SlowSystem after adware, malware, spyware, and Vundo removal [Solved]

Need a geek? Geeks to Go offers free, quality tech support -- in terms anyone can understand. Volunteers are waiting to help, friendly, technology experts who have knowledge to share, and enjoy helping others. Feel free to browse the site as a guest. However, you must log in to reply to existing topics, or to start a new topic of your own. Other benefits of joining include richer forum features, and removal of all advertising. Learn more in our Welcome Guide Infected? Malware and Spyware Cleaning Guide. What are you waiting for? Click here to join for free today!

> Geeks to Go! » Security » Virus, Spyware and Trojan Removal

SlowSystem after adware, malware, spyware, and Vundo removal [Solved], :help:

Options

katheryn65 View Member Profile	Oct 18 2009, 11:57 AM Post #1
Member Posts: 35 From: NH OS: win xp pro	Hi, I am trying to fix a friends computer. I ran mbam, super anti spyware, and avast. Each found different things and it seems they have cleaned the system (at least i am not finding anything anymore) However, the system is booting and running slower than cold molasses! I followed the cleaning guide and have attached (Some files are to big to get posted.) the logs below. The only part of the guide i cannot seem to run is the "RootRepeal" Everytime i try to run it i get stop errors. Oh, i also updated windows Also, please let me know if you need additional info in order to help me figure this one out. Please help! & Thanks in advance Kathy This post has been edited by katheryn65: Oct 19 2009, 09:39 AM Attached File(s) OTL.Txt ( 203.76K ) Number of downloads: 15 Extras.Txt ( 36.35K ) Number of downloads: 59 mbam_log_2009_10_17__16_04_36_.txt ( 195.03K ) Number of downloads: 8

kahdah View Member Profile	Oct 21 2009, 11:48 AM Post #2
GeekU Teacher Posts: 13,547 From: Florida OS: Windows xp,Vista business	Hello katheryn65 Welcome to G2Go. ===================== Can you please post an updated log from OTL and do the following: Download This file. Note its name and save it to your root folder, such as C:\. Disconnect from the Internet and close all running programs. Temporarily disable any real-time active protection so your security program drivers will not conflict with this file. Click on this link to see a list of programs that should be disabled. Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator") Allow the driver to load if asked. You may be prompted to scan immediately if it detects rootkit activity. If you are prompted to scan your system click "Yes" to begin the scan. If not prompted, click the "Rootkit/Malware" tab. On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked. Select all drives that are connected to your system to be scanned. Click the Scan button to begin. (Please be patient as it can take some time to complete) When the scan is finished, click Save to save the scan results to your Desktop. Save the file as Results.log and copy/paste the contents in your next reply. Exit the program and re-enable all active protection when done.

katheryn65 View Member Profile	Oct 21 2009, 04:50 PM Post #3
Member Posts: 35 From: NH OS: win xp pro	Hi there, Okay, i d/l the program you said to, ran it, and when all was said and done, it took away my keyboard and mouse, so i was unable to save it. I did re-run the OTL and here is the log, i hope this helps with something.... OTL logfile created on: 10/21/2009 6:34:20 PM - Run 2 OTL by OldTimer - Version 3.0.21.0 Folder = C:\Documents and Settings\abby gibbs\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 \| Country: United States \| Language: ENU \| Date Format: M/d/yyyy 223.48 Mb Total Physical Memory \| 74.57 Mb Available Physical Memory \| 33.37% Memory free 722.57 Mb Paging File \| 328.06 Mb Available in Paging File \| 45.40% Paging File free Paging file location(s): c:\pagefile.sys 512 768 [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\WINDOWS \| %ProgramFiles% = C:\Program Files Drive C: \| 38.23 Gb Total Space \| 11.41 Gb Free Space \| 29.86% Space Free \| Partition Type: NTFS Drive D: \| 0.37 Mb Total Space \| 0.00 Mb Free Space \| 0.00% Space Free \| Partition Type: CDFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: GIBBS Current User Name: abby gibbs Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2009/10/18 12:53:33 \| 00,521,216 \| ---- \| M] (OldTimer Tools) -- C:\Documents and Settings\abby gibbs\Desktop\OTL.exe PRC - [2009/10/12 21:24:50 \| 02,000,112 \| ---- \| M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe PRC - [2009/09/15 06:56:48 \| 00,081,000 \| ---- \| M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe PRC - [2009/09/15 06:56:43 \| 00,138,680 \| ---- \| M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe PRC - [2009/09/15 06:56:28 \| 00,254,040 \| ---- \| M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe PRC - [2009/09/15 06:54:13 \| 00,352,920 \| ---- \| M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe PRC - [2009/09/15 06:49:40 \| 00,018,752 \| ---- \| M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe PRC - [2009/07/25 05:23:12 \| 00,149,280 \| ---- \| M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe PRC - [2009/07/25 05:23:10 \| 00,153,376 \| ---- \| M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe PRC - [2009/07/13 14:03:10 \| 00,292,128 \| ---- \| M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe PRC - [2009/07/13 14:02:50 \| 00,542,496 \| ---- \| M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe PRC - [2009/06/05 11:48:14 \| 00,144,712 \| ---- \| M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe PRC - [2009/03/30 16:28:36 \| 01,533,808 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE PRC - [2009/03/30 16:28:36 \| 00,183,152 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe PRC - [2008/05/26 22:19:14 \| 00,123,904 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Windows Desktop Search\WindowsSearch.exe PRC - [2008/04/13 20:12:19 \| 01,033,728 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE PRC - [2008/03/25 20:49:02 \| 00,184,320 \| ---- \| M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe PRC - [2008/03/25 20:49:00 \| 00,569,344 \| ---- \| M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe PRC - [2008/03/25 20:40:42 \| 00,214,360 \| ---- \| M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe PRC - [2007/11/02 20:12:50 \| 00,262,144 \| ---- \| M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe PRC - [2007/10/14 21:17:32 \| 00,049,152 \| ---- \| M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\HPWuSchd2.exe PRC - [2007/01/04 17:38:08 \| 00,024,652 \| ---- \| M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe PRC - [2006/11/02 11:21:18 \| 00,156,160 \| ---- \| M] () -- C:\Program Files\Nova Development\Greeting Card Factory Photo Card Maker\ReminderApp.exe PRC - [2005/10/11 13:58:52 \| 00,921,600 \| ---- \| M] () -- C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe PRC - [2003/06/10 22:12:28 \| 00,055,296 \| ---- \| M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE ========== Win32 Services (SafeList) ========== SRV - File not found -- -- (GoogleDesktopManager [On_Demand \| Stopped]) SRV - File not found -- -- (CLTNetCnService [Auto \| Stopped]) SRV - [2009/09/15 06:56:43 \| 00,138,680 \| ---- \| M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto \| Running]) SRV - [2009/09/15 06:56:28 \| 00,254,040 \| ---- \| M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand \| Running]) SRV - [2009/09/15 06:54:13 \| 00,352,920 \| ---- \| M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand \| Stopped]) SRV - [2009/09/15 06:49:40 \| 00,018,752 \| ---- \| M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto \| Running]) SRV - [2009/08/20 13:33:09 \| 00,182,768 \| ---- \| M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand \| Stopped]) SRV - [2009/07/25 05:23:10 \| 00,153,376 \| ---- \| M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto \| Running]) SRV - [2009/07/13 14:02:50 \| 00,542,496 \| ---- \| M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand \| Running]) SRV - [2009/06/05 11:48:14 \| 00,144,712 \| ---- \| M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto \| Running]) SRV - [2009/03/30 16:28:36 \| 01,533,808 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc [Auto \| Running]) SRV - [2008/08/29 10:01:22 \| 00,033,752 \| ---- \| M] (NOS Microsystems Ltd.) -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus® Helper [On_Demand \| Stopped]) SRV - [2008/07/29 21:10:04 \| 00,046,104 \| ---- \| M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand \| Stopped]) SRV - [2008/07/29 19:24:50 \| 00,881,664 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown \| Stopped]) SRV - [2008/07/29 19:16:38 \| 00,132,096 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled \| Stopped]) SRV - [2008/07/25 11:17:02 \| 00,069,632 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand \| Stopped]) SRV - [2008/07/25 11:16:40 \| 00,034,312 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand \| Stopped]) SRV - [2008/07/18 13:13:20 \| 00,053,760 \| ---- \| M] (Hewlett-Packard) -- C:\WINDOWS\System32\HPZipm12.dll -- (Pml Driver HPZ12 [Auto \| Running]) SRV - [2008/07/18 13:13:20 \| 00,044,032 \| ---- \| M] (Hewlett-Packard) -- C:\WINDOWS\System32\HPZinw12.dll -- (Net Driver HPZ12 [Auto \| Running]) SRV - [2008/04/13 20:12:02 \| 00,038,400 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto \| Running]) SRV - [2008/03/25 21:27:36 \| 00,135,168 \| ---- \| M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc [Auto \| Running]) SRV - [2008/03/25 20:38:24 \| 00,217,088 \| ---- \| M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08 [On_Demand \| Running]) SRV - [2007/01/04 17:38:08 \| 00,024,652 \| ---- \| M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service [Auto \| Running]) SRV - [2006/10/18 21:05:24 \| 00,913,408 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand \| Stopped]) ========== Driver Services (SafeList) ========== DRV - [2009/10/12 21:24:56 \| 00,007,408 \| R--- \| M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand \| Running]) DRV - [2009/10/12 21:24:54 \| 00,009,968 \| ---- \| M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV [System \| Running]) DRV - [2009/10/12 21:24:52 \| 00,074,480 \| ---- \| M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys -- (SASKUTIL [System \| Running]) DRV - [2009/09/15 06:56:14 \| 00,094,160 \| ---- \| M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2 [Auto \| Running]) DRV - [2009/09/15 06:55:30 \| 00,114,768 \| ---- \| M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP [System \| Running]) DRV - [2009/09/15 06:55:19 \| 00,020,560 \| ---- \| M] (ALWIL Software) -- C:\WINDOWS\System32\DRIVERS\aswFsBlk.sys -- (aswFsBlk [Auto \| Running]) DRV - [2009/09/15 06:54:30 \| 00,052,368 \| ---- \| M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi [System \| Running]) DRV - [2009/09/15 06:54:21 \| 00,023,152 \| ---- \| M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr [On_Demand \| Running]) DRV - [2009/09/15 06:53:24 \| 00,027,408 \| ---- \| M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4 [System \| Running]) DRV - [2009/06/05 11:42:38 \| 00,039,424 \| ---- \| M] (Apple, Inc.) -- C:\WINDOWS\System32\Drivers\usbaapl.sys -- (USBAAPL [On_Demand \| Stopped]) DRV - [2009/06/05 03:24:30 \| 00,019,200 \| ---- \| M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\DRIVERS\srvkp.sys -- (SiSkp [System \| Running]) DRV - [2009/06/05 03:02:46 \| 00,323,584 \| ---- \| M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\DRIVERS\sisgrp.sys -- (SiS315 [On_Demand \| Running]) DRV - [2009/03/19 16:32:48 \| 00,023,400 \| ---- \| M] (GEAR Software Inc.) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand \| Running]) DRV - [2008/02/22 22:38:33 \| 00,043,872 \| ---- \| M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot \| Running]) DRV - [2007/11/13 06:25:53 \| 00,020,480 \| ---- \| M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [Auto \| Running]) DRV - [2007/10/30 05:25:55 \| 00,021,568 \| R--- \| M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZius12.sys -- (HPZius12 [On_Demand \| Stopped]) DRV - [2007/10/30 05:25:54 \| 00,016,496 \| R--- \| M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZipr12.sys -- (HPZipr12 [On_Demand \| Stopped]) DRV - [2007/10/30 05:25:53 \| 00,049,920 \| R--- \| M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZid412.sys -- (HPZid412 [On_Demand \| Stopped]) DRV - [2006/10/04 22:42:42 \| 00,002,560 \| ---- \| M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k [System \| Running]) DRV - [2006/10/04 22:42:42 \| 00,002,432 \| ---- \| M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp [System \| Running]) DRV - [2006/06/09 22:58:22 \| 01,373,120 \| ---- \| M] (C-Media Inc) -- C:\WINDOWS\System32\drivers\cmuda.sys -- (cmuda [On_Demand \| Stopped]) DRV - [2004/08/04 08:00:00 \| 00,017,792 \| ---- \| M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand \| Running]) DRV - [2004/08/04 01:41:54 \| 01,041,536 \| ---- \| M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSFDPSP2.sys -- (HSF_DP [On_Demand \| Running]) DRV - [2004/08/04 01:41:48 \| 00,685,056 \| ---- \| M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSFCXTS2.sys -- (winachsf [On_Demand \| Running]) DRV - [2004/08/04 01:41:46 \| 00,220,032 \| ---- \| M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSFBS2S2.sys -- (HSFHWBS2 [On_Demand \| Running]) DRV - [2004/08/03 22:41:56 \| 00,011,868 \| ---- \| M] (Conexant) -- C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto \| Running]) DRV - [2004/08/03 22:31:36 \| 00,032,768 \| R--- \| M] (SiS Corporation) -- C:\WINDOWS\System32\DRIVERS\sisnic.sys -- (SISNIC [On_Demand \| Running]) DRV - [2004/08/03 22:29:52 \| 00,166,912 \| ---- \| M] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\DRIVERS\s3gnbm.sys -- (S3Psddr [On_Demand \| Stopped]) DRV - [2003/06/19 18:30:18 \| 00,752,764 \| ---- \| M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand \| Stopped]) DRV - [2003/03/25 05:50:46 \| 00,004,096 \| R--- \| M] (Silicon Integrated Systems Corp.) -- C:\WINDOWS\system32\DRIVERS\siside.sys -- (SiSide [Boot \| Running]) DRV - [2002/10/17 03:14:46 \| 00,049,024 \| R--- \| M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\system32\drivers\sisidex.sys -- (sisidex [Boot \| Running]) DRV - [2002/08/20 05:19:08 \| 00,009,472 \| R--- \| M] (Silicon Integrated Systems Corp.) -- C:\WINDOWS\system32\drivers\sisperf.sys -- (sisperf [Boot \| Running]) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60313 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Use Custom Search URL = 1 IE - HKLM\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - Reg Error: Key error. File not found IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://%69%6e%2e%77%65%62%63%6f%75%6e%74%65%72%2e%63%63/%2d/?%63%78%6c%6f%77 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://%69%6e%2e%77%65%62%63%6f%75%6e%74%65%72%2e%63%63/%2d%2d/?%63%78%6c%6f%77 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = My Web Search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultUrl = http://www.mywebsearch.com/jsp/cfg_redir2....ms}&gcht=to IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,AutoSearch = http://ie.search.msn.com/{SUB_RFC1766}/src...autosearch.aspx IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKCU\..\URLSearchHook: {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll (America Online, Inc.) IE - HKCU\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/10/16 19:28:46 \| 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2008/12/25 13:07:09 \| 00,000,000 \| ---D \| M] [2009/08/20 11:34:23 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\abby gibbs\Application Data\mozilla\Extensions [2009/06/12 16:03:45 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\abby gibbs\Application Data\mozilla\Extensions\mozswing@mozswing.org [2009/08/20 11:34:33 \| 00,000,000 \| ---D \| M] -- C:\Program Files\mozilla firefox\extensions [2008/12/25 13:09:08 \| 00,000,000 \| ---D \| M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [2008/06/17 16:12:42 \| 00,114,688 \| ---- \| M] (Adobe Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\np32dsw.dll [2009/04/19 18:23:12 \| 00,024,683 \| ---- \| M] (Ask.com) -- C:\Program Files\mozilla firefox\plugins\NPAskSBr.dll [2008/12/25 13:07:04 \| 00,410,984 \| ---- \| M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll [2008/06/11 22:45:28 \| 00,103,792 \| ---- \| M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2009/07/11 13:07:04 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2009/07/11 13:07:06 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2009/07/11 13:07:09 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2009/07/11 13:07:10 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2009/07/11 13:07:13 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2009/07/11 13:07:15 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2009/07/11 13:07:16 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2007/04/16 13:07:12 \| 00,180,293 \| ---- \| M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll [2008/08/29 10:01:22 \| 00,106,348 \| ---- \| M] (NOS Microsystems Ltd.) -- C:\Program Files\mozilla firefox\plugins\np_gp.dll O1 HOSTS File: (767 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {35C9BCE3-76CF-49C5-B7E1-C5DA6F112964} - C:\WINDOWS\System32\cbXRhiJB.dll File not found O2 - BHO: (AOLSearchHook Class) - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll (America Online, Inc.) O2 - BHO: (no name) - {7F0576B8-43C3-4FA3-BD99-C0EE8CE6FE3A} - C:\WINDOWS\System32\cbXPgfcb.dll File not found O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (no name) - {9218E8F6-C39D-4DFE-9DA8-8708F81D83D4} - C:\WINDOWS\System32\gllkk.dll File not found O2 - BHO: (Viewpoint Toolbar BHO) - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll File not found O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll File not found O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll File not found O2 - BHO: (Gamevance Text) - {BEAC7DC8-E106-4C6A-931E-5A42E7362883} - C:\Program Files\Gamevance\gvtl.dll File not found O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll File not found O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O2 - BHO: (no name) - {F61A81C9-5319-40CA-A8C5-79BB3873032E} - C:\WINDOWS\System32\hgGyyxuV.dll File not found O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (Microsoft Corporation) O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll File not found O3 - HKLM\..\Toolbar: (no name) - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - No CLSID value found. O3 - HKLM\..\Toolbar: (ZeroBar) - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\Program Files\NetZero\Toolbar.dll File not found O3 - HKLM\..\Toolbar: (Viewpoint Toolbar) - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll File not found O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll File not found O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AIMPro] C:\Program Files\AIM\AIM Pro\aimpro.exe File not found O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.) O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software) O4 - HKLM..\Run: [Cmaudio] File not found O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard) O4 - HKLM..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe (Hewlett-Packard) O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) O4 - HKLM..\Run: [KernelFaultCheck] File not found O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.) O4 - HKLM..\Run: [ReminderApp] C:\Program Files\Nova Development\Greeting Card Factory Photo Card Maker\ReminderApp.exe () O4 - HKLM..\Run: [SiSPower] C:\WINDOWS\System32\SiSPower.DLL (Silicon Integrated Systems Corporation) O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [Soundmx] C:\WINDOWS\System32\soundmx.exe File not found O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [WeatherOnTray] C:\Program Files\SpamBlockerUtility\Bin\4.8.4.0\SbWeatherOnTray.exe File not found O4 - HKCU..\Run: [Aim6] File not found O4 - HKCU..\Run: [DW6] C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe (The Weather Channel Interactive, Inc.) O4 - HKCU..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe File not found O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe File not found O4 - HKCU..\Run: [WhenUSave] C:\Program Files\Save\Save.exe File not found O4 - HKCU..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe File not found O4 - HKLM..\RunOnce: [DELDIR0.EXE] C:\DOCUME~1\MICHAE~1\LOCALS~1\Temp\DELDIR0.EXE File not found O4 - Startup: C:\Documents and Settings\abby gibbs\Start Menu\Programs\Startup\IMVU.lnk = C:\Program Files\IMVU\IMVUClient.exe File not found O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\LaunchU3.exe.lnk = C:\WINDOWS\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_294823.exe () O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html File not found O8 - Extra context menu item: &Search - Reg Error: Value error. File not found O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.) O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\abby gibbs\Start Menu\Programs\>chat\Run IMVU.lnk File not found O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) O9 - Extra Button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O12 - Plugin for: .fpx - C:\Program Files\Internet Explorer\PLUGINS\NPRVRT32.dll (iSee Media, Inc.) O12 - Plugin for: .ivr - C:\Program Files\Internet Explorer\PLUGINS\NPRVRT32.dll (iSee Media, Inc.) O16 - DPF: {00000075-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/voxacm.CAB (Reg Error: Key error.) O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file://C:\Program Files\Family Feud 2\Images\stg_drm.ocx (SpinTop DRM Control) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/pub/shock...director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support) O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine) O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photos.walmart.com/WalmartActivia.cab (Snapfish Activia) O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://by106fd.bay106.hotmail.msn.com/resources/MsnPUpld.cab (MSN Photo Upload Tool) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file://C:\Program Files\Home Sweet Home\Images\armhelper.ocx (ArmHelper Control) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object) O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O16 - DPF: PackageCab http://ak.imgag.com/imgag/cp/install/AxCtp2.cab (Reg Error: Key error.) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL () O18 - Protocol\Filter: - text/html - C:\WINDOWS\System32\gllkk.dll File not found O18 - Protocol\Filter: - text/plain - C:\WINDOWS\System32\gllkk.dll File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com) O20 - Winlogon\Notify\fccdaww: DllName - fccdaww.dll - File not found O24 - Desktop Components:0 (My Current Home Page) - About:Home O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\jkkKaawu) - File not found O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2003/04/25 17:20:00 \| 00,000,000 \| ---- \| M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: ('autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: (') - File not found O35 - comfile [open] -- "%1" % File not found O35 - exefile [open] -- "%1" %* File not found ========== Files/Folders - Created Within 30 Days ========== [2009/10/17 15:23:37 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2009/10/16 21:03:43 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com [2009/10/17 15:23:55 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\abby gibbs\Application Data\Malwarebytes [2009/10/16 21:02:55 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\abby gibbs\Application Data\SUPERAntiSpyware.com [2009/10/17 13:03:29 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\abby gibbs\Application Data\Windows Desktop Search [2009/10/17 21:09:01 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\abby gibbs\Local Settings\Application Data\ApplicationHistory [2009/10/17 13:09:28 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Common Files\Windows Live [2009/10/16 21:01:56 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Common Files\Wise Installation Wizard [2009/10/17 16:32:58 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Alwil Software [2009/10/17 15:19:26 \| 00,000,000 \| ---D \| C] -- C:\Program Files\ERUNT [2009/10/17 15:23:36 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Malwarebytes' Anti-Malware [2009/10/17 13:05:52 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Microsoft [2009/10/16 21:02:56 \| 00,000,000 \| ---D \| C] -- C:\Program Files\SUPERAntiSpyware [2009/10/17 13:02:02 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Windows Desktop Search [2009/10/18 12:53:29 \| 00,521,216 \| ---- \| C] (OldTimer Tools) -- C:\Documents and Settings\abby gibbs\Desktop\OTL.exe [2009/10/18 12:09:43 \| 00,000,000 \| ---D \| C] -- C:\WINDOWS\Minidump [2009/10/18 12:07:00 \| 00,472,064 \| ---- \| C] ( ) -- C:\Documents and Settings\abby gibbs\Desktop\RootRepeal.exe [2009/10/18 10:49:00 \| 00,000,000 \| ---D \| C] -- C:\VundoFix Backups [2009/10/18 10:48:27 \| 00,119,808 \| ---- \| C] (Atribune.org) -- C:\Documents and Settings\abby gibbs\Desktop\VundoFix.exe [2009/10/17 16:33:57 \| 00,023,152 \| ---- \| C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys [2009/10/17 16:33:55 \| 00,052,368 \| ---- \| C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys [2009/10/17 16:33:54 \| 00,027,408 \| ---- \| C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys [2009/10/17 16:33:48 \| 00,097,480 \| ---- \| C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr [2009/10/17 16:33:38 \| 00,020,560 \| ---- \| C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys [2009/10/17 16:33:37 \| 00,114,768 \| ---- \| C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys [2009/10/17 16:33:36 \| 00,094,160 \| ---- \| C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys [2009/10/17 16:33:36 \| 00,093,424 \| ---- \| C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys [2009/10/17 16:33:06 \| 01,279,968 \| ---- \| C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe [2009/10/17 15:23:40 \| 00,038,224 \| ---- \| C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009/10/17 15:23:37 \| 00,019,160 \| ---- \| C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2009/10/17 15:22:29 \| 04,045,536 \| ---- \| C] (Malwarebytes Corporation ) -- C:\Documents and Settings\abby gibbs\Desktop\mbam-setup.exe [2009/10/17 15:20:29 \| 00,000,000 \| ---D \| C] -- C:\WINDOWS\ERDNT [2009/10/17 15:17:36 \| 00,791,393 \| ---- \| C] (Lars Hederer ) -- C:\Documents and Settings\abby gibbs\Desktop\erunt_setup.exe [2009/10/17 15:11:04 \| 00,021,504 \| ---- \| C] (Doug Knox) -- C:\Documents and Settings\abby gibbs\Desktop\SysRestorePoint.exe [2009/10/17 14:50:24 \| 00,271,872 \| ---- \| C] (OldTimer Tools) -- C:\Documents and Settings\abby gibbs\Desktop\TFC.exe [2009/10/17 14:24:18 \| 00,000,000 \| -HSD \| C] -- C:\found.000 [2009/10/17 13:02:01 \| 00,000,000 \| ---D \| C] -- C:\WINDOWS\System32\GroupPolicy [2009/10/17 12:52:43 \| 00,000,000 \| ---D \| C] -- C:\WINDOWS\System32\URTTEMP [2009/10/17 11:12:28 \| 00,407,680 \| ---- \| C] (ALWIL Software) -- C:\Documents and Settings\abby gibbs\Desktop\aswclnr.exe [2009/10/16 20:21:53 \| 00,073,728 \| ---- \| C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl [2009/10/16 20:21:51 \| 00,149,280 \| ---- \| C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2009/10/16 20:21:50 \| 00,145,184 \| ---- \| C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2009/10/16 20:21:50 \| 00,145,184 \| ---- \| C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2009/10/16 20:09:05 \| 00,000,000 \| ---D \| C] -- C:\WINDOWS\Hewlett-Packard [2009/10/16 19:21:07 \| 00,000,000 \| ---D \| C] -- C:\f65b84e2e4240fa90ad618124feac6 [2009/10/16 18:44:56 \| 00,765,952 \| ---- \| C] (Sensaura Ltd) -- C:\WINDOWS\System\crlds3d.dll [2009/10/16 18:44:55 \| 00,712,704 \| ---- \| C] (Sensaura Ltd) -- C:\WINDOWS\System32\dllcache\a3d.dll [2009/10/16 18:44:55 \| 00,712,704 \| ---- \| C] (Sensaura Ltd) -- C:\WINDOWS\System32\Audio3D.dll [2009/10/16 18:44:55 \| 00,712,704 \| ---- \| C] (Sensaura Ltd) -- C:\WINDOWS\System32\a3d.dll [2009/09/23 11:18:08 \| 00,000,000 \| RH-D \| C] -- C:\VProRecovery [2007/01/13 17:54:46 \| 00,774,144 \| ---- \| C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll ========== Files - Modified Within 30 Days ========== [2009/10/21 18:38:00 \| 00,000,438 \| -H-- \| M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{EC38D439-C71D-4634-ABB5-81A502D0690D}.job [2009/10/21 18:07:07 \| 00,002,519 \| ---- \| M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\LaunchU3.exe.lnk [2009/10/21 18:02:39 \| 00,012,620 \| ---- \| M] () -- C:\WINDOWS\System32\wpa.dbl [2009/10/21 18:00:03 \| 00,000,006 \| -H-- \| M] () -- C:\WINDOWS\tasks\SA.DAT [2009/10/21 17:58:55 \| 00,002,048 \| --S- \| M] () -- C:\WINDOWS\bootstat.dat [2009/10/21 17:58:54 \| 23,440,9984 \| -HS- \| M] () -- C:\hiberfil.sys [2009/10/21 17:58:52 \| 23,443,8656 \| ---- \| M] () -- C:\WINDOWS\MEMORY.DMP [2009/10/21 14:20:21 \| 00,001,854 \| ---- \| M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk [2009/10/21 14:16:20 \| 00,291,328 \| ---- \| M] () -- C:\2ivqn74l.exe [2009/10/21 13:03:00 \| 00,000,284 \| ---- \| M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2009/10/18 17:30:24 \| 00,004,625 \| ---- \| M] () -- C:\WINDOWS\imsins.BAK [2009/10/18 17:29:59 \| 00,552,398 \| ---- \| M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2009/10/18 17:29:59 \| 00,463,470 \| ---- \| M] () -- C:\WINDOWS\System32\perfh009.dat [2009/10/18 17:29:59 \| 00,079,012 \| ---- \| M] () -- C:\WINDOWS\System32\perfc009.dat [2009/10/18 12:53:33 \| 00,521,216 \| ---- \| M] (OldTimer Tools) -- C:\Documents and Settings\abby gibbs\Desktop\OTL.exe [2009/10/18 12:07:01 \| 00,472,064 \| ---- \| M] ( ) -- C:\Documents and Settings\abby gibbs\Desktop\RootRepeal.exe [2009/10/18 10:48:28 \| 00,119,808 \| ---- \| M] (Atribune.org) -- C:\Documents and Settings\abby gibbs\Desktop\VundoFix.exe [2009/10/17 16:34:05 \| 00,001,709 \| ---- \| M] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk [2009/10/17 16:33:37 \| 00,002,626 \| ---- \| M] () -- C:\WINDOWS\System32\CONFIG.NT [2009/10/17 16:28:35 \| 38,786,848 \| ---- \| M] () -- C:\Documents and Settings\abby gibbs\Desktop\setupeng.exe [2009/10/17 15:23:44 \| 00,000,696 \| ---- \| M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2009/10/17 15:22:29 \| 04,045,536 \| ---- \| M] (Malwarebytes Corporation ) -- C:\Documents and Settings\abby gibbs\Desktop\mbam-setup.exe [2009/10/17 15:19:29 \| 00,000,611 \| ---- \| M] () -- C:\Documents and Settings\abby gibbs\Desktop\NTREGOPT.lnk [2009/10/17 15:19:29 \| 00,000,592 \| ---- \| M] () -- C:\Documents and Settings\abby gibbs\Desktop\ERUNT.lnk [2009/10/17 15:17:44 \| 00,791,393 \| ---- \| M] (Lars Hederer ) -- C:\Documents and Settings\abby gibbs\Desktop\erunt_setup.exe [2009/10/17 15:11:11 \| 00,021,504 \| ---- \| M] (Doug Knox) -- C:\Documents and Settings\abby gibbs\Desktop\SysRestorePoint.exe [2009/10/17 14:50:28 \| 00,271,872 \| ---- \| M] (OldTimer Tools) -- C:\Documents and Settings\abby gibbs\Desktop\TFC.exe [2009/10/17 13:02:40 \| 00,001,787 \| ---- \| M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk [2009/10/17 12:44:41 \| 00,000,363 \| ---- \| M] () -- C:\Documents and Settings\abby gibbs\Desktop\Microsoft Windows Error Reporting.url [2009/10/17 11:12:34 \| 00,407,680 \| ---- \| M] (ALWIL Software) -- C:\Documents and Settings\abby gibbs\Desktop\aswclnr.exe [2009/10/16 21:52:21 \| 00,001,028 \| ---- \| M] () -- C:\WINDOWS\win.ini [2009/10/16 21:26:58 \| 00,116,839 \| ---- \| M] () -- C:\WINDOWS\hpqins00.dat [2009/10/16 21:21:38 \| 00,001,808 \| ---- \| M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2009/10/16 21:03:08 \| 00,000,780 \| ---- \| M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk [2009/10/16 21:01:03 \| 07,280,672 \| ---- \| M] () -- C:\Documents and Settings\abby gibbs\Desktop\SUPERAntiSpyware.exe [2009/10/02 14:01:57 \| 25,198,016 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe ========== Files - No Company Name ========== [2009/10/21 14:20:21 \| 00,001,854 \| ---- \| C] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk [2009/10/21 14:16:16 \| 00,291,328 \| ---- \| C] () -- C:\2ivqn74l.exe [2009/10/17 16:34:05 \| 00,001,709 \| ---- \| C] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk [2009/10/17 16:33:06 \| 00,380,928 \| ---- \| C] () -- C:\WINDOWS\System32\actskin4.ocx [2009/10/17 16:28:26 \| 38,786,848 \| ---- \| C] () -- C:\Documents and Settings\abby gibbs\Desktop\setupeng.exe [2009/10/17 15:23:44 \| 00,000,696 \| ---- \| C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2009/10/17 15:19:29 \| 00,000,611 \| ---- \| C] () -- C:\Documents and Settings\abby gibbs\Desktop\NTREGOPT.lnk [2009/10/17 15:19:29 \| 00,000,592 \| ---- \| C] () -- C:\Documents and Settings\abby gibbs\Desktop\ERUNT.lnk [2009/10/17 13:15:26 \| 23,440,9984 \| -HS- \| C] () -- C:\hiberfil.sys [2009/10/17 13:02:40 \| 00,001,787 \| ---- \| C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk [2009/10/17 12:44:41 \| 00,000,363 \| ---- \| C] () -- C:\Documents and Settings\abby gibbs\Desktop\Microsoft Windows Error Reporting.url [2009/10/16 21:21:36 \| 00,001,808 \| ---- \| C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2009/10/16 21:10:37 \| 00,116,839 \| ---- \| C] () -- C:\WINDOWS\hpqins00.dat [2009/10/16 21:03:08 \| 00,000,780 \| ---- \| C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk [2009/10/16 21:01:03 \| 07,280,672 \| ---- \| C] () -- C:\Documents and Settings\abby gibbs\Desktop\SUPERAntiSpyware.exe [2009/10/16 18:39:14 \| 00,000,438 \| -H-- \| C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{EC38D439-C71D-4634-ABB5-81A502D0690D}.job [2009/08/30 15:34:40 \| 00,000,000 \| ---- \| C] () -- C:\WINDOWS\ResortingToDanger.INI [2009/08/22 22:22:16 \| 04,318,086 \| -H-- \| C] () -- C:\Documents and Settings\abby gibbs\Local Settings\Application Data\IconCache.db [2008/09/01 19:12:50 \| 00,002,026 \| ---- \| C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log [2008/07/10 15:45:21 \| 00,000,000 \| ---- \| C] () -- C:\WINDOWS\Transmogrifier-1.4.INI [2008/07/03 17:40:45 \| 00,238,421 \| -HS- \| C] () -- C:\WINDOWS\System32\VvFgQtwa.ini2 [2008/07/01 15:38:00 \| 00,000,000 \| ---- \| C] () -- C:\Program Files\temp01 [2008/05/29 15:16:10 \| 01,483,103 \| -HS- \| C] () -- C:\WINDOWS\System32\yostkubw.ini [2008/05/27 18:46:43 \| 01,483,043 \| -HS- \| C] () -- C:\WINDOWS\System32\uoxktifl.ini [2008/05/26 17:35:35 \| 01,468,110 \| -HS- \| C] () -- C:\WINDOWS\System32\jtukfdhd.ini [2008/05/25 16:52:26 \| 01,553,781 \| -HS- \| C] () -- C:\WINDOWS\System32\gxyedhvq.ini [2008/05/24 16:52:07 \| 01,553,661 \| -HS- \| C] () -- C:\WINDOWS\System32\hhehpqat.ini [2008/05/23 16:44:54 \| 01,553,481 \| -HS- \| C] () -- C:\WINDOWS\System32\cdeuoils.ini [2008/05/20 17:39:07 \| 01,532,164 \| -HS- \| C] () -- C:\WINDOWS\System32\ysxocbmd.ini [2008/05/19 15:46:21 \| 01,505,692 \| -HS- \| C] () -- C:\WINDOWS\System32\uagspmii.ini [2008/05/19 15:36:48 \| 00,805,429 \| -HS- \| C] () -- C:\WINDOWS\System32\uwaaKkkj.ini2 [2008/05/19 15:36:42 \| 00,004,885 \| -HS- \| C] () -- C:\WINDOWS\System32\uwaaKkkj.ini [2008/05/18 14:11:25 \| 01,505,632 \| -HS- \| C] () -- C:\WINDOWS\System32\xtfsrgco.ini [2008/05/17 19:30:35 \| 01,466,948 \| -HS- \| C] () -- C:\WINDOWS\System32\ihdppeil.ini [2008/05/17 12:44:20 \| 01,466,828 \| -HS- \| C] () -- C:\WINDOWS\System32\gbxsijyy.ini [2008/05/17 11:21:16 \| 01,467,060 \| -HS- \| C] () -- C:\WINDOWS\System32\ayexoesp.ini [2008/05/16 23:30:50 \| 00,006,869 \| -HS- \| C] () -- C:\WINDOWS\System32\JQrsCJjl.ini2 [2008/05/16 20:41:24 \| 01,467,000 \| -HS- \| C] () -- C:\WINDOWS\System32\uhvsujls.ini [2008/05/14 19:57:20 \| 01,347,772 \| -HS- \| C] () -- C:\WINDOWS\System32\lloXwGgh.ini2 [2008/05/13 15:23:43 \| 01,179,513 \| -HS- \| C] () -- C:\WINDOWS\System32\OUFPstwa.ini2 [2008/05/11 22:05:27 \| 00,006,623 \| -HS- \| C] () -- C:\WINDOWS\System32\ikmnmnnn.ini2 [2008/05/10 16:22:18 \| 00,007,042 \| -HS- \| C] () -- C:\WINDOWS\System32\AKmUBcdd.ini2 [2008/05/08 15:06:48 \| 00,007,286 \| -HS- \| C] () -- C:\WINDOWS\System32\onVxayxx.ini2 [2008/05/05 15:08:47 \| 00,007,263 \| -HS- \| C] () -- C:\WINDOWS\System32\vyxIOqru.ini2 [2008/05/01 15:25:38 \| 00,006,932 \| -HS- \| C] () -- C:\WINDOWS\System32\GgNmnqru.ini2 [2008/04/26 09:36:52 \| 00,007,335 \| -HS- \| C] () -- C:\WINDOWS\System32\cfgOYJjl.ini2 [2008/04/26 09:36:49 \| 00,007,335 \| -HS- \| C] () -- C:\WINDOWS\System32\cfgOYJjl.ini [2008/04/22 22:10:25 \| 00,006,379 \| -HS- \| C] () -- C:\WINDOWS\System32\VuxyyGgh.ini2 [2008/04/22 22:10:24 \| 00,006,929 \| -HS- \| C] () -- C:\WINDOWS\System32\VuxyyGgh.ini [2008/04/16 15:04:32 \| 01,352,987 \| -HS- \| C] () -- C:\WINDOWS\System32\BJihRXbc.ini2 [2008/04/16 15:04:30 \| 01,353,103 \| -HS- \| C] () -- C:\WINDOWS\System32\BJihRXbc.ini [2008/04/10 15:33:55 \| 00,006,869 \| -HS- \| C] () -- C:\WINDOWS\System32\JQrsCJjl.ini [2008/03/12 19:44:09 \| 00,000,118 \| ---- \| C] () -- C:\WINDOWS\System32\MRT.INI [2008/03/12 19:15:23 \| 02,004,383 \| -HS- \| C] () -- C:\WINDOWS\System32\nebgeuhs.ini [2008/03/06 21:42:33 \| 00,030,254 \| ---- \| C] () -- C:\Documents and Settings\abby gibbs\Application Data\update.log [2008/02/28 10:49:59 \| 01,339,243 \| -HS- \| C] () -- C:\WINDOWS\System32\vohncgti.ini [2008/02/27 10:48:58 \| 01,254,692 \| -HS- \| C] () -- C:\WINDOWS\System32\cspftviw.ini [2008/02/26 10:49:05 \| 01,244,761 \| -HS- \| C] () -- C:\WINDOWS\System32\jquwuqvk.ini [2008/02/24 16:37:26 \| 01,260,526 \| -HS- \| C] () -- C:\WINDOWS\System32\httyhiuu.ini [2008/02/23 16:37:05 \| 01,253,954 \| -HS- \| C] () -- C:\WINDOWS\System32\giclotli.ini [2008/02/22 16:34:06 \| 01,253,894 \| -HS- \| C] () -- C:\WINDOWS\System32\nthgwadi.ini [2008/02/21 16:29:24 \| 01,253,848 \| -HS- \| C] () -- C:\WINDOWS\System32\itawsriv.ini [2008/02/20 15:12:58 \| 01,212,543 \| -HS- \| C] () -- C:\WINDOWS\System32\bjybqqmm.ini [2008/02/19 10:15:18 \| 01,244,763 \| -HS- \| C] () -- C:\WINDOWS\System32\wjtejyvy.ini [2008/01/27 14:12:03 \| 00,169,198 \| -HS- \| C] () -- C:\WINDOWS\System32\xbadd.ini [2008/01/26 07:28:21 \| 00,000,048 \| ---- \| C] () -- C:\WINDOWS\data.ini [2007/09/27 10:51:02 \| 00,020,698 \| ---- \| C] () -- C:\WINDOWS\System32\idxcntrs.ini [2007/09/27 10:48:48 \| 00,030,628 \| ---- \| C] () -- C:\WINDOWS\System32\gsrvctr.ini [2007/09/27 10:48:28 \| 00,031,698 \| ---- \| C] () -- C:\WINDOWS\System32\gthrctr.ini [2007/01/13 18:05:57 \| 00,000,021 \| ---- \| C] () -- C:\WINDOWS\atid.ini [2006/07/17 09:51:39 \| 00,017,920 \| ---- \| C] () -- C:\Documents and Settings\abby gibbs\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2006/07/16 20:31:58 \| 00,017,632 \| ---- \| C] () -- C:\WINDOWS\cdplayer.ini [2006/04/17 13:14:54 \| 00,083,498 \| R--- \| C] () -- C:\WINDOWS\VGAsetup.ini [2006/04/17 13:14:54 \| 00,035,037 \| ---- \| C] () -- C:\WINDOWS\System32\VGAunistlog.ini [2006/04/17 12:53:06 \| 00,139,264 \| ---- \| C] () -- C:\WINDOWS\System32\IDEproperty.dll [2006/04/17 12:52:50 \| 00,156,672 \| ---- \| C] () -- C:\WINDOWS\System32\RTLCPAPI.dll [2006/01/20 14:55:59 \| 00,000,617 \| ---- \| C] () -- C:\WINDOWS\muncher.ini [2006/01/20 13:52:47 \| 00,012,288 \| ---- \| C] () -- C:\WINDOWS\System32\impborl.dll [2006/01/08 14:37:12 \| 00,108,032 \| ---- \| C] () -- C:\WINDOWS\System32\sh33w32.dll [2006/01/07 09:35:16 \| 00,000,047 \| ---- \| C] () -- C:\WINDOWS\STRINGS.INI [2005/12/17 11:25:55 \| 00,000,035 \| ---- \| C] () -- C:\WINDOWS\DAVIDSON.INI [2005/12/17 11:25:55 \| 00,000,028 \| ---- \| C] () -- C:\WINDOWS\KIDPHON.INI [2005/11/20 10:06:30 \| 00,000,023 \| ---- \| C] () -- C:\WINDOWS\Edmark.ini [2005/11/11 11:07:34 \| 00,000,141 \| ---- \| C] () -- C:\WINDOWS\TLCAPPS.INI [2005/10/23 08:23:57 \| 00,000,051 \| ---- \| C] () -- C:\WINDOWS\SSAWDEMO.INI [2005/10/23 08:21:15 \| 00,000,258 \| ---- \| C] () -- C:\WINDOWS\QTW.INI [2005/09/20 19:44:49 \| 00,001,062 \| ---- \| C] () -- C:\WINDOWS\KA.INI [2005/06/16 17:36:32 \| 00,000,000 \| ---- \| C] () -- C:\WINDOWS\SETUP32.INI [2005/06/15 15:53:21 \| 00,063,280 \| ---- \| C] () -- C:\Documents and Settings\abby gibbs\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [2005/05/22 10:34:50 \| 00,000,823 \| ---- \| C] () -- C:\WINDOWS\tsc.ini [2005/05/22 10:34:49 \| 00,071,749 \| ---- \| C] () -- C:\WINDOWS\hcextoutput.dll [2005/05/22 10:33:54 \| 00,000,170 \| ---- \| C] () -- C:\WINDOWS\GetServer.ini [2004/08/03 20:56:46 \| 00,363,520 \| ---- \| C] () -- C:\WINDOWS\System32\psisdecd.dll [2004/07/14 19:15:04 \| 00,000,741 \| ---- \| C] () -- C:\WINDOWS\wininit.ini [2004/07/14 19:14:35 \| 00,000,004 \| ---- \| C] () -- C:\WINDOWS\msoffice.ini [2004/06/23 13:04:28 \| 00,000,000 \| ---- \| C] () -- C:\WINDOWS\MADCCS.INI [2004/06/23 13:04:28 \| 00,000,000 \| ---- \| C] () -- C:\WINDOWS\MADCCF.INI [2004/05/03 17:24:54 \| 00,001,025 \| ---- \| C] () -- C:\WINDOWS\hegames.ini [2004/03/29 17:06:04 \| 00,000,340 \| ---- \| C] () -- C:\WINDOWS\lexstat.ini [2004/03/29 17:06:01 \| 00,328,704 \| ---- \| C] () -- C:\WINDOWS\System32\dosfnt32.dll [2004/03/29 17:06:01 \| 00,163,840 \| ---- \| C] () -- C:\WINDOWS\System32\ldepcl32.dll [2004/02/04 09:38:07 \| 00,000,000 \| ---- \| C] () -- C:\WINDOWS\AutoRun.INI [2004/01/19 11:32:16 \| 00,000,990 \| ---- \| C] () -- C:\WINDOWS\Disney.ini [2003/12/17 21:15:29 \| 00,001,028 \| ---- \| C] () -- C:\WINDOWS\win.ini [2003/12/17 14:01:41 \| 00,063,280 \| ---- \| C] () -- C:\Documents and Settings\abby gibbs\Application Data\GDIPFONTCACHEV1.DAT [2003/09/29 14:53:00 \| 00,000,035 \| ---- \| C] () -- C:\WINDOWS\A5W.INI [2003/09/16 13:15:30 \| 00,000,062 \| -HS- \| C] () -- C:\Documents and Settings\abby gibbs\Application Data\desktop.ini [2003/09/08 21:17:00 \| 00,004,094 \| ---- \| C] () -- C:\WINDOWS\System32\rtcsses.dll [2003/09/08 21:17:00 \| 00,004,094 \| ---- \| C] () -- C:\WINDOWS\System32\dimces.dll [2003/06/24 02:35:09 \| 00,000,482 \| ---- \| C] () -- C:\WINDOWS\ODBC.INI [2003/04/25 18:42:29 \| 00,000,061 \| ---- \| C] () -- C:\WINDOWS\smscfg.ini [2003/04/25 17:42:24 \| 00,001,065 \| ---- \| C] () -- C:\WINDOWS\winamp.ini [2003/04/25 17:41:52 \| 00,000,310 \| ---- \| C] () -- C:\WINDOWS\net2fone.ini [2003/04/25 17:07:15 \| 00,001,094 \| ---- \| C] () -- C:\WINDOWS\System32\oeminfo.ini [2003/04/25 17:07:15 \| 00,000,453 \| ---- \| C] () -- C:\WINDOWS\System32\emver.ini [2003/04/25 17:06:58 \| 00,000,243 \| ---- \| C] () -- C:\WINDOWS\SYSTEM.INI [2003/04/25 10:11:29 \| 00,000,062 \| -HS- \| C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini [2003/02/19 01:26:28 \| 00,028,672 \| ---- \| C] () -- C:\WINDOWS\System32\cmirmdrv.dll [2002/12/10 00:00:00 \| 01,708,032 \| ---- \| C] () -- C:\WINDOWS\System32\MSO97V.DLL [2002/12/10 00:00:00 \| 00,036,864 \| ---- \| C] () -- C:\WINDOWS\System32\DOCOBJ.DLL [2002/12/10 00:00:00 \| 00,032,768 \| ---- \| C] () -- C:\WINDOWS\System32\MSORFS.DLL [1999/07/23 13:46:48 \| 00,000,116 \| ---- \| C] () -- C:\WINDOWS\AuHCcup1.ini [1999/07/23 10:53:20 \| 00,129,536 \| ---- \| C] () -- C:\WINDOWS\AuHCcup1.dll [1997/11/17 18:13:16 \| 00,010,240 \| ---- \| C] () -- C:\WINDOWS\System32\vidx16.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DB44773F @Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B19CC382 @Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:47417312 @Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3D6E82D7 @Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:33384BC0 @Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1B2C4A0E @Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C47E54BB @Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BF3D0EA3 @Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BA05E0C4 @Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AA3339BE @Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:920E58B7 @Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:878F15F1 @Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5D2A2F0A @Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3B00070D @Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2B99FE60 @Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1FA003F9 @Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:16C36E31 @Alternate Data Stream - 97 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D8134D8F @Alternate Data Stream - 97 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8FDE078B @Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D994162E @Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:620EC79A @Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3FD496E1 @Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:275AA066 @Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0AC32449 @Alternate Data Stream - 2628 bytes -> C:\WINDOWS\System32\OEMLOGO.BMP:Q30lsldxJoudresxAaaqpcawXc @Alternate Data Stream - 158 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3B4742F4 @Alternate Data Stream - 150 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C210B4D5 @Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2C321309 @Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AB7FF0C9 @Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F8342E7B @Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:45F31C4F @Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A3E39A49 @Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:65D73220 @Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D09AEE3D @Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E5121D26 @Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1A15C0AF @Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1AD90C3 @Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5313B881 @Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CC0D80AD @Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5D351BC6 @Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F880DE59 @Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D31BE97C @Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C74B70E6 @Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BB0256E7 @Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4DDCE10B @Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:26939499 @Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:03392111 @Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EA5470E8 @Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E71141D2 @Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DCE8F703 @Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7E22C00F @Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:799F5445 @Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6FBD5837 @Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:294A5F28 @Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:28616E30 @Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0C22BA56 @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E106B617 @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D5D1F833 @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CCE90031 @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A07C14AE @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9D5BB34A @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6F99A630 @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6B86037F @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5F280981 @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3BFA9622 @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:395C0D36 @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:25D37F9D @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CB20114 @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:144B593B @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F7120F9A @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D8669B93 @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5EE41602 @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:56486BDA @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3E2343A8 @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:33FB0D9F @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:27AAAD97 @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2430E4FC @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1841A803 @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:105C8D3E @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0FE90888 @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CDDC784F @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:94A4DF77 @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:943E8182 @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8F47E9A6 @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7B89DF83 @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6638AEDF @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4FBA7D5F @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4E2EA264 @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3B3A35EC @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:38091CBB @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:37E0CB70 @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2396CABF @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0EECBA6F @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F52E80AA @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DC1F5FA4 @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D8A7F3FF @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BF0B4A17 @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A6E981A9 @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A4F0E644 @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9D3A7233 @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:97C4F81F @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7B403ABD @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:75A89023 @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2AF596C6 @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0DF61DDA @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0142BC01 @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FA78B902 @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E702DD04 @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9D0CEAB7 @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9BCC8D9F @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8B45EB96 @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8543BABC @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7025E8E7 @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2CC3B9D1 @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2B454E16 @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:27790C06 @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0DFE2AE1 @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05E95A33 @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:01C1407E @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1D597D0 @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D0ED9DB7 @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BDE339B9 @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9E884078 @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:84B1FB12 @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:814B9485 @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7307D080 @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4C0E4E8D @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:42F46912 @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:38E2864F @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:13E7A9FC @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:99963C1E @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:70C0282D @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:575220F6 @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4F50E80F @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4CD05674 @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4B121B40 @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:48429D0E @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:24641E0D @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0C19FC3F @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB9AF090 @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C8019535 @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B243260B @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:913CA408 @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7E6889B0 @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7CB2D3F8 @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:79AC0D92 @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:70A1462A @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6C491D31 @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C270C64 @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F67AAFC5 @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F4F720BA @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E8FA1D03 @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E11ABA64 @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CC81AA95 @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C9478477 @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BF2E2F0E @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9857FAE3 @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:91191703 @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8EC55520 @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:43E0EC8A @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:32CA3B19 @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F1DEA771 @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E943D067 @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E27E39D4 @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E22FF3D0 @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B1FF6C10 @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AFB00961 @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AADC76BA @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A7DA2BCD @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:936CD24D @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:93226FE3 @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6D632CD7 @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:63CFD724 @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4E1E5A60 @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:48FEA089 @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2CDB9CA3 @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FE49EF15 @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D53344E0 @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CE6885F1 @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C70C5141 @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BDB40AA4 @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AE9D0697 @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AB779CF8 @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A6346EE9 @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:98DFF516 @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:97C84299 @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:895CFFA7 @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:833F31B3 @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6B520784 @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5433DBEF @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4F636E25 @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2871B698 @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:10D98D98 @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EC7FF5F9 @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DE74F4A9 @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CA286EFE @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AEC895D8 @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ADBD0C70 @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8E8B5D7 @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7B653AA4 @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:649ABDC5 @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:561B1D2B @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:543CAD1B @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2F99F761 @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2DD00E73 @Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D2648A4D @Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B503DFC8 @Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ADD788AD @Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:98DAC1F7 @Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:94A6C632 @Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:672C5D08 @Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C53D1D2 @Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:483AC68A @Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:38EDA867 @Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:247A9485 @Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:132E98A6 @Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0E684266 @Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F76D01BB @Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E1982A23 @Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DD24DCF8 @Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CE6DC5DD @Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B15F27E2 @Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A5A7CB1B @Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8A0D1C2B @Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:867718D2 @Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:42D7FF24 @Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B7C7BAE @Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C90C4DBA @Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9744B982 @Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7A0EFE63 @Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:644C73AD @Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:33AFD01D @Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3214A283 @Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:24B6E2C7 @Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:14E72C90 @Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07BEA161 @Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EC0A74A1 @Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EA457ABC @Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A561576B @Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7FEA1229 @Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5AB76595 @Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:52641FBE @Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EB170088 @Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E2989574 @Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D4CA4749 @Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CE2795CA @Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C8A0BC27 @Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5F3235B3 @Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2BC498A4 @Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:27A6A257 @Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:260575F1 @Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0E689CAC @Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0DE2EF01 @Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F5B69884 @Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E2F80D1D @Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E1D818F7 @Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:753A0081 @Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6666A16B @Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6520B0F3 @Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5E1404CE @Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:55CC6CC3 @Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:47920A31 @Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:27BABCD8 @Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0BE2307D @Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0551F1FA @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EE83CC97 @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E91ADC66 @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C07A6A6B @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B8953510 @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9B2EDA15 @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:92B0AEE6 @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8ACBDE06 @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6D549BCC @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3C4C57F9 @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:383197E6 @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1F05E220 @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:118DA42D @Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C2D3186E @Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B7C0A73F @Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AA37E770 @Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:551BED5F @Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:32C16177 @Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2EF1B11F @Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2838BE0A @Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:18173A8E @Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1505883A @Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F0762150 @Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E027C556 @Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D9B8E3C6 @Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C9A6CD7C @Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B4CF4C16 @Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:99762419 @Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:65A693A1 @Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:60C47453 @Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:57BF34C6 @Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4072646B @Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FB97DB91 @Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E4F5D824 @Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9884A8C7 @Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:729F5FF8 @Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:723E56EC @Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4862644E @Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3BAD65EA @Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D9092478 @Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D669DCA2 @Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D4B8378D @Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A7C9AD48 @Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9C82FC0D @Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:91DEA808 @Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:85F55C68 @Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7B89E8A0 @Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:79CBD5FF @Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7881FECE @Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:73BF05FF @Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:68F81F4B @Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5979B8CC @Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:455CF8C6 @Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:44EBAA62 @Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2836460B @Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:062AF572 @Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D3EEA250 @Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB16385F @Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C3F61B65 @Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B7A22351 @Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:61E5F0F7 @Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6122E243 @Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C6EBC69 @Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4F96D8E6 @Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4E6B8D68 @Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:482CC303 @Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E3CEEC4C @Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9B285B76 @Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:949483BD @Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:940EEA60 @Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:55119B17 @Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:39A47FAD @Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ED796303 @Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DA50D64F @Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8E864AC @Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8DD623B3 @Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6F3FE688 @Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3D36932D @Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:16E7793D @Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:145EE4E0 @Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:09064307 @Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:017C5853 @Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EF71CAB5 @Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E0E19514 @Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D3CD6049 @Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C720B492 @Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7C3E753C @Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:753B8DFE @Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:604AF115 @Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5E196FE2 @Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5D10517E @Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:590B1A90 @Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3E7180F4 @Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3CD562B4 @Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3BBD95D6 @Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:349CACE5 @Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:276B1630 @Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:17FCBFF6 @Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EA1582F8 @Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D0668210 @Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1E6212E6 @Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0D82FC9D < End of report >

katheryn65 View Member Profile	Oct 21 2009, 05:00 PM Post #4
Member Posts: 35 From: NH OS: win xp pro	Hi there, I d/l what you said and ran the program no problems (other than it was very long) once completed, it showed the log and then took away my keyboard and mouse, so i was unable to save it??? I was able to run and save the OTL log....here it is OTL logfile created on: 10/21/2009 6:34:20 PM - Run 2 OTL by OldTimer - Version 3.0.21.0 Folder = C:\Documents and Settings\abby gibbs\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 \| Country: United States \| Language: ENU \| Date Format: M/d/yyyy 223.48 Mb Total Physical Memory \| 74.57 Mb Available Physical Memory \| 33.37% Memory free 722.57 Mb Paging File \| 328.06 Mb Available in Paging File \| 45.40% Paging File free Paging file location(s): c:\pagefile.sys 512 768 [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\WINDOWS \| %ProgramFiles% = C:\Program Files Drive C: \| 38.23 Gb Total Space \| 11.41 Gb Free Space \| 29.86% Space Free \| Partition Type: NTFS Drive D: \| 0.37 Mb Total Space \| 0.00 Mb Free Space \| 0.00% Space Free \| Partition Type: CDFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: GIBBS Current User Name: abby gibbs Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2009/10/18 12:53:33 \| 00,521,216 \| ---- \| M] (OldTimer Tools) -- C:\Documents and Settings\abby gibbs\Desktop\OTL.exe PRC - [2009/10/12 21:24:50 \| 02,000,112 \| ---- \| M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe PRC - [2009/09/15 06:56:48 \| 00,081,000 \| ---- \| M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe PRC - [2009/09/15 06:56:43 \| 00,138,680 \| ---- \| M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe PRC - [2009/09/15 06:56:28 \| 00,254,040 \| ---- \| M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe PRC - [2009/09/15 06:54:13 \| 00,352,920 \| ---- \| M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe PRC - [2009/09/15 06:49:40 \| 00,018,752 \| ---- \| M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe PRC - [2009/07/25 05:23:12 \| 00,149,280 \| ---- \| M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe PRC - [2009/07/25 05:23:10 \| 00,153,376 \| ---- \| M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe PRC - [2009/07/13 14:03:10 \| 00,292,128 \| ---- \| M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe PRC - [2009/07/13 14:02:50 \| 00,542,496 \| ---- \| M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe PRC - [2009/06/05 11:48:14 \| 00,144,712 \| ---- \| M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe PRC - [2009/03/30 16:28:36 \| 01,533,808 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE PRC - [2009/03/30 16:28:36 \| 00,183,152 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe PRC - [2008/05/26 22:19:14 \| 00,123,904 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Windows Desktop Search\WindowsSearch.exe PRC - [2008/04/13 20:12:19 \| 01,033,728 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE PRC - [2008/03/25 20:49:02 \| 00,184,320 \| ---- \| M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe PRC - [2008/03/25 20:49:00 \| 00,569,344 \| ---- \| M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe PRC - [2008/03/25 20:40:42 \| 00,214,360 \| ---- \| M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe PRC - [2007/11/02 20:12:50 \| 00,262,144 \| ---- \| M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe PRC - [2007/10/14 21:17:32 \| 00,049,152 \| ---- \| M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\HPWuSchd2.exe PRC - [2007/01/04 17:38:08 \| 00,024,652 \| ---- \| M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe PRC - [2006/11/02 11:21:18 \| 00,156,160 \| ---- \| M] () -- C:\Program Files\Nova Development\Greeting Card Factory Photo Card Maker\ReminderApp.exe PRC - [2005/10/11 13:58:52 \| 00,921,600 \| ---- \| M] () -- C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe PRC - [2003/06/10 22:12:28 \| 00,055,296 \| ---- \| M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE ========== Win32 Services (SafeList) ========== SRV - File not found -- -- (GoogleDesktopManager [On_Demand \| Stopped]) SRV - File not found -- -- (CLTNetCnService [Auto \| Stopped]) SRV - [2009/09/15 06:56:43 \| 00,138,680 \| ---- \| M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto \| Running]) SRV - [2009/09/15 06:56:28 \| 00,254,040 \| ---- \| M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand \| Running]) SRV - [2009/09/15 06:54:13 \| 00,352,920 \| ---- \| M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand \| Stopped]) SRV - [2009/09/15 06:49:40 \| 00,018,752 \| ---- \| M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto \| Running]) SRV - [2009/08/20 13:33:09 \| 00,182,768 \| ---- \| M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand \| Stopped]) SRV - [2009/07/25 05:23:10 \| 00,153,376 \| ---- \| M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto \| Running]) SRV - [2009/07/13 14:02:50 \| 00,542,496 \| ---- \| M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand \| Running]) SRV - [2009/06/05 11:48:14 \| 00,144,712 \| ---- \| M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto \| Running]) SRV - [2009/03/30 16:28:36 \| 01,533,808 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc [Auto \| Running]) SRV - [2008/08/29 10:01:22 \| 00,033,752 \| ---- \| M] (NOS Microsystems Ltd.) -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus® Helper [On_Demand \| Stopped]) SRV - [2008/07/29 21:10:04 \| 00,046,104 \| ---- \| M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand \| Stopped]) SRV - [2008/07/29 19:24:50 \| 00,881,664 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown \| Stopped]) SRV - [2008/07/29 19:16:38 \| 00,132,096 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled \| Stopped]) SRV - [2008/07/25 11:17:02 \| 00,069,632 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand \| Stopped]) SRV - [2008/07/25 11:16:40 \| 00,034,312 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand \| Stopped]) SRV - [2008/07/18 13:13:20 \| 00,053,760 \| ---- \| M] (Hewlett-Packard) -- C:\WINDOWS\System32\HPZipm12.dll -- (Pml Driver HPZ12 [Auto \| Running]) SRV - [2008/07/18 13:13:20 \| 00,044,032 \| ---- \| M] (Hewlett-Packard) -- C:\WINDOWS\System32\HPZinw12.dll -- (Net Driver HPZ12 [Auto \| Running]) SRV - [2008/04/13 20:12:02 \| 00,038,400 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto \| Running]) SRV - [2008/03/25 21:27:36 \| 00,135,168 \| ---- \| M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc [Auto \| Running]) SRV - [2008/03/25 20:38:24 \| 00,217,088 \| ---- \| M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08 [On_Demand \| Running]) SRV - [2007/01/04 17:38:08 \| 00,024,652 \| ---- \| M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service [Auto \| Running]) SRV - [2006/10/18 21:05:24 \| 00,913,408 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand \| Stopped]) ========== Driver Services (SafeList) ========== DRV - [2009/10/12 21:24:56 \| 00,007,408 \| R--- \| M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand \| Running]) DRV - [2009/10/12 21:24:54 \| 00,009,968 \| ---- \| M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV [System \| Running]) DRV - [2009/10/12 21:24:52 \| 00,074,480 \| ---- \| M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys -- (SASKUTIL [System \| Running]) DRV - [2009/09/15 06:56:14 \| 00,094,160 \| ---- \| M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2 [Auto \| Running]) DRV - [2009/09/15 06:55:30 \| 00,114,768 \| ---- \| M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP [System \| Running]) DRV - [2009/09/15 06:55:19 \| 00,020,560 \| ---- \| M] (ALWIL Software) -- C:\WINDOWS\System32\DRIVERS\aswFsBlk.sys -- (aswFsBlk [Auto \| Running]) DRV - [2009/09/15 06:54:30 \| 00,052,368 \| ---- \| M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi [System \| Running]) DRV - [2009/09/15 06:54:21 \| 00,023,152 \| ---- \| M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr [On_Demand \| Running]) DRV - [2009/09/15 06:53:24 \| 00,027,408 \| ---- \| M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4 [System \| Running]) DRV - [2009/06/05 11:42:38 \| 00,039,424 \| ---- \| M] (Apple, Inc.) -- C:\WINDOWS\System32\Drivers\usbaapl.sys -- (USBAAPL [On_Demand \| Stopped]) DRV - [2009/06/05 03:24:30 \| 00,019,200 \| ---- \| M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\DRIVERS\srvkp.sys -- (SiSkp [System \| Running]) DRV - [2009/06/05 03:02:46 \| 00,323,584 \| ---- \| M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\DRIVERS\sisgrp.sys -- (SiS315 [On_Demand \| Running]) DRV - [2009/03/19 16:32:48 \| 00,023,400 \| ---- \| M] (GEAR Software Inc.) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand \| Running]) DRV - [2008/02/22 22:38:33 \| 00,043,872 \| ---- \| M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot \| Running]) DRV - [2007/11/13 06:25:53 \| 00,020,480 \| ---- \| M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [Auto \| Running]) DRV - [2007/10/30 05:25:55 \| 00,021,568 \| R--- \| M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZius12.sys -- (HPZius12 [On_Demand \| Stopped]) DRV - [2007/10/30 05:25:54 \| 00,016,496 \| R--- \| M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZipr12.sys -- (HPZipr12 [On_Demand \| Stopped]) DRV - [2007/10/30 05:25:53 \| 00,049,920 \| R--- \| M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZid412.sys -- (HPZid412 [On_Demand \| Stopped]) DRV - [2006/10/04 22:42:42 \| 00,002,560 \| ---- \| M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k [System \| Running]) DRV - [2006/10/04 22:42:42 \| 00,002,432 \| ---- \| M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp [System \| Running]) DRV - [2006/06/09 22:58:22 \| 01,373,120 \| ---- \| M] (C-Media Inc) -- C:\WINDOWS\System32\drivers\cmuda.sys -- (cmuda [On_Demand \| Stopped]) DRV - [2004/08/04 08:00:00 \| 00,017,792 \| ---- \| M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand \| Running]) DRV - [2004/08/04 01:41:54 \| 01,041,536 \| ---- \| M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSFDPSP2.sys -- (HSF_DP [On_Demand \| Running]) DRV - [2004/08/04 01:41:48 \| 00,685,056 \| ---- \| M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSFCXTS2.sys -- (winachsf [On_Demand \| Running]) DRV - [2004/08/04 01:41:46 \| 00,220,032 \| ---- \| M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSFBS2S2.sys -- (HSFHWBS2 [On_Demand \| Running]) DRV - [2004/08/03 22:41:56 \| 00,011,868 \| ---- \| M] (Conexant) -- C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto \| Running]) DRV - [2004/08/03 22:31:36 \| 00,032,768 \| R--- \| M] (SiS Corporation) -- C:\WINDOWS\System32\DRIVERS\sisnic.sys -- (SISNIC [On_Demand \| Running]) DRV - [2004/08/03 22:29:52 \| 00,166,912 \| ---- \| M] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\DRIVERS\s3gnbm.sys -- (S3Psddr [On_Demand \| Stopped]) DRV - [2003/06/19 18:30:18 \| 00,752,764 \| ---- \| M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand \| Stopped]) DRV - [2003/03/25 05:50:46 \| 00,004,096 \| R--- \| M] (Silicon Integrated Systems Corp.) -- C:\WINDOWS\system32\DRIVERS\siside.sys -- (SiSide [Boot \| Running]) DRV - [2002/10/17 03:14:46 \| 00,049,024 \| R--- \| M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\system32\drivers\sisidex.sys -- (sisidex [Boot \| Running]) DRV - [2002/08/20 05:19:08 \| 00,009,472 \| R--- \| M] (Silicon Integrated Systems Corp.) -- C:\WINDOWS\system32\drivers\sisperf.sys -- (sisperf [Boot \| Running]) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60313 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Use Custom Search URL = 1 IE - HKLM\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - Reg Error: Key error. File not found IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://%69%6e%2e%77%65%62%63%6f%75%6e%74%65%72%2e%63%63/%2d/?%63%78%6c%6f%77 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://%69%6e%2e%77%65%62%63%6f%75%6e%74%65%72%2e%63%63/%2d%2d/?%63%78%6c%6f%77 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = My Web Search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultUrl = http://www.mywebsearch.com/jsp/cfg_redir2....ms}&gcht=to IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,AutoSearch = http://ie.search.msn.com/{SUB_RFC1766}/src...autosearch.aspx IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKCU\..\URLSearchHook: {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll (America Online, Inc.) IE - HKCU\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/10/16 19:28:46 \| 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2008/12/25 13:07:09 \| 00,000,000 \| ---D \| M] [2009/08/20 11:34:23 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\abby gibbs\Application Data\mozilla\Extensions [2009/06/12 16:03:45 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\abby gibbs\Application Data\mozilla\Extensions\mozswing@mozswing.org [2009/08/20 11:34:33 \| 00,000,000 \| ---D \| M] -- C:\Program Files\mozilla firefox\extensions [2008/12/25 13:09:08 \| 00,000,000 \| ---D \| M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [2008/06/17 16:12:42 \| 00,114,688 \| ---- \| M] (Adobe Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\np32dsw.dll [2009/04/19 18:23:12 \| 00,024,683 \| ---- \| M] (Ask.com) -- C:\Program Files\mozilla firefox\plugins\NPAskSBr.dll [2008/12/25 13:07:04 \| 00,410,984 \| ---- \| M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll [2008/06/11 22:45:28 \| 00,103,792 \| ---- \| M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2009/07/11 13:07:04 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2009/07/11 13:07:06 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2009/07/11 13:07:09 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2009/07/11 13:07:10 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2009/07/11 13:07:13 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2009/07/11 13:07:15 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2009/07/11 13:07:16 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2007/04/16 13:07:12 \| 00,180,293 \| ---- \| M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll [2008/08/29 10:01:22 \| 00,106,348 \| ---- \| M] (NOS Microsystems Ltd.) -- C:\Program Files\mozilla firefox\plugins\np_gp.dll O1 HOSTS File: (767 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {35C9BCE3-76CF-49C5-B7E1-C5DA6F112964} - C:\WINDOWS\System32\cbXRhiJB.dll File not found O2 - BHO: (AOLSearchHook Class) - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll (America Online, Inc.) O2 - BHO: (no name) - {7F0576B8-43C3-4FA3-BD99-C0EE8CE6FE3A} - C:\WINDOWS\System32\cbXPgfcb.dll File not found O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (no name) - {9218E8F6-C39D-4DFE-9DA8-8708F81D83D4} - C:\WINDOWS\System32\gllkk.dll File not found O2 - BHO: (Viewpoint Toolbar BHO) - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll File not found O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll File not found O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll File not found O2 - BHO: (Gamevance Text) - {BEAC7DC8-E106-4C6A-931E-5A42E7362883} - C:\Program Files\Gamevance\gvtl.dll File not found O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll File not found O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O2 - BHO: (no name) - {F61A81C9-5319-40CA-A8C5-79BB3873032E} - C:\WINDOWS\System32\hgGyyxuV.dll File not found O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (Microsoft Corporation) O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll File not found O3 - HKLM\..\Toolbar: (no name) - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - No CLSID value found. O3 - HKLM\..\Toolbar: (ZeroBar) - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\Program Files\NetZero\Toolbar.dll File not found O3 - HKLM\..\Toolbar: (Viewpoint Toolbar) - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll File not found O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll File not found O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AIMPro] C:\Program Files\AIM\AIM Pro\aimpro.exe File not found O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.) O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software) O4 - HKLM..\Run: [Cmaudio] File not found O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard) O4 - HKLM..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe (Hewlett-Packard) O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) O4 - HKLM..\Run: [KernelFaultCheck] File not found O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.) O4 - HKLM..\Run: [ReminderApp] C:\Program Files\Nova Development\Greeting Card Factory Photo Card Maker\ReminderApp.exe () O4 - HKLM..\Run: [SiSPower] C:\WINDOWS\System32\SiSPower.DLL (Silicon Integrated Systems Corporation) O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [Soundmx] C:\WINDOWS\System32\soundmx.exe File not found O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [WeatherOnTray] C:\Program Files\SpamBlockerUtility\Bin\4.8.4.0\SbWeatherOnTray.exe File not found O4 - HKCU..\Run: [Aim6] File not found O4 - HKCU..\Run: [DW6] C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe (The Weather Channel Interactive, Inc.) O4 - HKCU..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe File not found O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe File not found O4 - HKCU..\Run: [WhenUSave] C:\Program Files\Save\Save.exe File not found O4 - HKCU..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe File not found O4 - HKLM..\RunOnce: [DELDIR0.EXE] C:\DOCUME~1\MICHAE~1\LOCALS~1\Temp\DELDIR0.EXE File not found O4 - Startup: C:\Documents and Settings\abby gibbs\Start Menu\Programs\Startup\IMVU.lnk = C:\Program Files\IMVU\IMVUClient.exe File not found O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\LaunchU3.exe.lnk = C:\WINDOWS\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_294823.exe () O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html File not found O8 - Extra context menu item: &Search - Reg Error: Value error. File not found O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.) O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\abby gibbs\Start Menu\Programs\>chat\Run IMVU.lnk File not found O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) O9 - Extra Button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O12 - Plugin for: .fpx - C:\Program Files\Internet Explorer\PLUGINS\NPRVRT32.dll (iSee Media, Inc.) O12 - Plugin for: .ivr - C:\Program Files\Internet Explorer\PLUGINS\NPRVRT32.dll (iSee Media, Inc.) O16 - DPF: {00000075-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/voxacm.CAB (Reg Error: Key error.) O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file://C:\Program Files\Family Feud 2\Images\stg_drm.ocx (SpinTop DRM Control) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/pub/shock...director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support) O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine) O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photos.walmart.com/WalmartActivia.cab (Snapfish Activia) O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://by106fd.bay106.hotmail.msn.com/resources/MsnPUpld.cab (MSN Photo Upload Tool) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file://C:\Program Files\Home Sweet Home\Images\armhelper.ocx (ArmHelper Control) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object) O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O16 - DPF: PackageCab http://ak.imgag.com/imgag/cp/install/AxCtp2.cab (Reg Error: Key error.) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL () O18 - Protocol\Filter: - text/html - C:\WINDOWS\System32\gllkk.dll File not found O18 - Protocol\Filter: - text/plain - C:\WINDOWS\System32\gllkk.dll File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com) O20 - Winlogon\Notify\fccdaww: DllName - fccdaww.dll - File not found O24 - Desktop Components:0 (My Current Home Page) - About:Home O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\jkkKaawu) - File not found O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2003/04/25 17:20:00 \| 00,000,000 \| ---- \| M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: ('autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: (') - File not found O35 - comfile [open] -- "%1" % File not found O35 - exefile [open] -- "%1" %* File not found ========== Files/Folders - Created Within 30 Days ========== [2009/10/17 15:23:37 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2009/10/16 21:03:43 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com [2009/10/17 15:23:55 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\abby gibbs\Application Data\Malwarebytes [2009/10/16 21:02:55 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\abby gibbs\Application Data\SUPERAntiSpyware.com [2009/10/17 13:03:29 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\abby gibbs\Application Data\Windows Desktop Search [2009/10/17 21:09:01 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\abby gibbs\Local Settings\Application Data\ApplicationHistory [2009/10/17 13:09:28 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Common Files\Windows Live [2009/10/16 21:01:56 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Common Files\Wise Installation Wizard [2009/10/17 16:32:58 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Alwil Software [2009/10/17 15:19:26 \| 00,000,000 \| ---D \| C] -- C:\Program Files\ERUNT [2009/10/17 15:23:36 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Malwarebytes' Anti-Malware [2009/10/17 13:05:52 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Microsoft [2009/10/16 21:02:56 \| 00,000,000 \| ---D \| C] -- C:\Program Files\SUPERAntiSpyware [2009/10/17 13:02:02 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Windows Desktop Search [2009/10/18 12:53:29 \| 00,521,216 \| ---- \| C] (OldTimer Tools) -- C:\Documents and Settings\abby gibbs\Desktop\OTL.exe [2009/10/18 12:09:43 \| 00,000,000 \| ---D \| C] -- C:\WINDOWS\Minidump [2009/10/18 12:07:00 \| 00,472,064 \| ---- \| C] ( ) -- C:\Documents and Settings\abby gibbs\Desktop\RootRepeal.exe [2009/10/18 10:49:00 \| 00,000,000 \| ---D \| C] -- C:\VundoFix Backups [2009/10/18 10:48:27 \| 00,119,808 \| ---- \| C] (Atribune.org) -- C:\Documents and Settings\abby gibbs\Desktop\VundoFix.exe [2009/10/17 16:33:57 \| 00,023,152 \| ---- \| C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys [2009/10/17 16:33:55 \| 00,052,368 \| ---- \| C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys [2009/10/17 16:33:54 \| 00,027,408 \| ---- \| C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys [2009/10/17 16:33:48 \| 00,097,480 \| ---- \| C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr [2009/10/17 16:33:38 \| 00,020,560 \| ---- \| C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys [2009/10/17 16:33:37 \| 00,114,768 \| ---- \| C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys [2009/10/17 16:33:36 \| 00,094,160 \| ---- \| C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys [2009/10/17 16:33:36 \| 00,093,424 \| ---- \| C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys [2009/10/17 16:33:06 \| 01,279,968 \| ---- \| C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe [2009/10/17 15:23:40 \| 00,038,224 \| ---- \| C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009/10/17 15:23:37 \| 00,019,160 \| ---- \| C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2009/10/17 15:22:29 \| 04,045,536 \| ---- \| C] (Malwarebytes Corporation ) -- C:\Documents and Settings\abby gibbs\Desktop\mbam-setup.exe [2009/10/17 15:20:29 \| 00,000,000 \| ---D \| C] -- C:\WINDOWS\ERDNT [2009/10/17 15:17:36 \| 00,791,393 \| ---- \| C] (Lars Hederer ) -- C:\Documents and Settings\abby gibbs\Desktop\erunt_setup.exe [2009/10/17 15:11:04 \| 00,021,504 \| ---- \| C] (Doug Knox) -- C:\Documents and Settings\abby gibbs\Desktop\SysRestorePoint.exe [2009/10/17 14:50:24 \| 00,271,872 \| ---- \| C] (OldTimer Tools) -- C:\Documents and Settings\abby gibbs\Desktop\TFC.exe [2009/10/17 14:24:18 \| 00,000,000 \| -HSD \| C] -- C:\found.000 [2009/10/17 13:02:01 \| 00,000,000 \| ---D \| C] -- C:\WINDOWS\System32\GroupPolicy [2009/10/17 12:52:43 \| 00,000,000 \| ---D \| C] -- C:\WINDOWS\System32\URTTEMP [2009/10/17 11:12:28 \| 00,407,680 \| ---- \| C] (ALWIL Software) -- C:\Documents and Settings\abby gibbs\Desktop\aswclnr.exe [2009/10/16 20:21:53 \| 00,073,728 \| ---- \| C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl [2009/10/16 20:21:51 \| 00,149,280 \| ---- \| C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2009/10/16 20:21:50 \| 00,145,184 \| ---- \| C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2009/10/16 20:21:50 \| 00,145,184 \| ---- \| C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2009/10/16 20:09:05 \| 00,000,000 \| ---D \| C] -- C:\WINDOWS\Hewlett-Packard [2009/10/16 19:21:07 \| 00,000,000 \| ---D \| C] -- C:\f65b84e2e4240fa90ad618124feac6 [2009/10/16 18:44:56 \| 00,765,952 \| ---- \| C] (Sensaura Ltd) -- C:\WINDOWS\System\crlds3d.dll [2009/10/16 18:44:55 \| 00,712,704 \| ---- \| C] (Sensaura Ltd) -- C:\WINDOWS\System32\dllcache\a3d.dll [2009/10/16 18:44:55 \| 00,712,704 \| ---- \| C] (Sensaura Ltd) -- C:\WINDOWS\System32\Audio3D.dll [2009/10/16 18:44:55 \| 00,712,704 \| ---- \| C] (Sensaura Ltd) -- C:\WINDOWS\System32\a3d.dll [2009/09/23 11:18:08 \| 00,000,000 \| RH-D \| C] -- C:\VProRecovery [2007/01/13 17:54:46 \| 00,774,144 \| ---- \| C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll ========== Files - Modified Within 30 Days ========== [2009/10/21 18:38:00 \| 00,000,438 \| -H-- \| M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{EC38D439-C71D-4634-ABB5-81A502D0690D}.job [2009/10/21 18:07:07 \| 00,002,519 \| ---- \| M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\LaunchU3.exe.lnk [2009/10/21 18:02:39 \| 00,012,620 \| ---- \| M] () -- C:\WINDOWS\System32\wpa.dbl [2009/10/21 18:00:03 \| 00,000,006 \| -H-- \| M] () -- C:\WINDOWS\tasks\SA.DAT [2009/10/21 17:58:55 \| 00,002,048 \| --S- \| M] () -- C:\WINDOWS\bootstat.dat [2009/10/21 17:58:54 \| 23,440,9984 \| -HS- \| M] () -- C:\hiberfil.sys [2009/10/21 17:58:52 \| 23,443,8656 \| ---- \| M] () -- C:\WINDOWS\MEMORY.DMP [2009/10/21 14:20:21 \| 00,001,854 \| ---- \| M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk [2009/10/21 14:16:20 \| 00,291,328 \| ---- \| M] () -- C:\2ivqn74l.exe [2009/10/21 13:03:00 \| 00,000,284 \| ---- \| M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2009/10/18 17:30:24 \| 00,004,625 \| ---- \| M] () -- C:\WINDOWS\imsins.BAK [2009/10/18 17:29:59 \| 00,552,398 \| ---- \| M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2009/10/18 17:29:59 \| 00,463,470 \| ---- \| M] () -- C:\WINDOWS\System32\perfh009.dat [2009/10/18 17:29:59 \| 00,079,012 \| ---- \| M] () -- C:\WINDOWS\System32\perfc009.dat [2009/10/18 12:53:33 \| 00,521,216 \| ---- \| M] (OldTimer Tools) -- C:\Documents and Settings\abby gibbs\Desktop\OTL.exe [2009/10/18 12:07:01 \| 00,472,064 \| ---- \| M] ( ) -- C:\Documents and Settings\abby gibbs\Desktop\RootRepeal.exe [2009/10/18 10:48:28 \| 00,119,808 \| ---- \| M] (Atribune.org) -- C:\Documents and Settings\abby gibbs\Desktop\VundoFix.exe [2009/10/17 16:34:05 \| 00,001,709 \| ---- \| M] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk [2009/10/17 16:33:37 \| 00,002,626 \| ---- \| M] () -- C:\WINDOWS\System32\CONFIG.NT [2009/10/17 16:28:35 \| 38,786,848 \| ---- \| M] () -- C:\Documents and Settings\abby gibbs\Desktop\setupeng.exe [2009/10/17 15:23:44 \| 00,000,696 \| ---- \| M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2009/10/17 15:22:29 \| 04,045,536 \| ---- \| M] (Malwarebytes Corporation ) -- C:\Documents and Settings\abby gibbs\Desktop\mbam-setup.exe [2009/10/17 15:19:29 \| 00,000,611 \| ---- \| M] () -- C:\Documents and Settings\abby gibbs\Desktop\NTREGOPT.lnk [2009/10/17 15:19:29 \| 00,000,592 \| ---- \| M] () -- C:\Documents and Settings\abby gibbs\Desktop\ERUNT.lnk [2009/10/17 15:17:44 \| 00,791,393 \| ---- \| M] (Lars Hederer ) -- C:\Documents and Settings\abby gibbs\Desktop\erunt_setup.exe [2009/10/17 15:11:11 \| 00,021,504 \| ---- \| M] (Doug Knox) -- C:\Documents and Settings\abby gibbs\Desktop\SysRestorePoint.exe [2009/10/17 14:50:28 \| 00,271,872 \| ---- \| M] (OldTimer Tools) -- C:\Documents and Settings\abby gibbs\Desktop\TFC.exe [2009/10/17 13:02:40 \| 00,001,787 \| ---- \| M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk [2009/10/17 12:44:41 \| 00,000,363 \| ---- \| M] () -- C:\Documents and Settings\abby gibbs\Desktop\Microsoft Windows Error Reporting.url [2009/10/17 11:12:34 \| 00,407,680 \| ---- \| M] (ALWIL Software) -- C:\Documents and Settings\abby gibbs\Desktop\aswclnr.exe [2009/10/16 21:52:21 \| 00,001,028 \| ---- \| M] () -- C:\WINDOWS\win.ini [2009/10/16 21:26:58 \| 00,116,839 \| ---- \| M] () -- C:\WINDOWS\hpqins00.dat [2009/10/16 21:21:38 \| 00,001,808 \| ---- \| M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2009/10/16 21:03:08 \| 00,000,780 \| ---- \| M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk [2009/10/16 21:01:03 \| 07,280,672 \| ---- \| M] () -- C:\Documents and Settings\abby gibbs\Desktop\SUPERAntiSpyware.exe [2009/10/02 14:01:57 \| 25,198,016 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe ========== Files - No Company Name ========== [2009/10/21 14:20:21 \| 00,001,854 \| ---- \| C] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk [2009/10/21 14:16:16 \| 00,291,328 \| ---- \| C] () -- C:\2ivqn74l.exe [2009/10/17 16:34:05 \| 00,001,709 \| ---- \| C] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk [2009/10/17 16:33:06 \| 00,380,928 \| ---- \| C] () -- C:\WINDOWS\System32\actskin4.ocx [2009/10/17 16:28:26 \| 38,786,848 \| ---- \| C] () -- C:\Documents and Settings\abby gibbs\Desktop\setupeng.exe [2009/10/17 15:23:44 \| 00,000,696 \| ---- \| C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2009/10/17 15:19:29 \| 00,000,611 \| ---- \| C] () -- C:\Documents and Settings\abby gibbs\Desktop\NTREGOPT.lnk [2009/10/17 15:19:29 \| 00,000,592 \| ---- \| C] () -- C:\Documents and Settings\abby gibbs\Desktop\ERUNT.lnk [2009/10/17 13:15:26 \| 23,440,9984 \| -HS- \| C] () -- C:\hiberfil.sys [2009/10/17 13:02:40 \| 00,001,787 \| ---- \| C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk [2009/10/17 12:44:41 \| 00,000,363 \| ---- \| C] () -- C:\Documents and Settings\abby gibbs\Desktop\Microsoft Windows Error Reporting.url [2009/10/16 21:21:36 \| 00,001,808 \| ---- \| C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2009/10/16 21:10:37 \| 00,116,839 \| ---- \| C] () -- C:\WINDOWS\hpqins00.dat [2009/10/16 21:03:08 \| 00,000,780 \| ---- \| C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk [2009/10/16 21:01:03 \| 07,280,672 \| ---- \| C] () -- C:\Documents and Settings\abby gibbs\Desktop\SUPERAntiSpyware.exe [2009/10/16 18:39:14 \| 00,000,438 \| -H-- \| C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{EC38D439-C71D-4634-ABB5-81A502D0690D}.job [2009/08/30 15:34:40 \| 00,000,000 \| ---- \| C] () -- C:\WINDOWS\ResortingToDanger.INI [2009/08/22 22:22:16 \| 04,318,086 \| -H-- \| C] () -- C:\Documents and Settings\abby gibbs\Local Settings\Application Data\IconCache.db [2008/09/01 19:12:50 \| 00,002,026 \| ---- \| C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log [2008/07/10 15:45:21 \| 00,000,000 \| ---- \| C] () -- C:\WINDOWS\Transmogrifier-1.4.INI [2008/07/03 17:40:45 \| 00,238,421 \| -HS- \| C] () -- C:\WINDOWS\System32\VvFgQtwa.ini2 [2008/07/01 15:38:00 \| 00,000,000 \| ---- \| C] () -- C:\Program Files\temp01 [2008/05/29 15:16:10 \| 01,483,103 \| -HS- \| C] () -- C:\WINDOWS\System32\yostkubw.ini [2008/05/27 18:46:43 \| 01,483,043 \| -HS- \| C] () -- C:\WINDOWS\System32\uoxktifl.ini [2008/05/26 17:35:35 \| 01,468,110 \| -HS- \| C] () -- C:\WINDOWS\System32\jtukfdhd.ini [2008/05/25 16:52:26 \| 01,553,781 \| -HS- \| C] () -- C:\WINDOWS\System32\gxyedhvq.ini [2008/05/24 16:52:07 \| 01,553,661 \| -HS- \| C] () -- C:\WINDOWS\System32\hhehpqat.ini [2008/05/23 16:44:54 \| 01,553,481 \| -HS- \| C] () -- C:\WINDOWS\System32\cdeuoils.ini [2008/05/20 17:39:07 \| 01,532,164 \| -HS- \| C] () -- C:\WINDOWS\System32\ysxocbmd.ini [2008/05/19 15:46:21 \| 01,505,692 \| -HS- \| C] () -- C:\WINDOWS\System32\uagspmii.ini [2008/05/19 15:36:48 \| 00,805,429 \| -HS- \| C] () -- C:\WINDOWS\System32\uwaaKkkj.ini2 [2008/05/19 15:36:42 \| 00,004,885 \| -HS- \| C] () -- C:\WINDOWS\System32\uwaaKkkj.ini [2008/05/18 14:11:25 \| 01,505,632 \| -HS- \| C] () -- C:\WINDOWS\System32\xtfsrgco.ini [2008/05/17 19:30:35 \| 01,466,948 \| -HS- \| C] () -- C:\WINDOWS\System32\ihdppeil.ini [2008/05/17 12:44:20 \| 01,466,828 \| -HS- \| C] () -- C:\WINDOWS\System32\gbxsijyy.ini [2008/05/17 11:21:16 \| 01,467,060 \| -HS- \| C] () -- C:\WINDOWS\System32\ayexoesp.ini [2008/05/16 23:30:50 \| 00,006,869 \| -HS- \| C] () -- C:\WINDOWS\System32\JQrsCJjl.ini2 [2008/05/16 20:41:24 \| 01,467,000 \| -HS- \| C] () -- C:\WINDOWS\System32\uhvsujls.ini [2008/05/14 19:57:20 \| 01,347,772 \| -HS- \| C] () -- C:\WINDOWS\System32\lloXwGgh.ini2 [2008/05/13 15:23:43 \| 01,179,513 \| -HS- \| C] () -- C:\WINDOWS\System32\OUFPstwa.ini2 [2008/05/11 22:05:27 \| 00,006,623 \| -HS- \| C] () -- C:\WINDOWS\System32\ikmnmnnn.ini2 [2008/05/10 16:22:18 \| 00,007,042 \| -HS- \| C] () -- C:\WINDOWS\System32\AKmUBcdd.ini2 [2008/05/08 15:06:48 \| 00,007,286 \| -HS- \| C] () -- C:\WINDOWS\System32\onVxayxx.ini2 [2008/05/05 15:08:47 \| 00,007,263 \| -HS- \| C] () -- C:\WINDOWS\System32\vyxIOqru.ini2 [2008/05/01 15:25:38 \| 00,006,932 \| -HS- \| C] () -- C:\WINDOWS\System32\GgNmnqru.ini2 [2008/04/26 09:36:52 \| 00,007,335 \| -HS- \| C] () -- C:\WINDOWS\System32\cfgOYJjl.ini2 [2008/04/26 09:36:49 \| 00,007,335 \| -HS- \| C] () -- C:\WINDOWS\System32\cfgOYJjl.ini [2008/04/22 22:10:25 \| 00,006,379 \| -HS- \| C] () -- C:\WINDOWS\System32\VuxyyGgh.ini2 [2008/04/22 22:10:24 \| 00,006,929 \| -HS- \| C] () -- C:\WINDOWS\System32\VuxyyGgh.ini [2008/04/16 15:04:32 \| 01,352,987 \| -HS- \| C] () -- C:\WINDOWS\System32\BJihRXbc.ini2 [2008/04/16 15:04:30 \| 01,353,103 \| -HS- \| C] () -- C:\WINDOWS\System32\BJihRXbc.ini [2008/04/10 15:33:55 \| 00,006,869 \| -HS- \| C] () -- C:\WINDOWS\System32\JQrsCJjl.ini [2008/03/12 19:44:09 \| 00,000,118 \| ---- \| C] () -- C:\WINDOWS\System32\MRT.INI [2008/03/12 19:15:23 \| 02,004,383 \| -HS- \| C] () -- C:\WINDOWS\System32\nebgeuhs.ini [2008/03/06 21:42:33 \| 00,030,254 \| ---- \| C] () -- C:\Documents and Settings\abby gibbs\Application Data\update.log [2008/02/28 10:49:59 \| 01,339,243 \| -HS- \| C] () -- C:\WINDOWS\System32\vohncgti.ini [2008/02/27 10:48:58 \| 01,254,692 \| -HS- \| C] () -- C:\WINDOWS\System32\cspftviw.ini [2008/02/26 10:49:05 \| 01,244,761 \| -HS- \| C] () -- C:\WINDOWS\System32\jquwuqvk.ini [2008/02/24 16:37:26 \| 01,260,526 \| -HS- \| C] () -- C:\WINDOWS\System32\httyhiuu.ini [2008/02/23 16:37:05 \| 01,253,954 \| -HS- \| C] () -- C:\WINDOWS\System32\giclotli.ini [2008/02/22 16:34:06 \| 01,253,894 \| -HS- \| C] () -- C:\WINDOWS\System32\nthgwadi.ini [2008/02/21 16:29:24 \| 01,253,848 \| -HS- \| C] () -- C:\WINDOWS\System32\itawsriv.ini [2008/02/20 15:12:58 \| 01,212,543 \| -HS- \| C] () -- C:\WINDOWS\System32\bjybqqmm.ini [2008/02/19 10:15:18 \| 01,244,763 \| -HS- \| C] () -- C:\WINDOWS\System32\wjtejyvy.ini [2008/01/27 14:12:03 \| 00,169,198 \| -HS- \| C] () -- C:\WINDOWS\System32\xbadd.ini [2008/01/26 07:28:21 \| 00,000,048 \| ---- \| C] () -- C:\WINDOWS\data.ini [2007/09/27 10:51:02 \| 00,020,698 \| ---- \| C] () -- C:\WINDOWS\System32\idxcntrs.ini [2007/09/27 10:48:48 \| 00,030,628 \| ---- \| C] () -- C:\WINDOWS\System32\gsrvctr.ini [2007/09/27 10:48:28 \| 00,031,698 \| ---- \| C] () -- C:\WINDOWS\System32\gthrctr.ini [2007/01/13 18:05:57 \| 00,000,021 \| ---- \| C] () -- C:\WINDOWS\atid.ini [2006/07/17 09:51:39 \| 00,017,920 \| ---- \| C] () -- C:\Documents and Settings\abby gibbs\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2006/07/16 20:31:58 \| 00,017,632 \| ---- \| C] () -- C:\WINDOWS\cdplayer.ini [2006/04/17 13:14:54 \| 00,083,498 \| R--- \| C] () -- C:\WINDOWS\VGAsetup.ini [2006/04/17 13:14:54 \| 00,035,037 \| ---- \| C] () -- C:\WINDOWS\System32\VGAunistlog.ini [2006/04/17 12:53:06 \| 00,139,264 \| ---- \| C] () -- C:\WINDOWS\System32\IDEproperty.dll [2006/04/17 12:52:50 \| 00,156,672 \| ---- \| C] () -- C:\WINDOWS\System32\RTLCPAPI.dll [2006/01/20 14:55:59 \| 00,000,617 \| ---- \| C] () -- C:\WINDOWS\muncher.ini [2006/01/20 13:52:47 \| 00,012,288 \| ---- \| C] () -- C:\WINDOWS\System32\impborl.dll [2006/01/08 14:37:12 \| 00,108,032 \| ---- \| C] () -- C:\WINDOWS\System32\sh33w32.dll [2006/01/07 09:35:16 \| 00,000,047 \| ---- \| C] () -- C:\WINDOWS\STRINGS.INI [2005/12/17 11:25:55 \| 00,000,035 \| ---- \| C] () -- C:\WINDOWS\DAVIDSON.INI [2005/12/17 11:25:55 \| 00,000,028 \| ---- \| C] () -- C:\WINDOWS\KIDPHON.INI [2005/11/20 10:06:30 \| 00,000,023 \| ---- \| C] () -- C:\WINDOWS\Edmark.ini [2005/11/11 11:07:34 \| 00,000,141 \| ---- \| C] () -- C:\WINDOWS\TLCAPPS.INI [2005/10/23 08:23:57 \| 00,000,051 \| ---- \| C] () -- C:\WINDOWS\SSAWDEMO.INI [2005/10/23 08:21:15 \| 00,000,258 \| ---- \| C] () -- C:\WINDOWS\QTW.INI [2005/09/20 19:44:49 \| 00,001,062 \| ---- \| C] () -- C:\WINDOWS\KA.INI [2005/06/16 17:36:32 \| 00,000,000 \| ---- \| C] () -- C:\WINDOWS\SETUP32.INI [2005/06/15 15:53:21 \| 00,063,280 \| ---- \| C] () -- C:\Documents and Settings\abby gibbs\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [2005/05/22 10:34:50 \| 00,000,823 \| ---- \| C] () -- C:\WINDOWS\tsc.ini [2005/05/22 10:34:49 \| 00,071,749 \| ---- \| C] () -- C:\WINDOWS\hcextoutput.dll [2005/05/22 10:33:54 \| 00,000,170 \| ---- \| C] () -- C:\WINDOWS\GetServer.ini [2004/08/03 20:56:46 \| 00,363,520 \| ---- \| C] () -- C:\WINDOWS\System32\psisdecd.dll [2004/07/14 19:15:04 \| 00,000,741 \| ---- \| C] () -- C:\WINDOWS\wininit.ini [2004/07/14 19:14:35 \| 00,000,004 \| ---- \| C] () -- C:\WINDOWS\msoffice.ini [2004/06/23 13:04:28 \| 00,000,000 \| ---- \| C] () -- C:\WINDOWS\MADCCS.INI [2004/06/23 13:04:28 \| 00,000,000 \| ---- \| C] () -- C:\WINDOWS\MADCCF.INI [2004/05/03 17:24:54 \| 00,001,025 \| ---- \| C] () -- C:\WINDOWS\hegames.ini [2004/03/29 17:06:04 \| 00,000,340 \| ---- \| C] () -- C:\WINDOWS\lexstat.ini [2004/03/29 17:06:01 \| 00,328,704 \| ---- \| C] () -- C:\WINDOWS\System32\dosfnt32.dll [2004/03/29 17:06:01 \| 00,163,840 \| ---- \| C] () -- C:\WINDOWS\System32\ldepcl32.dll [2004/02/04 09:38:07 \| 00,000,000 \| ---- \| C] () -- C:\WINDOWS\AutoRun.INI [2004/01/19 11:32:16 \| 00,000,990 \| ---- \| C] () -- C:\WINDOWS\Disney.ini [2003/12/17 21:15:29 \| 00,001,028 \| ---- \| C] () -- C:\WINDOWS\win.ini [2003/12/17 14:01:41 \| 00,063,280 \| ---- \| C] () -- C:\Documents and Settings\abby gibbs\Application Data\GDIPFONTCACHEV1.DAT [2003/09/29 14:53:00 \| 00,000,035 \| ---- \| C] () -- C:\WINDOWS\A5W.INI [2003/09/16 13:15:30 \| 00,000,062 \| -HS- \| C] () -- C:\Documents and Settings\abby gibbs\Application Data\desktop.ini [2003/09/08 21:17:00 \| 00,004,094 \| ---- \| C] () -- C:\WINDOWS\System32\rtcsses.dll [2003/09/08 21:17:00 \| 00,004,094 \| ---- \| C] () -- C:\WINDOWS\System32\dimces.dll [2003/06/24 02:35:09 \| 00,000,482 \| ---- \| C] () -- C:\WINDOWS\ODBC.INI [2003/04/25 18:42:29 \| 00,000,061 \| ---- \| C] () -- C:\WINDOWS\smscfg.ini [2003/04/25 17:42:24 \| 00,001,065 \| ---- \| C] () -- C:\WINDOWS\winamp.ini [2003/04/25 17:41:52 \| 00,000,310 \| ---- \| C] () -- C:\WINDOWS\net2fone.ini [2003/04/25 17:07:15 \| 00,001,094 \| ---- \| C] () -- C:\WINDOWS\System32\oeminfo.ini [2003/04/25 17:07:15 \| 00,000,453 \| ---- \| C] () -- C:\WINDOWS\System32\emver.ini [2003/04/25 17:06:58 \| 00,000,243 \| ---- \| C] () -- C:\WINDOWS\SYSTEM.INI [2003/04/25 10:11:29 \| 00,000,062 \| -HS- \| C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini [2003/02/19 01:26:28 \| 00,028,672 \| ---- \| C] () -- C:\WINDOWS\System32\cmirmdrv.dll [2002/12/10 00:00:00 \| 01,708,032 \| ---- \| C] () -- C:\WINDOWS\System32\MSO97V.DLL [2002/12/10 00:00:00 \| 00,036,864 \| ---- \| C] () -- C:\WINDOWS\System32\DOCOBJ.DLL [2002/12/10 00:00:00 \| 00,032,768 \| ---- \| C] () -- C:\WINDOWS\System32\MSORFS.DLL [1999/07/23 13:46:48 \| 00,000,116 \| ---- \| C] () -- C:\WINDOWS\AuHCcup1.ini [1999/07/23 10:53:20 \| 00,129,536 \| ---- \| C] () -- C:\WINDOWS\AuHCcup1.dll [1997/11/17 18:13:16 \| 00,010,240 \| ---- \| C] () -- C:\WINDOWS\System32\vidx16.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DB44773F @Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B19CC382 @Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:47417312 @Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3D6E82D7 @Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:33384BC0 @Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1B2C4A0E @Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C47E54BB @Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BF3D0EA3 @Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BA05E0C4 @Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AA3339BE @Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:920E58B7 @Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:878F15F1 @Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5D2A2F0A @Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3B00070D @Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2B99FE60 @Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1FA003F9 @Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:16C36E31 @Alternate Data Stream - 97 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D8134D8F @Alternate Data Stream - 97 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8FDE078B @Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D994162E @Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:620EC79A @Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3FD496E1 @Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:275AA066 @Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0AC32449 @Alternate Data Stream - 2628 bytes -> C:\WINDOWS\System32\OEMLOGO.BMP:Q30lsldxJoudresxAaaqpcawXc @Alternate Data Stream - 158 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3B4742F4 @Alternate Data Stream - 150 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C210B4D5 @Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2C321309 @Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AB7FF0C9 @Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F8342E7B @Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:45F31C4F @Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A3E39A49 @Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:65D73220 @Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D09AEE3D @Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E5121D26 @Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1A15C0AF @Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1AD90C3 @Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5313B881 @Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CC0D80AD @Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5D351BC6 @Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F880DE59 @Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D31BE97C @Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C74B70E6 @Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BB0256E7 @Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4DDCE10B @Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:26939499 @Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:03392111 @Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EA5470E8 @Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E71141D2 @Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DCE8F703 @Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7E22C00F @Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:799F5445 @Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6FBD5837 @Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:294A5F28 @Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:28616E30 @Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0C22BA56 @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E106B617 @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D5D1F833 @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CCE90031 @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A07C14AE @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9D5BB34A @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6F99A630 @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6B86037F @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5F280981 @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3BFA9622 @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:395C0D36 @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:25D37F9D @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CB20114 @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:144B593B @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F7120F9A @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D8669B93 @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5EE41602 @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:56486BDA @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3E2343A8 @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:33FB0D9F @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:27AAAD97 @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2430E4FC @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1841A803 @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:105C8D3E @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0FE90888 @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CDDC784F @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:94A4DF77 @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:943E8182 @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8F47E9A6 @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7B89DF83 @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6638AEDF @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4FBA7D5F @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4E2EA264 @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3B3A35EC @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:38091CBB @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:37E0CB70 @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2396CABF @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0EECBA6F @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F52E80AA @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DC1F5FA4 @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D8A7F3FF @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BF0B4A17 @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A6E981A9 @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A4F0E644 @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9D3A7233 @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:97C4F81F @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7B403ABD @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:75A89023 @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2AF596C6 @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0DF61DDA @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0142BC01 @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FA78B902 @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E702DD04 @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9D0CEAB7 @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9BCC8D9F @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8B45EB96 @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8543BABC @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7025E8E7 @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2CC3B9D1 @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2B454E16 @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:27790C06 @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0DFE2AE1 @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05E95A33 @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:01C1407E @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1D597D0 @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D0ED9DB7 @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BDE339B9 @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9E884078 @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:84B1FB12 @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:814B9485 @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7307D080 @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4C0E4E8D @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:42F46912 @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:38E2864F @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:13E7A9FC @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:99963C1E @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:70C0282D @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:575220F6 @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4F50E80F @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4CD05674 @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4B121B40 @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:48429D0E @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:24641E0D @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0C19FC3F @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB9AF090 @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C8019535 @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B243260B @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:913CA408 @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7E6889B0 @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7CB2D3F8 @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:79AC0D92 @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:70A1462A @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6C491D31 @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C270C64 @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F67AAFC5 @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F4F720BA @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E8FA1D03 @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E11ABA64 @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CC81AA95 @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C9478477 @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BF2E2F0E @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9857FAE3 @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:91191703 @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8EC55520 @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:43E0EC8A @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:32CA3B19 @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F1DEA771 @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E943D067 @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E27E39D4 @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E22FF3D0 @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B1FF6C10 @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AFB00961 @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AADC76BA @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A7DA2BCD @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:936CD24D @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:93226FE3 @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6D632CD7 @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:63CFD724 @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4E1E5A60 @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:48FEA089 @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2CDB9CA3 @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FE49EF15 @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D53344E0 @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CE6885F1 @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C70C5141 @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BDB40AA4 @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AE9D0697 @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AB779CF8 @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A6346EE9 @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:98DFF516 @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:97C84299 @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:895CFFA7 @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:833F31B3 @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6B520784 @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5433DBEF @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4F636E25 @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2871B698 @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:10D98D98 @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EC7FF5F9 @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DE74F4A9 @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CA286EFE @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AEC895D8 @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ADBD0C70 @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8E8B5D7 @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7B653AA4 @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:649ABDC5 @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:561B1D2B @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:543CAD1B @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2F99F761 @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2DD00E73 @Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D2648A4D @Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B503DFC8 @Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ADD788AD @Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:98DAC1F7 @Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:94A6C632 @Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:672C5D08 @Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C53D1D2 @Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:483AC68A @Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:38EDA867 @Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:247A9485 @Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:132E98A6 @Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0E684266 @Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F76D01BB @Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E1982A23 @Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DD24DCF8 @Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CE6DC5DD @Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B15F27E2 @Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A5A7CB1B @Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8A0D1C2B @Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:867718D2 @Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:42D7FF24 @Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B7C7BAE @Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C90C4DBA @Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9744B982 @Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7A0EFE63 @Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:644C73AD @Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:33AFD01D @Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3214A283 @Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:24B6E2C7 @Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:14E72C90 @Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07BEA161 @Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EC0A74A1 @Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EA457ABC @Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A561576B @Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7FEA1229 @Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5AB76595 @Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:52641FBE @Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EB170088 @Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E2989574 @Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D4CA4749 @Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CE2795CA @Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C8A0BC27 @Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5F3235B3 @Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2BC498A4 @Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:27A6A257 @Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:260575F1 @Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0E689CAC @Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0DE2EF01 @Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F5B69884 @Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E2F80D1D @Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E1D818F7 @Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:753A0081 @Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6666A16B @Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6520B0F3 @Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5E1404CE @Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:55CC6CC3 @Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:47920A31 @Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:27BABCD8 @Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0BE2307D @Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0551F1FA @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EE83CC97 @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E91ADC66 @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C07A6A6B @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B8953510 @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9B2EDA15 @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:92B0AEE6 @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8ACBDE06 @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6D549BCC @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3C4C57F9 @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:383197E6 @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1F05E220 @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:118DA42D @Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C2D3186E @Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B7C0A73F @Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AA37E770 @Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:551BED5F @Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:32C16177 @Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2EF1B11F @Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2838BE0A @Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:18173A8E @Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1505883A @Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F0762150 @Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E027C556 @Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D9B8E3C6 @Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C9A6CD7C @Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B4CF4C16 @Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:99762419 @Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:65A693A1 @Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:60C47453 @Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:57BF34C6 @Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4072646B @Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FB97DB91 @Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E4F5D824 @Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9884A8C7 @Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:729F5FF8 @Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:723E56EC @Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4862644E @Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3BAD65EA @Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D9092478 @Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D669DCA2 @Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D4B8378D @Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A7C9AD48 @Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9C82FC0D @Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:91DEA808 @Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:85F55C68 @Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7B89E8A0 @Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:79CBD5FF @Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7881FECE @Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:73BF05FF @Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:68F81F4B @Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5979B8CC @Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:455CF8C6 @Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:44EBAA62 @Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2836460B @Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:062AF572 @Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D3EEA250 @Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB16385F @Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C3F61B65 @Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B7A22351 @Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:61E5F0F7 @Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6122E243 @Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C6EBC69 @Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4F96D8E6 @Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4E6B8D68 @Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:482CC303 @Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E3CEEC4C @Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9B285B76 @Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:949483BD @Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:940EEA60 @Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:55119B17 @Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:39A47FAD @Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ED796303 @Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DA50D64F @Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8E864AC @Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8DD623B3 @Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6F3FE688 @Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3D36932D @Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:16E7793D @Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:145EE4E0 @Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:09064307 @Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:017C5853 @Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EF71CAB5 @Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E0E19514 @Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D3CD6049 @Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C720B492 @Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7C3E753C @Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:753B8DFE @Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:604AF115 @Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5E196FE2 @Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5D10517E @Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:590B1A90 @Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3E7180F4 @Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3CD562B4 @Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3BBD95D6 @Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:349CACE5 @Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:276B1630 @Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:17FCBFF6 @Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EA1582F8 @Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D0668210 @Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1E6212E6 @Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0D82FC9D < End of report >

kahdah View Member Profile	Oct 22 2009, 05:08 AM Post #5
GeekU Teacher Posts: 13,547 From: Florida OS: Windows xp,Vista business	Run OTL Under the Custom Scans/Fixes box at the bottom, paste in the following CODE :OTL IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60313 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = My Web Search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultUrl = http://www.mywebsearch.com/jsp/cfg_redir2....ms}&gcht=to O2 - BHO: (no name) - {35C9BCE3-76CF-49C5-B7E1-C5DA6F112964} - C:\WINDOWS\System32\cbXRhiJB.dll File not found O2 - BHO: (no name) - {7F0576B8-43C3-4FA3-BD99-C0EE8CE6FE3A} - C:\WINDOWS\System32\cbXPgfcb.dll File not found O2 - BHO: (no name) - {9218E8F6-C39D-4DFE-9DA8-8708F81D83D4} - C:\WINDOWS\System32\gllkk.dll File not found O2 - BHO: (Viewpoint Toolbar BHO) - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll File not found O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll File not found O2 - BHO: (Gamevance Text) - {BEAC7DC8-E106-4C6A-931E-5A42E7362883} - C:\Program Files\Gamevance\gvtl.dll File not found O2 - BHO: (no name) - {F61A81C9-5319-40CA-A8C5-79BB3873032E} - C:\WINDOWS\System32\hgGyyxuV.dll File not found O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll File not found O3 - HKLM\..\Toolbar: (no name) - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - No CLSID value found. O3 - HKLM\..\Toolbar: (ZeroBar) - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\Program Files\NetZero\Toolbar.dll File not found O3 - HKLM\..\Toolbar: (Viewpoint Toolbar) - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll File not found O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll File not found O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [AIMPro] C:\Program Files\AIM\AIM Pro\aimpro.exe File not found O4 - HKLM..\Run: [Cmaudio] File not found O4 - HKLM..\Run: [KernelFaultCheck] File not found O4 - HKLM..\Run: [Soundmx] C:\WINDOWS\System32\soundmx.exe File not found O4 - HKLM..\Run: [WeatherOnTray] C:\Program Files\SpamBlockerUtility\Bin\4.8.4.0\SbWeatherOnTray.exe File not found O4 - HKCU..\Run: [Aim6] File not found O4 - HKCU..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe File not found O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe File not found O4 - HKCU..\Run: [WhenUSave] C:\Program Files\Save\Save.exe File not found O4 - HKCU..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe File not found O4 - HKLM..\RunOnce: [DELDIR0.EXE] C:\DOCUME~1\MICHAE~1\LOCALS~1\Temp\DELDIR0.EXE File not found O4 - Startup: C:\Documents and Settings\abby gibbs\Start Menu\Programs\Startup\IMVU.lnk = C:\Program Files\IMVU\IMVUClient.exe File not found O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html File not found O8 - Extra context menu item: &Search - Reg Error: Value error. File not found O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\abby gibbs\Start Menu\Programs\>chat\Run IMVU.lnk File not found O18 - Protocol\Filter: - text/html - C:\WINDOWS\System32\gllkk.dll File not found O18 - Protocol\Filter: - text/plain - C:\WINDOWS\System32\gllkk.dll File not found O20 - Winlogon\Notify\fccdaww: DllName - fccdaww.dll - File not found O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\jkkKaawu) - File not found [2008/07/03 17:40:45 \| 00,238,421 \| -HS- \| C] () -- C:\WINDOWS\System32\VvFgQtwa.ini2 [2008/07/01 15:38:00 \| 00,000,000 \| ---- \| C] () -- C:\Program Files\temp01 [2008/05/29 15:16:10 \| 01,483,103 \| -HS- \| C] () -- C:\WINDOWS\System32\yostkubw.ini [2008/05/27 18:46:43 \| 01,483,043 \| -HS- \| C] () -- C:\WINDOWS\System32\uoxktifl.ini [2008/05/26 17:35:35 \| 01,468,110 \| -HS- \| C] () -- C:\WINDOWS\System32\jtukfdhd.ini [2008/05/25 16:52:26 \| 01,553,781 \| -HS- \| C] () -- C:\WINDOWS\System32\gxyedhvq.ini [2008/05/24 16:52:07 \| 01,553,661 \| -HS- \| C] () -- C:\WINDOWS\System32\hhehpqat.ini [2008/05/23 16:44:54 \| 01,553,481 \| -HS- \| C] () -- C:\WINDOWS\System32\cdeuoils.ini [2008/05/20 17:39:07 \| 01,532,164 \| -HS- \| C] () -- C:\WINDOWS\System32\ysxocbmd.ini [2008/05/19 15:46:21 \| 01,505,692 \| -HS- \| C] () -- C:\WINDOWS\System32\uagspmii.ini [2008/05/19 15:36:48 \| 00,805,429 \| -HS- \| C] () -- C:\WINDOWS\System32\uwaaKkkj.ini2 [2008/05/19 15:36:42 \| 00,004,885 \| -HS- \| C] () -- C:\WINDOWS\System32\uwaaKkkj.ini [2008/05/18 14:11:25 \| 01,505,632 \| -HS- \| C] () -- C:\WINDOWS\System32\xtfsrgco.ini [2008/05/17 19:30:35 \| 01,466,948 \| -HS- \| C] () -- C:\WINDOWS\System32\ihdppeil.ini [2008/05/17 12:44:20 \| 01,466,828 \| -HS- \| C] () -- C:\WINDOWS\System32\gbxsijyy.ini [2008/05/17 11:21:16 \| 01,467,060 \| -HS- \| C] () -- C:\WINDOWS\System32\ayexoesp.ini [2008/05/16 23:30:50 \| 00,006,869 \| -HS- \| C] () -- C:\WINDOWS\System32\JQrsCJjl.ini2 [2008/05/16 20:41:24 \| 01,467,000 \| -HS- \| C] () -- C:\WINDOWS\System32\uhvsujls.ini [2008/05/14 19:57:20 \| 01,347,772 \| -HS- \| C] () -- C:\WINDOWS\System32\lloXwGgh.ini2 [2008/05/13 15:23:43 \| 01,179,513 \| -HS- \| C] () -- C:\WINDOWS\System32\OUFPstwa.ini2 [2008/05/11 22:05:27 \| 00,006,623 \| -HS- \| C] () -- C:\WINDOWS\System32\ikmnmnnn.ini2 [2008/05/10 16:22:18 \| 00,007,042 \| -HS- \| C] () -- C:\WINDOWS\System32\AKmUBcdd.ini2 [2008/05/08 15:06:48 \| 00,007,286 \| -HS- \| C] () -- C:\WINDOWS\System32\onVxayxx.ini2 [2008/05/05 15:08:47 \| 00,007,263 \| -HS- \| C] () -- C:\WINDOWS\System32\vyxIOqru.ini2 [2008/05/01 15:25:38 \| 00,006,932 \| -HS- \| C] () -- C:\WINDOWS\System32\GgNmnqru.ini2 [2008/04/26 09:36:52 \| 00,007,335 \| -HS- \| C] () -- C:\WINDOWS\System32\cfgOYJjl.ini2 [2008/04/26 09:36:49 \| 00,007,335 \| -HS- \| C] () -- C:\WINDOWS\System32\cfgOYJjl.ini [2008/04/22 22:10:25 \| 00,006,379 \| -HS- \| C] () -- C:\WINDOWS\System32\VuxyyGgh.ini2 [2008/04/22 22:10:24 \| 00,006,929 \| -HS- \| C] () -- C:\WINDOWS\System32\VuxyyGgh.ini [2008/04/16 15:04:32 \| 01,352,987 \| -HS- \| C] () -- C:\WINDOWS\System32\BJihRXbc.ini2 [2008/04/16 15:04:30 \| 01,353,103 \| -HS- \| C] () -- C:\WINDOWS\System32\BJihRXbc.ini [2008/04/10 15:33:55 \| 00,006,869 \| -HS- \| C] () -- C:\WINDOWS\System32\JQrsCJjl.ini [2008/03/12 19:44:09 \| 00,000,118 \| ---- \| C] () -- C:\WINDOWS\System32\MRT.INI [2008/03/12 19:15:23 \| 02,004,383 \| -HS- \| C] () -- C:\WINDOWS\System32\nebgeuhs.ini [2008/02/28 10:49:59 \| 01,339,243 \| -HS- \| C] () -- C:\WINDOWS\System32\vohncgti.ini [2008/02/27 10:48:58 \| 01,254,692 \| -HS- \| C] () -- C:\WINDOWS\System32\cspftviw.ini [2008/02/26 10:49:05 \| 01,244,761 \| -HS- \| C] () -- C:\WINDOWS\System32\jquwuqvk.ini [2008/02/24 16:37:26 \| 01,260,526 \| -HS- \| C] () -- C:\WINDOWS\System32\httyhiuu.ini [2008/02/23 16:37:05 \| 01,253,954 \| -HS- \| C] () -- C:\WINDOWS\System32\giclotli.ini [2008/02/22 16:34:06 \| 01,253,894 \| -HS- \| C] () -- C:\WINDOWS\System32\nthgwadi.ini [2008/02/21 16:29:24 \| 01,253,848 \| -HS- \| C] () -- C:\WINDOWS\System32\itawsriv.ini [2008/02/20 15:12:58 \| 01,212,543 \| -HS- \| C] () -- C:\WINDOWS\System32\bjybqqmm.ini [2008/02/19 10:15:18 \| 01,244,763 \| -HS- \| C] () -- C:\WINDOWS\System32\wjtejyvy.ini [2008/01/27 14:12:03 \| 00,169,198 \| -HS- \| C] () -- C:\WINDOWS\System32\xbadd.ini :Commands [emptytemp] Then click the Run Fix button at the top Let the program run unhindered, reboot when it is done It will produce a log for you on reboot, please post that log in your next reply. ================================Malwarebytes' Anti-Malware================================= Please update\run Malwarebytes' Anti-Malware. Double Click the Malwarebytes Anti-Malware icon to run the application. Click on the update tab then click on Check for updates. If an update is found, it will download and install the latest version. Once the update has loaded, go to the Scanner tab and select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Copy&Paste the entire report in your next reply. Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley. ===== * Go here to run an online scannner from ESET. Note: You will need to use Internet explorer for this scan Tick the box next to YES, I accept the Terms of Use. Click Start When asked, allow the activex control to install Click Start Check next options: Remove found threats and Scan unwanted applications. Click Scan Wait for the scan to finish Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt Copy and paste that log as a reply to this topic

katheryn65 View Member Profile	Oct 22 2009, 08:29 AM Post #6
Member Posts: 35 From: NH OS: win xp pro	Okay, i was able to do all 3, computer became very slow but is still running. Here are the logs Malwarebytes' Anti-Malware 1.41 Database version: 3010 Windows 5.1.2600 Service Pack 3 10/22/2009 8:05:54 AM mbam-log-2009-10-22 (08-05-54).txt Scan type: Quick Scan Objects scanned: 118968 Time elapsed: 15 minute(s), 57 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6210 # api_version=3.0.2 # EOSSerial=d81b728814d60b4cb052f7d7ab7cfeb8 # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2009-10-22 02:02:58 # local_time=2009-10-22 10:02:58 (-0500, Eastern Daylight Time) # country="United States" # lang=9 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=769 16775125 100 98 0 191573463 0 0 # compatibility_mode=4864 16777215 100 0 0 0 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=99995 # found=63 # cleaned=63 # scan_time=6277 C:\Documents and Settings\abby gibbs\My Documents\Downloads\MortimerBeckettandtheSeSetup-dm[1].exe Win32/Adware.Trymedia application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\abby gibbs\My Documents\LimeWire\Saved\betcha never cherie.snd a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\abby gibbs\My Documents\LimeWire\Saved\cassie steele-life is a show - bonus track.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\abby gibbs\My Documents\LimeWire\Saved\Celine Dion - The Reason.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\abby gibbs\My Documents\LimeWire\Saved\i believe in you cherie [new single].au a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\abby gibbs\My Documents\LimeWire\Saved\i survived you clay aiken(Club RMX).mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\abby gibbs\My Documents\LimeWire\Saved\immortality celine dion.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\abby gibbs\My Documents\LimeWire\Saved\its your love cherie high quality.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\abby gibbs\My Documents\LimeWire\Saved\Jesse Mccartney Bodey Language.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\abby gibbs\My Documents\LimeWire\Saved\kris allen & keith urban 2009.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\abby gibbs\My Documents\LimeWire\Saved\life is like slideshow.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\abby gibbs\My Documents\LimeWire\Saved\love is on way celine dion high quality.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\abby gibbs\My Documents\LimeWire\Saved\love stuck v factory.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\abby gibbs\My Documents\LimeWire\Saved\Nevershoutnever! - BigCityDreams.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\abby gibbs\My Documents\LimeWire\Saved\older than my years cherie - bonus track.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\abby gibbs\My Documents\LimeWire\Saved\shine clay aiken - best track ever.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\abby gibbs\My Documents\LimeWire\Saved\tonight jonas brothers.mp3 WMA/TrojanDownloader.GetCodec.C trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\abby gibbs\My Documents\LimeWire\Saved\treat her like lady celine.snd a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\abby gibbs\My Documents\LimeWire\Saved\when i need you celine dion (rare studio version).au a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 00000000000000000000000000000000 C C:\Program Files\MSN Messenger\msimg32.dll Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\WINDOWS\system32\ttutv.bak1 Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\10222009_071557\WINDOWS\System32\AKmUBcdd.ini2 Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\10222009_071557\WINDOWS\System32\ayexoesp.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\10222009_071557\WINDOWS\System32\BJihRXbc.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\10222009_071557\WINDOWS\System32\BJihRXbc.ini2 Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\10222009_071557\WINDOWS\System32\bjybqqmm.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\10222009_071557\WINDOWS\System32\cdeuoils.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\10222009_071557\WINDOWS\System32\cfgOYJjl.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\10222009_071557\WINDOWS\System32\cfgOYJjl.ini2 Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\10222009_071557\WINDOWS\System32\cspftviw.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\10222009_071557\WINDOWS\System32\gbxsijyy.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\10222009_071557\WINDOWS\System32\GgNmnqru.ini2 Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\10222009_071557\WINDOWS\System32\giclotli.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\10222009_071557\WINDOWS\System32\gxyedhvq.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\10222009_071557\WINDOWS\System32\hhehpqat.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\10222009_071557\WINDOWS\System32\httyhiuu.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\10222009_071557\WINDOWS\System32\ihdppeil.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\10222009_071557\WINDOWS\System32\ikmnmnnn.ini2 Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\10222009_071557\WINDOWS\System32\itawsriv.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\10222009_071557\WINDOWS\System32\JQrsCJjl.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\10222009_071557\WINDOWS\System32\JQrsCJjl.ini2 Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\10222009_071557\WINDOWS\System32\jquwuqvk.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\10222009_071557\WINDOWS\System32\jtukfdhd.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\10222009_071557\WINDOWS\System32\lloXwGgh.ini2 Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\10222009_071557\WINDOWS\System32\nebgeuhs.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\10222009_071557\WINDOWS\System32\nthgwadi.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\10222009_071557\WINDOWS\System32\onVxayxx.ini2 Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\10222009_071557\WINDOWS\System32\OUFPstwa.ini2 Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\10222009_071557\WINDOWS\System32\uagspmii.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\10222009_071557\WINDOWS\System32\uhvsujls.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\10222009_071557\WINDOWS\System32\uoxktifl.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\10222009_071557\WINDOWS\System32\uwaaKkkj.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\10222009_071557\WINDOWS\System32\uwaaKkkj.ini2 Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\10222009_071557\WINDOWS\System32\vohncgti.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\10222009_071557\WINDOWS\System32\VuxyyGgh.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\10222009_071557\WINDOWS\System32\VuxyyGgh.ini2 Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\10222009_071557\WINDOWS\System32\VvFgQtwa.ini2 Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\10222009_071557\WINDOWS\System32\vyxIOqru.ini2 Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\10222009_071557\WINDOWS\System32\wjtejyvy.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\10222009_071557\WINDOWS\System32\xbadd.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\10222009_071557\WINDOWS\System32\xtfsrgco.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\10222009_071557\WINDOWS\System32\yostkubw.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\10222009_071557\WINDOWS\System32\ysxocbmd.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C All processes killed ========== OTL ========== HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\CustomizeSearch\| /E : value set successfully! HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchMigratedDefaultName\| /E : value set successfully! HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchMigratedDefaultUrl\| /E : value set successfully! Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35C9BCE3-76CF-49C5-B7E1-C5DA6F112964}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{35C9BCE3-76CF-49C5-B7E1-C5DA6F112964}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F0576B8-43C3-4FA3-BD99-C0EE8CE6FE3A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7F0576B8-43C3-4FA3-BD99-C0EE8CE6FE3A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9218E8F6-C39D-4DFE-9DA8-8708F81D83D4}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9218E8F6-C39D-4DFE-9DA8-8708F81D83D4}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7327C09-B521-4EDB-8509-7D2660C9EC98}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A7327C09-B521-4EDB-8509-7D2660C9EC98}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BEAC7DC8-E106-4C6A-931E-5A42E7362883}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEAC7DC8-E106-4C6A-931E-5A42E7362883}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F61A81C9-5319-40CA-A8C5-79BB3873032E}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F61A81C9-5319-40CA-A8C5-79BB3873032E}\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{74CC49F7-EB32-4A08-B204-948962A6E3DB} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{74CC49F7-EB32-4A08-B204-948962A6E3DB}\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{F5735C15-1FB2-41FE-BA12-242757E69DDE} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F5735C15-1FB2-41FE-BA12-242757E69DDE}\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{F8AD5AA5-D966-4667-9DAF-2561D68B2012} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F8AD5AA5-D966-4667-9DAF-2561D68B2012}\ deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{74CC49F7-EB32-4A08-B204-948962A6E3DB} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{74CC49F7-EB32-4A08-B204-948962A6E3DB}\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\AIMPro deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Cmaudio deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Soundmx deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\WeatherOnTray deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Aim6 deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\IncrediMail deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\swg deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\WhenUSave deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Yahoo! Pager deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\DELDIR0.EXE deleted successfully. C:\Documents and Settings\abby gibbs\Start Menu\Programs\Startup\IMVU.lnk moved successfully. Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully. Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&AIM Search\ deleted successfully. Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Search\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{d9288080-1baa-4bc4-9cf8-a92d743db949}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d9288080-1baa-4bc4-9cf8-a92d743db949}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\fccdaww\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages:C:\WINDOWS\system32\jkkKaawu deleted successfully. C:\WINDOWS\System32\VvFgQtwa.ini2 moved successfully. C:\Program Files\temp01 moved successfully. C:\WINDOWS\System32\yostkubw.ini moved successfully. C:\WINDOWS\System32\uoxktifl.ini moved successfully. C:\WINDOWS\System32\jtukfdhd.ini moved successfully. C:\WINDOWS\System32\gxyedhvq.ini moved successfully. C:\WINDOWS\System32\hhehpqat.ini moved successfully. C:\WINDOWS\System32\cdeuoils.ini moved successfully. C:\WINDOWS\System32\ysxocbmd.ini moved successfully. C:\WINDOWS\System32\uagspmii.ini moved successfully. C:\WINDOWS\System32\uwaaKkkj.ini2 moved successfully. C:\WINDOWS\System32\uwaaKkkj.ini moved successfully. C:\WINDOWS\System32\xtfsrgco.ini moved successfully. C:\WINDOWS\System32\ihdppeil.ini moved successfully. C:\WINDOWS\System32\gbxsijyy.ini moved successfully. C:\WINDOWS\System32\ayexoesp.ini moved successfully. C:\WINDOWS\System32\JQrsCJjl.ini2 moved successfully. C:\WINDOWS\System32\uhvsujls.ini moved successfully. C:\WINDOWS\System32\lloXwGgh.ini2 moved successfully. C:\WINDOWS\System32\OUFPstwa.ini2 moved successfully. C:\WINDOWS\System32\ikmnmnnn.ini2 moved successfully. C:\WINDOWS\System32\AKmUBcdd.ini2 moved successfully. C:\WINDOWS\System32\onVxayxx.ini2 moved successfully. C:\WINDOWS\System32\vyxIOqru.ini2 moved successfully. C:\WINDOWS\System32\GgNmnqru.ini2 moved successfully. C:\WINDOWS\System32\cfgOYJjl.ini2 moved successfully. C:\WINDOWS\System32\cfgOYJjl.ini moved successfully. C:\WINDOWS\System32\VuxyyGgh.ini2 moved successfully. C:\WINDOWS\System32\VuxyyGgh.ini moved successfully. C:\WINDOWS\System32\BJihRXbc.ini2 moved successfully. C:\WINDOWS\System32\BJihRXbc.ini moved successfully. C:\WINDOWS\System32\JQrsCJjl.ini moved successfully. C:\WINDOWS\System32\MRT.INI moved successfully. C:\WINDOWS\System32\nebgeuhs.ini moved successfully. C:\WINDOWS\System32\vohncgti.ini moved successfully. C:\WINDOWS\System32\cspftviw.ini moved successfully. C:\WINDOWS\System32\jquwuqvk.ini moved successfully. C:\WINDOWS\System32\httyhiuu.ini moved successfully. C:\WINDOWS\System32\giclotli.ini moved successfully. C:\WINDOWS\System32\nthgwadi.ini moved successfully. C:\WINDOWS\System32\itawsriv.ini moved successfully. C:\WINDOWS\System32\bjybqqmm.ini moved successfully. C:\WINDOWS\System32\wjtejyvy.ini moved successfully. C:\WINDOWS\System32\xbadd.ini moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: abby gibbs File delete failed. C:\Documents and Settings\abby gibbs\Local Settings\Temp\~DFC7E2.tmp scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\abby gibbs\Local Settings\Temp\~DFC7F6.tmp scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\abby gibbs\Local Settings\Temp\~DFC889.tmp scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\abby gibbs\Local Settings\Temp\~DFC89D.tmp scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\abby gibbs\Local Settings\Temp\~DFC9AF.tmp scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\abby gibbs\Local Settings\Temp\~DFC9C3.tmp scheduled to be deleted on reboot. ->Temp folder emptied: 5806916 bytes File delete failed. C:\Documents and Settings\abby gibbs\Local Settings\Temporary Internet Files\Content.IE5\QJXGYV73\iframe[1].htm scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\abby gibbs\Local Settings\Temporary Internet Files\Content.IE5\QJXGYV73\SlowSystem-after-adware-malware-spyware-Vundo-removal-t255897[1].html scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\abby gibbs\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\abby gibbs\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat scheduled to be deleted on reboot. ->Temporary Internet Files folder emptied: 2438061 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 0 bytes ->Apple Safari cache emptied: 33779 bytes User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: LocalService File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot. ->Temp folder emptied: 66016 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: michael gibbs ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->FireFox cache emptied: 0 bytes ->Apple Safari cache emptied: 72321 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 27441187 bytes User: rebecca gibbs User: sarah gibbs %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_4b0.dat scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_7c.dat scheduled to be deleted on reboot. Windows Temp folder emptied: 323203 bytes RecycleBin emptied: 309206 bytes Total Files Cleaned = 34.83 mb OTL by OldTimer - Version 3.0.21.0 log created on 10222009_071557 Files\Folders moved on Reboot... File\Folder C:\Documents and Settings\abby gibbs\Local Settings\Temp\~DFC7E2.tmp not found! File\Folder C:\Documents and Settings\abby gibbs\Local Settings\Temp\~DFC7F6.tmp not found! File\Folder C:\Documents and Settings\abby gibbs\Local Settings\Temp\~DFC889.tmp not found! File\Folder C:\Documents and Settings\abby gibbs\Local Settings\Temp\~DFC89D.tmp not found! File\Folder C:\Documents and Settings\abby gibbs\Local Settings\Temp\~DFC9AF.tmp not found! File\Folder C:\Documents and Settings\abby gibbs\Local Settings\Temp\~DFC9C3.tmp not found! C:\Documents and Settings\abby gibbs\Local Settings\Temporary Internet Files\Content.IE5\QJXGYV73\iframe[1].htm moved successfully. C:\Documents and Settings\abby gibbs\Local Settings\Temporary Internet Files\Content.IE5\QJXGYV73\SlowSystem-after-adware-malware-spyware-Vundo-removal-t255897[1].html moved successfully. C:\Documents and Settings\abby gibbs\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully. File move failed. C:\WINDOWS\temp\Perflib_Perfdata_4b0.dat scheduled to be moved on reboot. File\Folder C:\WINDOWS\temp\Perflib_Perfdata_7c.dat not found! Registry entries deleted on Reboot...

kahdah View Member Profile	Oct 22 2009, 12:04 PM Post #7
GeekU Teacher Posts: 13,547 From: Florida OS: Windows xp,Vista business	Very nice that went well. Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted. When the window appears, underneath Output at the top change it to Minimal Output. Under the Standard Registry box change it to All. Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long. When the scan completes, it will open one notepad window. OTL.Txt a This is saved in the same location as OTL. Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.

katheryn65 View Member Profile	Oct 22 2009, 12:21 PM Post #8
Member Posts: 35 From: NH OS: win xp pro	Glad to hear it is going well i did see that there were more trojans removed, so thats always a good thing.....thank you for helping me with this.. Here is the new log OTL logfile created on: 10/22/2009 2:06:57 PM - Run 3 OTL by OldTimer - Version 3.0.21.0 Folder = C:\Documents and Settings\abby gibbs\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 \| Country: United States \| Language: ENU \| Date Format: M/d/yyyy 223.48 Mb Total Physical Memory \| 53.51 Mb Available Physical Memory \| 23.94% Memory free 722.57 Mb Paging File \| 347.98 Mb Available in Paging File \| 48.16% Paging File free Paging file location(s): c:\pagefile.sys 512 768 [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\WINDOWS \| %ProgramFiles% = C:\Program Files Drive C: \| 38.23 Gb Total Space \| 11.31 Gb Free Space \| 29.57% Space Free \| Partition Type: NTFS Drive D: \| 0.37 Mb Total Space \| 0.00 Mb Free Space \| 0.00% Space Free \| Partition Type: CDFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: GIBBS Current User Name: abby gibbs Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\abby gibbs\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe () PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software) PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software) PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software) PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software) PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software) PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) PRC - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Microsoft Corporation) PRC - C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe (Hewlett-Packard Co.) PRC - C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe (Hewlett-Packard) PRC - C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe (Hewlett-Packard Co.) PRC - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) PRC - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard) PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.) PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.) PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Program Files\Nova Development\Greeting Card Factory Photo Card Maker\ReminderApp.exe () PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation) PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation) PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.) ========== Win32 Services (SafeList) ========== SRV - (Apple Mobile Device [Auto \| Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.) SRV - (aspnet_state [On_Demand \| Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation) SRV - (aswUpdSv [Auto \| Running]) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software) SRV - (avast! Antivirus [Auto \| Running]) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software) SRV - (avast! Mail Scanner [On_Demand \| Running]) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software) SRV - (avast! Web Scanner [On_Demand \| Stopped]) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software) SRV - (clr_optimization_v2.0.50727_32 [On_Demand \| Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (CLTNetCnService [Auto \| Stopped]) -- File not found SRV - (FontCache3.0.0.0 [On_Demand \| Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) SRV - (getPlus® Helper [On_Demand \| Stopped]) -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (NOS Microsystems Ltd.) SRV - (GoogleDesktopManager [On_Demand \| Stopped]) -- File not found SRV - (gusvc [On_Demand \| Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google) SRV - (helpsvc [Auto \| Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation) SRV - (hpqcxs08 [On_Demand \| Running]) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll (Hewlett-Packard Co.) SRV - (hpqddsvc [Auto \| Running]) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll (Hewlett-Packard Co.) SRV - (idsvc [Unknown \| Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation) SRV - (iPod Service [On_Demand \| Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.) SRV - (JavaQuickStarterService [Auto \| Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.) SRV - (Net Driver HPZ12 [Auto \| Running]) -- C:\WINDOWS\System32\HPZinw12.dll (Hewlett-Packard) SRV - (NetTcpPortSharing [Disabled \| Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation) SRV - (Pml Driver HPZ12 [Auto \| Running]) -- C:\WINDOWS\System32\HPZipm12.dll (Hewlett-Packard) SRV - (Viewpoint Manager Service [Auto \| Running]) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation) SRV - (wlidsvc [Auto \| Running]) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) SRV - (WMPNetworkSvc [On_Demand \| Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (Aavmker4 [System \| Running]) -- C:\WINDOWS\System32\drivers\aavmker4.sys (ALWIL Software) DRV - (ALCXWDM [On_Demand \| Stopped]) -- C:\WINDOWS\System32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.) DRV - (aswFsBlk [Auto \| Running]) -- C:\WINDOWS\System32\DRIVERS\aswFsBlk.sys (ALWIL Software) DRV - (aswMon2 [Auto \| Running]) -- C:\WINDOWS\System32\drivers\aswmon2.sys (ALWIL Software) DRV - (aswRdr [On_Demand \| Running]) -- C:\WINDOWS\System32\drivers\aswRdr.sys (ALWIL Software) DRV - (aswSP [System \| Running]) -- C:\WINDOWS\System32\drivers\aswSP.sys (ALWIL Software) DRV - (aswTdi [System \| Running]) -- C:\WINDOWS\System32\drivers\aswTdi.sys (ALWIL Software) DRV - (Cdr4_xp [System \| Running]) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys (Sonic Solutions) DRV - (Cdralw2k [System \| Running]) -- C:\WINDOWS\System32\drivers\cdralw2k.sys (Sonic Solutions) DRV - (cmuda [On_Demand \| Stopped]) -- C:\WINDOWS\System32\drivers\cmuda.sys (C-Media Inc) DRV - (GEARAspiWDM [On_Demand \| Running]) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV - (HPZid412 [On_Demand \| Stopped]) -- C:\WINDOWS\System32\DRIVERS\HPZid412.sys (HP) DRV - (HPZipr12 [On_Demand \| Stopped]) -- C:\WINDOWS\System32\DRIVERS\HPZipr12.sys (HP) DRV - (HPZius12 [On_Demand \| Stopped]) -- C:\WINDOWS\System32\DRIVERS\HPZius12.sys (HP) DRV - (HSF_DP [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\HSFDPSP2.sys (Conexant Systems, Inc.) DRV - (HSFHWBS2 [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\HSFBS2S2.sys (Conexant Systems, Inc.) DRV - (mdmxsdk [Auto \| Running]) -- C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys (Conexant) DRV - (Ptilink [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.) DRV - (PxHelp20 [Boot \| Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions) DRV - (S3Psddr [On_Demand \| Stopped]) -- C:\WINDOWS\System32\DRIVERS\s3gnbm.sys (S3 Graphics, Inc.) DRV - (SASDIFSV [System \| Running]) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASENUM [On_Demand \| Running]) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASKUTIL [System \| Running]) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (Secdrv [Auto \| Running]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) DRV - (SiS315 [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\sisgrp.sys (Silicon Integrated Systems Corporation) DRV - (SiSide [Boot \| Running]) -- C:\WINDOWS\system32\DRIVERS\siside.sys (Silicon Integrated Systems Corp.) DRV - (sisidex [Boot \| Running]) -- C:\WINDOWS\system32\drivers\sisidex.sys (Windows ® 2000 DDK provider) DRV - (SiSkp [System \| Running]) -- C:\WINDOWS\System32\DRIVERS\srvkp.sys (Silicon Integrated Systems Corporation) DRV - (SISNIC [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\sisnic.sys (SiS Corporation) DRV - (sisperf [Boot \| Running]) -- C:\WINDOWS\system32\drivers\sisperf.sys (Silicon Integrated Systems Corp.) DRV - (USBAAPL [On_Demand \| Stopped]) -- C:\WINDOWS\System32\Drivers\usbaapl.sys (Apple, Inc.) DRV - (winachsf [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\HSFCXTS2.sys (Conexant Systems, Inc.) ========== Standard Registry (All) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Use Custom Search URL = 1 IE - HKLM\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - Reg Error: Key error. File not found IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://%69%6e%2e%77%65%62%63%6f%75%6e%74%65%72%2e%63%63/%2d/?%63%78%6c%6f%77 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://%69%6e%2e%77%65%62%63%6f%75%6e%74%65%72%2e%63%63/%2d%2d/?%63%78%6c%6f%77 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultUrl = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,AutoSearch = http://ie.search.msn.com/{SUB_RFC1766}/src...autosearch.aspx IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKCU\..\URLSearchHook: {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll (America Online, Inc.) IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\System32\ieframe.dll (Microsoft Corporation) IE - HKCU\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/10/16 19:28:46 \| 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2008/12/25 13:07:09 \| 00,000,000 \| ---D \| M] [2009/08/20 11:34:23 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\abby gibbs\Application Data\mozilla\Extensions [2009/06/12 16:03:45 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\abby gibbs\Application Data\mozilla\Extensions\mozswing@mozswing.org [2009/08/20 11:34:33 \| 00,000,000 \| ---D \| M] -- C:\Program Files\mozilla firefox\extensions [2008/12/25 13:09:08 \| 00,000,000 \| ---D \| M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [2008/06/17 16:12:42 \| 00,114,688 \| ---- \| M] (Adobe Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\np32dsw.dll [2009/04/19 18:23:12 \| 00,024,683 \| ---- \| M] (Ask.com) -- C:\Program Files\mozilla firefox\plugins\NPAskSBr.dll [2008/12/25 13:07:04 \| 00,410,984 \| ---- \| M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll [2008/06/11 22:45:28 \| 00,103,792 \| ---- \| M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2009/07/11 13:07:04 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2009/07/11 13:07:06 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2009/07/11 13:07:09 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2009/07/11 13:07:10 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2009/07/11 13:07:13 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2009/07/11 13:07:15 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2009/07/11 13:07:16 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2007/04/16 13:07:12 \| 00,180,293 \| ---- \| M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll [2008/08/29 10:01:22 \| 00,106,348 \| ---- \| M] (NOS Microsystems Ltd.) -- C:\Program Files\mozilla firefox\plugins\np_gp.dll O1 HOSTS File: (767 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (AOLSearchHook Class) - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll (America Online, Inc.) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll File not found O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll File not found O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (Microsoft Corporation) O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.) O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software) O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard) O4 - HKLM..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe (Hewlett-Packard) O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.) O4 - HKLM..\Run: [ReminderApp] C:\Program Files\Nova Development\Greeting Card Factory Photo Card Maker\ReminderApp.exe () O4 - HKLM..\Run: [SiSPower] C:\WINDOWS\System32\SiSPower.DLL (Silicon Integrated Systems Corporation) O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe (Microsoft Corporation) O4 - HKCU..\Run: [DW6] C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe (The Weather Channel Interactive, Inc.) O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\LaunchU3.exe.lnk = C:\WINDOWS\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_294823.exe () O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.) O9 - Extra Button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll (Microsoft Corporation) O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) O9 - Extra Button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\System32\winrnr.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation) O12 - Plugin for: .fpx - C:\Program Files\Internet Explorer\PLUGINS\NPRVRT32.dll (iSee Media, Inc.) O12 - Plugin for: .ivr - C:\Program Files\Internet Explorer\PLUGINS\NPRVRT32.dll (iSee Media, Inc.) O16 - DPF: {00000075-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/voxacm.CAB (Reg Error: Key error.) O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file://C:\Program Files\Family Feud 2\Images\stg_drm.ocx (SpinTop DRM Control) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/pub/shock...director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support) O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine) O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photos.walmart.com/WalmartActivia.cab (Snapfish Activia) O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://by106fd.bay106.hotmail.msn.com/resources/MsnPUpld.cab (MSN Photo Upload Tool) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos-beta/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file://C:\Program Files\Home Sweet Home\Images\armhelper.ocx (ArmHelper Control) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object) O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O16 - DPF: PackageCab http://ak.imgag.com/imgag/cp/install/AxCtp2.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1 O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\System32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\System32\inetcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL () O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\System32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\System32\wiascr.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com) O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation) O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation) O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation) O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\System32\dimsntfy.dll (Microsoft Corporation) O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation) O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\WlNotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation) O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation) O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation) O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\System32\stobject.dll (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\System32\webcheck.dll (Microsoft Corporation) O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\System32\WPDShServiceObj.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation) O24 - Desktop Components:0 (My Current Home Page) - About:Home O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation) O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation) O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2003/04/25 17:20:00 \| 00,000,000 \| ---- \| M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: ('autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: (') - File not found O35 - comfile [open] -- "%1" % File not found O35 - exefile [open] -- "%1" %* File not found ========== Files/Folders - Created Within 30 Days ========== [2009/10/17 15:23:37 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2009/10/16 21:03:43 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com [2009/10/17 15:23:55 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\abby gibbs\Application Data\Malwarebytes [2009/10/16 21:02:55 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\abby gibbs\Application Data\SUPERAntiSpyware.com [2009/10/17 13:03:29 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\abby gibbs\Application Data\Windows Desktop Search [2009/10/17 21:09:01 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\abby gibbs\Local Settings\Application Data\ApplicationHistory [2009/10/17 13:09:28 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Common Files\Windows Live [2009/10/16 21:01:56 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Common Files\Wise Installation Wizard [2009/10/17 16:32:58 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Alwil Software [2009/10/17 15:19:26 \| 00,000,000 \| ---D \| C] -- C:\Program Files\ERUNT [2009/10/22 08:12:27 \| 00,000,000 \| ---D \| C] -- C:\Program Files\ESET [2009/10/17 15:23:36 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Malwarebytes' Anti-Malware [2009/10/17 13:05:52 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Microsoft [2009/10/16 21:02:56 \| 00,000,000 \| ---D \| C] -- C:\Program Files\SUPERAntiSpyware [2009/10/17 13:02:02 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Windows Desktop Search [2009/10/22 07:15:57 \| 00,000,000 \| ---D \| C] -- C:\_OTL [2009/10/18 12:53:29 \| 00,521,216 \| ---- \| C] (OldTimer Tools) -- C:\Documents and Settings\abby gibbs\Desktop\OTL.exe [2009/10/18 12:09:43 \| 00,000,000 \| ---D \| C] -- C:\WINDOWS\Minidump [2009/10/18 12:07:00 \| 00,472,064 \| ---- \| C] ( ) -- C:\Documents and Settings\abby gibbs\Desktop\RootRepeal.exe [2009/10/18 10:49:00 \| 00,000,000 \| ---D \| C] -- C:\VundoFix Backups [2009/10/18 10:48:27 \| 00,119,808 \| ---- \| C] (Atribune.org) -- C:\Documents and Settings\abby gibbs\Desktop\VundoFix.exe [2009/10/17 16:33:57 \| 00,023,152 \| ---- \| C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys [2009/10/17 16:33:55 \| 00,052,368 \| ---- \| C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys [2009/10/17 16:33:54 \| 00,027,408 \| ---- \| C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys [2009/10/17 16:33:48 \| 00,097,480 \| ---- \| C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr [2009/10/17 16:33:38 \| 00,020,560 \| ---- \| C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys [2009/10/17 16:33:37 \| 00,114,768 \| ---- \| C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys [2009/10/17 16:33:36 \| 00,094,160 \| ---- \| C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys [2009/10/17 16:33:36 \| 00,093,424 \| ---- \| C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys [2009/10/17 16:33:06 \| 01,279,968 \| ---- \| C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe [2009/10/17 15:23:40 \| 00,038,224 \| ---- \| C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009/10/17 15:23:37 \| 00,019,160 \| ---- \| C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2009/10/17 15:22:29 \| 04,045,536 \| ---- \| C] (Malwarebytes Corporation ) -- C:\Documents and Settings\abby gibbs\Desktop\mbam-setup.exe [2009/10/17 15:20:29 \| 00,000,000 \| ---D \| C] -- C:\WINDOWS\ERDNT [2009/10/17 15:17:36 \| 00,791,393 \| ---- \| C] (Lars Hederer ) -- C:\Documents and Settings\abby gibbs\Desktop\erunt_setup.exe [2009/10/17 15:11:04 \| 00,021,504 \| ---- \| C] (Doug Knox) -- C:\Documents and Settings\abby gibbs\Desktop\SysRestorePoint.exe [2009/10/17 14:50:24 \| 00,271,872 \| ---- \| C] (OldTimer Tools) -- C:\Documents and Settings\abby gibbs\Desktop\TFC.exe [2009/10/17 14:24:18 \| 00,000,000 \| -HSD \| C] -- C:\found.000 [2009/10/17 13:02:01 \| 00,000,000 \| ---D \| C] -- C:\WINDOWS\System32\GroupPolicy [2009/10/17 12:52:43 \| 00,000,000 \| ---D \| C] -- C:\WINDOWS\System32\URTTEMP [2009/10/17 11:12:28 \| 00,407,680 \| ---- \| C] (ALWIL Software) -- C:\Documents and Settings\abby gibbs\Desktop\aswclnr.exe [2009/10/16 20:21:53 \| 00,073,728 \| ---- \| C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl [2009/10/16 20:21:51 \| 00,149,280 \| ---- \| C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2009/10/16 20:21:50 \| 00,145,184 \| ---- \| C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2009/10/16 20:21:50 \| 00,145,184 \| ---- \| C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2009/10/16 20:09:05 \| 00,000,000 \| ---D \| C] -- C:\WINDOWS\Hewlett-Packard [2009/10/16 19:21:07 \| 00,000,000 \| ---D \| C] -- C:\f65b84e2e4240fa90ad618124feac6 [2009/10/16 18:44:56 \| 00,765,952 \| ---- \| C] (Sensaura Ltd) -- C:\WINDOWS\System\crlds3d.dll [2009/10/16 18:44:55 \| 00,712,704 \| ---- \| C] (Sensaura Ltd) -- C:\WINDOWS\System32\dllcache\a3d.dll [2009/10/16 18:44:55 \| 00,712,704 \| ---- \| C] (Sensaura Ltd) -- C:\WINDOWS\System32\Audio3D.dll [2009/10/16 18:44:55 \| 00,712,704 \| ---- \| C] (Sensaura Ltd) -- C:\WINDOWS\System32\a3d.dll [2009/09/23 11:18:08 \| 00,000,000 \| RH-D \| C] -- C:\VProRecovery [2007/01/13 17:54:46 \| 00,774,144 \| ---- \| C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll ========== Files - Modified Within 30 Days ========== [2 C:\Documents and Settings\abby gibbs\My Documents\*.tmp files] [2009/10/22 14:13:01 \| 00,000,438 \| -H-- \| M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{EC38D439-C71D-4634-ABB5-81A502D0690D}.job [2009/10/22 07:24:46 \| 00,012,620 \| ---- \| M] () -- C:\WINDOWS\System32\wpa.dbl [2009/10/22 07:23:59 \| 00,002,519 \| ---- \| M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\LaunchU3.exe.lnk [2009/10/22 07:21:27 \| 00,000,006 \| -H-- \| M] () -- C:\WINDOWS\tasks\SA.DAT [2009/10/22 07:20:24 \| 00,002,048 \| --S- \| M] () -- C:\WINDOWS\bootstat.dat [2009/10/22 07:20:23 \| 23,440,9984 \| -HS- \| M] () -- C:\hiberfil.sys [2009/10/22 05:57:26 \| 23,443,8656 \| ---- \| M] () -- C:\WINDOWS\MEMORY.DMP [2009/10/21 14:20:21 \| 00,001,854 \| ---- \| M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk [2009/10/21 14:16:20 \| 00,291,328 \| ---- \| M] () -- C:\2ivqn74l.exe [2009/10/21 13:03:00 \| 00,000,284 \| ---- \| M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2009/10/18 17:30:24 \| 00,004,625 \| ---- \| M] () -- C:\WINDOWS\imsins.BAK [2009/10/18 17:29:59 \| 00,552,398 \| ---- \| M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2009/10/18 17:29:59 \| 00,463,470 \| ---- \| M] () -- C:\WINDOWS\System32\perfh009.dat [2009/10/18 17:29:59 \| 00,079,012 \| ---- \| M] () -- C:\WINDOWS\System32\perfc009.dat [2009/10/18 12:53:33 \| 00,521,216 \| ---- \| M] (OldTimer Tools) -- C:\Documents and Settings\abby gibbs\Desktop\OTL.exe [2009/10/18 12:07:01 \| 00,472,064 \| ---- \| M] ( ) -- C:\Documents and Settings\abby gibbs\Desktop\RootRepeal.exe [2009/10/18 10:48:28 \| 00,119,808 \| ---- \| M] (Atribune.org) -- C:\Documents and Settings\abby gibbs\Desktop\VundoFix.exe [2009/10/17 16:34:05 \| 00,001,709 \| ---- \| M] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk [2009/10/17 16:33:37 \| 00,002,626 \| ---- \| M] () -- C:\WINDOWS\System32\CONFIG.NT [2009/10/17 16:28:35 \| 38,786,848 \| ---- \| M] () -- C:\Documents and Settings\abby gibbs\Desktop\setupeng.exe [2009/10/17 15:23:44 \| 00,000,696 \| ---- \| M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2009/10/17 15:22:29 \| 04,045,536 \| ---- \| M] (Malwarebytes Corporation ) -- C:\Documents and Settings\abby gibbs\Desktop\mbam-setup.exe [2009/10/17 15:19:29 \| 00,000,611 \| ---- \| M] () -- C:\Documents and Settings\abby gibbs\Desktop\NTREGOPT.lnk [2009/10/17 15:19:29 \| 00,000,592 \| ---- \| M] () -- C:\Documents and Settings\abby gibbs\Desktop\ERUNT.lnk [2009/10/17 15:17:44 \| 00,791,393 \| ---- \| M] (Lars Hederer ) -- C:\Documents and Settings\abby gibbs\Desktop\erunt_setup.exe [2009/10/17 15:11:11 \| 00,021,504 \| ---- \| M] (Doug Knox) -- C:\Documents and Settings\abby gibbs\Desktop\SysRestorePoint.exe [2009/10/17 14:50:28 \| 00,271,872 \| ---- \| M] (OldTimer Tools) -- C:\Documents and Settings\abby gibbs\Desktop\TFC.exe [2009/10/17 13:02:40 \| 00,001,787 \| ---- \| M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk [2009/10/17 12:44:41 \| 00,000,363 \| ---- \| M] () -- C:\Documents and Settings\abby gibbs\Desktop\Microsoft Windows Error Reporting.url [2009/10/17 11:12:34 \| 00,407,680 \| ---- \| M] (ALWIL Software) -- C:\Documents and Settings\abby gibbs\Desktop\aswclnr.exe [2009/10/16 21:52:21 \| 00,001,028 \| ---- \| M] () -- C:\WINDOWS\win.ini [2009/10/16 21:26:58 \| 00,116,839 \| ---- \| M] () -- C:\WINDOWS\hpqins00.dat [2009/10/16 21:21:38 \| 00,001,808 \| ---- \| M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2009/10/16 21:03:08 \| 00,000,780 \| ---- \| M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk [2009/10/16 21:01:03 \| 07,280,672 \| ---- \| M] () -- C:\Documents and Settings\abby gibbs\Desktop\SUPERAntiSpyware.exe [2009/10/02 14:01:57 \| 25,198,016 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe ========== Files - No Company Name ========== [2009/10/21 14:20:21 \| 00,001,854 \| ---- \| C] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk [2009/10/21 14:16:16 \| 00,291,328 \| ---- \| C] () -- C:\2ivqn74l.exe [2009/10/17 16:34:05 \| 00,001,709 \| ---- \| C] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk [2009/10/17 16:33:06 \| 00,380,928 \| ---- \| C] () -- C:\WINDOWS\System32\actskin4.ocx [2009/10/17 16:28:26 \| 38,786,848 \| ---- \| C] () -- C:\Documents and Settings\abby gibbs\Desktop\setupeng.exe [2009/10/17 15:23:44 \| 00,000,696 \| ---- \| C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2009/10/17 15:19:29 \| 00,000,611 \| ---- \| C] () -- C:\Documents and Settings\abby gibbs\Desktop\NTREGOPT.lnk [2009/10/17 15:19:29 \| 00,000,592 \| ---- \| C] () -- C:\Documents and Settings\abby gibbs\Desktop\ERUNT.lnk [2009/10/17 13:15:26 \| 23,440,9984 \| -HS- \| C] () -- C:\hiberfil.sys [2009/10/17 13:02:40 \| 00,001,787 \| ---- \| C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk [2009/10/17 12:44:41 \| 00,000,363 \| ---- \| C] () -- C:\Documents and Settings\abby gibbs\Desktop\Microsoft Windows Error Reporting.url [2009/10/16 21:21:36 \| 00,001,808 \| ---- \| C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2009/10/16 21:10:37 \| 00,116,839 \| ---- \| C] () -- C:\WINDOWS\hpqins00.dat [2009/10/16 21:03:08 \| 00,000,780 \| ---- \| C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk [2009/10/16 21:01:03 \| 07,280,672 \| ---- \| C] () -- C:\Documents and Settings\abby gibbs\Desktop\SUPERAntiSpyware.exe [2009/10/16 18:39:14 \| 00,000,438 \| -H-- \| C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{EC38D439-C71D-4634-ABB5-81A502D0690D}.job [2009/08/30 15:34:40 \| 00,000,000 \| ---- \| C] () -- C:\WINDOWS\ResortingToDanger.INI [2009/08/22 22:22:16 \| 04,318,086 \| -H-- \| C] () -- C:\Documents and Settings\abby gibbs\Local Settings\Application Data\IconCache.db [2008/09/01 19:12:50 \| 00,002,026 \| ---- \| C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log [2008/07/10 15:45:21 \| 00,000,000 \| ---- \| C] () -- C:\WINDOWS\Transmogrifier-1.4.INI [2008/03/06 21:42:33 \| 00,030,254 \| ---- \| C] () -- C:\Documents and Settings\abby gibbs\Application Data\update.log [2008/01/26 07:28:21 \| 00,000,048 \| ---- \| C] () -- C:\WINDOWS\data.ini [2007/09/27 10:51:02 \| 00,020,698 \| ---- \| C] () -- C:\WINDOWS\System32\idxcntrs.ini [2007/09/27 10:48:48 \| 00,030,628 \| ---- \| C] () -- C:\WINDOWS\System32\gsrvctr.ini [2007/09/27 10:48:28 \| 00,031,698 \| ---- \| C] () -- C:\WINDOWS\System32\gthrctr.ini [2007/01/13 18:05:57 \| 00,000,021 \| ---- \| C] () -- C:\WINDOWS\atid.ini [2006/07/17 09:51:39 \| 00,017,920 \| ---- \| C] () -- C:\Documents and Settings\abby gibbs\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2006/07/16 20:31:58 \| 00,017,632 \| ---- \| C] () -- C:\WINDOWS\cdplayer.ini [2006/04/17 13:14:54 \| 00,083,498 \| R--- \| C] () -- C:\WINDOWS\VGAsetup.ini [2006/04/17 13:14:54 \| 00,035,037 \| ---- \| C] () -- C:\WINDOWS\System32\VGAunistlog.ini [2006/04/17 12:53:06 \| 00,139,264 \| ---- \| C] () -- C:\WINDOWS\System32\IDEproperty.dll [2006/04/17 12:52:50 \| 00,156,672 \| ---- \| C] () -- C:\WINDOWS\System32\RTLCPAPI.dll [2006/01/20 14:55:59 \| 00,000,617 \| ---- \| C] () -- C:\WINDOWS\muncher.ini [2006/01/20 13:52:47 \| 00,012,288 \| ---- \| C] () -- C:\WINDOWS\System32\impborl.dll [2006/01/08 14:37:12 \| 00,108,032 \| ---- \| C] () -- C:\WINDOWS\System32\sh33w32.dll [2006/01/07 09:35:16 \| 00,000,047 \| ---- \| C] () -- C:\WINDOWS\STRINGS.INI [2005/12/17 11:25:55 \| 00,000,035 \| ---- \| C] () -- C:\WINDOWS\DAVIDSON.INI [2005/12/17 11:25:55 \| 00,000,028 \| ---- \| C] () -- C:\WINDOWS\KIDPHON.INI [2005/11/20 10:06:30 \| 00,000,023 \| ---- \| C] () -- C:\WINDOWS\Edmark.ini [2005/11/11 11:07:34 \| 00,000,141 \| ---- \| C] () -- C:\WINDOWS\TLCAPPS.INI [2005/10/23 08:23:57 \| 00,000,051 \| ---- \| C] () -- C:\WINDOWS\SSAWDEMO.INI [2005/10/23 08:21:15 \| 00,000,258 \| ---- \| C] () -- C:\WINDOWS\QTW.INI [2005/09/20 19:44:49 \| 00,001,062 \| ---- \| C] () -- C:\WINDOWS\KA.INI [2005/06/16 17:36:32 \| 00,000,000 \| ---- \| C] () -- C:\WINDOWS\SETUP32.INI [2005/06/15 15:53:21 \| 00,063,280 \| ---- \| C] () -- C:\Documents and Settings\abby gibbs\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [2005/05/22 10:34:50 \| 00,000,823 \| ---- \| C] () -- C:\WINDOWS\tsc.ini [2005/05/22 10:34:49 \| 00,071,749 \| ---- \| C] () -- C:\WINDOWS\hcextoutput.dll [2005/05/22 10:33:54 \| 00,000,170 \| ---- \| C] () -- C:\WINDOWS\GetServer.ini [2004/08/03 20:56:46 \| 00,363,520 \| ---- \| C] () -- C:\WINDOWS\System32\psisdecd.dll [2004/07/14 19:15:04 \| 00,000,741 \| ---- \| C] () -- C:\WINDOWS\wininit.ini [2004/07/14 19:14:35 \| 00,000,004 \| ---- \| C] () -- C:\WINDOWS\msoffice.ini [2004/06/23 13:04:28 \| 00,000,000 \| ---- \| C] () -- C:\WINDOWS\MADCCS.INI [2004/06/23 13:04:28 \| 00,000,000 \| ---- \| C] () -- C:\WINDOWS\MADCCF.INI [2004/05/03 17:24:54 \| 00,001,025 \| ---- \| C] () -- C:\WINDOWS\hegames.ini [2004/03/29 17:06:04 \| 00,000,340 \| ---- \| C] () -- C:\WINDOWS\lexstat.ini [2004/03/29 17:06:01 \| 00,328,704 \| ---- \| C] () -- C:\WINDOWS\System32\dosfnt32.dll [2004/03/29 17:06:01 \| 00,163,840 \| ---- \| C] () -- C:\WINDOWS\System32\ldepcl32.dll [2004/02/04 09:38:07 \| 00,000,000 \| ---- \| C] () -- C:\WINDOWS\AutoRun.INI [2004/01/19 11:32:16 \| 00,000,990 \| ---- \| C] () -- C:\WINDOWS\Disney.ini [2003/12/17 21:15:29 \| 00,001,028 \| ---- \| C] () -- C:\WINDOWS\win.ini [2003/12/17 14:01:41 \| 00,063,280 \| ---- \| C] () -- C:\Documents and Settings\abby gibbs\Application Data\GDIPFONTCACHEV1.DAT [2003/09/29 14:53:00 \| 00,000,035 \| ---- \| C] () -- C:\WINDOWS\A5W.INI [2003/09/16 13:15:30 \| 00,000,062 \| -HS- \| C] () -- C:\Documents and Settings\abby gibbs\Application Data\desktop.ini [2003/09/08 21:17:00 \| 00,004,094 \| ---- \| C] () -- C:\WINDOWS\System32\rtcsses.dll [2003/09/08 21:17:00 \| 00,004,094 \| ---- \| C] () -- C:\WINDOWS\System32\dimces.dll [2003/06/24 02:35:09 \| 00,000,482 \| ---- \| C] () -- C:\WINDOWS\ODBC.INI [2003/04/25 18:42:29 \| 00,000,061 \| ---- \| C] () -- C:\WINDOWS\smscfg.ini [2003/04/25 17:42:24 \| 00,001,065 \| ---- \| C] () -- C:\WINDOWS\winamp.ini [2003/04/25 17:41:52 \| 00,000,310 \| ---- \| C] () -- C:\WINDOWS\net2fone.ini [2003/04/25 17:07:15 \| 00,001,094 \| ---- \| C] () -- C:\WINDOWS\System32\oeminfo.ini [2003/04/25 17:07:15 \| 00,000,453 \| ---- \| C] () -- C:\WINDOWS\System32\emver.ini [2003/04/25 17:06:58 \| 00,000,243 \| ---- \| C] () -- C:\WINDOWS\SYSTEM.INI [2003/04/25 10:11:29 \| 00,000,062 \| -HS- \| C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini [2003/02/19 01:26:28 \| 00,028,672 \| ---- \| C] () -- C:\WINDOWS\System32\cmirmdrv.dll [2002/12/10 00:00:00 \| 01,708,032 \| ---- \| C] () -- C:\WINDOWS\System32\MSO97V.DLL [2002/12/10 00:00:00 \| 00,036,864 \| ---- \| C] () -- C:\WINDOWS\System32\DOCOBJ.DLL [2002/12/10 00:00:00 \| 00,032,768 \| ---- \| C] () -- C:\WINDOWS\System32\MSORFS.DLL [1999/07/23 13:46:48 \| 00,000,116 \| ---- \| C] () -- C:\WINDOWS\AuHCcup1.ini [1999/07/23 10:53:20 \| 00,129,536 \| ---- \| C] () -- C:\WINDOWS\AuHCcup1.dll [1997/11/17 18:13:16 \| 00,010,240 \| ---- \| C] () -- C:\WINDOWS\System32\vidx16.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DB44773F @Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B19CC382 @Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:47417312 @Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3D6E82D7 @Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:33384BC0 @Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1B2C4A0E @Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C47E54BB @Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BF3D0EA3 @Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BA05E0C4 @Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AA3339BE @Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:920E58B7 @Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:878F15F1 @Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5D2A2F0A @Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3B00070D @Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2B99FE60 @Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1FA003F9 @Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:16C36E31 @Alternate Data Stream - 97 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D8134D8F @Alternate Data Stream - 97 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8FDE078B @Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D994162E @Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:620EC79A @Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3FD496E1 @Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:275AA066 @Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0AC32449 @Alternate Data Stream - 2628 bytes -> C:\WINDOWS\System32\OEMLOGO.BMP:Q30lsldxJoudresxAaaqpcawXc @Alternate Data Stream - 158 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3B4742F4 @Alternate Data Stream - 150 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C210B4D5 @Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2C321309 @Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AB7FF0C9 @Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F8342E7B @Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:45F31C4F @Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A3E39A49 @Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:65D73220 @Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D09AEE3D @Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E5121D26 @Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1A15C0AF @Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1AD90C3 @Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5313B881 @Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CC0D80AD @Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5D351BC6 @Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F880DE59 @Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D31BE97C @Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C74B70E6 @Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BB0256E7 @Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4DDCE10B @Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:26939499 @Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:03392111 @Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EA5470E8 @Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E71141D2 @Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DCE8F703 @Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7E22C00F @Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:799F5445 @Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6FBD5837 @Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:294A5F28 @Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:28616E30 @Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0C22BA56 @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E106B617 @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D5D1F833 @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CCE90031 @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A07C14AE @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9D5BB34A @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6F99A630 @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6B86037F @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5F280981 @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3BFA9622 @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:395C0D36 @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:25D37F9D @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CB20114 @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:144B593B @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F7120F9A @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D8669B93 @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5EE41602 @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:56486BDA @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3E2343A8 @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:33FB0D9F @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:27AAAD97 @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2430E4FC @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1841A803 @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:105C8D3E @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0FE90888 @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CDDC784F @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:94A4DF77 @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:943E8182 @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8F47E9A6 @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7B89DF83 @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6638AEDF @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4FBA7D5F @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4E2EA264 @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3B3A35EC @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:38091CBB @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:37E0CB70 @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2396CABF @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0EECBA6F @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F52E80AA @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DC1F5FA4 @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D8A7F3FF @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BF0B4A17 @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A6E981A9 @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A4F0E644 @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9D3A7233 @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:97C4F81F @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7B403ABD @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:75A89023 @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2AF596C6 @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0DF61DDA @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0142BC01 @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FA78B902 @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E702DD04 @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9D0CEAB7 @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9BCC8D9F @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8B45EB96 @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8543BABC @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7025E8E7 @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2CC3B9D1 @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2B454E16 @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:27790C06 @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0DFE2AE1 @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05E95A33 @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:01C1407E @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1D597D0 @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D0ED9DB7 @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BDE339B9 @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9E884078 @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:84B1FB12 @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:814B9485 @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7307D080 @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4C0E4E8D @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:42F46912 @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:38E2864F @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:13E7A9FC @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:99963C1E @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:70C0282D @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:575220F6 @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4F50E80F @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4CD05674 @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4B121B40 @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:48429D0E @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:24641E0D @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0C19FC3F @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB9AF090 @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C8019535 @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B243260B @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:913CA408 @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7E6889B0 @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7CB2D3F8 @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:79AC0D92 @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:70A1462A @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6C491D31 @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C270C64 @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F67AAFC5 @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F4F720BA @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E8FA1D03 @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E11ABA64 @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CC81AA95 @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C9478477 @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BF2E2F0E @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9857FAE3 @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:91191703 @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8EC55520 @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:43E0EC8A @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:32CA3B19 @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F1DEA771 @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E943D067 @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E27E39D4 @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E22FF3D0 @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B1FF6C10 @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AFB00961 @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AADC76BA @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A7DA2BCD @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:936CD24D @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:93226FE3 @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6D632CD7 @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:63CFD724 @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4E1E5A60 @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:48FEA089 @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2CDB9CA3 @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FE49EF15 @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D53344E0 @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CE6885F1 @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C70C5141 @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BDB40AA4 @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AE9D0697 @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AB779CF8 @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A6346EE9 @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:98DFF516 @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:97C84299 @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:895CFFA7 @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:833F31B3 @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6B520784 @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5433DBEF @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4F636E25 @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2871B698 @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:10D98D98 @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EC7FF5F9 @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DE74F4A9 @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CA286EFE @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AEC895D8 @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ADBD0C70 @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8E8B5D7 @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7B653AA4 @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:649ABDC5 @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:561B1D2B @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:543CAD1B @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2F99F761 @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2DD00E73 @Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D2648A4D @Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B503DFC8 @Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ADD788AD @Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:98DAC1F7 @Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:94A6C632 @Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:672C5D08 @Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C53D1D2 @Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:483AC68A @Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:38EDA867 @Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:247A9485 @Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:132E98A6 @Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0E684266 @Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F76D01BB @Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E1982A23 @Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DD24DCF8 @Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CE6DC5DD @Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B15F27E2 @Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A5A7CB1B @Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8A0D1C2B @Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:867718D2 @Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:42D7FF24 @Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B7C7BAE @Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C90C4DBA @Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9744B982 @Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7A0EFE63 @Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:644C73AD @Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:33AFD01D @Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3214A283 @Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:24B6E2C7 @Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:14E72C90 @Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07BEA161 @Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EC0A74A1 @Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EA457ABC @Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A561576B @Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7FEA1229 @Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5AB76595 @Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:52641FBE @Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EB170088 @Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E2989574 @Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D4CA4749 @Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CE2795CA @Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C8A0BC27 @Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5F3235B3 @Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2BC498A4 @Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:27A6A257 @Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:260575F1 @Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0E689CAC @Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0DE2EF01 @Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F5B69884 @Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E2F80D1D @Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E1D818F7 @Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:753A0081 @Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6666A16B @Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6520B0F3 @Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5E1404CE @Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:55CC6CC3 @Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:47920A31 @Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:27BABCD8 @Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0BE2307D @Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0551F1FA @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EE83CC97 @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E91ADC66 @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C07A6A6B @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B8953510 @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9B2EDA15 @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:92B0AEE6 @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8ACBDE06 @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6D549BCC @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3C4C57F9 @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:383197E6 @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1F05E220 @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:118DA42D @Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C2D3186E @Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B7C0A73F @Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AA37E770 @Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:551BED5F @Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:32C16177 @Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2EF1B11F @Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2838BE0A @Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:18173A8E @Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1505883A @Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F0762150 @Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E027C556 @Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D9B8E3C6 @Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C9A6CD7C @Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B4CF4C16 @Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:99762419 @Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:65A693A1 @Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:60C47453 @Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:57BF34C6 @Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4072646B @Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FB97DB91 @Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E4F5D824 @Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9884A8C7 @Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:729F5FF8 @Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:723E56EC @Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4862644E @Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3BAD65EA @Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D9092478 @Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D669DCA2 @Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D4B8378D @Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A7C9AD48 @Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9C82FC0D @Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:91DEA808 @Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:85F55C68 @Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7B89E8A0 @Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:79CBD5FF @Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7881FECE @Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:73BF05FF @Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:68F81F4B @Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5979B8CC @Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:455CF8C6 @Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:44EBAA62 @Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2836460B @Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:062AF572 @Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D3EEA250 @Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB16385F @Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C3F61B65 @Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B7A22351 @Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:61E5F0F7 @Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6122E243 @Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C6EBC69 @Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4F96D8E6 @Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4E6B8D68 @Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:482CC303 @Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E3CEEC4C @Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9B285B76 @Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:949483BD @Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:940EEA60 @Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:55119B17 @Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:39A47FAD @Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ED796303 @Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DA50D64F @Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8E864AC @Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8DD623B3 @Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6F3FE688 @Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3D36932D @Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:16E7793D @Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:145EE4E0 @Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:09064307 @Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:017C5853 @Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EF71CAB5 @Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E0E19514 @Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D3CD6049 @Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C720B492 @Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7C3E753C @Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:753B8DFE @Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:604AF115 @Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5E196FE2 @Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5D10517E @Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:590B1A90 @Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3E7180F4 @Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3CD562B4 @Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3BBD95D6 @Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:349CACE5 @Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:276B1630 @Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:17FCBFF6 @Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EA1582F8 @Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D0668210 @Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1E6212E6 @Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0D82FC9D < End of report >

kahdah View Member Profile	Oct 23 2009, 05:23 AM Post #9
GeekU Teacher Posts: 13,547 From: Florida OS: Windows xp,Vista business	Download OTC to your desktop and run it Click Yes to beginning the Cleanup process and remove these components, including this application. You will be asked to reboot the machine to finish the Cleanup process. Choose Yes. ===============Update Java=============== Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update: Download the latest version of Java SE Runtime Environment (JRE) and save it to your desktop. Scroll down to where it says "Java SE Runtime Environment (JRE) 6 Update 16...allows end-users to run Java applications". Click the "Download" button to the right. Select your Platform: "Windows". Select your Language: "Multi-language". Read the License Agreement, and then check the box that says: "Accept License Agreement". Click Continue and the page will refresh. Click on the link to download Windows Offline Installation and save the file to your desktop. Close any programs you may have running - especially your web browser. Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java. Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name. Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions. Reboot your computer once all Java components are removed. Then from your desktop double-click on jre-6u10-windows-i586-p.exe to install the newest version. ======================Clear out infected System Restore points====================== Then we need to reset your System Restore points. The link below shows how to do this. How to Turn On and Turn Off System Restore in Windows XP http://support.microsoft.com/kb/310405/en-us If you are using Vista then see this link: http://www.bleepingcomputer.com/tutorials/...143.html#manual Delete\uninstall anything else that we have used that is leftover. ===================================== After that your all set. The following are some articles and a Windows Update link that I like to suggest to people to prevent malware and general PC maintenance. Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there. Prevention article To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections please read the Prevention artice by Miekiemoes. If your computer is slow Is a tutorial on what you can do if your computer is slow. File sharing program dangers Reasons to stay away from File sharing programs for ex: BitTorrent,Limewire,Kazaa,emule,Utorrent,Limewire etc...

katheryn65 View Member Profile	Oct 24 2009, 03:20 PM Post #10
Member Posts: 35 From: NH OS: win xp pro	Okay, i did what you said, and so far so good, i have used the computer for a day now, several reboots etc. It is pretty slow on booting, however I know it is an older system that has far to much on it. Again it is a friends computer and not mine, so i will leave that up to him to decide what to delete or not. As far as the whole virus issue, i haven't seen one since, and the computer now has protection as well. Thank you so much for all of your help, i really do appreciate it.

kahdah View Member Profile	Oct 24 2009, 04:27 PM Post #11
GeekU Teacher Posts: 13,547 From: Florida OS: Windows xp,Vista business	You are welcome Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. If your the topic starter, and need this topic reopened, please contact me via pm with the address of the thread. Everyone else please begin a New Topic.

kahdah View Member Profile	Oct 24 2009, 04:27 PM Post #12
GeekU Teacher Posts: 13,547 From: Florida OS: Windows xp,Vista business	Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.

« Next Oldest · Virus, Spyware and Trojan Removal · Next Newest »

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Topic Title	Replies / Views	Topic Information
Virus, Spyware and Trojan Removal please malware,spyware,and hardware removal- help needed	0 / 250	26th February 2006 - 08:55 PM the terminator started - last by the terminator
Virus, Spyware and Trojan Removal Trojan.TDSS and hijack removal [Solved] 12	18 / 291	25th July 2009 - 12:04 PM v1jays started - last by handhfan
Virus, Spyware and Trojan Removal malware, spyware, clean up logs [Solved] 12	17 / 334	17th August 2009 - 09:30 AM skada started - last by Transience
Virus, Spyware and Trojan Removal Need Help with malware and virus removal [Solved] 12	17 / 222	26th October 2009 - 04:54 PM ghostz started - last by Rorschach112