Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Artemis! 1EA64E8A7E0F [Solved]

Started by Susan Q , Oct 05 2009 10:00 AM

  • This topic is locked This topic is locked

#1
Susan Q
Posted 05 October 2009 - 10:00 AM

Susan Q

    Member

  • Member
  • PipPip
  • 82 posts
Hi, I'm brand new to Geeks To Go and hope you can help.
I've seen other threads about Artemis, but not the same as mine.
I'm running Windows XP, I've run Malwarebytes, McAfee from Comcast (updated), and SuperAntiSpyWare, and TFC. My windows search function does not find Artemis. The location of the file, as reported by McAfee(listed below), does not exist. I have no C:\System Volume Information file. I've avoided doing a defrag which normally I do regularly.


To be clear .... I am not a "geek" (wish I was) :).
I don't know how to upload files to you. I can, however, follow directions. :)

Any help you can offer will be greatly appreciated.
Thanks
Susan[/font]
Here is what McAfee reports:

Potentially unwanted Program

Detection name: Artemis! 1EA64E8A7E0F

Status: Cannot be completely removed

Items:
File Name: C:\System Volume Information\_restore
{D52EB4E4-AB17-4FDB-8F37-EOB1C6D4A84B}
\RP928\A0128150.exe
s what McAfee reports:[/b]
  • 0

Advertisements

#2
Onaipian
Posted 08 October 2009 - 10:40 AM

Onaipian

    Notepad warrior

  • Retired Staff
  • 2,130 posts
Hello! :) Welcome to GeekstoGo! I'm piano9playa5 and will be assisting you with your malware problems. If you have any questions, ask away! Just a few tips to make things go smoothly:
  • Please be patient. There may be delays in between my posts, as I must check everything with a moderator before posting.
  • Don't run tools you see being used in another topic. Running tools unsupervised can be dangerous.
  • Copy\Paste logs in your replies, rather than attaching them, unless I instruct you to do otherwise. This makes things easier for me, and the moderator looking over this topic.

I need some initial information; please Click Here! and follow the steps given. Remember to Copy\Paste back the MalwareBytes' AntiMalware, RootRepeal, and OTL reports back, as a response to this thread.

If you are unsure how to add a reply to an existing topic, please Click Here! for instructions.


:)
  • 0

#3
Susan Q
Posted 08 October 2009 - 02:06 PM

Susan Q

    Member

  • Topic Starter
  • Member
  • PipPip
  • 82 posts
Piano9Playa5,
First I'd like to thank you for your time and attention to my computer issues.
You at GTG offer so much in the way of time and expertise, that I'm left amazed.

I have spent hours preparing this reply for you. When finished I clicked on "Preview Post" and lost the entire thing. So ...... I begin again.

I believe I've included everything.
Let me know if there is anything else you need.
Again, thank you so very much for your time.
Susan


TFC

Successfully run. Re-boot upon completion.


SYSRESTOREPOINT

UNSUCCESSFUL
When I double click the desktop icon I get a brief (1-2 sec.) box that appears
but then disappears. I get no notification of completion.

Using Win XP System Tools I created new restore point.

ERUNT

UNSUCCESSFUL
Begain installing ERUNT, however, GTG instructions stated:
"4.Say No to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later."
There were no options presented. It would have added to start up file.
I chose to exit setup.

MALWAREBYTES

SUCCESSFUL
Malwarebytes' Anti-Malware 1.41
Database version: 2897
Windows 5.1.2600 Service Pack 3

10/8/2009 1:56:00 PM
mbam-log-2009-10-08 (13-55-43).txt

Scan type: Quick Scan
Objects scanned: 189493
Time elapsed: 10 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


McAFEE

REPORT:
Potentially unwanted Program

Detection name: Artemis! 1EA64E8A7E0F

Status: Cannot be completely removed

Items:
File Name: C:\System Volume Information\_restore
{D52EB4E4-AB17-4FDB-8F37-EOB1C6D4A84B}
\RP928\A0128150.exe


WINDOWS UPDATE

for the update it says
"The feature you are trying to use is on a CD-ROM or other removeable disk
that is not available.

Insert the Microsoft XP Office Professional with FrontPage' disk and click OK"

I'm guessing this was pre-loaded when I purchased from Dell several years ago.
I have tried ever Application Disk I have and none of them work.

It said
"The following updates were not installed
Office XP Service Pack 3"

REBOOT

Although I seem to be running a little better, certainly not
at full potential.

ROOTREPEAL

UNSUCCESSFUL
Downloaded RootRepeal and tried to run it twice with the same result.
information panel on desktop that said "initalizing, please wait..."
With that still showing, window popped up that said "Linksys bitmap not valid"
This 'not valid' window kept repeating over and over ... all windows staying on
desktop overlaying each other. Eventually, I had to reboot.
Upon shut down and re-boot, I get a Windows XP logo which I've not seen before.
Looks legit but is not the usual logo I see.

OTL

SUCCESSFUL
OTL logfile created on: 10/8/2009 2:39:09 PM - Run 1
OTL by OldTimer - Version 3.0.18.4 Folder = C:\Documents and Settings\Owner.SUSANG-HBV7373C\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.00 Mb Total Physical Memory | 117.35 Mb Available Physical Memory | 23.01% Memory free
864.29 Mb Paging File | 460.42 Mb Available in Paging File | 53.27% Paging File free
Paging file location(s): c:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS1 | %ProgramFiles% = C:\Program Files
Drive C: | 70.96 Gb Total Space | 38.95 Gb Free Space | 54.89% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 239.77 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SUSANG-HBV7373C
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS1\Explorer.EXE
PRC - [2008/11/19 10:47:24 | 00,109,056 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2006/10/23 08:50:35 | 00,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
PRC - [2008/11/07 15:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS1\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
PRC - [2009/07/10 00:26:20 | 00,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2009/07/07 19:10:02 | 02,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2009/07/08 11:54:34 | 00,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/08 13:43:40 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2007/05/13 22:54:36 | 00,272,024 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe
PRC - [2005/02/17 12:50:22 | 00,065,536 | ---- | M] () -- C:\WINDOWS1\System32\wltrysvc.exe
PRC - [2005/02/17 12:50:22 | 00,847,983 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS1\System32\bcmwltry.exe
PRC - [2004/02/06 22:56:14 | 00,041,025 | ---- | M] (GEMTEKS) -- C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
PRC - [2004/05/10 05:35:00 | 05,208,576 | ---- | M] (Linksys) -- C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
PRC - [2002/11/23 02:15:00 | 00,631,362 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\iTouch\iTouch.exe
PRC - [2008/02/07 05:18:10 | 01,052,672 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS1\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
PRC - [2007/03/14 21:01:30 | 00,071,216 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
PRC - [2009/02/18 20:56:40 | 00,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/07/10 00:26:20 | 00,645,328 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2002/11/21 09:50:00 | 00,037,888 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\MouseWare\system\em_exec.exe
PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- c:\program files\internet explorer\iexplore.exe
PRC - [2009/07/08 13:11:52 | 00,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- c:\program files\internet explorer\iexplore.exe
PRC - [2009/10/08 14:37:48 | 00,520,704 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.SUSANG-HBV7373C\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2008/11/19 10:47:24 | 00,109,056 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon [Auto | Running])
SRV - [2006/10/23 08:50:35 | 00,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS [Auto | Running])
SRV - [2008/11/07 15:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS1\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [Disabled | Stopped])
SRV - [2008/12/12 12:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Disabled | Stopped])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS1\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [Auto | Running])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS1\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/06/26 10:24:08 | 00,031,592 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus® Helper [On_Demand | Stopped])
SRV - [2008/04/13 20:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS1\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS1\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008/11/20 14:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
SRV - File not found -- -- (KodakCCS [On_Demand | Stopped])
SRV - [2009/07/10 00:26:20 | 00,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc [Auto | Running])
SRV - [2009/07/07 19:10:02 | 02,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc [Auto | Running])
SRV - [2009/07/08 15:15:04 | 00,365,072 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS [On_Demand | Stopped])
SRV - [2009/07/08 11:54:34 | 00,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy [Auto | Running])
SRV - [2009/07/08 13:43:40 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield [Unknown | Running])
SRV - [2009/07/08 13:11:52 | 00,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon [On_Demand | Running])
SRV - [2009/07/10 03:26:42 | 00,894,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService [Disabled | Stopped])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS1\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2007/06/05 14:20:32 | 00,177,704 | ---- | M] () -- C:\WINDOWS1\System32\PSIService.exe -- (ProtexisLicensing [Disabled | Stopped])
SRV - [2007/05/13 22:54:36 | 00,272,024 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe -- (RichVideo [Auto | Running])
SRV - [2005/02/17 12:50:22 | 00,065,536 | ---- | M] () -- C:\WINDOWS1\System32\wltrysvc.exe -- (wltrysvc [Auto | Running])
SRV - File not found -- -- (WMP54Gv4SVC [Auto | Running])
SRV - [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [Disabled | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS1\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS1\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;*.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009/02/18 20:57:30 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS1\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/10/08 14:20:55 | 00,000,000 | ---D | M]


O1 HOSTS File: (734 bytes) - C:\WINDOWS1\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Yahoo! Companion BHO) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_0.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AOL Toolbar Loader) - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL L.L.C.)
O2 - BHO: (FlpLauncher Class) - {4401FDC3-7996-4774-8D2B-C1AE9CD6CC25} - C:\Program Files\E-Book Systems\FlipViewer\fvbho140.dll (E-Book Systems Inc.)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS1\System32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AOL Toolbar BHO) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - Reg Error: Value error. File not found
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL L.L.C.)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_0.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL L.L.C.)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - Reg Error: Value error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_0.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS1\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [Logitech Utility] C:\WINDOWS1\Logi_MwX.Exe (Logitech Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe (Logitech Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &AOL Toolbar Search - C:\Documents and Settings\All Users.WINDOWS1\Application Data\AOL\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: &eBay Search - C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll File not found
O8 - Extra context menu item: &Search - Reg Error: Value error. File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS1\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS1\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS1\System32\rsvpsp.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcaf...01/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase5483.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1253491009156 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1238664729335 (MUWebControl Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcaf...,26/mcgdmgr.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_04)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Garmin Communicator Plug-In https://my.garmin.co...inAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 65.32.5.111 65.32.5.112
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS1\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS1\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop Components:0 () - file:///C:/DOCUME~1/OWNER~1.SUS/LOCALS~1/Temp/msohtml1/01/clip_image001.jpg
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/03 09:59:58 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS1\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

NetSvcs: 6to4 - Service key not found. File not found
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Iprip - Service key not found. File not found
NetSvcs: Irmon - Service key not found. File not found
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: Wmi - C:\WINDOWS1\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: helpsvc - C:\WINDOWS1\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

========== Files/Folders - Created Within 14 Days ==========

[2009/10/02 23:26:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS1\Application Data\Malwarebytes
[2009/10/03 16:30:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS1\Application Data\SaveOurSpirit
[2009/10/02 22:27:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS1\Application Data\SUPERAntiSpyware.com
[2009/10/02 14:15:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.SUSANG-HBV7373C\Application Data\ERS G-Studio
[2009/10/01 00:02:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.SUSANG-HBV7373C\Application Data\FlyWheelGames
[2009/10/06 13:10:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.SUSANG-HBV7373C\Application Data\Magic Academy 2
[2009/10/02 23:26:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.SUSANG-HBV7373C\Application Data\Malwarebytes
[2009/10/02 22:27:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.SUSANG-HBV7373C\Application Data\SUPERAntiSpyware.com
[2009/09/24 20:31:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.SUSANG-HBV7373C\Application Data\TikisLab
[2009/09/29 15:00:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.SUSANG-HBV7373C\Application Data\VampireSaga
[2009/10/02 22:25:21 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2009/10/02 23:26:16 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/10/02 22:12:08 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Windows OneCare Live
[2009/10/02 22:27:29 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/10/08 14:37:36 | 00,520,704 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner.SUSANG-HBV7373C\Desktop\OTL.exe
[2009/10/08 13:34:20 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Owner.SUSANG-HBV7373C\Desktop\erunt_setup.exe
[2009/10/08 13:28:02 | 00,021,504 | ---- | C] (Doug Knox) -- C:\Documents and Settings\Owner.SUSANG-HBV7373C\Desktop\SysRestorePoint.exe
[2009/10/07 08:33:09 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Owner.SUSANG-HBV7373C\Desktop\RootRepeal.exe
[2009/10/03 23:45:05 | 00,271,872 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner.SUSANG-HBV7373C\Desktop\TFC.exe
[2009/10/03 07:50:07 | 00,000,000 | ---D | C] -- C:\3d25495d7d7cd598254f57031786
[2009/10/03 07:45:02 | 00,000,000 | ---D | C] -- C:\0e3ad6349792465a969ca12d137a51
[2009/10/02 23:26:19 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS1\System32\drivers\mbamswissarmy.sys
[2009/10/02 23:26:16 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS1\System32\drivers\mbam.sys
[2009/10/01 08:40:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.SUSANG-HBV7373C\My Documents\Legends1
[2008/10/09 12:06:48 | 00,755,670 | ---- | C] (EasyDuplicateFinder.com ) -- C:\Program Files\easy_duplicate_setup.exe
[2007/12/04 10:49:39 | 00,085,584 | ---- | C] (Big Fish Games) -- C:\Program Files\bigfishgames_p7820233_s1_l1.exe
[2007/12/04 10:30:09 | 00,085,584 | ---- | C] (Big Fish Games) -- C:\Program Files\mystery-case-files-madame-fate_s1_l1_gF2213T1L1_d101037542.exe

========== Files - Modified Within 14 Days ==========

[2009/10/08 14:37:48 | 00,520,704 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.SUSANG-HBV7373C\Desktop\OTL.exe
[2009/10/08 14:33:11 | 00,002,206 | ---- | M] () -- C:\WINDOWS1\System32\wpa.dbl
[2009/10/08 14:32:18 | 00,000,051 | ---- | M] () -- C:\WINDOWS1\iTouch.ini
[2009/10/08 14:32:08 | 00,000,438 | ---- | M] () -- C:\WINDOWS1\tasks\RegCure Program Check.job
[2009/10/08 14:32:04 | 00,000,006 | -H-- | M] () -- C:\WINDOWS1\tasks\SA.DAT
[2009/10/08 14:32:01 | 00,002,048 | --S- | M] () -- C:\WINDOWS1\bootstat.dat
[2009/10/08 13:34:26 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Owner.SUSANG-HBV7373C\Desktop\erunt_setup.exe
[2009/10/08 13:28:03 | 00,021,504 | ---- | M] (Doug Knox) -- C:\Documents and Settings\Owner.SUSANG-HBV7373C\Desktop\SysRestorePoint.exe
[2009/10/08 09:43:17 | 00,001,274 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS1\Desktop\More Great Games.lnk
[2009/10/08 08:45:34 | 00,007,314 | ---- | M] () -- C:\Documents and Settings\Owner.SUSANG-HBV7373C\Desktop\painter me.gif
[2009/10/07 22:40:07 | 00,810,054 | ---- | M] () -- C:\Documents and Settings\Owner.SUSANG-HBV7373C\Desktop\never explain.bmp
[2009/10/07 08:33:21 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Owner.SUSANG-HBV7373C\Desktop\RootRepeal.exe
[2009/10/06 20:00:29 | 00,160,216 | ---- | M] () -- C:\Documents and Settings\Owner.SUSANG-HBV7373C\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/10/06 19:52:40 | 00,086,997 | ---- | M] () -- C:\Documents and Settings\Owner.SUSANG-HBV7373C\Desktop\watermark.jpg
[2009/10/05 11:43:44 | 00,035,384 | ---- | M] () -- C:\Documents and Settings\Owner.SUSANG-HBV7373C\Application Data\wklnhst.dat
[2009/10/05 10:38:26 | 00,001,446 | ---- | M] () -- C:\WINDOWS1\win.ini
[2009/10/05 10:38:26 | 00,000,227 | ---- | M] () -- C:\WINDOWS1\system.ini
[2009/10/05 10:38:26 | 00,000,213 | RHS- | M] () -- C:\boot.ini
[2009/10/03 23:57:51 | 02,108,288 | -H-- | M] () -- C:\Documents and Settings\Owner.SUSANG-HBV7373C\Local Settings\Application Data\IconCache.db
[2009/10/03 23:45:16 | 00,271,872 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.SUSANG-HBV7373C\Desktop\TFC.exe
[2009/10/03 22:47:28 | 00,000,284 | ---- | M] () -- C:\WINDOWS1\tasks\AppleSoftwareUpdate.job
[2009/10/03 19:54:01 | 00,024,064 | ---- | M] () -- C:\Documents and Settings\Owner.SUSANG-HBV7373C\Desktop\Artemis Virus Details.doc
[2009/10/03 08:14:10 | 00,001,374 | ---- | M] () -- C:\WINDOWS1\imsins.BAK
[2009/10/03 08:01:28 | 00,617,256 | ---- | M] () -- C:\WINDOWS1\System32\FNTCACHE.DAT
[2009/10/03 07:57:31 | 00,490,930 | ---- | M] () -- C:\WINDOWS1\System32\PerfStringBackup.INI
[2009/10/03 07:57:31 | 00,434,006 | ---- | M] () -- C:\WINDOWS1\System32\perfh009.dat
[2009/10/03 07:57:31 | 00,068,100 | ---- | M] () -- C:\WINDOWS1\System32\perfc009.dat
[2009/10/01 01:00:00 | 00,000,332 | ---- | M] () -- C:\WINDOWS1\tasks\McQcTask.job

========== Files - No Company Name ==========
[2009/10/08 14:07:29 | 01,089,593 | ---- | C] () -- C:\WINDOWS1\System32\dllcache\ntprint.cat
[2009/10/08 09:43:17 | 00,001,274 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS1\Desktop\More Great Games.lnk
[2009/10/08 08:46:05 | 00,007,314 | ---- | C] () -- C:\Documents and Settings\Owner.SUSANG-HBV7373C\Desktop\painter me.gif
[2009/10/07 22:40:04 | 00,810,054 | ---- | C] () -- C:\Documents and Settings\Owner.SUSANG-HBV7373C\Desktop\never explain.bmp
[2009/10/06 19:53:42 | 00,086,997 | ---- | C] () -- C:\Documents and Settings\Owner.SUSANG-HBV7373C\Desktop\watermark.jpg
[2009/10/03 19:53:50 | 00,024,064 | ---- | C] () -- C:\Documents and Settings\Owner.SUSANG-HBV7373C\Desktop\Artemis Virus Details.doc
[2009/03/24 17:48:02 | 00,004,880 | ---- | C] () -- C:\Documents and Settings\Owner.SUSANG-HBV7373C\Local Settings\Application Data\slot1.mm1
[2009/03/05 00:15:29 | 02,108,288 | -H-- | C] () -- C:\Documents and Settings\Owner.SUSANG-HBV7373C\Local Settings\Application Data\IconCache.db
[2008/03/21 10:57:17 | 00,000,000 | ---- | C] () -- C:\Program Files\temp01
[2006/08/23 07:48:51 | 00,827,024 | ---- | C] () -- C:\Program Files\PhotoGreetingCards.exe
[2006/07/13 08:11:23 | 00,157,856 | ---- | C] () -- C:\Documents and Settings\Owner.SUSANG-HBV7373C\Application Data\GDIPFONTCACHEV1.DAT
[2006/02/07 09:40:48 | 00,015,872 | ---- | C] () -- C:\Documents and Settings\Owner.SUSANG-HBV7373C\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/02/05 14:40:30 | 02,099,080 | ---- | C] () -- C:\Program Files\imginst.exe
[2006/01/18 16:37:29 | 00,035,384 | ---- | C] () -- C:\Documents and Settings\Owner.SUSANG-HBV7373C\Application Data\wklnhst.dat
[2006/01/16 16:44:53 | 12,133,878 | ---- | C] () -- C:\Program Files\fax.exe
[2005/11/01 12:57:44 | 00,160,216 | ---- | C] () -- C:\Documents and Settings\Owner.SUSANG-HBV7373C\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2005/10/08 16:39:35 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Owner.SUSANG-HBV7373C\Application Data\desktop.ini
[2005/10/08 12:22:15 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users.WINDOWS1\Application Data\desktop.ini
[2005/09/22 09:51:41 | 08,840,783 | ---- | C] () -- C:\Program Files\bpspt120.exe

========== LOP Check ==========

[2009/10/03 16:30:34 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users.WINDOWS1\Application Data
[2008/12/28 09:11:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS1\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2008/12/23 19:11:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS1\Application Data\AdventureChronicles1
[2008/12/25 14:26:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS1\Application Data\Alawar Stargaze
[2008/11/06 18:53:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS1\Application Data\ArcSoft
[2008/08/21 15:15:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS1\Application Data\Astar Games
[2009/09/04 13:49:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS1\Application Data\AWEM
[2009/03/27 16:11:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS1\Application Data\blg
[2005/10/08 20:00:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS1\Application Data\BVRP Software
[2009/09/04 15:46:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS1\Application Data\Christmasville
[2008/10/05 16:42:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS1\Application Data\Corel
[2008/10/03 17:40:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS1\Application Data\CyberLink
[2008/02/26 15:39:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS1\Application Data\Eastman Kodak Company
[2009/06/06 15:17:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS1\Application Data\ERS G-Studio
[2008/03/21 11:03:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS1\Application Data\EscapeTheMuseum
[2009/03/24 15:22:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS1\Application Data\Flood Light Games
[2009/03/22 17:15:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS1\Application Data\FloodLightGames
[2009/09/04 10:05:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS1\Application Data\Fugazo
[2008/01/25 12:02:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS1\Application Data\FunGames
[2009/08/13 11:33:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS1\Application Data\Gamers Digital
[2009/06/21 16:14:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS1\Application Data\GAMESHASTRA
[2008/04/29 07:57:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS1\Application Data\Gogii
[2009/06/06 18:02:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS1\Application Data\Gogii Games
[2009/06/08 08:31:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS1\Application Data\Gold Casual Games
[2009/03/26 17:52:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS1\Application Data\HiddenSecretsNightmare
[2009/08/31 21:16:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS1\Application Data\HideAndSecret3
[2009/03/19 13:55:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS1\Application Data\HoverBee Studios
[2009/03/06 14:32:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS1\Application Data\IM
[2009/09/15 15:47:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS1\Application Data\IncrediMail
[2009/05/30 15:57:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS1\Application Data\Intenium
[2009/09/29 13:51:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS1\Application Data\JollyBear
[2008/03/02 12:22:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS1\Application Data\kds_kodak
[2009/09/19 21:22:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS1\Application Data\Merscom
[2005/10/09 09:39:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS1\Application Data\MSN6
[2009/07/26 12:30:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS1\Application Data\MumboJumbo
[2009/03/22 09:35:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS1\Application Data\Mushroom Age
[2009/04/07 06:11:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS1\Application Data\MysteryChronicles
[2009/05/31 15:07:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS1\Application Data\NeptunesAdve
[2009/05/31 19:35:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS1\Application Data\Nick Chase A Detective Story
[2009/08/26 08:23:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS1\Application Data\PlayFirst
[2008/12/23 22:25:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS1\Application Data\PlayPond
[2006/11/24 13:17:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS1\Application Data\PlayTime
[2009/08/16 09:36:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS1\Application Data\PoBros
[2009/08/22 17:27:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS1\Application Data\Princess Isabella
[2005/10/08 18:59:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS1\Application Data\Pure Networks
[2009/04/17 12:45:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS1\Application Data\QuickClick
[2009/04/19 15:00:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS1\Application Data\Redrum
[2009/10/03 16:30:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS1\Application Data\SaveOurSpirit
[2009/06/14 16:15:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS1\Application Data\Slapdash Games
[2009/01/08 12:03:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS1\Application Data\SpecialBit
[2009/05/30 21:00:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS1\Application Data\SpinTop Games
[2009/08/11 18:42:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS1\Application Data\SulusGames
[2009/10/08 10:58:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP
[2009/06/08 17:10:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS1\Application Data\TheRace_dev
[2007/02/08 01:01:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS1\Application Data\Viewpoint
[2009/06/13 22:30:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS1\Application Data\WildWestQuest2
[2009/10/06 13:10:18 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Owner.SUSANG-HBV7373C\Application Data
[2009/08/18 14:54:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.SUSANG-HBV7373C\Application Data\3Stars
[2009/03/23 09:59:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.SUSANG-HBV7373C\Application Data\Abra Academy2
[2008/05/14 11:20:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.SUSANG-HBV7373C\Application Data\acccore
[2009/07/04 17:43:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.SUSANG-HBV7373C\Application Data\Aisle 5 Games, Inc
[2008/11/22 11:49:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.SUSANG-HBV7373C\Application Data\Arcsoft
[2009/06/12 13:02:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.SUSANG-HBV7373C\Application Data\Artogon
[2009/05/30 11:54:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.SUSANG-HBV7373C\Application Data\Azuaz Games
[2009/09/05 11:45:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.SUSANG-HBV7373C\Application Data\Big Fish Games
[2009/03/27 16:11:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.SUSANG-HBV7373C\Application Data\blg
[2008/01/25 15:49:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.SUSANG-HBV7373C\Application Data\BloodTies
[2009/03/06 20:11:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.SUSANG-HBV7373C\Application Data\BrandX Games
[2008/12/28 20:47:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.SUSANG-HBV7373C\Application Data\Cat's Eye Games
[2009/05/31 19:08:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.SUSANG-HBV7373C\Application Data\cerasus.media
[2009/10/03 10:28:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.SUSANG-HBV7373C\Application Data\Comcast
[2008/10/05 17:13:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.SUSANG-HBV7373C\Application Data\Corel
[2008/10/03 17:40:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.SUSANG-HBV7373C\Application Data\CyberLink
[2009/04/18 16:19:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.SUSANG-HBV7373C\Application Data\Dragon Altar Games
[2008/10/09 10:55:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.SUSANG-HBV7373C\Application Data\duplicate-file-finder.com
[2008/11/22 14:48:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.SUSANG-HBV7373C\Application Data\EBookSys
[2009/08/06 14:59:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.SUSANG-HBV7373C\Application Data\Enlightenus
[2009/10/02 14:15:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.SUSANG-HBV7373C\Application Data\ERS G-Studio
[2009/03/19 13:41:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.SUSANG-HBV7373C\Application Data\FairyTale
[2009/03/24 15:22:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.SUSANG-HBV7373C\Application Data\Flood Light Games
[2009/03/22 17:15:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.SUSANG-HBV7373C\Application Data\FloodLightGames
[2009/10/01 00:02:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.SUSANG-HBV7373C\Application Data\FlyWheelGames
[2009/01/10 18:46:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.SUSANG-HBV7373C\Application Data\ForgottenRiddles
[2009/08/23 13:28:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.SUSANG-HBV7373C\Application Data\ForgottenRiddles2
[2009/04/19 08:36:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.SUSANG-HBV7373C\Application Data\Friday's games
[2009/09/22 22:47:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.SUSANG-HBV7373C\Application Data\funkitron
[2009/07/26 20:11:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.SUSANG-HBV7373C\Application Data\GameInvest
[2009/08/13 11:33:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.SUSANG-HBV7373C\Application Data\Gamers Digital
[2009/07/26 16:13:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.SUSANG-HBV7373C\Application Data\Games
[2009/06/21 16:14:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.SUSANG-HBV7373C\Application Data\GAMESHASTRA
[2009/03/30 11:20:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.SUSANG-HBV7373C\Application Data\GARMIN
[2009/06/06 18:02:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.SUSANG-HBV7373C\Application Data\Gogii Games
[2009/06/08 08:31:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.SUSANG-HBV7373C\Application Data\Gold Casual Games
[2009/04/19 13:29:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.SUSANG-HBV7373C\Application Data\HiT-MM
[2009/08/31 20:06:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.SUSANG-HBV7373C\Application Data\HSA
[2009/06/06 16:54:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.SUSANG-HBV7373C\Application Data\IOMediaSupport6SZZ001s
[2009/06/05 12:50:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.SUSANG-HBV7373C\Application Data\IronCode
[2009/06/05 14:35:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.SUSANG-HBV7373C\Application Data\Island
[2009/03/27 15:14:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.SUSANG-HBV7373C\Application Data\Jetsetter
[2009/03/24 10:45:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.SUSANG-HBV7373C\Application Data\JoyBits
[2005/10/11 18:27:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.SUSANG-HBV7373C\Application Data\Kaczynski Software
[2005/10/15 14:30:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.SUSANG-HBV7373C\Application Data\Leadertech
[2009/03/16 11:09:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.SUSANG-HBV7373C\Application Data\Lost in the City
[2009/08/21 15:55:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.SUSANG-HBV7373C\Application Data\MA
[2009/03/27 19:07:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.SUSANG-HBV7373C\Application Data\Magic Academy
[2009/10/06 13:10:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.SUSANG-HBV7373C\Application Data\Magic Academy 2
[2009/08/27 09:42:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.SUSANG-HBV7373C\Application Data\MBT
[2009/06/08 08:26:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.SUSANG-HBV7373C\Application Data\Meridian93
[2009/09/19 21:22:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.SUSANG-HBV7373C\Application Data\Merscom
[2009/10/05 16:01:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.SUSANG-HBV7373C\Application Data\Move Networks
[2007/12/04 09:51:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.SUSANG-HBV7373C\Application Data\MSN6
[2009/03/20 14:41:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.SUSANG-HBV7373C\Application Data\MysteryStudio
[2007/09/21 10:40:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.SUSANG-HBV7373C\Application Data\Netscape
[2009/06/01 16:07:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.SUSANG-HBV7373C\Application Data\Pirateville
[2009/08/26 08:23:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.SUSANG-HBV7373C\Application Data\PlayFirst
[2009/08/16 09:36:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.SUSANG-HBV7373C\Application Data\PoBros
[2008/12/27 17:34:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.SUSANG-HBV7373C\Application Data\Pogo Games
[2009/01/31 14:08:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.SUSANG-HBV7373C\Application Data\RobinsonCrusoe
[2009/06/12 11:27:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.SUSANG-HBV7373C\Application Data\SecretIslandEng
[2009/03/06 19:00:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.SUSANG-HBV7373C\Application Data\SerpentOfIsis
[2009/06/01 09:57:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.SUSANG-HBV7373C\Application Data\Shape games
[2009/08/05 09:52:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.SUSANG-HBV7373C\Application Data\she_is_a_shadow
[2008/11/06 19:28:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.SUSANG-HBV7373C\Application Data\Skinux
[2009/04/16 18:34:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.SUSANG-HBV7373C\Application Data\Skunk Studios
[2009/06/06 16:54:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.SUSANG-HBV7373C\Application Data\Spinapse
[2009/06/06 13:35:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.SUSANG-HBV7373C\Application Data\SprillBermudeEng
[2009/08/31 16:07:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.SUSANG-HBV7373C\Application Data\SprillRichiEng
[2009/06/15 12:37:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.SUSANG-HBV7373C\Application Data\Sudden Games
[2009/04/18 17:28:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.SUSANG-HBV7373C\Application Data\SultansLabyrinth
[2009/08/11 18:42:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.SUSANG-HBV7373C\Application Data\SulusGames
[2009/06/06 16:54:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.SUSANG-HBV7373C\Application Data\Suspects and Clues Players
[2009/06/06 16:54:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.SUSANG-HBV7373C\Application Data\Suspects and Clues Prefs
[2009/06/08 17:34:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.SUSANG-HBV7373C\Application Data\TheScruffs
[2009/09/24 20:31:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.SUSANG-HBV7373C\Application Data\TikisLab
[2009/06/15 13:25:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.SUSANG-HBV7373C\Application Data\TMInc
[2009/06/02 16:40:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.SUSANG-HBV7373C\Application Data\Twintale Entertainment
[2009/04/17 14:22:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.SUSANG-HBV7373C\Application Data\Ubisoft
[2009/09/29 15:00:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.SUSANG-HBV7373C\Application Data\VampireSaga
[2009/07/11 10:38:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.SUSANG-HBV7373C\Application Data\V-Games
[2007/02/08 01:01:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.SUSANG-HBV7373C\Application Data\Viewpoint
[2009/06/06 13:32:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.SUSANG-HBV7373C\Application Data\ViquaSoft
[2008/06/23 11:16:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.SUSANG-HBV7373C\Application Data\WholeSecurity
[2005/10/08 19:01:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.SUSANG-HBV7373C\Application Data\You've Got Pictures Screensaver
[2009/10/03 22:47:28 | 00,000,284 | ---- | M] () -- C:\WINDOWS1\Tasks\AppleSoftwareUpdate.job
[2003/07/16 16:36:49 | 00,000,065 | RH-- | M] () -- C:\WINDOWS1\Tasks\desktop.ini
[2009/01/15 02:00:00 | 00,000,342 | ---- | M] () -- C:\WINDOWS1\Tasks\McDefragTask.job
[2009/10/01 01:00:00 | 00,000,332 | ---- | M] () -- C:\WINDOWS1\Tasks\McQcTask.job
[2009/10/08 14:32:08 | 00,000,438 | ---- | M] () -- C:\WINDOWS1\Tasks\RegCure Program Check.job
[2009/05/21 03:00:01 | 00,000,372 | ---- | M] () -- C:\WINDOWS1\Tasks\RegCure.job
[2009/10/08 14:32:04 | 00,000,006 | -H-- | M] () -- C:\WINDOWS1\Tasks\SA.DAT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2005/12/05 23:27:53 | 00,010,920 | ---- | M] () -- C:\aolconnfix.exe

< %systemroot%\system32\eventlog.dll >
[2008/04/13 20:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS1\system32\eventlog.dll

< %systemroot%\system32\scecli.dll >
[2008/04/13 20:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS1\system32\scecli.dll

< %systemroot%\netlogon.dll >

< %systemroot%\system32\cngaudit.dll >

< %systemroot%\system32\sceclt.dll >

< %systemroot%\ntelogon.dll >

< %systemroot%\system32\logevent.dll >

========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:F7061E5F
@Alternate Data Stream - 97 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:1316EAD4
@Alternate Data Stream - 97 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:0C5AF2AA
@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:ED810E46
@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:89E1BAF5
@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:ECCE99EF
@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:52641FBE
@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:2E49D185
@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:19F08842
@Alternate Data Stream - 94 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:51E1A4D8
@Alternate Data Stream - 221 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:CB16385F
@Alternate Data Stream - 220 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:C22674B6
@Alternate Data Stream - 218 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:F2C20CE5
@Alternate Data Stream - 218 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:D31BE97C
@Alternate Data Stream - 217 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:5EF1AD34
@Alternate Data Stream - 214 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:870649A4
@Alternate Data Stream - 214 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:70E897B5
@Alternate Data Stream - 213 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:5E9B629B
@Alternate Data Stream - 212 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:3C5ABDC7
@Alternate Data Stream - 211 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:DFC3B090
@Alternate Data Stream - 211 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:8401B6D5
@Alternate Data Stream - 211 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:2871B698
@Alternate Data Stream - 209 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:7B52659E
@Alternate Data Stream - 205 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:51F17BB8
@Alternate Data Stream - 203 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:A7DA2BCD
@Alternate Data Stream - 202 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:E32966C0
@Alternate Data Stream - 201 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:260575F1
@Alternate Data Stream - 200 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:A3B8F70C
@Alternate Data Stream - 199 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:090FB735
@Alternate Data Stream - 198 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:9398DBB4
@Alternate Data Stream - 195 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:28CDD861
@Alternate Data Stream - 194 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:78E0DF72
@Alternate Data Stream - 194 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:5D351BC6
@Alternate Data Stream - 193 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:B904C348
@Alternate Data Stream - 170 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:1A6AFE3D
@Alternate Data Stream - 164 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:D1361E51
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:E7B4296D
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:E14FA16F
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:2D0C22DC
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:4EFDF5FB
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:7FCB9D0D
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:EF5B3572
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:D055FC10
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:B2CD146E
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:90865A6D
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:27D1368B
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:F84B8DB5
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:EC2381A4
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:569CEE83
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:409A775B
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:2BC498A4
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:D1D597D0
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:0E684AC9
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:D2C57161
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:ADE67221
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:55F44B88
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:5025C6E4
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:C928F3BE
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:B2735F9E
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:97C4F81F
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:8999FD56
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:B4980368
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:9B9B0020
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:737160C1
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:225CD7D5
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:F33C37D5
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:69D59C23
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:69AF9D20
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:3FD496E1
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:0AC32449
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:FC4EA67C
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:BDCD8531
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:A58B27C9
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:A3251D01
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:943E8182
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:848CC150
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:6E86D926
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:3E06C78F
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:2D1AE3BE
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:22313216
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:072F1F69
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:E945C214
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:E7B49FBF
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:CEF2A14E
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:7CEDF9F3
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:101708D3
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:0656FCD2
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:D48500F8
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:7A0FEE87
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:6425A235
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:6352F3F9
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:5C6EBC69
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:3B812EE0
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:FD000392
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:7AA6FC81
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:55BB2521
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:523B97A0
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:22786385
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:13AA281B
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:E80802C7
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:DE47A3DA
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:CC073296
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:BF2E2F0E
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:96C9689F
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:7C412B92
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:60C897F3
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:5D17C178
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:F1DEA771
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:ED2998F5
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:CD9109D4
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:BA05E0C4
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:A56D6987
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:A4F63AED
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:A2865730
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:63CFD724
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:C63E7DE2
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:98DFF516
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:8DF68137
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:8944C195
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:620EC79A
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:1C6CB897
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:EB40BC91
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:D46ECFD5
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:9BFB769D
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:90D89144
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:5345C8F6
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:2F6462DF
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:270A3983
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:0D278FB5
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:C36B1175
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:7FD903D7
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:55E3C0E0
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:4673E9EA
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:275AA066
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:086DE893
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:53DF59D1
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:FC2D0F32
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:D507B5A8
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:4DCAC4BC
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:43301D1D
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:0DAD93FF
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:EC0A74A1
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:E3CEEC4C
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:C0A9D0E7
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:BD9F7E4E
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:AC83EA04
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:7CA7BED1
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:3539CD43
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:2E0B7D8A
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:1F67CD26
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:1ECB9265
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:0D3CE40A
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:C8E82994
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:7881FECE
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:315B4A13
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:24FECE50
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:067F588D
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:F42B5B0E
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:598E0FFA
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:0F0A5896
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:0ED4AC2F
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:07241935
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:DF0BC727
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:D92485C9
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:61AF2B29
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:40D8F125
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:1F4329D4
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:1A5207FA
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:0F38F234
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:918B7566
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:90B52091
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:7A0EFE63
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:6710EF08
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:4FE30352
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:4CF76F21
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:00D5EBC2
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:F3EFA8A8
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:EEB25EAE
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:7776B809
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:561B1D2B
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:45F3AD49
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:3313A48D
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:FB97DB91
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:EE39C93C
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:E717F65C
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:D0668210
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:B845F669
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:95970EA3
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:E91ADC66
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:BB71BBA2
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:85C3B823
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:3C282BEA
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:938EC881
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:55E1514E
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:551BED5F
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:3095C3B0
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:11E79CC9
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:E5294695
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:7547DA5B
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:4FE42FFC
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:1B927722
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:FDDD8917
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:C07A6A6B
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:9DF07E8F
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:60A4BB64
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:43982D5E
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:3D36932D
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:A296A63F
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:54D5DB8A
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:31106FCB
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:FC8FFA4E
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:E5F85065
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP:CF61CE5A
< End of report >






OTL Extras logfile created on: 10/8/2009 2:39:16 PM - Run 1
OTL by OldTimer - Version 3.0.18.4 Folder = C:\Documents and Settings\Owner.SUSANG-HBV7373C\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.00 Mb Total Physical Memory | 117.35 Mb Available Physical Memory | 23.01% Memory free
864.29 Mb Paging File | 460.42 Mb Available in Paging File | 53.27% Paging File free
Paging file location(s): c:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS1 | %ProgramFiles% = C:\Program Files
Drive C: | 70.96 Gb Total Space | 38.95 Gb Free Space | 54.89% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 239.77 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SUSANG-HBV7373C
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS1\hh.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "C:\WINDOWS1\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\America Online 9.0d\waol.exe" = C:\Program Files\America Online 9.0d\waol.exe:*:Enabled:America Online 9.0d -- File not found
"C:\Program Files\IncrediMail\bin\IMApp.exe" = C:\Program Files\IncrediMail\bin\IMApp.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)
"C:\Program Files\IncrediMail\bin\IncMail.exe" = C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)
"C:\Program Files\IncrediMail\bin\ImpCnt.exe" = C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)
"C:\WINDOWS1\system32\LEXPPS.EXE" = C:\WINDOWS1\system32\LEXPPS.EXE:*:Enabled:LEXPPS.EXE -- File not found
"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe" = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe:*:Enabled:backWeb-7288971 -- File not found
"C:\WINDOWS1\system32\fxsclnt.exe" = C:\WINDOWS1\system32\fxsclnt.exe:*:Enabled:Microsoft Fax Console -- (Microsoft Corporation)
"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe" = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater -- File not found
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- (Eastman Kodak Company)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL Connectivity Service Dialer -- (AOL LLC)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL Connectivity Service -- (AOL LLC)
"C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe" = C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed -- (AOL LLC)
"C:\Program Files\Common Files\AOL\1128812311\EE\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1128812311\EE\aolsoftware.exe:*:Enabled:AOL Shared Components -- File not found
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\AOL 9.1\waol.exe" = C:\Program Files\AOL 9.1\waol.exe:*:Enabled:AOL -- (AOL, LLC.)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\Common Files\AOL\System Information\sinf.exe" = C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL System Information -- (AOL LLC)
"D:\CDS\Nero\Installation\SetupX.exe" = D:\CDS\Nero\Installation\SetupX.exe:*:Enabled:Nero ProductSetup -- File not found
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\IncrediMail\bin\ImLc.exe" = C:\Program Files\IncrediMail\bin\ImLc.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- (McAfee, Inc.)
"C:\Program Files\Magentic\bin\MgImp.exe" = C:\Program Files\Magentic\bin\MgImp.exe:*:Enabled:Magentic -- File not found
"C:\Program Files\Magentic\bin\Magentic.exe" = C:\Program Files\Magentic\bin\Magentic.exe:*:Enabled:Magentic -- File not found
"C:\Program Files\Magentic\bin\MgApp.exe" = C:\Program Files\Magentic\bin\MgApp.exe:*:Enabled:Magentic -- File not found
"C:\Program Files\Internet Explorer\iexplore.exe" = C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{007B37D9-0C45-4202-834B-DD5FAAE99D63}" = ArcSoft Print Creations - Slimline Card
"{036AA4D4-6D32-11D4-9875-00105ACE7734}" = Logitech iTouch Software
"{04410044-9149-45C6-A806-F2BF9CFCE762}" = Microsoft Encarta Encyclopedia Standard 2004
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{218F4044-888B-4D2B-9536-654E412C8F53}" = Design & Print, Business Edition
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{318AB667-3230-41B5-A617-CB3BF748D371}" = iTunes
"{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{33BEE6F3-9987-4F98-A069-97A64EC8321A}" = Microsoft Works Suite Add-in for Microsoft Word
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C569633-C8DE-46E2-BB8F-F65198681C2F}" = Corel MediaOne
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{4DDC3BED-CC68-44AA-B435-D727B620CA5B}" = Linksys Wireless-G PCI Adapter
"{52CB9287-0F7A-43E8-AC64-8D20D2D7B601}" = Windows XP Creativity Fun Packs - Player Visualizations
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{55937F00-A69B-4049-8D3A-1C7729742B6F}" = BUM
"{56589DFE-0C29-4DFE-8E42-887B771ECD23}" = ArcSoft Print Creations - Photo Book
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5809E7CF-4DCF-11D4-9875-00105ACE7734}" = Logitech MouseWare 9.75
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{6179550A-3E7C-499E-BCC9-9E8113E0A285}" = LG ODD Auto Firmware Update
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{64E72FB1-2343-4977-B4A8-262CD53D0BD3}" = Corel Paint Shop Pro Photo X2
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6DA9102E-199F-43A0-A36B-6EF48081A658}" = MobileMe Control Panel
"{707EB912-C597-49D8-9460-46CC9AB03EBE}" = Corel Painter Photo Essentials 4
"{747A6A10-DA58-48C2-A1F0-C15514419C8A}" = Hallmark Card Studio 2008
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110157578}" = Oberon Games Fix For AOL Security Center
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111232687}" = Ocean Express
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111715607}" = The Poppit! Show
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113556197}" = Stone of Destiny
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{89B078C4-50B0-453E-BF53-3A7E6A0D85FA}" = Windows Support Tools
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver
"{8BBF6DFD-0AD9-43A7-9FBD-BF065E3866AF}" = URGE
"{8D03A164-B586-4318-AFE6-870A5E2739C1}" = PHOTORECOVERY LE
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{911B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{9591C049-5CAE-4E89-A8D9-191F1899628B}" = ArcSoft Print Creations - Funhouse
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4D7B764-4140-11D4-88EB-0050DA3579C0}" = Nero - Burning Rom
"{A6B73DD7-D279-49AE-B99A-FA9AF6045734}" = FlipAlbum 5.5 Suite
"{A7FEAFD3-A58A-49FA-9717-5ED86A4A19C7}" = OptiPix Pro
"{AA5D7261-206E-474A-90CC-FC7999F585A0}" = FlipViewer 4.2.1
"{ABE068DF-8DC4-4947-ABFC-DD2B40850225}" = SFR2
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B0D83FCD-9D42-43ED-8315-250326AADA02}" = ArcSoft Print Creations - Scrapbook
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B9966F27-9678-4620-9579-925E3084647E}" = Microsoft Works
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C0031D6A-5160-4816-9B84-A37DE529C4BF}" = IncrediMail
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2FEC453-40B1-414A-86B6-A9744190C2A1}" = KazStamp
"{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar
"{CAE8A0F1-B498-4C23-95FA-55047E730C8F}" = ArcSoft Print Creations
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus®
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}" = Windows Resource Kit Tools - SubInAcl.exe
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DBA8B9E1-C6FF-4624-9598-73D3B41A0903}" = Microsoft Picture It! Photo Premium 9
"{E6B4117F-AC59-4B13-9274-EB136E8897EE}" = ArcSoft Print Creations - Album Page
"{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}" = tooltips
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{F04F9557-81A9-4293-BC49-2C216FA325A7}" = ArcSoft Print Creations - Greeting Card
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F3BF1670-5541-45A2-AFD3-2AA2E9754EEE}" = Microsoft Picture It! Publishing Silver 2001
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F958CA02-BB40-4007-894B-258729456EE4}" = QuickTime
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"Adobe Type Manager 4.0" = Adobe Type Manager 4.0
"AOL Toolbar" = AOL Toolbar
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"BFG-Adventure Chronicles - The Search for Lost Treasure" = Adventure Chronicles: The Search for Lost Treasure
"BFG-Agatha Christie - Peril at End House" = Agatha Christie: Peril at End House
"BFG-Arabesque" = Arabesque
"BFG-Azada" = Azada (remove only)
"BFG-Azada - Ancient Magic" = Azada ™: Ancient Magic
"BFGC" = Big Fish Games Client
"BFG-Drawn - The Painted Tower" = Drawn: The Painted Tower ™
"BFG-Enlightenus" = Enlightenus
"BFG-Forgotten Riddles - The Moonlight Sonatas" = Forgotten Riddles: The Moonlight Sonatas
"BFG-G.H.O.S.T Chronicles - Phantom of the Renaissance Faire" = G.H.O.S.T Chronicles: Phantom of the Renaissance Faire
"BFG-Haunted Hotel" = Haunted Hotel
"BFG-Haunted Hotel II - Believe the Lies" = Haunted Hotel II: Believe the Lies
"BFG-Hidden Expedition - Titanic" = Hidden Expedition: Titanic™
"BFG-Margrave Manor 2 - The Lost Ship" = Margrave Manor 2: The Lost Ship
"BFG-Mystery Age - The Imperial Staff" = Mystery Age: The Imperial Staff
"BFG-Mystery Case Files - Madame Fate" = Mystery Case Files: Madame Fate
"BFG-Mystery Case Files - Prime Suspects" = Mystery Case Files: Prime Suspects (remove only)
"BFG-Mystery Case Files - Ravenhearst" = Mystery Case Files: Ravenhearst (remove only)
"BFG-Mystery Case Files - Return to Ravenhearst" = Mystery Case Files: Return to Ravenhearst ™
"BFG-Mystery of Unicorn Castle" = Mystery of Unicorn Castle
"BFG-Mystery P.I. - The Vegas Heist" = Mystery P.I.: The Vegas Heist
"BFG-Nancy Drew Dossier - Lights, Camera Curses" = Nancy Drew Dossier: Lights, Camera, Curses
"BFG-Nancy Drew Dossier - Resorting to Danger" = Nancy Drew Dossier: Resorting to Danger
"BFG-Princess Isabella - A Witch's Curse" = Princess Isabella: A Witch's Curse
"BFG-PuppetShow - Mystery of Joyville" = PuppetShow: Mystery of Joyville ™
"BFG-Save Our Spirit" = Save Our Spirit
"BFG-The Lost Cases of Sherlock Holmes" = The Lost Cases of Sherlock Holmes
"BFG-The Secret of Margrave Manor" = The Secret of Margrave Manor
"BFG-The Sultans Labyrinth" = The Sultan's Labyrinth
"BFG-Treasure Masters" = Treasure Masters
"BFG-Val`Gor - Dark Lord of Magic" = Val`Gor - Dark Lord of Magic
"BFG-Vampire Saga - Pandora's Box" = Vampire Saga: Pandora's Box
"BFG-World Mosaics" = World Mosaics
"BFG-World Mosaics 2" = World Mosaics 2
"Broadcom 802.11 Application" = Broadcom Wireless Utility
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
"FlipViewer" = FlipViewer 2.2.5
"Hanes® T-ShirtMaker®" = Hanes® T-ShirtMaker®
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"ImageSkill Background Remover 3" = ImageSkill Background Remover 3
"IncrediMail" = IncrediMail 2.0
"Intel® 537EP V9x DF PCI Modem" = Intel® 537EP V9x DF PCI Modem
"LiveUpdate" = LiveUpdate 1.90 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Picture It! Express" = Microsoft Picture It! Express 2.0
"MSC" = McAfee SecurityCenter
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Music Assistant" = MSN Music Assistant
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PictureIt_v9" = Microsoft Picture It! Photo Premium 9
"RealPlayer 6.0" = RealPlayer
"RegCure" = RegCure 1.5.0.1
"Shockwave" = Shockwave
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"ST5UNST #1" = FaxDrive
"TweakNow RegCleaner_is1" = TweakNow RegCleaner
"ViewpointMediaPlayer" = Viewpoint Media Player
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Works2004Setup" = Microsoft Works 2004 Setup Launcher
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XCalShopDeinstKey" = Calendar Shop
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{9863F141-7A33-4c9a-A5F2-96996461B216}" = KODAK EASYSHARE Gallery Easy Upload, v2.0
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/6/2009 9:13:24 AM | Computer Name = SUSANG-HBV7373C | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x00006400.

Error - 5/6/2009 9:13:32 AM | Computer Name = SUSANG-HBV7373C | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.

Error - 5/18/2009 6:53:35 PM | Computer Name = SUSANG-HBV7373C | Source = Application Hang | ID = 1002
Description = Hanging application WINWORD.EXE, version 10.0.6612.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/28/2009 4:08:48 PM | Computer Name = SUSANG-HBV7373C | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x03e09790.

Error - 5/28/2009 4:09:02 PM | Computer Name = SUSANG-HBV7373C | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.

Error - 5/28/2009 4:09:46 PM | Computer Name = SUSANG-HBV7373C | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/28/2009 4:19:09 PM | Computer Name = SUSANG-HBV7373C | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module download.dll, version 1.0.0.29, fault address 0x000197a4.

Error - 5/28/2009 4:19:23 PM | Computer Name = SUSANG-HBV7373C | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/30/2009 10:53:00 AM | Computer Name = SUSANG-HBV7373C | Source = Application Hang | ID = 1002
Description = Hanging application ThreeDays.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 5/30/2009 10:54:18 AM | Computer Name = SUSANG-HBV7373C | Source = Application Hang | ID = 1002
Description = Hanging application ThreeDays.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 10/8/2009 1:18:10 PM | Computer Name = SUSANG-HBV7373C | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 10/8/2009 1:18:10 PM | Computer Name = SUSANG-HBV7373C | Source = Service Control Manager | ID = 7031
Description = The McAfee Services service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 10/8/2009 1:18:10 PM | Computer Name = SUSANG-HBV7373C | Source = Service Control Manager | ID = 7031
Description = The McAfee Network Agent service terminated unexpectedly. It has
done this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 10/8/2009 1:18:10 PM | Computer Name = SUSANG-HBV7373C | Source = Service Control Manager | ID = 7031
Description = The McAfee Real-time Scanner service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 60000
milliseconds: Restart the service.

Error - 10/8/2009 1:18:10 PM | Computer Name = SUSANG-HBV7373C | Source = Service Control Manager | ID = 7031
Description = The McAfee Proxy Service service terminated unexpectedly. It has
done this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 10/8/2009 1:18:10 PM | Computer Name = SUSANG-HBV7373C | Source = Service Control Manager | ID = 7034
Description = The Cyberlink RichVideo Service(CRVS) service terminated unexpectedly.
It has done this 1 time(s).

Error - 10/8/2009 1:18:10 PM | Computer Name = SUSANG-HBV7373C | Source = Service Control Manager | ID = 7034
Description = The Broadcom Wireless LAN Tray Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 10/8/2009 1:18:11 PM | Computer Name = SUSANG-HBV7373C | Source = Service Control Manager | ID = 7034
Description = The WMP54Gv4SVC service terminated unexpectedly. It has done this
1 time(s).

Error - 10/8/2009 1:18:14 PM | Computer Name = SUSANG-HBV7373C | Source = Service Control Manager | ID = 7031
Description = The McAfee SystemGuards service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 10/8/2009 2:20:38 PM | Computer Name = SUSANG-HBV7373C | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x8024002d: Office XP Service Pack 3.


< End of report >
  • 0

#4
Onaipian
Posted 09 October 2009 - 01:44 PM

Onaipian

    Notepad warrior

  • Retired Staff
  • 2,130 posts
Hello. The logs don't look too bad. :)

I have spent hours preparing this reply for you. When finished I clicked on "Preview Post" and lost the entire thing. So ...... I begin again.

Thank you. You've included everything. :) You don't need to worry so much about your posts. As long as I've got whole logs and descriptions (errors, etc) to work with, then I'm set. :)

We won't stress too much about some of the tools not running. It happens all the time, with today's malware. We should have a check for rootkits though, so we'll try another scanner.


Step 1
Registry Cleaners
I can see that you have a registry cleaning program installed on your computer, RegCure. GeekstoGo does not recommend the use of registry cleaners; the wrong key deleted could potentially render an Operating System unbootable. More information can be found here. The option to remove RegCure is completely up to you. If you choose to remove it, you can quickly do so using the following steps:

Go to Start > Control Panel > Add\Remove Programs.
Select Remove on the following:

RegCure

Accept the prompts, and when finished it will tell you.



Step 2
We need to flush your System Restore points.

Create a new restore point:
  • Go to Start > All Programs > Accessories > System tools > System Restore
  • Check "Create a restore point"
  • Click Next >
  • Enter a descriptive name
  • Click Create
You now have a clean restore point, we can use a nice little tool that will remove all but the most recent restore point:
  • Go to Start > All Programs > Accessories > System Tools > Disk Cleanup
  • Wait until the tool has finish scanning and calculating...
  • Go to the More Options tab
  • Click CleanUp under the System Restore section.


Step 3
Let's try to fix the office problem. Download and install the patch found Here.
You'll find instructions and further information in the link provided.

Once finished, try Windows Update again.




Step 4
Download SysProt Antirootkit from the link below (you will find it at the bottom of the page under attachments, or you can get it from one of the mirrors).

http://sites.google....rotantirootkit/

Unzip it into a folder on your desktop.

Start the Sysprot.exe program.
  • Click on the Log tab.
  • In the Write to log box select all items.
  • Click on the Create Log button on the bottom right.
  • After a few seconds a new Window should appear.
  • Make sure Scan all drives is selected and click on the Start button.
  • When it is complete a new Window will appear to indicate that the scan is finished.
  • The log will be created and saved automatically in the same folder. Open the text file and Copy/Paste the log here.

  • 0

#5
Susan Q
Posted 12 October 2009 - 02:54 PM

Susan Q

    Member

  • Topic Starter
  • Member
  • PipPip
  • 82 posts
So good to get your reply :)

OK .... so

Step one ...Regcure ...successfully removed.

Step two ....system restore created and disk cleanup done.

Step three ...
Patch not accepted. Said the the expected version was not found.
I have office 2002 ... as far as I know.

I figured I should stop right there until you advise me.

Thank you so much.
Susan
  • 0

#6
Onaipian
Posted 13 October 2009 - 04:03 PM

Onaipian

    Notepad warrior

  • Retired Staff
  • 2,130 posts
Hiya! For now, you can avoid installing the Service Pack for Office. If you deem it necessary, then you can go to the Applications Forum, and post your problem to the techs once I give the all clear. :)

Let's go with these instead:


Step 1
Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean


Step 2
Please download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.



Step 3
Please re-open Malwarebytes' Anti-Malware.
  • Click the Update tab, and then click Check for Updates.
  • After updating, click the Scanner tab.
  • Select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy\Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.




Step 4
Using Internet Explorer or Firefox, visit Kaspersky Online Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.

2. To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs.
3. Click Run at the Security prompt.

The program will then begin downloading and installing and will also update the database.
Please be patient as this can take quite a long time to download.
  • Once the update is complete, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, adware, dialers, and other riskware
    • Archives
    • E-mail databases
  • Click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View report... at the bottom.
  • Click the Save report... button.

    Posted Image

  • Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply


Logs and Info
Remember to post the following:

Most Recent MBAM log
Kaspersky Results

How are things running?
  • 0

#7
Susan Q
Posted 14 October 2009 - 06:05 AM

Susan Q

    Member

  • Topic Starter
  • Member
  • PipPip
  • 82 posts
:) Good Morning,

Your instructions are so great even I can follow them. :)

So ..
Step 1 : TFC : Done and Rebooted.

Step 2 :

Your link "JavaRa" brought up the following
"Error 403-Forbidden
You tried to access a document for which you don't have priveledges"

I did locate it though, and through Sun Java Website it has been
Downloaded, Installed and Verified

JavaRa 1.15 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Tue Oct 13 23:13:48 2009

Found and removed: C:\Program Files\Java\j2re1.4.2_03

Found and removed: C:\Program Files\Java\jre1.5.0_04

Found and removed: C:\Program Files\Java\jre1.5.0_06

Found and removed: C:\Program Files\Java\jre1.5.0_09

Found and removed: C:\Program Files\Java\jre1.5.0_10

Found and removed: C:\Program Files\Java\jre1.6.0_01

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_04\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_06\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_09\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_10\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_01\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_02\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_01\bin\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_02\bin\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_01.b06\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core1.zip

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core2.zip

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core3.zip

------------------------------------

Finished reporting.



Step 3 : Malwarebytes - Successfully run

Malwarebytes' Anti-Malware 1.41
Database version: 2955
Windows 5.1.2600 Service Pack 3

10/13/2009 11:43:23 PM
mbam-log-2009-10-13 (23-43-23).txt

Scan type: Quick Scan
Objects scanned: 191914
Time elapsed: 9 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Step 4 : Kaspersky - Successfully run

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Wednesday, October 14, 2009
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Wednesday, October 14, 2009 05:56:00
Records in database: 2972794
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Objects scanned: 226139
Threats found: 2
Infected objects found: 3
Suspicious objects found: 0
Scan duration: 05:47:25


File name / Threat / Threats count
C:\Documents and Settings\All Users.WINDOWS\Application Data\AOL Downloads\lpaolcom_setupSTUS\comps\toolbar\toolbr.exe Infected: not-a-virus:AdWare.Win32.SearchIt.t 1
C:\Program Files\Common Files\aolback\Comps\toolbar\toolbr.exe Infected: not-a-virus:AdWare.Win32.SearchIt.t 1
C:\Program Files\IncrediGames\Stone of Destiny\Launch.exe Infected: Trojan.Win32.Inject.uxy 1

Selected area has been scanned.




To answer your question "How are things running?" ::
First thing I'd say is it feels cleaner :) sort of like how
things feel at home after vacuuming :)

It does seem a little faster (a little), but I would not say it's a huge difference.
Using Internet Explorer is quite slow and frustrating.
With a cable connection I'd expect to see the webpages, or even opening IE to be much faster.
It really is quite slow.

Hope I haven't missed anything. Will wait to hear from you.
Thank you so much .... :)
  • 0

#8
Onaipian
Posted 14 October 2009 - 02:47 PM

Onaipian

    Notepad warrior

  • Retired Staff
  • 2,130 posts
Hello.

Your instructions are so great even I can follow them.

Aw, thanks :)

Your computer looks clean. :)

McAfee takes a lot of resources up. It may be the cause of a slower computer. If you are interested in changing anti viruses, I can provide a few tips.

Anyway, we are all done. Here are just a few clean up and prevention tips:




Reset Restore Points

We need to flush your System Restore points.

Create a new restore point:
  • Go to Start > All Programs > Accessories > System tools > System Restore
  • Check "Create a restore point"
  • Click Next >
  • Enter a descriptive name
  • Click Create
You now have a clean restore point, we can use a nice little tool that will remove all but the most recent restore point:
  • Go to Start > All Programs > Accessories > System Tools > Disk Cleanup
  • Wait until the tool has finish scanning and calculating...
  • Go to the More Options tab
  • Click CleanUp under the System Restore section.


Remove Tools Used

This is so that should you ever be re-infected, you will download updated versions. It will also remove the quarantined malware from your computer.

  • Download OTC to your desktop and run it.
  • Click Yes to begin the Cleanup process.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.


Windows Update

You should visit the Windows Update site about once a month. If you're feeling lazy you can turn on Automatic Updates which will do most of the work for you. (ask me how)

Go to Update.Microsoft.com using Internet Explorer. Click High Priority Updates and then check all of the updates. Click the Download button. A windows should pop up giving the status of each update. Restart if asked to.



Adobe Reader

You're using an old version of Adobe Acrobat Reader, this can leave your pc open to vulnerabilities, you can update it here :
http://www.adobe.com.../readstep2.html



Nice Prevention Tools:
  • SpywareBlaster
    SpywareBlaster will prevent spyware from being installed.
  • SpywareGguard
    SpywareGuard offers realtime protection from spyware installation attempts.
  • NoScript
    Add-on for Firefox that allows active content to run only from the sites you trust!
  • TFC
    Clean out temp files safely, and effectively.



If you are wondering how you got infected in the first place please visit this cool page called:
How did I get infected in the first place?

Glad I could help, piano9playa5 :)
  • 0

#9
Susan Q
Posted 14 October 2009 - 04:44 PM

Susan Q

    Member

  • Topic Starter
  • Member
  • PipPip
  • 82 posts
Hey Piano !
:) don't go away just yet. :) Seems I've got a new problem :) .
My Linksys Wireless connection keeps going down. All I have to do is click
on it to "repair" and in about a minute it's done ...but still ... it's a pain. Any ideas??

And sure, I'd like some tips on anti-virus software (I know nothing!)


As for your most recent letter ....... :)
Your time was not wasted here ...
I will print it out and use it to keep things clean.

You've been just wonderful and I thank you most sincerely for
all of your time and help (which truly was helpful !)

So ....... :)
and enjoy one for me .... :)

Susan :)

Edited by Susan Q, 14 October 2009 - 04:46 PM.

  • 0

#10
Onaipian
Posted 14 October 2009 - 07:22 PM

Onaipian

    Notepad warrior

  • Retired Staff
  • 2,130 posts
Hello. :) You're very welcome. :)

Hmm... Perhaps tip was a poor word to chose. I meant that those instructions are to cleanup after malware removal.. Things like removing the tools we used, resetting folder options, etc. As well, there are some pointers and things to check that may prevent future infection.

On the network problem, I don't know enough on those topics to really help. I would just research and give you what I could find. Rather than doing that, if it doesn't simply resolve itself, post in the Networking Forum.

And, finally, about the Anti-Virus programs... I'll post steps to take, if you were to scrap McAfee. You will need another Anti-Virus as well as a Firewall to replace McAfee. I will talk about each later on in the steps.


STEP 1
  • Go to Start > Control Panel
  • Open Add or Remove Programs. **It may take some time to load**
  • Click on each of the following entries, then click Remove & follow the prompts.

    • McAfee SecurityCenter
  • Close both Add or Remove Programs, and Control Panel when finished uninstallation process.
McAfee tends to leave pieces of itself behind. They have released a tool which will remove them. Download McAfee Removal Tool (MCPR.exe) to your desktop. Double-click to run it.



STEP 2
Though having an anti virus is a great way to protect yourself from malware, having more than one may cause conflicts, lowering security. Please only install and use one at a time. There are lots of great anti-virus programs to chose from, a few commonly used and good free ones are:

Posted Image Avast! Home Edition
Posted ImageAvira AntiVir
Posted ImageAVG



STEP 3
A firewall allows wanted traffic, while blocking unwanted traffic (Hackers, Viruses, Trojans...) from getting to or from your computer. While firewalls are great, it is advised not to use two firewalls, as they may conflict with each other and decrease the firewall effectiveness. Some good free firewalls are:

Posted Image Sunbelt-Kerio
Posted Image Outpost Firewall Free
Posted Image ZoneAlarm
  • 0

#11
Susan Q
Posted 16 October 2009 - 09:30 AM

Susan Q

    Member

  • Topic Starter
  • Member
  • PipPip
  • 82 posts
:) Okie Dokie, Piano will take your advice.

Again ... thank you so very much for your time, effort ... and endless
database of computer information :)

I went into live chat for GTG because :

I've unsubscribed to email several times now and yet I keep
getting a full mailbox of all posts :) . I didn't get any help.
I waited a long time but got no response. I've followed all
the instructions in "unsubscribe" tips, but no success.
I'm afraid I'll have to "spam" the mail, if I can't figure this
one out. I really don't want to do that. Don't worry, I'll understand
if you don't have time for this kind of trivia.

I wish for you only good things !
Take care
Susan
  • 0

#12
Onaipian
Posted 16 October 2009 - 07:02 PM

Onaipian

    Notepad warrior

  • Retired Staff
  • 2,130 posts
Hmmm...

Try going to My Controls.
On the left, under Options, go to Email Settings.
Under Board Preferences, uncheck the first two.
Check the third, but change it to No Email Notification
Click Amend my email settings
  • 0

#13
Essexboy
Posted 21 October 2009 - 02:00 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP