamevance.com (Adware.GamesVance) -> No action taken.

Files Infected:
c:\documents and settings\Liz\local settings\Temp\dealiotoolbarinstall.exe (PUP.Dealio.TB) -> No action taken.

========== FILES ==========
File\Folder C:\Documents and Settings\All Users\Application Data\epSmiWdo1fgPAc not found.
File\Folder C:\Documents and Settings\All Users\Application Data\~epSmiWdo1fgPAc not found.
File\Folder C:\Documents and Settings\All Users\Application Data\~epSmiWdo1fgPAcr not found.
File\Folder C:\WINDOWS\System32\IdbuwjiLmodq.dll not found.
File\Folder C:\Documents and Settings\Liz\Local Settings\Application Data\q4ta1hu2fuke6yb3bssy4t2ab not found.
File\Folder C:\Documents and Settings\All Users\Application Data\q4ta1hu2fuke6yb3bssy4t2ab not found.
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:CC7738DB .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:02169594 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:BF3D0EA3 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:920E58B7 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:8BA6C9F8 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:BD13A410 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:89C2A42C .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:0A74923C .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:76466F4C .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:9D6EAEC3 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:9033BDFB .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:2BC498A4 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:EA7D76BE .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:B2735F9E .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:D31BE97C .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:2871B698 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:ED9B661E .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:D48500F8 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:6425A235 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:AA6CA4C7 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:164FA86E .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:09064307 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:B722BCE5 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:98DFF516 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:A3B8F70C .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:8C1EFEB8 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:453190EC .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:5433DBEF .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:E91ADC66 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:A31B5E9B .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:58C9BCAC .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:57CC1FDC .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:561B1D2B .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:70E897B5 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:63CFD724 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:1F67CD26 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:C22674B6 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:EEB25EAE .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:969C0C96 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:EC0A74A1 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:260575F1 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:E73B14E2 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:538B96B5 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:3A008627 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:28CDD861 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:C66222F3 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:5E9B629B .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:0AC32449 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:FC4EA67C .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:A5264343 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:908A1B53 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:9812B773 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:CEE4A457 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:EE7AAC75 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:8924043A .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:99C301D0 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:56F368C9 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:895A78C5 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:C9B27A06 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:BAC2F271 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:0915A718 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:393F7B1E .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:96646EC1 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:25249477 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:063969F8 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:A59DD4AD .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:A296A63F .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:A18121AD .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:8C37BA2F .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:53DF4438 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:04BB186B .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:BB0256E7 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:6FD36C4B .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:68B61847 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:53659035 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:4DDCE10B .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:439E3411 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:10D45FC3 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:07241935 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:067F588D .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:799F5445 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:6FBD5837 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:5A908367 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:4F6A4D11 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:A97FF73C .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:A02025CE .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:3BFA9622 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:2BFCDF84 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:19C3C515 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:F7120F9A .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:E5294695 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:DDD1277F .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:D8669B93 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:C15969A6 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:F67AAFC5 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:80E965A3 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:737160C1 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:3539CD43 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:27D1368B .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:F9E46E4C .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:EC7C9796 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:E0290D16 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:5AE33054 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:417B6FAC .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:38B32B54 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:08D8BB20 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:03D08225 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:943E8182 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:7CC608E0 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:2CC3B9D1 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:268BA8AB .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:13DF9DD1 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:0DFE2AE1 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:F422F8F1 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:6C5EC3CD .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:1505883A .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:101708D3 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:9ACB70D7 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:831C6B2D .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:48429D0E .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:19C3BC3A .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:CF33321C .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:AA60673F .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:9B2BD056 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:7F4DB476 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:70A1462A .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:6E8472D2 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:6C491D31 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:59846E5E .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:3C5ABDC7 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:16C16B18 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:FF333535 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:8401B6D5 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:7C412B92 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:66DA2E27 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:63C1C73E .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:409A775B .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:B093E177 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:9FE5FC48 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:6FE17A89 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:517B507A .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:490BCC52 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:3E06C78F .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:0860D6D6 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:FEEEFFAD .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:BE40C8A2 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:98F6F85C .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:52A22573 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:05BF1B63 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:D46ECFD5 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:4E6B8D68 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:357E6D3B .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:27012B21 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:2342AE46 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:E717F65C .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:E1D818F7 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:BE6DC701 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:848CC150 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:78E0DF72 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:708BB0FA .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:4754A5B0 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:DD24DCF8 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:DA9A5EA8 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:D3EFD0C3 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:8E3698DB .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:82EEB5A1 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:7E3BDDC4 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:4D01D823 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:89C6F032 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:60A4BB64 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:40D8F125 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:077F4C77 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:D0668210 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:A7DA2BCD .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:663B62CA .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:57EE48CA .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:E2B84483 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:D055FC10 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:BD27B7FC .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:A561576B .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:961B4D58 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:89E1BAF5 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:753A0081 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:598E0FFA .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:4F96D8E6 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:4AD2C54D .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:E3F37A7D .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:BBF60A29 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:A65DC98A .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:4249A835 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:3C4C57F9 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:EC2381A4 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:D387C245 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:B845F669 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:957E9765 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:918B7566 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:7A0EFE63 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:5550B299 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:37994DBE .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:18173A8E .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:4673E9EA .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:289041F7 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:1AFC2166 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:00811B66 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:D507B5A8 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:729F5FF8 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:B9F8237A .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:B1FBBD09 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:9EF92A1A .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:90B52091 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:43301D1D .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:2836460B .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:E32966C0 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:D8134D8F .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:CB16385F .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:CB0EB1DE .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:C48B1BA5 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:938EC881 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:8F4E260C .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:349CACE5 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:88698068 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:0C988F7D .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:C07A6A6B .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:BDF08FAF .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:5D351BC6 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:354E094D .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:32BD974D .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:275AA066 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:145EE4E0 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:EF71CAB5 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:ECCE99EF .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:B904C348 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:85C3B823 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:546EE13B .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:43982D5E .
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\vhrvmy not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\reywn not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Weather not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0649ecb4-d30e-11db-8529-0017310f5abf}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0649ecb4-d30e-11db-8529-0017310f5abf}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0649ecb4-d30e-11db-8529-0017310f5abf}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0649ecb4-d30e-11db-8529-0017310f5abf}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0649ecb4-d30e-11db-8529-0017310f5abf}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0649ecb4-d30e-11db-8529-0017310f5abf}\ not found.
File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RIuOM.EXe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2a36188f-1fa1-11dc-8533-0017310f5abf}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2a36188f-1fa1-11dc-8533-0017310f5abf}\ not found.
File J:\RavMonE.exe e not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2a36188f-1fa1-11dc-8533-0017310f5abf}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2a36188f-1fa1-11dc-8533-0017310f5abf}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2a36188f-1fa1-11dc-8533-0017310f5abf}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2a36188f-1fa1-11dc-8533-0017310f5abf}\ not found.
File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMonE.exe e not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{adb3ba60-e0c7-11dd-85a1-0014e8e025c7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{adb3ba60-e0c7-11dd-85a1-0014e8e025c7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{adb3ba60-e0c7-11dd-85a1-0014e8e025c7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{adb3ba60-e0c7-11dd-85a1-0014e8e025c7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{adb3ba60-e0c7-11dd-85a1-0014e8e025c7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{adb3ba60-e0c7-11dd-85a1-0014e8e025c7}\ not found.
File J:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c3e5a746-f182-11de-85f5-0017310f5abf}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c3e5a746-f182-11de-85f5-0017310f5abf}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c3e5a746-f182-11de-85f5-0017310f5abf}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c3e5a746-f182-11de-85f5-0017310f5abf}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c3e5a746-f182-11de-85f5-0017310f5abf}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c3e5a746-f182-11de-85f5-0017310f5abf}\ not found.
File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL qaouGo.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ not found.
File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480 not found.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.31.0 log created on 12062011_161127

You have been executing the wrong instructions

They are on this page.

I will be off for 4 days from today. Back on monday.

Hello Again, sorry for that I didn't realize there was another page, either way, I completed the unhide and removed all the java from the add/remove programs, and updated it with the most current version, however when I tried to go to java in the control panel afterwards I could not find it, but it is on the add/remove programs list as the most recent version. I also completed the scan and these are the results below. Thank you for your time and patience again.


aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-12-07 18:23:03
-----------------------------
18:23:03.470 OS Version: Windows 5.1.2600 Service Pack 3
18:23:03.470 Number of processors: 1 586 0xD08
18:23:03.470 ComputerName: YOUR-4DACD0EA75 UserName: Liz
18:23:04.704 Initialize success
18:23:05.423 AVAST engine defs: 11120701
18:23:23.312 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
18:23:23.312 Disk 0 Vendor: ST3250823AS 3.03 Size: 238475MB BusType: 3
18:23:25.343 Disk 0 MBR read successfully
18:23:25.343 Disk 0 MBR scan
18:23:25.374 Disk 0 unknown MBR code
18:23:25.374 Disk 0 scanning sectors +488391120
18:23:25.468 Disk 0 scanning C:\WINDOWS\system32\drivers
18:23:40.701 Service scanning
18:23:42.279 Modules scanning
18:23:50.731 Disk 0 trace - called modules:
18:23:50.747 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
18:23:50.747 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87156ab8]
18:23:50.747 3 CLASSPNP.SYS[f7628fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x87161d98]
18:23:51.434 AVAST engine scan C:\WINDOWS
18:24:15.870 AVAST engine scan C:\WINDOWS\system32
18:26:38.295 AVAST engine scan C:\WINDOWS\system32\drivers
18:27:02.184 AVAST engine scan C:\Documents and Settings\Liz
18:57:16.210 AVAST engine scan C:\Documents and Settings\All Users
19:14:50.464 Scan finished successfully
20:37:20.851 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Liz\Desktop\MBR.dat"
20:37:20.851 The log file has been saved successfully to "C:\Documents and Settings\Liz\Desktop\aswMBR.txt"

Excellent. As far as I can see, your computer is CLEAN.



====================

Do you have any more questions or do you want to see my ALORTKYCC (Awesome List Or Recommendations To Keep Your Computer Clean)?

Sweet, I appreciate all of your time and help, there is no way I would have been able to do this on my own. I would like to see your ALORTKYCC. Also is there anything I can do to just clean up space with stuff I don't use or anything like that. When a screensaver will normally pop up the screen goes black and I need to hit escape 3 times or the start menu button, whats up with that. Thanks again for everything.

To clean up unneeded files:
Please download PureRa by RaProducts from here

• First, unzip the program, e.g. to your desktop.
  
• Double click PureRa.exe to run it.
  
• When it opens, click the "Next" button to open up a menu of options.
  
• Tick the box that says "Check All"
  
• If you want detailed information about what got deleted, check the "Create Log" option.
  
• Then press the "Clean" button to start the cleaning process.
  
• It may look like nothing is happening, but let it run.
  
• When the tool finishes, It will show you how much data it cleaned.
  
• If you choose to create a log, it will open this log (C:\PureRa.txt, you can delete it afterwards)

====================

Time to uninstall used tools.

• Double click OTL.exe to run it again and click the CleanUp button.
  
• If we used any other tools and they still remain on your desktop, please delete them manually.

====================

Allright! Here follows my ALORTKYCC (Awesome List Of Recommendations To Keep Your Computer Clean):

1) Keep your Windows up-to-date. Windows Autoupdate should be ON (see Start >> Control Panel >> Security Center). An alternative way (but more time-consuming) is to periodically visit http://windowsupdate.microsoft.com. Hackers are looking every day for new security holes. Microsoft keeps patching them. You cannot fall behind in this race, it will make your system vulnerable.

2) For your average daily computer activities, use a limited/standard user account, not an administrator account. If you use Vista/WIN7 do not disable User Account Control (UAC). You would be amazed to know how much malware can´t touch you if you deny it admin rights. Create a separate password-protected administrator account that you use for admin activities, like (un)installing software.

3) Use a good antivirus. There are various free ones, you cannot go wrong with either of the following three:

• Panda Cloud Antivirus. If you want your antivirus to be light on resources, I recommend Panda. Install without the toolbar.
  
• Ad-Aware Free Internet Security has received great reviews from leading security analysts.
  
• Avast! is a very complete antivirus, with modules like mailscanner and webshield.

4) If your computer has 1GB system memory or more, you should install a third party firewall, to replace the weak Windows Firewall. I recommend:

• Comodo Firewall. Install the internet security suite, but without the antivirus and without the Hopsurf toolbar.
  
• Online Armor. A very smart and user friendly firewall.
  
• Outpost Firewall is another rocksolid choice.

Note: you should run only ONE antivirus and ONE firewall. Running multiples of either is bad, it will cause slowdowns and/or conflicts.

5) Miscellaneous advice:

• Stay away from cracks and keygens (look here for the why). Get free software instead. Gizmo is an excellent source of freeware reviews.
  
• Navigate safely. Google Chrome is the safest browser available. However, Mozilla Firefox can be made extremely safe with the NoScript addon. Internet Explorer (always use the last version) can be made a lot safer with Spywareblaster (manual here).
  
• The WOT (Webs Of Trust) addon will help you to stay on reliable webpages.
  
• WinPatrol alerts you when changes are made in vital system areas. Especially good on light systems not running a third party firewall.
  
• Make sure you have ways to recuperate your operating system and vital other data if its gets frustrated by malware and/or other problems. A Windows setup CD and recent backups/disk images will be priceless, if you find yourself in an unexpected tight spot.

Finally: did we help you? Help us back!

Hello sorry it took so long to respond, I completed the purera task and the otl, but when it restarted the computer, it allowed me to pic a user but when it logged in the screen was black and all I can see is the cursor, it does nothing when I right click or press CTL+ALT+DEL. I dont know hat to do now, I can see all the posts on my phone but cannot repost anything from it, but I am on a diffrent computer now for this and am not sure when I will be able to get back to it, give a take a few days. Any help is appreciated, thanks for your time.

wow

That is weird
We didn´t do anything risky here

You cannot start in safe mode either?

To reboot in safe mode: restart the computer and hit the F8 button a couple of times during rebooting, just before the windows screen appears. In the boot menu that follows, choose Safe Mode Without Networking.

I did the reboot in safe mode with networking, and then realized it was to be without networking, so I rebooted the computer without networking and both worked in safe mode. Hopefully we can figure it out whats going on. Thank you.

OK so safe mode is working correctly, but normal mode is not?

Some questions

Do you have a windows setup disk that came with this computer?
Do you have access to another computer to download tools and stuff?