Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Google links redirected (and brkoen system restore) [Solved]

Started by Borse , Dec 12 2009 05:02 PM

This topic is locked

#1
Borse

Posted 12 December 2009 - 05:02 PM

Member

Member
20 posts

Whenever I use google my search results redirect me to some trojan site. My system restore has not worked for the past year and a half. Also other programs that start-up with windows fail, overclocking my CPU while i wait for them to close down. I have Norton Antivirus, Ad-aware and i have used windows safety scanner but while i could eliminate some viruses, i have nothing that fixes any of my problems.

#2
Rorschach112

Posted 13 December 2009 - 06:05 AM

Ralphie

Retired Staff
47,710 posts

hi

Download OTL to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Under the Custom Scan box paste this in

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
/md5stop
%systemroot%\*. /mp /s
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time

#3
Borse

Posted 13 December 2009 - 09:18 AM

Member

Topic Starter
Member
20 posts

Thanks for helping. here OTL.txt

OTL logfile created on: 12/13/2009 10:07:51 AM - Run 1
OTL by OldTimer - Version 3.1.17.0 Folder = C:\Users\Robert\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18865)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.44 Gb Available Physical Memory | 72.08% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144.29 Gb Total Space | 71.15 Gb Free Space | 49.31% Space Free | Partition Type: NTFS
Drive D: | 144.04 Gb Total Space | 143.94 Gb Free Space | 99.94% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OWNER-PC
Current User Name: Robert
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/12/13 10:07:19 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Users\Robert\Desktop\OTL.exe
PRC - [2009/12/02 08:19:02 | 00,788,880 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2009/12/02 08:19:01 | 01,184,912 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2009/11/21 01:42:38 | 00,638,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/11/13 07:49:01 | 00,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Users\Robert\Program Files\DNA\btdna.exe
PRC - [2009/10/28 20:21:26 | 00,141,600 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/10/28 20:21:14 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/10/26 14:46:54 | 01,458,176 | ---- | M] (Motorola Inc.) -- C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
PRC - [2009/10/11 04:17:36 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/08/22 02:21:19 | 00,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
PRC - [2009/08/19 13:26:40 | 00,098,984 | ---- | M] (Lexmark International, Inc.) -- C:\Windows\System32\spool\drivers\w32x86\3\lxdpserv.exe
PRC - [2009/08/14 08:49:20 | 00,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\TCPSVCS.EXE
PRC - [2009/07/17 22:12:12 | 00,257,440 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10c.exe
PRC - [2009/05/29 12:41:26 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/05/19 10:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/04/11 01:28:08 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe
PRC - [2009/04/11 01:27:36 | 02,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/01/25 21:49:04 | 00,269,448 | ---- | M] (CyberLink) -- C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
PRC - [2008/01/23 15:33:00 | 00,021,752 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
PRC - [2008/01/22 19:46:20 | 00,049,152 | ---- | M] (NewTech InfoSystems, Inc.) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
PRC - [2008/01/22 19:45:56 | 00,131,072 | ---- | M] () -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
PRC - [2008/01/20 21:25:33 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2008/01/20 21:24:59 | 00,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WUDFHost.exe
PRC - [2007/12/01 02:16:54 | 00,594,600 | ---- | M] ( ) -- C:\Windows\System32\lxdpcoms.exe
PRC - [2007/08/13 23:53:34 | 00,610,304 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\Ati2evxx.exe
PRC - [2007/07/05 22:06:52 | 04,669,440 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/06/11 14:27:23 | 00,291,760 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\lxddmon.exe
PRC - [2007/05/25 04:41:53 | 00,099,248 | ---- | M] (Lexmark International, Inc.) -- C:\Windows\System32\spool\drivers\w32x86\3\lxddserv.exe
PRC - [2007/05/25 04:41:37 | 00,537,520 | ---- | M] ( ) -- C:\Windows\System32\lxddcoms.exe
PRC - [2007/01/17 14:20:10 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/07/19 13:36:58 | 00,262,247 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe

========== Modules (SafeList) ==========

MOD - [2009/12/13 10:07:19 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Users\Robert\Desktop\OTL.exe
MOD - [2009/04/11 01:21:38 | 01,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2009/12/10 12:09:31 | 00,057,856 | ---- | M] () [Auto | Running] -- C:\ProgramData\2DBoy\sp.DLL -- (SPService)
SRV - [2009/12/02 08:19:01 | 01,184,912 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/10/28 20:21:14 | 00,545,568 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/09/24 20:27:04 | 00,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/08/22 02:21:19 | 00,117,640 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe -- (Norton Internet Security)
SRV - [2009/08/19 13:26:40 | 00,098,984 | ---- | M] () [Auto | Running] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxdpserv.exe -- (lxdpCATSCustConnectService)
SRV - [2009/08/14 08:49:20 | 00,009,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\TCPSVCS.EXE -- (simptcp)
SRV - [2009/05/29 12:41:26 | 00,144,712 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/05/19 10:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/11/04 00:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/01/29 15:09:02 | 00,394,704 | ---- | M] (Symantec, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe -- (Symantec RemoteAssist)
SRV - [2008/01/25 21:49:04 | 00,269,448 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe -- (Acer HomeMedia Connect Service)
SRV - [2008/01/23 15:33:00 | 00,021,752 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe -- (BUNAgentSvc)
SRV - [2008/01/22 19:46:20 | 00,049,152 | ---- | M] (NewTech InfoSystems, Inc.) [Auto | Running] -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe -- (NTIBackupSvc)
SRV - [2008/01/22 19:45:56 | 00,131,072 | ---- | M] () [Auto | Running] -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe -- (NTISchedulerSvc)
SRV - [2008/01/20 21:23:32 | 00,272,952 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/01 02:16:54 | 00,594,600 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxdpcoms.exe -- (lxdp_device)
SRV - [2007/09/10 17:28:18 | 00,057,344 | ---- | M] (Acer Inc.) [Auto | Stopped] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
SRV - [2007/09/05 20:25:04 | 00,204,800 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/08/13 23:53:34 | 00,610,304 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\Windows\System32\Ati2evxx.exe -- (Ati External Event Utility)
SRV - [2007/05/25 04:41:53 | 00,099,248 | ---- | M] () [Auto | Running] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe -- (lxddCATSCustConnectService)
SRV - [2007/05/25 04:41:37 | 00,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxddcoms.exe -- (lxdd_device)
SRV - [2007/01/17 14:20:10 | 00,061,440 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/11/02 07:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2006/10/26 17:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/07/19 13:36:58 | 00,262,247 | ---- | M] () [Auto | Running] -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe -- (RichVideo) Cyberlink RichVideo Service(CRVS)

========== Driver Services (SafeList) ==========

DRV - [2009/12/02 08:19:06 | 00,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/10/28 17:37:22 | 00,343,088 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091111.001\IDSvix86.sys -- (IDSVix86)
DRV - [2009/10/26 15:09:06 | 01,095,936 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2009/09/08 17:17:58 | 00,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/09/08 17:17:36 | 00,482,432 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\NIS\1007020.00B\ccHPx86.sys -- (ccHP)
DRV - [2009/08/26 03:00:00 | 00,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2009/08/26 03:00:00 | 00,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/08/25 03:00:00 | 01,323,568 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091212.038\NAVEX15.SYS -- (NAVEX15)
DRV - [2009/08/25 03:00:00 | 00,084,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091212.038\NAVENG.SYS -- (NAVENG)
DRV - [2009/08/22 02:21:19 | 00,310,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\NIS\1007020.00B\SYMEFA.SYS -- (SymEFA)
DRV - [2009/08/22 02:21:19 | 00,308,272 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\Drivers\NIS\1007020.00B\SRTSP.SYS -- (SRTSP)
DRV - [2009/08/22 02:21:19 | 00,259,632 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\NIS\1007020.00B\BHDrvx86.sys -- (BHDrvx86)
DRV - [2009/08/22 02:21:19 | 00,217,136 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\NIS\1007020.00B\SYMTDI.SYS -- (SYMTDI)
DRV - [2009/08/22 02:21:19 | 00,089,904 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\NIS\1007020.00B\SYMFW.SYS -- (SYMFW)
DRV - [2009/08/22 02:21:19 | 00,048,688 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\NIS\1007020.00B\SYMNDISV.SYS -- (SYMNDISV)
DRV - [2009/08/22 02:21:19 | 00,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1007020.00B\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2009/08/22 02:21:06 | 00,025,648 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM)
DRV - [2009/05/29 12:36:16 | 00,039,424 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2009/05/18 13:17:00 | 00,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2008/01/20 21:23:27 | 00,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 21:23:27 | 00,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 21:23:27 | 00,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 21:23:26 | 00,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 21:23:26 | 00,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 21:23:26 | 00,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 21:23:26 | 00,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [2008/01/20 21:23:25 | 00,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 21:23:25 | 00,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 21:23:24 | 01,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 21:23:24 | 00,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2008/01/20 21:23:24 | 00,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 21:23:23 | 00,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 21:23:23 | 00,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 21:23:23 | 00,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 21:23:23 | 00,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 21:23:23 | 00,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 21:23:23 | 00,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 21:23:22 | 00,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 21:23:21 | 00,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 21:23:21 | 00,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 21:23:21 | 00,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 21:23:20 | 00,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 21:23:00 | 00,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 21:23:00 | 00,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 21:23:00 | 00,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2008/01/20 15:57:42 | 00,013,312 | ---- | M] (NewTech Infosystems Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\UBHelper.sys -- (UBHelper)
DRV - [2008/01/20 12:55:06 | 00,014,848 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV - [2007/12/06 08:51:00 | 00,298,496 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2007/09/05 20:25:32 | 00,348,160 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/08/14 00:07:16 | 03,076,608 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2007/07/18 06:32:40 | 01,841,312 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/07/03 12:05:20 | 00,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)
DRV - [2006/11/02 04:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 04:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 04:50:19 | 00,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 04:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 04:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 04:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 04:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 04:50:05 | 00,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 04:50:03 | 00,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 04:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 04:49:56 | 00,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 03:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 03:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 03:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 03:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 03:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 03:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 02:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 01:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv)
DRV - [2006/10/30 13:22:26 | 00,008,192 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/a/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://mailcenter.co...c0&from=wmgoto"
FF - prefs.js..extensions.enabledItems: {8EB91CF2-9DA1-4FEC-9266-DA762C6BBF26}:1.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/09/16 16:45:11 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/10/30 17:16:10 | 00,000,000 | ---D | M]

[2009/04/28 18:03:03 | 00,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Mozilla\Extensions
[2008/05/03 20:18:29 | 00,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\t9vry01x.default\extensions
[2009/12/12 10:31:38 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/04/28 18:02:58 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2009/04/28 18:02:58 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2009/03/31 21:47:26 | 00,324,976 | ---- | M] (Symantec Corporation) -- C:\Program Files\Mozilla Firefox\components\coFFPlgn.dll
[2008/09/03 19:11:24 | 00,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
[2009/04/12 12:28:20 | 00,239,432 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll
[2009/03/30 16:13:54 | 00,098,304 | ---- | M] (RealNetworks) -- C:\Program Files\Mozilla Firefox\plugins\npraclient.dll
[2005/04/27 15:10:49 | 00,102,400 | ---- | M] (RealNetworks) -- C:\Program Files\Mozilla Firefox\plugins\npracplug.dll
[2007/04/16 12:07:12 | 00,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
[2009/03/03 09:51:42 | 00,098,304 | ---- | M] (Zylom) -- C:\Program Files\Mozilla Firefox\plugins\npzylomgamesplayer.dll

O1 HOSTS File: (771 bytes) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe ()
O4 - HKLM..\Run: [Acer Product Registration] C:\Program Files\Acer Registration\ACE1.exe (Leader Technologies)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [lxddamon] C:\Program Files\Lexmark 2500 Series\lxddamon.exe ()
O4 - HKLM..\Run: [lxddmon.exe] C:\Program Files\Lexmark 2500 Series\lxddmon.exe ()
O4 - HKLM..\Run: [lxdpmon.exe] C:\Program Files\Lexmark Z2300 Series\lxdpmon.exe ()
O4 - HKLM..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [BitTorrent DNA] C:\Users\Robert\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} http://ak.exe.imgfar...etup1.0.1.0.cab (Reg Error: Key error.)
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onec...s/wlscctrl2.cab (Windows Live OneCare safety scanner control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.64.150 68.87.75.198
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.108,85.255.112.93
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\CoIEPlg.dll (Symantec Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\xxop81: DllName - xxop81.dll - File not found
O28 - HKLM ShellExecuteHooks: {166BCB27-FCFD-4588-9BDB-44FC6A02EF35} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{9c794474-b676-11dd-9368-001c2556b627}\Shell - "" = AutoRun
O33 - MountPoints2\{9c794474-b676-11dd-9368-001c2556b627}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008/01/20 21:34:27 | 00,000,000 | ---D | M]
NetSvcs: Irmon - C:\Windows\System32\irmon.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - StartUpReg: Acer Tour Reminder - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: Apanel - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: BkupTray - hkey= - key= - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe ()
MsConfig - StartUpReg: EzPrint - hkey= - key= - C:\Program Files\Lexmark Z2300 Series\ezprint.exe (Lexmark International Inc.)
MsConfig - StartUpReg: FaxCenterServer - hkey= - key= - C:\Program Files\Lexmark Fax Solutions\fm3032.exe ()
MsConfig - StartUpReg: NortonUtilities - hkey= - key= - C:\Program Files\Norton Utilities 14\RMTray.exe (Symantec Corporation)
MsConfig - State: "startup" - 0
MsConfig - State: "bootini" - 0

SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: SymEFA.sys - C:\Windows\system32\drivers\NIS\1007020.00B\SYMEFA.SYS (Symantec Corporation)
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: SymEFA.sys - C:\Windows\system32\drivers\NIS\1007020.00B\SYMEFA.SYS (Symantec Corporation)
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.4
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.4
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.avis - C:\Windows\System32\ff_acm.acm ()
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: wave2 - C:\Windows\System32\serwvdrv.dll (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2009/12/13 10:07:17 | 00,538,112 | ---- | C] (OldTimer Tools) -- C:\Users\Robert\Desktop\OTL.exe
[2009/12/12 21:09:06 | 00,000,000 | ---D | C] -- C:\GameHouse Games
[2009/12/11 22:47:19 | 00,000,000 | ---D | C] -- C:\Program Files\ThreatExpert Memory Scanner
[2009/12/11 17:57:56 | 00,064,288 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2009/12/11 17:56:17 | 00,000,000 | -H-D | C] -- C:\ProgramData\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
[2009/12/11 17:55:38 | 00,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2009/12/11 17:55:38 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2009/12/09 22:27:20 | 00,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\Leadertech
[2009/12/09 19:48:20 | 00,000,000 | ---D | C] -- C:\Windows\pss
[2009/12/09 18:15:54 | 00,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\lowsec
[2009/12/09 18:08:01 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2009/12/09 18:07:54 | 00,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll
[2009/12/09 17:58:07 | 00,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rastls.dll
[2009/12/09 17:57:53 | 01,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2009/12/09 17:57:53 | 00,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2009/12/09 17:57:53 | 00,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2009/12/09 17:57:52 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2009/12/09 17:57:52 | 00,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2009/12/09 17:57:52 | 00,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2009/12/09 17:57:51 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2009/12/09 17:57:50 | 01,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009/12/09 17:57:50 | 00,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2009/12/09 17:57:50 | 00,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2009/12/09 17:57:50 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2009/12/09 17:57:50 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2009/12/09 17:57:50 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2009/12/09 17:57:50 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2009/12/08 15:47:04 | 00,000,000 | ---D | C] -- C:\Windows\Westward IV
[2009/11/29 10:41:48 | 00,000,000 | ---D | C] -- C:\ProgramData\Kristanix Games
[2009/11/26 17:32:01 | 00,000,000 | ---D | C] -- C:\Users\Public\Documents\iwin
[2009/11/26 17:31:37 | 00,000,000 | ---D | C] -- C:\Windows\Coconut Queen
[2009/11/26 09:55:00 | 00,000,000 | ---D | C] -- C:\Users\Public\Documents\oberon
[2009/11/24 21:32:34 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2009/11/24 21:30:30 | 00,714,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2009/11/14 13:58:36 | 00,000,000 | ---D | C] -- C:\Windows\Little Folk Of Faery
[2009/11/14 12:17:41 | 00,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\PoBros
[2009/11/14 12:17:41 | 00,000,000 | ---D | C] -- C:\ProgramData\PoBros
[2009/11/13 21:58:06 | 00,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\GOA
[2009/11/13 21:58:06 | 00,000,000 | ---D | C] -- C:\ProgramData\GOA
[2009/10/20 16:59:04 | 00,409,600 | ---- | C] ( ) -- C:\Windows\System32\lxdpcoin.dll
[2009/10/18 15:58:43 | 00,438,272 | ---- | C] ( ) -- C:\Windows\System32\LXDPhcp.dll
[2009/10/18 15:58:43 | 00,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxdpinpa.dll
[2009/10/18 15:58:43 | 00,339,968 | ---- | C] ( ) -- C:\Windows\System32\lxdpiesc.dll
[2009/10/18 15:58:42 | 01,101,824 | ---- | C] ( ) -- C:\Windows\System32\lxdpserv.dll
[2009/10/18 15:58:42 | 00,843,776 | ---- | C] ( ) -- C:\Windows\System32\lxdpusb1.dll
[2009/10/18 15:58:42 | 00,053,248 | ---- | C] ( ) -- C:\Windows\System32\lxdpprox.dll
[2009/10/18 15:58:41 | 00,647,168 | ---- | C] ( ) -- C:\Windows\System32\lxdppmui.dll
[2009/10/18 15:58:41 | 00,569,344 | ---- | C] ( ) -- C:\Windows\System32\lxdplmpm.dll
[2009/10/18 15:58:39 | 00,663,552 | ---- | C] ( ) -- C:\Windows\System32\lxdphbn3.dll
[2009/10/18 15:58:37 | 00,851,968 | ---- | C] ( ) -- C:\Windows\System32\lxdpcomc.dll
[2009/10/18 15:58:37 | 00,376,832 | ---- | C] ( ) -- C:\Windows\System32\lxdpcomm.dll
[2008/05/05 10:06:32 | 00,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll
[2008/04/19 17:45:28 | 00,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXDDhcp.dll
[2008/04/19 17:45:27 | 00,999,424 | ---- | C] ( ) -- C:\Windows\System32\lxddusb1.dll
[2008/04/19 17:45:27 | 00,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxddinpa.dll
[2008/04/19 17:45:27 | 00,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxddiesc.dll
[2008/04/19 17:45:26 | 01,232,896 | ---- | C] ( ) -- C:\Windows\System32\lxddserv.dll
[2008/04/19 17:45:26 | 00,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxddpmui.dll
[2008/04/19 17:45:26 | 00,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxddprox.dll
[2008/04/19 17:45:26 | 00,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxddpplc.dll
[2008/04/19 17:45:25 | 00,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxddlmpm.dll
[2008/04/19 17:45:24 | 00,700,416 | ---- | C] ( ) -- C:\Windows\System32\lxddhbn3.dll
[2008/04/19 17:45:23 | 00,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxddcomc.dll
[2008/04/19 17:45:23 | 00,425,984 | ---- | C] ( ) -- C:\Windows\System32\lxddcomm.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/12/13 10:08:26 | 03,407,872 | ---- | M] () -- C:\Users\Robert\NTUSER.DAT
[2009/12/13 10:07:19 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Users\Robert\Desktop\OTL.exe
[2009/12/13 09:47:01 | 00,000,248 | -H-- | M] () -- C:\Windows\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
[2009/12/13 08:31:17 | 00,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/12/13 08:31:17 | 00,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/12/12 21:09:25 | 00,000,935 | ---- | M] () -- C:\Users\Robert\Desktop\GameHouse Solitaire Challenge.lnk
[2009/12/12 21:09:06 | 00,000,137 | ---- | M] () -- C:\Users\Robert\Desktop\More Games at GameHouse.com.url
[2009/12/12 19:47:11 | 00,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{32A6B19E-C9A8-447F-B4B3-4ED2DCAB0056}.job
[2009/12/12 14:51:06 | 00,102,912 | ---- | M] () -- C:\Users\Robert\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/12 10:36:34 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/12/12 10:36:34 | 00,595,446 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/12/12 10:36:34 | 00,101,144 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/12/12 10:31:23 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/12/12 10:31:00 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/12/12 10:29:32 | 00,524,288 | -HS- | M] () -- C:\Users\Robert\NTUSER.DAT{bc4b182e-2864-11de-8232-001c2556b627}.TMContainer00000000000000000001.regtrans-ms
[2009/12/12 10:29:32 | 00,065,536 | -HS- | M] () -- C:\Users\Robert\NTUSER.DAT{bc4b182e-2864-11de-8232-001c2556b627}.TM.blf
[2009/12/12 10:29:28 | 04,268,654 | -H-- | M] () -- C:\Users\Robert\AppData\Local\IconCache.db
[2009/12/11 22:42:08 | 00,000,306 | ---- | M] () -- C:\Users\Robert\Documents\Backup Registry.reg
[2009/12/11 18:18:30 | 00,000,771 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2009/12/11 18:02:01 | 00,000,248 | -H-- | M] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2009/12/11 17:56:15 | 00,000,971 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2009/12/10 10:14:49 | 00,036,352 | ---- | M] () -- C:\Users\Robert\Documents\Resume Robert.doc
[2009/12/09 22:47:31 | 00,001,186 | ---- | M] () -- C:\Users\Public\Desktop\Acer GameZone Online.lnk
[2009/12/09 17:43:44 | 00,000,320 | ---- | M] () -- C:\Windows\System32\wgdgvv
[2009/12/09 17:40:13 | 00,000,000 | ---- | M] () -- C:\Users\Robert\AppData\Local\Dgehedi.bin
[2009/12/08 10:47:34 | 00,001,214 | ---- | M] () -- C:\Users\Public\Desktop\More Great Games.lnk
[2009/12/07 19:59:59 | 00,000,548 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Run Full System Scan - Robert.job
[2009/12/02 08:19:06 | 00,064,288 | ---- | M] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2009/12/02 08:19:04 | 00,015,880 | ---- | M] () -- C:\Windows\System32\lsdelete.exe
[2009/11/21 01:35:38 | 00,594,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2009/11/21 01:35:38 | 00,055,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2009/11/21 01:34:58 | 00,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2009/11/21 01:34:52 | 01,469,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2009/11/21 01:34:39 | 00,164,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2009/11/21 01:34:39 | 00,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2009/11/21 01:34:39 | 00,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2009/11/21 01:34:38 | 00,184,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2009/11/21 01:34:38 | 00,055,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2009/11/21 01:34:33 | 00,387,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2009/11/20 23:59:58 | 00,133,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2009/11/20 23:59:52 | 00,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2009/11/20 23:59:14 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2009/11/20 23:58:54 | 01,638,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/12/12 21:09:25 | 00,000,935 | ---- | C] () -- C:\Users\Robert\Desktop\GameHouse Solitaire Challenge.lnk
[2009/12/12 21:09:06 | 00,000,137 | ---- | C] () -- C:\Users\Robert\Desktop\More Games at GameHouse.com.url
[2009/12/11 22:42:08 | 00,000,306 | ---- | C] () -- C:\Users\Robert\Documents\Backup Registry.reg
[2009/12/11 20:47:40 | 00,015,880 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2009/12/11 17:56:15 | 00,000,971 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2009/12/11 08:30:26 | 00,000,248 | -H-- | C] () -- C:\Windows\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
[2009/12/11 08:30:24 | 00,000,248 | -H-- | C] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2009/12/10 21:25:03 | 00,115,909 | ---- | C] () -- C:\Users\Robert\AppData\Local\edsinstaller.txt-20091210.log
[2009/12/09 17:43:44 | 00,000,320 | ---- | C] () -- C:\Windows\System32\wgdgvv
[2009/12/08 10:47:34 | 00,001,214 | ---- | C] () -- C:\Users\Public\Desktop\More Great Games.lnk
[2009/10/18 15:59:34 | 00,000,252 | ---- | C] () -- C:\ProgramData\FastPics.log
[2009/10/18 15:58:56 | 00,000,044 | ---- | C] () -- C:\Windows\System32\lxdprwrd.ini
[2009/10/18 15:58:44 | 00,348,160 | ---- | C] () -- C:\Windows\System32\LXDPinst.dll
[2009/10/12 06:47:01 | 00,000,000 | ---- | C] () -- C:\Users\Robert\AppData\Local\Dgehedi.binDgehedi.bin
[2009/08/24 18:06:01 | 00,000,552 | ---- | C] () -- C:\Users\Robert\AppData\Local\d3d8caps.dat
[2009/08/03 14:07:42 | 00,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/14 08:02:58 | 00,208,896 | ---- | C] () -- C:\Windows\System32\lxdpgrd.dll
[2009/05/26 17:44:40 | 00,174,592 | R--- | C] () -- C:\Users\Robert\AppData\Roaming\sdra64.exe
[2009/05/26 17:44:30 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/04/22 19:17:30 | 00,000,000 | ---- | C] () -- C:\Users\Robert\AppData\Local\Dgehedi.bin
[2009/04/22 19:17:29 | 00,000,300 | ---- | C] () -- C:\Users\Robert\AppData\Local\Lcabu.dat
[2009/03/10 14:42:35 | 00,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2009/02/14 18:44:49 | 00,003,580 | ---- | C] () -- C:\Users\Robert\AppData\Local\slot1.mm1
[2009/01/02 19:43:00 | 00,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008/08/13 08:40:54 | 00,000,000 | ---- | C] () -- C:\Users\Robert\AppData\Roaming\wklnhst.dat
[2008/06/06 22:32:34 | 00,002,944 | ---- | C] () -- C:\ProgramData\lxdd
[2008/06/06 09:40:10 | 00,109,830 | ---- | C] () -- C:\ProgramData\BMdb62e422.xml
[2008/06/06 09:40:10 | 00,001,881 | ---- | C] () -- C:\ProgramData\BMdb62e422.txt
[2008/06/06 09:40:10 | 00,000,022 | ---- | C] () -- C:\ProgramData\pskt.ini
[2008/05/05 10:32:19 | 00,000,398 | ---- | C] () -- C:\Users\Robert\AppData\Local\DownloadLog.txt
[2008/04/24 07:25:06 | 00,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008/04/24 07:25:05 | 00,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008/04/24 07:21:00 | 00,102,912 | ---- | C] () -- C:\Users\Robert\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/04/19 17:51:26 | 00,344,064 | ---- | C] () -- C:\Windows\System32\lxddcoin.dll
[2008/04/19 17:48:40 | 00,045,056 | ---- | C] () -- C:\Windows\System32\LXF3PMON.DLL
[2008/04/19 17:48:40 | 00,032,768 | ---- | C] () -- C:\Windows\System32\LXF3FXPU.DLL
[2008/04/19 17:48:20 | 00,036,864 | ---- | C] () -- C:\Windows\System32\lxf3oem.dll
[2008/04/19 17:48:20 | 00,012,288 | ---- | C] () -- C:\Windows\System32\LXF3PMRC.DLL
[2008/04/19 17:46:26 | 00,000,044 | ---- | C] () -- C:\Windows\System32\lxddrwrd.ini
[2008/04/19 17:45:28 | 00,286,720 | ---- | C] () -- C:\Windows\System32\LXDDinst.dll
[2008/04/19 17:45:24 | 00,208,896 | ---- | C] () -- C:\Windows\System32\lxddgrd.dll
[2008/03/14 15:36:09 | 00,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini
[2008/03/14 15:36:09 | 00,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini
[2008/02/26 03:03:46 | 00,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys
[2008/02/26 03:03:26 | 00,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2008/02/26 03:03:25 | 00,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2008/02/26 01:23:01 | 00,001,047 | ---- | C] () -- C:\Windows\generic.ini
[2008/02/26 01:23:01 | 00,000,128 | ---- | C] () -- C:\Windows\Alaunch.ini
[2008/02/26 01:22:58 | 00,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2007/11/28 12:51:49 | 00,040,960 | ---- | C] () -- C:\Windows\System32\lxdpvs.dll
[2007/01/23 13:40:03 | 00,065,536 | ---- | C] () -- C:\Windows\System32\lxddcaps.dll
[2007/01/09 11:13:08 | 00,692,224 | ---- | C] () -- C:\Windows\System32\lxdddrs.dll
[2006/11/02 07:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/10/06 12:08:04 | 00,069,632 | ---- | C] () -- C:\Windows\System32\lxddcnv4.dll
[2006/05/17 21:47:12 | 00,040,960 | ---- | C] () -- C:\Windows\System32\lxddvs.dll
[2001/12/26 19:12:30 | 00,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/09/04 02:46:38 | 00,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/30 19:33:56 | 00,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/24 01:04:36 | 00,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: AGP440.SYS >
[2008/01/20 21:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008/01/20 21:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/20 21:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/20 21:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/20 21:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 04:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/11 01:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/11 01:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 01:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/20 21:23:00 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/20 21:23:00 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 04:49:36 | 00,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 04:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 04:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2008/01/20 21:23:23 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008/01/20 21:23:23 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/20 21:23:23 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 04:51:25 | 00,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/04/11 01:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/11 01:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/20 21:24:05 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 04:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/20 21:23:21 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008/01/20 21:23:21 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/20 21:23:21 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/20 21:24:50 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009/04/11 01:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009/04/11 01:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< %systemroot%\*. /mp /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2009-12-09 23:09:41

< >

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:F62CAE78
@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:966CEAE7
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:F78CC2A2
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:E945C214
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:C1C3DC7F
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:B90C7652
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:9B52F176
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:7C7AA745
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:5DFE7EB8
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:580E04D8
@Alternate Data Stream - 97 bytes -> C:\ProgramData\TEMP:466F9D5D
@Alternate Data Stream - 97 bytes -> C:\ProgramData\TEMP:3C282BEA
@Alternate Data Stream - 96 bytes -> C:\ProgramData\TEMP:ED810E46
@Alternate Data Stream - 96 bytes -> C:\ProgramData\TEMP:E41267F2
@Alternate Data Stream - 96 bytes -> C:\ProgramData\TEMP:D708EEF9
@Alternate Data Stream - 96 bytes -> C:\ProgramData\TEMP:BDF08FAF
@Alternate Data Stream - 96 bytes -> C:\ProgramData\TEMP:5D351BC6
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:BDC42529
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:385E2CFD
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:1CAF6B12
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:1B3349CB
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:16B49C20
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:1316EAD4
@Alternate Data Stream - 94 bytes -> C:\ProgramData\TEMP:D994162E
@Alternate Data Stream - 223 bytes -> C:\ProgramData\TEMP:9E3E060F
@Alternate Data Stream - 219 bytes -> C:\ProgramData\TEMP:971DCCE2
@Alternate Data Stream - 200 bytes -> C:\ProgramData\TEMP:F9E46E4C
@Alternate Data Stream - 181 bytes -> C:\ProgramData\TEMP:94B65E3C
@Alternate Data Stream - 180 bytes -> C:\ProgramData\TEMP:DCF7E75A
@Alternate Data Stream - 179 bytes -> C:\ProgramData\TEMP:EB5BDBB0
@Alternate Data Stream - 177 bytes -> C:\ProgramData\TEMP:F27A649C
@Alternate Data Stream - 176 bytes -> C:\ProgramData\TEMP:99A72E3A
@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:D287FACF
@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:EC381680
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:703CE963
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:6051163F
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:D5458F6B
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:589743E1
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:41C283B2
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:F9A04C32
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:2CBB1EC8
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:F791B5EF
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:D05E7A8B
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:56C17A93
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:FDD78BE5
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:BE0BAFE1
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:B42328DE
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:75F5C19E
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:2D723B3A
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:D8F9D810
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:468887B6
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:425759C6
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:C0D722EB
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:87F524B2
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:EED79675
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:4339E80E
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:18BFD8F8
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:05113FB9
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:058A7351
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:CF1334B0
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:CCBF0D67
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:BFBB0142
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:B6C84920
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:B3B92717
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:CAF8DAC8
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:848CC150
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:7920E530
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:4FFA5B5C
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:48070A48
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:41B89F80
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:33A7CC67
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:27790C06
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:AB689DEA
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:85630A39
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:164FA86E
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:E749BCD7
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:D690C7F7
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:8C80FAD6
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:82E1D3A4
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:67DFA32D
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:5D458568
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:5B09C4D9
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:131C0EE9
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:FED25C29
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:AE2EA3C2
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:9BCE9E9B
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:9AE67195
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:861A898F
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:514E900B
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:02573978
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:EF5B3572
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:EB603FE4
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:DDE7FCF4
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:C0A9D0E7
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:90876BA3
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:8E60033F
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5DCA26D5
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5AE33054
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:26C3D553
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:22741C1F
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:FF9C44FE
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:EDC284A8
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:D38415F0
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:ADF0A5DD
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:A6881EE7
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:6710EF08
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:45A334DD
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:1B927722
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:052E15C3
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:DD629819
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:9E64EBA6
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:744478A2
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:7290F122
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:57EE48CA
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:532B5694
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:417B6FAC
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:40DEEFF7
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:EA701346
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:B83BF1A6
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:AADC76BA
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:8AB6C1D7
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:7CEDF9F3
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:7B15F8C8
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:6BF0805F
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:561B1D2B
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:1F96ED45
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:FC420CE6
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:F9E10A82
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:F986CC21
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:E962FBDB
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:E84CA8F2
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DAAE6F43
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:BB7EE465
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:A97FF73C
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:9026FFAC
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:8EEDCEA2
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:5216CD26
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:F72BF074
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:E5294695
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:C928F3BE
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:C6E3FD8C
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:953FDC1A
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:70F0A2F4
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:6C491D31
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:588B60C7
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:4A2862FF
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:42228396
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:2F6462DF
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:1044BAFC
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:0AE6CC6C
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:040E11E4
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:FC60E0F8
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:FBE81670
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:E98C5DD9
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:D2397415
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:CF61CE5A
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:C611D6C8
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:A86C3734
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:79A70C33
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5F1019FF
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:14750D76
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:097FF903
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:08F16DBB
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:F3F0FB8D
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:EC7C9796
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:DE6EED8B
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:D0D17155
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:B093E177
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:AEABFEC4
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:77846FFE
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:5335CE76
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:48FEA089
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:3E06C78F
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:386E239F
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:34BCB6A9
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:2BC498A4
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:101708D3
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:D26DD363
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:A3B8F70C
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:994AEA06
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:6FD26134
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:69E3AF64
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:687D1056
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:43E0EC8A
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:1A5CC80A
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:E89EDC52
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:870649A4
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:71F96743
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:4BB26BE9
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:AC83EA04
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:8FBE0E9C
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:6107567A
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:55BB2521
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:2C460E20
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:16C16B18
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:CF33321C
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:B3B7A337
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:842B0AED
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:7F66BF58
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:478FEFC3
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:EC5EFA15
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:BBF60A29
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:A3251D01
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:9857FAE3
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:24BFD02B
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:096BF2EE
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:E4FCDFD9
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:CD9109D4
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:896E1EFF
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:4F636E25
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:490BCC52
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:375FC7E7
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:0D52F295
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:BFAD7A5D
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:B623B5B8
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:940ECC98
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:730BC923
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:450ABF8D
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:4249A835
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:27AD48A5
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:19254801
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:1740DC47
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:0860D6D6
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:059167AF
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:CE253B51
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:776E54F2
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:6DD87D86
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:52E1DB1D
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:49D43906
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:389D51A1
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:27D1368B
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:0105A66F
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:E1F04E8D
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:AD727397
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:95970EA3
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:67BA17B9
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:614F17D3
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:52641FBE
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:321901CF
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:FDDD8917
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:3C5ABDC7
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:1D32EC29
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:18E45954
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:10F6E97E
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:E8F2B426
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:DEEB5C70
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:B648F38E
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:9DF07E8F
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:89C2A42C
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:7AF9CAEB
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:6C13E971
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:6AF67671
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:51F17BB8
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:4F96D8E6
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:48372097
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:1AFC2166
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:C213B3C4
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:B845F669
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:A18121AD
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:883EDFB5
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:723E56EC
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:5466F106
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:DAFD38AE
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:C95B63DA
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:AC73CDCE
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:A696643D
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:8A633BE5
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:663B62CA
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:55CC8080
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:E2B84483
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:CC7738DB
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:AA60673F
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:A688EF17
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:8DF68137
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:8173A019
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:7E68DD27
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:753A0081
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:4CF61E54
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:3A925163
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:F67AAFC5
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:F0AB86C0
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:E3F37A7D
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:E35A81F4
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:CEB4672B
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:7A7C726F
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:741CA49D
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:592D7272
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:3857ABB7
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:C8E82994
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:B386EC8A
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:957E9765
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:34B9286E
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:2B99FE60
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:12EA4DC9
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:09064307
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:F3EFA8A8
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:F0762150
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:D197DC80
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:CB0FEE2B
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:5A1A3CC5
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:50DD4118
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:31D2961C
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:0C988F7D
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:EEF1584F
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:CDFF58FE
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:B894C266
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:A97118EB
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:71FA8B7F
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:5EBA4934
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:3CF23EC3
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:1C88C8E5
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:01442FD8
< End of report >

and Extras.txt

OTL Extras logfile created on: 12/13/2009 10:07:51 AM - Run 1
OTL by OldTimer - Version 3.1.17.0 Folder = C:\Users\Robert\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18865)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.44 Gb Available Physical Memory | 72.08% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144.29 Gb Total Space | 71.15 Gb Free Space | 49.31% Space Free | Partition Type: NTFS
Drive D: | 144.04 Gb Total Space | 143.94 Gb Free Space | 99.94% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OWNER-PC
Current User Name: Robert
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
chm.file [open] -- "%SystemRoot%\hh.exe" %1
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Windows\TEMP\vtwq.tmp\svchost.exe" = C:\Windows\TEMP\vtwq.tmp\svchost.exe:*:Enabled:svchost -- File not found

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04F32EFD-DC9B-4359-924A-49FE32E8CFAD}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{11A570BA-7EBC-44FE-9E28-86F0E3E8A62A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1AC26CDE-FD45-4697-87CB-FE287DF05E6B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{216E1CBA-9C27-4F90-BC87-EB18C8C09618}" = lport=445 | protocol=6 | dir=in | app=system |
"{228CAEBA-A972-4854-AADB-7D3E96C76832}" = rport=139 | protocol=6 | dir=out | app=system |
"{267D9AA6-0140-41CE-9B91-6413D39821D1}" = rport=10243 | protocol=6 | dir=out | app=system |
"{28ADEDE1-A4D5-42D8-9B05-BF7C283C4061}" = lport=8482 | protocol=6 | dir=in | name=spport |
"{28ADEDE1-A4D5-42D8-9B05-BF7C283C4062}" = lport=8482 | protocol=6 | dir=out | name=spport |
"{726B82DF-E859-4D33-B58A-48574302EE11}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{76AB817D-2E98-444D-99E7-FF0BF977CEBA}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{8EC618D5-A790-4D51-A7E0-2C1E662C7540}" = lport=2869 | protocol=6 | dir=in | app=system |
"{992A2F41-6E86-4617-91DE-9AC409D9A94F}" = rport=445 | protocol=6 | dir=out | app=system |
"{A0641E9E-972B-4130-9F0A-AF009AA7B2CE}" = rport=138 | protocol=17 | dir=out | app=system |
"{AA325D11-0586-43C9-847E-EC8AFF11BDBE}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B543E39F-791D-404B-B6A0-13657FBD04C5}" = lport=139 | protocol=6 | dir=in | app=system |
"{C3C4F1DB-C6F1-44BB-9A29-E13C1B3B1B1B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C68C7A57-13AC-4CE9-9E4F-08CD0A598512}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CBC66BDC-56DA-443A-9379-4D6638F1AA2D}" = lport=138 | protocol=17 | dir=in | app=system |
"{CC316292-F756-494E-8A81-911ED3F61DF3}" = rport=137 | protocol=17 | dir=out | app=system |
"{D03A3DCE-ABBC-4107-9D37-AF5945CC4E6E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{D688CD5B-0FF8-4A14-AFFB-D135E1771EC2}" = lport=10243 | protocol=6 | dir=in | app=system |
"{F3E5AC20-5B08-421F-9C1D-7D86FAB05F80}" = lport=137 | protocol=17 | dir=in | app=system |
"{F84760F1-0581-4969-A8B1-69E38DF58532}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01A727AE-8DBE-42C6-B1B8-EB7B3D3F75E9}" = protocol=17 | dir=in | app=c:\windows\system32\lxddcoms.exe |
"{05CEF66A-D8E1-4880-BE7A-0720460FBC24}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxddwbgw.exe |
"{05F2845B-3691-4D43-A7BA-D8A0DA5FE926}" = protocol=17 | dir=in | app=c:\program files\lexmark 2500 series\lxddmon.exe |
"{0CD50012-92B7-438A-A25A-0ACA9EE46AB2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0CFE348B-69CA-4ACF-9E06-669D75ADBCD8}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{10DAFB14-8D9B-4B11-BB8D-0DC93F1163B4}" = dir=in | app=c:\program files\acer arcade live\acer homemedia\acer homemedia.exe |
"{149289A5-A3BD-460B-A022-9C323833631C}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxddjswx.exe |
"{14B6A70D-3128-4208-8674-4DC31FF3B74B}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxddtime.exe |
"{15954657-622B-4BE7-B7B5-E05A451A8B37}" = protocol=6 | dir=in | app=c:\windows\system32\lxdpcoms.exe |
"{177D0B69-DB7A-481D-9DE3-7BE02A5AC379}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{18C9DF09-5B83-4230-9D2E-818BA5263EFF}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{19129759-6FA6-4538-B7D7-80AE3DB8C704}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{1CCF4076-EBDB-4D8A-98C1-08B1020CF36F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2424BBFC-DA74-4FA1-A988-DA7C7CD15A56}" = dir=in | app=c:\program files\acer arcade live\acer videomagician\acer videomagician.exe |
"{27C32D4C-A518-4FB5-9773-39480B679C5B}" = protocol=17 | dir=in | app=c:\program files\lexmark z2300 series\lxdpmon.exe |
"{2F604A1E-3B98-4117-848B-5EA368145946}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{2FF4AD02-97C1-4187-907F-DBC57501F694}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{30FDCB5F-B931-45D2-9585-AADCB9D937EA}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"{314C3DF7-7D98-47BC-910B-659B5AF9D964}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{32204108-F1A9-45E9-A077-183616CBF1D5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{355D4BE4-FBEE-4CCF-B885-12BBC981E365}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{35D50299-99E2-4DD9-B356-219F4728F0AB}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{39C4E016-6ABA-4280-B7A8-028F6E5C857A}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"{3A6F3152-55E2-460E-AAE0-9CE2CA5127C8}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxddtime.exe |
"{3BE693F5-7130-4BC7-9A6C-4A6205845946}" = dir=in | app=c:\program files\acer arcade live\acer homemedia connect\acer homemedia connect.exe |
"{4002D6B5-B525-4795-A01F-2F0DE0A3182F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{46CE738E-BD0C-4132-AD4B-76D8B9CBA6CC}" = protocol=6 | dir=in | app=c:\program files\lexmark z2300 series\lxdpmon.exe |
"{475B3E77-EDDF-4BE8-9872-3EE2A2CCA3DC}" = dir=in | app=c:\program files\acer arcade live\acer arcade live main page\acer arcade live.exe |
"{47A9DE52-6979-41CB-ACE5-BE91E9842069}" = protocol=6 | dir=in | app=c:\program files\lexmark 2500 series\app4r.exe |
"{4B8EF092-60EC-4B50-A497-BDD055BB1C5D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{53A279C9-94CB-4A8A-A6EE-DDEA81D23602}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{54DC87CE-21BD-4943-B7C3-8E63EBB4F7EC}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{57113985-B32B-411B-9DE5-B13C0B4C3FEC}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{74027377-7E08-40B5-9877-6232F2B5C24F}" = dir=in | app=c:\program files\acer arcade live\acer slideshow dvd\acer slideshow dvd.exe |
"{7BCED5DF-6306-423F-8BEA-285F99B5AB27}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{7BEA7B75-1035-478D-8B87-6CB24023D4CB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7C2A7C46-F772-4A96-860A-DE962A78C4E8}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{7F091DD7-5EF7-43B2-A71D-7DD1F59109DC}" = protocol=6 | dir=in | app=c:\program files\lexmark 2500 series\lxddmon.exe |
"{833874EA-4206-4DC4-BF8A-10D055240167}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdppswx.exe |
"{8339BA23-1054-4092-B0B2-B9FDA77827D9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{85B30592-2319-4109-8DA6-186FD76841D6}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{89E38920-3C58-4FF5-A9C1-E315F9B14AB5}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxddpswx.exe |
"{8C3C5110-4ED4-4A0A-882F-9789D615C2FF}" = protocol=58 | dir=out | [email protected],-28546 |
"{8C852CB0-39AE-4A57-8E73-F2FC197BBD53}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{8DED2A05-1C42-41B2-9F64-0B96F4538A7A}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxddjswx.exe |
"{9619AA90-4D29-4503-B32F-385E20B094D4}" = protocol=17 | dir=in | app=c:\windows\system32\lxdpcoms.exe |
"{968871DE-8189-45BD-A9B4-9939E1B2BA14}" = dir=in | app=c:\program files\acer arcade live\acer homemedia connect\kernel\dms\clmsserver.exe |
"{969BB973-C130-4E79-983A-A01375059AB2}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdppswx.exe |
"{9A35CB10-3021-44D4-9C75-4C4E39B4CDFA}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxddpswx.exe |
"{A2307713-A643-4821-94FC-BD76853DDCE3}" = protocol=6 | dir=in | app=c:\program files\lexmark 2500 series\lxddamon.exe |
"{A3B67C9E-41D7-4610-A176-CEE5758E2622}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{A623343A-2D5D-4324-9884-79D44E058859}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A9ED48D2-D45C-49F3-B5FD-052771C58914}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{AC3E185B-959D-4037-A21E-073A886805AE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AE5DF6CB-1415-40BB-924F-91D817A1CAAB}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{B1346129-3723-4536-8E67-083632902642}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{BBBADF22-9CCC-456E-8CF8-B8DD7F926EB1}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxddwbgw.exe |
"{C280002A-1C48-40D2-82D9-3043D95C4E10}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{C609A896-FF16-45A2-826C-5D09D28D4D13}" = protocol=1 | dir=out | [email protected],-28544 |
"{CA51117D-DD7F-4380-8E41-0D216DCD2FAF}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{CC2E36D1-DC96-49E7-A9D9-BD9DA66DEBA4}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{CE47B956-C137-46AA-8EBD-8937F47CB507}" = dir=in | app=c:\program files\acer arcade live\acer dvdivine\acer dvdivine.exe |
"{D45A1F05-2E79-4811-BEFB-63B6692759BA}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{DA02AE5C-7085-43C8-9C4A-9D001867A294}" = protocol=58 | dir=in | [email protected],-28545 |
"{DDECFC1A-943C-475A-86AC-067A006AEF12}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{E2EA2EDB-7514-428E-8E0E-DB920B85023E}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{E33715D5-3E44-4CC4-9F02-4ECBF1025D1B}" = dir=in | app=c:\program files\acer arcade live\acer dv magician\acer dv magician.exe |
"{E51451DD-367D-481A-88EE-D5BF99880B43}" = protocol=6 | dir=in | app=c:\windows\system32\lxddcoms.exe |
"{E5A53E76-51A5-46A6-A4F7-119C87E9C064}" = protocol=17 | dir=in | app=c:\program files\lexmark 2500 series\app4r.exe |
"{E9A58426-59F6-4D48-8290-41AC89E55B90}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{EDFE95DC-538D-4A77-9F86-036EAF0F008C}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{F0D347CB-DCD2-4963-803F-BAB8B836AEAE}" = protocol=17 | dir=in | app=c:\program files\lexmark 2500 series\lxddamon.exe |
"{F77C497B-598A-4494-B8B9-4074CE1DC9BF}" = dir=in | app=c:\program files\acer arcade live\acer homemedia trial creator\acer homemedia trial creator.exe |
"{F88E32AD-5AB2-4351-91D5-5D5DC2DA493D}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{FBAD96BC-0D29-4CB6-9AF4-69D5A98479F3}" = protocol=1 | dir=in | [email protected],-28543 |
"{FBEEBDA8-BD89-48CB-B267-6A4A9B6C8BEF}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{FC5B1850-096F-4107-8C78-3F72E01C7BB9}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{FCAA8D45-53C6-4C1A-8D6D-3C3B163A7B1C}" = protocol=6 | dir=out | app=system |
"TCP Query User{2921A6F9-23EC-4D6D-9A1F-EDA12CBE70BF}C:\users\robert\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\robert\program files\dna\btdna.exe |
"TCP Query User{F65E0B2A-C6E8-497C-B352-E8B3BD403597}C:\users\robert\appdata\local\temp\lmi5081.tmp\lmi_rescue.exe" = protocol=6 | dir=in | app=c:\users\robert\appdata\local\temp\lmi5081.tmp\lmi_rescue.exe |
"UDP Query User{02A7E0D1-AD11-45F6-83A7-641C058702E1}C:\users\robert\appdata\local\temp\lmi5081.tmp\lmi_rescue.exe" = protocol=17 | dir=in | app=c:\users\robert\appdata\local\temp\lmi5081.tmp\lmi_rescue.exe |
"UDP Query User{3C48C7E1-DF8F-4FFA-AD97-9985538B915C}C:\users\robert\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\robert\program files\dna\btdna.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0478A597-5B05-5671-B594-27427A642AE5}" = CCC Help Chinese Traditional
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{07760C24-3C41-4C64-9A1D-1CF8D281060A}" = PG583_install_V6_1_32_36_vista
"{0856323C-4103-4658-C5A8-FB16ED3079F5}" = Catalyst Control Center Localization Greek
"{08AD32A8-D704-4FC8-DB04-CA90A373D9C3}" = Catalyst Control Center Localization Portuguese
"{0A23CBF1-CCB0-B411-6A7A-A177E376BF70}" = Catalyst Control Center Localization Danish
"{0E92F644-6E11-8FE3-1BFC-5DB09A79F9B3}" = CCC Help Japanese
"{0ECD1EB9-CBB5-09BA-5947-74CBDA3011FC}" = CCC Help Spanish
"{12EDCFD1-E000-F4F2-A3E6-A6C15D0F8A63}" = Catalyst Control Center Graphics Previews Vista
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{132888AE-EF67-41C5-BCA2-7D5D2488AB63}" = Acer HomeMedia Connect
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{19BDBEDD-5264-29E1-1BFB-6F64FD943596}" = CCC Help Czech
"{1AFA55D1-EA04-9E87-4537-929E66B60D69}" = CCC Help Russian
"{1C028265-E8D7-751F-246F-9FD52CD237A8}" = Catalyst Control Center Localization Hungarian
"{1CCB52B9-FB58-0729-5C26-E8F8B3162043}" = Catalyst Control Center Core Implementation
"{1FA97774-2351-8DF4-7853-BEB20C726DFB}" = Catalyst Control Center Localization Russian
"{1FB9A0D0-DC5C-B75A-36EE-414706846CC2}" = Catalyst Control Center Localization Italian
"{20308457-CE7C-85A9-1B8F-6C521B2B4CCF}" = CCC Help Hungarian
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20C53FA2-4307-4671-A93F-9463B29DFCF1}" = Symantec Technical Support Web Controls
"{213ABE23-10B9-F45F-DC87-63DACAD40C0D}" = Skins
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{24C7254F-C2D5-22FC-7C7C-F17E4894530E}" = CCC Help Italian
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 17
"{28FD3796-5271-EF11-DA27-2939ACA62515}" = CCC Help Greek
"{29456613-49DE-D48C-10E6-06AD36EEE3D7}" = CCC Help Norwegian
"{31C4615C-45C3-776C-AE54-9CE4B76E9DD1}" = CCC Help Korean
"{34C1AC91-2D4A-59C1-6875-B3692D1E0365}" = Catalyst Control Center Localization Chinese Standard
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{41581EF5-45A7-11DA-9D78-000129760D75}" = Acer SlideShow DVD
"{4708942C-76A1-ECC8-5B3D-0D412D68DF24}" = Catalyst Control Center Localization Dutch
"{47247CC1-1221-9449-B4EF-8C9F6D02C1A0}" = CCC Help Swedish
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4E084313-093F-5947-CEB9-DE41FD24EF1B}" = Catalyst Control Center Localization Czech
"{4F78B943-3CE1-410F-BC3A-FC65C3EB1F89}" = YUAN PE585QA Driver
"{52F4AC33-36D4-78D2-E694-7AAC07CD6C5A}" = Catalyst Control Center Graphics Light
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{59FD9D9B-29F9-7572-C2B1-30B65AB2BC29}" = Catalyst Control Center Localization Japanese
"{5D976966-B187-E4D5-5AF1-23C54556E173}" = CCC Help German
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6AD90C4B-89D3-5961-F13F-835E73DA1082}" = ccc-utility
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110113233}" = Bookworm Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}" = Bricks of Egypt
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110322783}" = Big Kahuna Reef
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110411970}" = Chuzzle
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111118433}" = Mystery Case Files - Huntsville
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111324990}" = Kick N Rush
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111543617}" = Backspin Billiards
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111692950}" = Mahjongg Artifacts
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}" = Jewel Quest Solitaire
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}" = Mystery Solitaire - Secret Island
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111872660}" = Diner Dash Flo on the Go
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112310577}" = Flip Words 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112531267}" = Chicken Invaders 3
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112615863}" = Agatha Christie Death on the Nile
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}" = Turbo Pizza
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11477363}" = In Living Colors
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115773753}" = Color Cross
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-116505387}" = Adventure Chronicles The Search for Lost Treasure
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-116616863}" = Totem Tribe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-1176780}" = Treasures of The Serengeti
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117770767}" = Every Day Genius Square Logic
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117965123}" = Westward IV
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{856D0363-1C0A-1562-46E7-A9ECABC8DF78}" = CCC Help Polish
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8CCFDB06-9B09-12D7-F1D4-1E22AC7583E0}" = Catalyst Control Center Localization Finnish
"{8D982E57-BF86-BEE7-3944-BD346EFE6A24}" = CCC Help Portuguese
"{8FAE8DE8-A63C-F5DE-D9F7-E011BBD44C32}" = CCC Help Turkish
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{A0D21ABE-D004-5F89-4485-1BF4C7B3D66A}" = Catalyst Control Center Graphics Full Existing
"{A37978CF-6E03-238A-6571-7EA53B8FAE1B}" = Catalyst Control Center Localization Norwegian
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A830CA28-932E-6081-EEAA-31A6173DCA23}" = CCC Help Finnish
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{A980B2A8-661F-35CD-4C3C-8EECE2F5F5D1}" = Catalyst Control Center Localization Korean
"{AA4BF92B-2AAF-11DA-9D78-000129760D75}" = Acer HomeMedia
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.7
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AF04309C-7CFC-C0F4-8A75-5135AF07FD1A}" = ccc-core-static
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B145EC69-66F5-11D8-9D75-000129760D75}" = Acer DVDivine
"{B20A9F0F-9504-A107-E381-E956CE96EE86}" = Catalyst Control Center Localization Chinese Traditional
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3BCCEC8-58B0-4B2A-0B25-2DF887F06E55}" = CCC Help Danish
"{B580C409-E16F-44FF-904D-3AE94E113BE0}" = Acer HomeMedia Trial Creator
"{B5CCC9F7-3D21-B444-7EB4-235C1E0AC551}" = CCC Help Dutch
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BC24FA40-8A7A-42FF-0B9A-5FB02E2A5536}" = CCC Help Thai
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{CCA08326-B1CA-A2A7-10A1-EA1978847514}" = Catalyst Control Center Localization German
"{CDD3ACE0-7C01-10C8-495D-831EB9375095}" = Catalyst Control Center Localization Thai
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}" = iTunes
"{D6093905-1B7B-D236-2054-CC0B3E08B413}" = ATI Catalyst Install Manager
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}" = Safari
"{D7BFE046-4862-AF73-0FB9-E3723BDFDE40}" = CCC Help French
"{DB457427-E7B9-4252-9217-0DC5FADE980F}" = MapleStory
"{DBED8673-81E5-7763-F3E5-887E43F2E428}" = CCC Help English
"{DC9A7C58-A8A8-0B6D-F1FA-6A35DE82A8E7}" = CCC Help Chinese Standard
"{DE3FECA8-82DD-B597-80EB-6236918FFABB}" = Catalyst Control Center Localization Polish
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E16BEE5B-82E8-574E-786F-B21DC03E7091}" = Catalyst Control Center Localization Spanish
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E32DF02F-0C8F-DE2F-9E76-4EA3960D7083}" = Catalyst Control Center Localization Turkish
"{E8302B10-2762-1C24-596C-ED5FFBA1E041}" = Catalyst Control Center Localization French
"{E940B035-8220-4C6B-C064-D6E4424553FC}" = Catalyst Control Center Graphics Full New
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Live Main Page
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F6EFFB76-4A07-11DA-9D78-000129760D75}" = Acer DV Magician
"{F79A208D-D929-11D9-9D77-000129760D75}" = Acer VideoMagician
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FEA4C854-4B15-2FD3-BDE8-9654EC55AB72}" = Catalyst Control Center Localization Swedish
"Acer Assist" = Acer Assist
"Acer GameZone Console_is1" = Acer GameZone Console DTV 2.0.1.1
"Acer Registration" = Acer Registration
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"AIM_6" = AIM 6
"amg-gamehousesolitairechallenge" = GameHouse Solitaire Challenge
"BFGC" = Big Fish Games Client
"BFG-Escape From Paradise" = Escape From Paradise
"burgershop2tm" = Burger Shop 2™
"DB77CFA42983BD7D1CD0FB829CC6F71BEA49C472" = Windows Driver Package - YUAN High-Tech Development Co. Ltd. (OmniTV) Media (08/19/2007 6.1.32.36)
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"Lexmark 2500 Series" = Lexmark 2500 Series
"Lexmark Fax Solutions" = Lexmark Fax Solutions
"Lexmark Z2300 Series" = Lexmark Z2300 Series
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.5)" = Mozilla Firefox (3.0.5)
"NIS" = Norton Internet Security
"Norton Utilities_is1" = Norton Utilities
"OpenAL" = OpenAL
"RealArcade" = RealArcade
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"ViewpointMediaPlayer" = Viewpoint Media Player
"Web Games Player Plugin" = Web Games Player Plugin
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"XiphQT" = Xiph QuickTime Components
"Xvid_is1" = Xvid 1.1.3 final uninstall

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/8/2009 8:02:05 PM | Computer Name = Owner-PC | Source = Application Error | ID = 1000
Description = Faulting application MapleStory.exe, version 1.0.0.1, time stamp 0x49b7b901,
faulting module mshtml.dll, version 7.0.6001.18203, time stamp 0x496ed0f3, exception
code 0xc0000005, fault offset 0x000dd74a, process id 0x3b50, application start time
0x01c9a04371a9cc00.

Error - 3/9/2009 2:54:58 PM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/9/2009 8:56:17 PM | Computer Name = Owner-PC | Source = Application Error | ID = 1000
Description = Faulting application MapleStory.exe, version 1.0.0.1, time stamp 0x49b7b901,
faulting module mshtml.dll, version 7.0.6001.18203, time stamp 0x496ed0f3, exception
code 0xc0000005, fault offset 0x000dd74a, process id 0xec0, application start time
0x01c9a113940d9b20.

Error - 3/9/2009 10:02:49 PM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/10/2009 3:34:26 PM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/10/2009 3:45:35 PM | Computer Name = Owner-PC | Source = EventSystem | ID = 4621
Description =

Error - 3/10/2009 3:50:28 PM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/10/2009 5:38:06 PM | Computer Name = Owner-PC | Source = EventSystem | ID = 4621
Description =

Error - 3/10/2009 8:25:16 PM | Computer Name = Owner-PC | Source = EventSystem | ID = 4622
Description =

Error - 3/10/2009 8:25:16 PM | Computer Name = Owner-PC | Source = EventSystem | ID = 4621
Description =

[ OSession Events ]
Error - 9/20/2009 5:47:09 PM | Computer Name = Owner-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1185
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 12/11/2009 7:02:46 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 12/11/2009 7:08:39 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 12/11/2009 9:53:10 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 12/11/2009 9:53:10 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 12/12/2009 11:32:16 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 12/12/2009 11:32:16 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 12/12/2009 12:28:11 PM | Computer Name = Owner-PC | Source = bowser | ID = 8003
Description =

Error - 12/12/2009 12:56:53 PM | Computer Name = Owner-PC | Source = bowser | ID = 8003
Description =

Error - 12/12/2009 2:54:26 PM | Computer Name = Owner-PC | Source = bowser | ID = 8003
Description =

Error - 12/12/2009 11:12:25 PM | Computer Name = Owner-PC | Source = bowser | ID = 8003
Description =

< End of report >

#4
Rorschach112

Posted 13 December 2009 - 03:12 PM

Ralphie

Retired Staff
47,710 posts

hi

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
SRV - [2009/12/10 12:09:31 | 00,057,856 | ---- | M] () [Auto | Running] -- C:\ProgramData\2DBoy\sp.DLL -- (SPService)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.108,85.255.112.93
O20 - Winlogon\Notify\xxop81: DllName - xxop81.dll - File not found
O28 - HKLM ShellExecuteHooks: {166BCB27-FCFD-4588-9BDB-44FC6A02EF35} - Reg Error: Key error. File not found
O33 - MountPoints2\{9c794474-b676-11dd-9368-001c2556b627}\Shell - "" = AutoRun
O33 - MountPoints2\{9c794474-b676-11dd-9368-001c2556b627}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- File not found
[2009/12/09 17:43:44 | 00,000,320 | ---- | M] () -- C:\Windows\System32\wgdgvv
[2009/12/09 17:40:13 | 00,000,000 | ---- | M] () -- C:\Users\Robert\AppData\Local\Dgehedi.bin
[2008/06/06 09:40:10 | 00,109,830 | ---- | C] () -- C:\ProgramData\BMdb62e422.xml
[2008/06/06 09:40:10 | 00,001,881 | ---- | C] () -- C:\ProgramData\BMdb62e422.txt
[2008/06/06 09:40:10 | 00,000,022 | ---- | C] () -- C:\ProgramData\pskt.ini

:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done

Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised by a trained Security Analyst

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.

Click NO
In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is Unchecked.
Now click the Scan button.
Once the scan is complete, you may receive another notice about rootkit activity.
Click OK.
GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
Save it where you can easily find it, such as your desktop.

Post the contents of GMER.txt in your next reply.

#5
Borse

Posted 13 December 2009 - 05:03 PM

Member

Topic Starter
Member
20 posts

Here's GMER.txt

GMER 1.0.15.15279 - http://www.gmer.net
Rootkit scan 2009-12-13 17:40:11
Windows 6.0.6002 Service Pack 2
Running: gmer.exe; Driver: C:\Users\Robert\AppData\Local\Temp\pwrcapow.sys

---- System - GMER 1.0.15 ----

SSDT 871A0108 ZwAlertResumeThread
SSDT 87196110 ZwAlertThread
SSDT 87D67250 ZwAllocateVirtualMemory
SSDT 87053100 ZwAlpcConnectPort
SSDT 87D69048 ZwAssignProcessToJobObject
SSDT 87D81008 ZwCreateMutant
SSDT 87D857E0 ZwCreateSymbolicLinkObject
SSDT 87D9CDC0 ZwCreateThread
SSDT 87D8A048 ZwDebugActiveProcess
SSDT 87D67468 ZwDuplicateObject
SSDT 87D68C30 ZwFreeVirtualMemory
SSDT 871B0108 ZwImpersonateAnonymousToken
SSDT 871AD120 ZwImpersonateThread
SSDT 86F631C8 ZwLoadDriver
SSDT 87D68AD0 ZwMapViewOfSection
SSDT 8715D068 ZwOpenEvent
SSDT 87D676C8 ZwOpenProcess
SSDT 87162DD0 ZwOpenProcessToken
SSDT 8729FB68 ZwOpenSection
SSDT 87D675B8 ZwOpenThread
SSDT 87D844F0 ZwProtectVirtualMemory
SSDT 8718C558 ZwResumeThread
SSDT 8718C458 ZwSetContextThread
SSDT 87D68878 ZwSetInformationProcess
SSDT 87D56048 ZwSetSystemInformation
SSDT 87297118 ZwSuspendProcess
SSDT 87382AA8 ZwSuspendThread
SSDT 872FE990 ZwTerminateProcess
SSDT 87C0CB50 ZwTerminateThread
SSDT 87382140 ZwUnmapViewOfSection
SSDT 87D68F40 ZwWriteVirtualMemory
SSDT 87D85CB0 ZwCreateThreadEx

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 11D 822F0860 8 Bytes [08, 01, 1A, 87, 10, 61, 19, ...] {OR [ECX], AL; SBB AL, [EDI-0x78e69ef0]}
.text ntkrnlpa.exe!KeSetEvent + 131 822F0874 4 Bytes [50, 72, D6, 87]
.text ntkrnlpa.exe!KeSetEvent + 13D 822F0880 4 Bytes [00, 31, 05, 87]
.text ntkrnlpa.exe!KeSetEvent + 191 822F08D4 4 Bytes [48, 90, D6, 87]
.text ntkrnlpa.exe!KeSetEvent + 1F5 822F0938 4 Bytes [08, 10, D8, 87]
.text ...
.rsrc C:\Windows\system32\drivers\atapi.sys entry point in ".rsrc" section [0x82D25024]

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\svchost.exe[896] ole32.dll!CoCreateInstance 76EA9EA6 5 Bytes JMP 0095000A
.text C:\Program Files\Internet Explorer\iexplore.exe[4544] USER32.dll!CreateWindowExW 76A31305 5 Bytes JMP 6C89D684 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4544] USER32.dll!DialogBoxParamW 76A510B0 5 Bytes JMP 6C7C541D C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4544] USER32.dll!DialogBoxIndirectParamW 76A52EF5 5 Bytes JMP 6C9943FF C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4544] USER32.dll!DialogBoxParamA 76A68152 5 Bytes JMP 6C99439C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4544] USER32.dll!DialogBoxIndirectParamA 76A6847D 5 Bytes JMP 6C994462 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4544] USER32.dll!MessageBoxIndirectA 76A7D4D9 5 Bytes JMP 6C994331 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4544] USER32.dll!MessageBoxIndirectW 76A7D5D3 5 Bytes JMP 6C9942C6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4544] USER32.dll!MessageBoxExA 76A7D639 5 Bytes JMP 6C994264 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4544] USER32.dll!MessageBoxExW 76A7D65D 5 Bytes JMP 6C994202 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5056] USER32.dll!CreateDialogParamW 76A272A2 5 Bytes JMP 6C89DA10 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5056] USER32.dll!GetAsyncKeyState 76A2863C 5 Bytes JMP 6C7B90DB C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5056] USER32.dll!SetWindowsHookExW 76A287AD 5 Bytes JMP 6C8997FD C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5056] USER32.dll!CallNextHookEx 76A28E3B 5 Bytes JMP 6C88CE81 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5056] USER32.dll!UnhookWindowsHookEx 76A298DB 5 Bytes JMP 6C804620 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5056] USER32.dll!EnableWindow 76A2CD8B 5 Bytes JMP 6C89D89D C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5056] USER32.dll!CreateWindowExW 76A31305 5 Bytes JMP 6C89D684 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5056] USER32.dll!GetKeyState 76A38CB1 5 Bytes JMP 6C89CE4B C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5056] USER32.dll!IsDialogMessageW 76A40745 5 Bytes JMP 6C7C592F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5056] USER32.dll!CreateDialogParamA 76A417AA 5 Bytes JMP 6C995084 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5056] USER32.dll!IsDialogMessage 76A41847 5 Bytes JMP 6C994920 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5056] USER32.dll!CreateDialogIndirectParamA 76A426F1 5 Bytes JMP 6C9950BB C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5056] USER32.dll!CreateDialogIndirectParamW 76A49A62 5 Bytes JMP 6C9950F2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5056] USER32.dll!SetKeyboardState 76A50987 5 Bytes JMP 6C994C8F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5056] USER32.dll!DialogBoxParamW 76A510B0 5 Bytes JMP 6C7C541D C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5056] USER32.dll!DialogBoxIndirectParamW 76A52EF5 5 Bytes JMP 6C9943FF C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5056] USER32.dll!SendInput 76A52F75 5 Bytes JMP 6C99584B C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5056] USER32.dll!EndDialog 76A5326E 5 Bytes JMP 6C7C7DD6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5056] USER32.dll!SetCursorPos 76A66FB2 5 Bytes JMP 6C99589F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5056] USER32.dll!DialogBoxParamA 76A68152 5 Bytes JMP 6C99439C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5056] USER32.dll!DialogBoxIndirectParamA 76A6847D 5 Bytes JMP 6C994462 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5056] USER32.dll!MessageBoxIndirectA 76A7D4D9 5 Bytes JMP 6C994331 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5056] USER32.dll!MessageBoxIndirectW 76A7D5D3 5 Bytes JMP 6C9942C6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5056] USER32.dll!MessageBoxExA 76A7D639 5 Bytes JMP 6C994264 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5056] USER32.dll!MessageBoxExW 76A7D65D 5 Bytes JMP 6C994202 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5056] USER32.dll!keybd_event 76A7D972 5 Bytes JMP 6C995BCF C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5056] SHELL32.dll!SHRestricted + D95 75BD8988 4 Bytes [4D, 30, 76, 6E] {DEC EBP; XOR [ESI+0x6e], DH}
.text C:\Program Files\Internet Explorer\iexplore.exe[5056] SHELL32.dll!SHRestricted + D9D 75BD8990 8 Bytes [57, 2F, 76, 6E, 9C, 5B, 75, ...] {PUSH EDI; DAS ; JBE 0x72; PUSHF ; POP EBX; JNZ 0x76}
.text C:\Program Files\Internet Explorer\iexplore.exe[5056] ole32.dll!OleLoadFromStream 76E71E12 5 Bytes JMP 6C994780 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5056] ole32.dll!CoCreateInstance 76EA9EA6 5 Bytes JMP 6C89D6E0 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[1096] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73FB7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1096] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7400A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1096] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73FBBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1096] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73FAF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1096] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73FB75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1096] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73FAE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1096] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [73FE8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1096] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [73FBDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1096] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73FAFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1096] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73FAFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1096] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73FA71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1096] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7403CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1096] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [73FDC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1096] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73FAD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1096] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73FA6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1096] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73FA687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1096] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73FB2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [6E7482F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [6E7482F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SearchPathW] [6E751AEC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6E75007C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CopyFileW] [6E74E1E9] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!MoveFileW] [6E750994] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!DeleteFileW] [6E74EE46] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [6E74A3FB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetCurrentDirectoryW] [6E751D56] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindClose] [6E753ADC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindNextFileW] [6E752999] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindFirstFileW] [6E753035] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6E74FBE1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateFileW] [6E74E860] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!WritePrivateProfileStringW] [6E74DC5C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6E74FD66] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [6E7482F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetPrivateProfileStringW] [6E74D4B8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegQueryInfoKeyW] [6E75FBB3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegEnumValueW] [6E76051D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegOpenKeyExW] [6E75EB3D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegQueryValueExW] [6E75F817] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegDeleteKeyW] [6E75EF31] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegCreateKeyExW] [6E75E5C5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegCloseKey] [6E75ED95] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6E75007C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6E74FBE1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CopyFileW] [6E74E1E9] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [6E7482F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6E74FD66] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CreateFileW] [6E74E860] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SearchPathW] [6E751AEC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!DeleteFileW] [6E74EE46] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindClose] [6E753ADC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindFirstFileA] [6E752CD2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindNextFileA] [6E752926] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindFirstFileW] [6E753035] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindNextFileW] [6E752999] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetFileAttributesA] [6E74BD77] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetCurrentDirectoryA] [6E75173F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetFileAttributesA] [6E74BFCD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateDirectoryA] [6E750F0F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!RemoveDirectoryA] [6E7514E9] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!DeleteFileA] [6E74ED1B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetFileAttributesW] [6E74BEA2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetCurrentDirectoryW] [6E751D56] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetFileAttributesW] [6E74C0FB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateDirectoryW] [6E75103D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!DeleteFileW] [6E74EE46] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!MoveFileW] [6E750994] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!RemoveDirectoryW] [6E751614] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!MoveFileA] [6E750921] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [6E7482F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [6E74FBE1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [6E74A073] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [6E74A3FB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateFileA] [6E74E717] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateFileW] [6E74E860] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryW] [6E74FD66] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6E74FD66] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!ReplaceFileW] [6E750C95] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!WritePrivateProfileStringW] [6E74DC5C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringW] [6E74D4B8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringA] [6E74D361] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!DeleteFileW] [6E74EE46] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6E75007C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesW] [6E74C0FB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [6E74E860] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileW] [6E753035] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileW] [6E752999] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathW] [6E751AEC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesW] [6E74BEA2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesA] [6E74BFCD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] [6E74E717] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileA] [6E752CD2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileA] [6E752926] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindClose] [6E753ADC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathA] [6E7523A5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesA] [6E74BD77] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6E74FBE1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [6E7482F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!WinHelpW] [6E74FAAA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!WinHelpA] [6E74F973] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCloseKey] [6E75ED95] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExA] [6E75E43D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegDeleteKeyA] [6E75EDE8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryInfoKeyA] [6E75F9B7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExA] [6E75E9C5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExW] [6E75E5C5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExW] [6E75EB3D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyExW] [6E76020D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueW] [6E75F4DB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegDeleteKeyW] [6E75EF31] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryInfoKeyW] [6E75FBB3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueExW] [6E75F817] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumValueW] [6E76051D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyW] [6E75FF19] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyExA] [6E760085] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumValueA] [6E760395] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyA] [6E75FDAF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueExA] [6E75F677] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionW] [6E74CFA8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FindNextFileW] [6E752999] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!ReplaceFileW] [6E750C95] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionNamesW] [6E74D22A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileSectionW] [6E74D9DA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileStringW] [6E74DC5C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateHardLinkW] [6E74EB68] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetCurrentDirectoryW] [6E751D56] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CopyFileW] [6E74E1E9] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetBinaryTypeW] [6E74CAA7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6E75007C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [6E74A3FB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileW] [6E750994] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FindFirstFileW] [6E753035] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FindClose] [6E753ADC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetShortPathNameA] [6E74C709] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesA] [6E74BD77] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SearchPathW] [6E751AEC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileIntW] [6E74CD20] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileStringW] [6E74D4B8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!RemoveDirectoryW] [6E751614] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateDirectoryW] [6E75103D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!DeleteFileW] [6E74EE46] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetFileAttributesW] [6E74C0FB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesW] [6E74BEA2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileExW] [6E7509B9] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetShortPathNameW] [6E74C848] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6E74FD66] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateFileW] [6E74E860] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesExW] [6E74C368] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6E74FBE1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetLongPathNameW] [6E74C5D8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\SHELL32.dll [USER32.dll!LoadImageW] [6E74F0D0] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\SHELL32.dll [USER32.dll!WinHelpW] [6E74FAAA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\SHELL32.dll [USER32.dll!PrivateExtractIconsW] [6E74F5C5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathCreateFromUrlW] [6E7565DA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryStringByKeyW] [6E75620B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHCreateStreamOnFileW] [6E757595] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryKeyW] [6E7560AE] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryStringW] [6E75615B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteKeyA] [6E7575E7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathCombineW] [6E756533] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHOpenRegStream2W] [6E75799A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryW] [6E75684F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsURLW] [6E756E45] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRootA] [6E756AFB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRootW] [6E756B47] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathStripToRootW] [6E757281] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathFindOnPathW] [6E756716] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathStripPathW] [6E7571ED] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathRemoveArgsW] [6E757021] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetBoolUSValueW] [6E757FBE] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathSkipRootW] [6E757159] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryEmptyW] [6E7568E7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsSystemFolderW] [6E756BE2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryA] [6E756803] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathRelativePathToW] [6E756F81] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathBuildRootA] [6E7563A5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetPathW] [6E7580BD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegSetPathW] [6E758513] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetUSValueW] [6E758176] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHQueryValueExW] [6E757BA4] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetValueW] [6E758235] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsNetworkPathW] [6E75697F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCServerShareW] [6E756DAD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCServerW] [6E756D15] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathUnExpandEnvStringsW] [6E75731F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathMakeSystemFolderW] [6E756EDD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCW] [6E756C7D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRelativeW] [6E756AAF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHGetValueW] [6E7578EA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathBuildRootW] [6E7563F4] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteValueW] [6E7576D7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHSetValueW] [6E758732] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHEnumKeyExW] [6E75777E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHEnumValueW] [6E757831] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathFileExistsW] [6E75667B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteKeyW] [6E757636] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!NtQueryDirectoryFile] [6E74BB38] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!FindClose] [6E753ADC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!FindFirstFileW] [6E753035] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6E75007C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!SearchPathW] [6E751AEC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [6E74A3FB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!DeleteFileW] [6E74EE46] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetShortPathNameW] [6E74C848] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetFileAttributesExW] [6E74C368] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateFileW] [6E74E860] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6E74FD66] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetFileAttributesW] [6E74BEA2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6E74FBE1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetValueW] [6E758235] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetValueA] [6E7581D7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathUnExpandEnvStringsA] [6E7572CD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHDeleteKeyA] [6E7575E7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHDeleteValueW] [6E7576D7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathCreateFromUrlW] [6E7565DA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHGetValueA] [6E75788F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHSetValueA] [6E7586D7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHGetValueW] [6E7578EA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHSetValueW] [6E758732] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathCombineW] [6E756533] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [6E7482F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [6E7482F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [6E7482F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [6E7482F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!GetProcAddress] [6E7482F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\IPHLPAPI.DLL [KERNEL32.dll!GetProcAddress] [6E7482F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [6E7482F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5056] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [6E7482F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device -> \Driver\atapi \Device\Harddisk0\DR0 85987618

---- Services - GMER 1.0.15 ----

Service system32\drivers\gaopdxgxfotivx.sys (*** hidden *** ) [SYSTEM] gaopdxserv.sys <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys@imagepath \systemroot\system32\drivers\gaopdxgxfotivx.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys\modules@gaopdxserv \\?\globalroot\systemroot\system32\drivers\gaopdxgxfotivx.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys\modules@gaopdxl \\?\globalroot\systemroot\system32\gaopdxavwpbkhs.dll
Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys@imagepath \systemroot\system32\drivers\gaopdxgxfotivx.sys
Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys\modules@gaopdxserv \\?\globalroot\systemroot\system32\drivers\gaopdxgxfotivx.sys
Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys\modules@gaopdxl \\?\globalroot\systemroot\system32\gaopdxavwpbkhs.dll

---- Files - GMER 1.0.15 ----

File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010017.ci 0 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010017.dir 0 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010017.wid 0 bytes
File C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Lue\Logs\TempLog.Lue 15140 bytes
File C:\Windows\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----

#6
Rorschach112

Posted 13 December 2009 - 05:25 PM

Ralphie

Retired Staff
47,710 posts

hi

1. Please download The Avenger by Swandog46 to your Desktop.

Right click on the Avenger.zip folder and select "Extract All..."
Follow the prompts and extract the avenger folder to your desktop

2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Begin copying here:
Files to move:
C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys | C:\Windows\System32\drivers\atapi.sys
Drivers to delete:
gaopdxgxfotivx
gaopdxserv
Files to delete:
C:\Windows\system32\drivers\gaopdxgxfotivx.sys
C:\Windows\system32\gaopdxavwpbkhs.dll

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, open the avenger folder and start The Avenger program by clicking on its icon.

Right click on the window under Input script here:, and select Paste.
You can also click on this window and press (Ctrl+V) to paste the contents of the clipboard.
Click on Execute
Answer "Yes" twice when prompted.

4. The Avenger will automatically do the following:

It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete", The Avenger will actually restart your system twice.)
On reboot, it will briefly open a black command window on your desktop, this is normal.
After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

5. Please copy/paste the content of c:\avenger.txt into your reply

#7
Borse

Posted 13 December 2009 - 06:29 PM

Member

Topic Starter
Member
20 posts

When i started avenger i had left for a few minutes for the bathroom when i returned startup repair had shown up saying that my computer had failed to startup properly. I restarted the computer and it seems to be working fine so far but Norton had just detected a virus Backdoor.Tidserv.l!inf

here's avenger.txt

Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Error: could not move file "C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys"
File move operation "C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys|C:\Windows\System32\drivers\atapi.sys" failed!
Status: 0xc0000022 (STATUS_ACCESS_DENIED)

Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\gaopdxgxfotivx" not found!
Deletion of driver "gaopdxgxfotivx" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\gaopdxserv" not found!
Deletion of driver "gaopdxserv" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: file "C:\Windows\system32\drivers\gaopdxgxfotivx.sys" not found!
Deletion of file "C:\Windows\system32\drivers\gaopdxgxfotivx.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: file "C:\Windows\system32\gaopdxavwpbkhs.dll" not found!
Deletion of file "C:\Windows\system32\gaopdxavwpbkhs.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Completed script processing.

*******************

Finished! Terminate.

#8
Rorschach112

Posted 13 December 2009 - 06:38 PM

Ralphie

Retired Staff
47,710 posts

hi

Please download OTM

Save it to your desktop.
Please double-click OTM to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).

Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:Processes

:Services
gaopdxgxfotivx
gaopdxserv
:Reg

:Files
C:\Windows\System32\drivers\atapi.sys|C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys /replace
C:\Windows\system32\drivers\gaopdxgxfotivx.sys
C:\Windows\system32\gaopdxavwpbkhs.dll

:Commands
[purity]
[emptytemp]
[Reboot]

Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
Click the red Moveit! button.
Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTM and reboot your PC.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

#9
Borse

Posted 13 December 2009 - 07:04 PM

Member

Topic Starter
Member
20 posts

here's the log

All processes killed
========== PROCESSES ==========
========== SERVICES/DRIVERS ==========
Error: No service named gaopdxgxfotivx was found to stop!
Unable to stop service gaopdxgxfotivx!
Error: No service named gaopdxserv was found to stop!
Unable to stop service gaopdxserv!
========== REGISTRY ==========
========== FILES ==========
Unable to replace file: C:\Windows\System32\drivers\atapi.sys with C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys without a reboot.
File/Folder C:\Windows\system32\drivers\gaopdxgxfotivx.sys not found.
File/Folder C:\Windows\system32\gaopdxavwpbkhs.dll not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Matthew
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes

User: Owner
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes

User: Public

User: Robert
->Temp folder emptied: 40204 bytes
->Temporary Internet Files folder emptied: 4023695 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 526 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 1796238 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 320 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 5.59 mb

OTM by OldTimer - Version 3.1.2.2 log created on 12132009_195730

Files moved on Reboot...
File move failed. C:\Windows\temp\CLDigitalHome\CLMS_AGENT_LOG1.txt scheduled to be moved on reboot.
File move failed. C:\Windows\temp\CLDigitalHome\PCMMediaServer.log scheduled to be moved on reboot.
File C:\Windows\temp\JETCD9A.tmp not found!

Registry entries deleted on Reboot...

#10
Rorschach112

Posted 14 December 2009 - 06:37 AM

Ralphie

Retired Staff
47,710 posts

hi

Download TFC to your desktop

Open the file and close any other windows.
It will close all programs itself when run, make sure to let it run uninterrupted.
Click the Start button to begin the process. The program should not take long to finish its job
Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Go to Kaspersky website and perform an online antivirus scan.

Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
- Spyware, Adware, Dialers, and other potentially dangerous programs
  Archives
  Mail databases
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

#11
Borse

Posted 14 December 2009 - 11:32 AM

Member

Topic Starter
Member
20 posts

here's the mbam log

Malwarebytes' Anti-Malware 1.42
Database version: 3357
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18865

12/14/2009 9:28:21 AM
mbam-log-2009-12-14 (09-28-21).txt

Scan type: Quick Scan
Objects scanned: 112878
Time elapsed: 5 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 26
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{3446af26-b8d7-199b-4cfc-6fd764ca5c9f} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{dd140a75-b643-4124-97c5-82ba9de5ee99} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{3446af26-b8d7-199b-4cfc-6fd764ca5c9f} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{3446af26-b8d7-199b-4cfc-6fd764ca5c9f} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\aquaplay (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\gaopdxserv.sys (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\resycled (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Files Infected:
C:\Windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

and kaspersky

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Monday, December 14, 2009
Operating system: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 2 (build 6002)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Monday, December 14, 2009 13:42:14
Records in database: 3370547
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\

Scan statistics:
Objects scanned: 164157
Threats found: 2
Infected objects found: 2
Suspicious objects found: 0
Scan duration: 02:06:48

File name / Threat / Threats count
C:\Users\Robert\AppData\Roaming\sdra64.exe Infected: Trojan.Win32.Buzus.csuv 1
C:\_OTL\MovedFiles\12132009_165415\C_ProgramData\2DBoy\sp.DLL Infected: Trojan-Proxy.Win32.Agent.byn 1

Selected area has been scanned.

#12
Rorschach112

Posted 14 December 2009 - 11:44 AM

Ralphie

Retired Staff
47,710 posts

hi

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL

:Services

:Reg

:Files
C:\Users\Robert\AppData\Roaming\sdra64.exe

:Commands
[purity]
[emptytemp]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

#13
Borse

Posted 14 December 2009 - 11:54 AM

Member

Topic Starter
Member
20 posts

On a sidenote my system blcoked out malwarebytes from startup. when i try to check out the startup programs it says 'Application failed initialize: 0x800106ba.'

the OTL log

All processes killed
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\Users\Robert\AppData\Roaming\sdra64.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Matthew
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes

User: Owner
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes

User: Public

User: Robert
->Temp folder emptied: 92093103 bytes
->Temporary Internet Files folder emptied: 13583053 bytes
->Java cache emptied: 128020 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 611 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 100.90 mb

OTL by OldTimer - Version 3.1.17.0 log created on 12142009_124458

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\CLDigitalHome\CLMS_AGENT_LOG1.txt scheduled to be moved on reboot.
File move failed. C:\Windows\temp\CLDigitalHome\PCMMediaServer.log scheduled to be moved on reboot.
File\Folder C:\Windows\temp\JETFF16.tmp not found!

Registry entries deleted on Reboot...

#14
Rorschach112

Posted 14 December 2009 - 11:56 AM

Ralphie

Retired Staff
47,710 posts

post a new Quick Scan from OTL too

#15
Borse

Posted 14 December 2009 - 12:04 PM

Member

Topic Starter
Member
20 posts

here you go

OTL logfile created on: 12/14/2009 12:59:09 PM - Run 2
OTL by OldTimer - Version 3.1.17.0 Folder = C:\Users\Robert\Desktop\Geeks
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18865)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.42 Gb Available Physical Memory | 70.87% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144.29 Gb Total Space | 69.86 Gb Free Space | 48.42% Space Free | Partition Type: NTFS
Drive D: | 144.04 Gb Total Space | 143.94 Gb Free Space | 99.94% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OWNER-PC
Current User Name: Robert
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/12/13 10:07:19 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Users\Robert\Desktop\Geeks\OTL.exe
PRC - [2009/12/02 08:19:02 | 00,788,880 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2009/12/02 08:19:01 | 01,184,912 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2009/11/21 01:42:38 | 00,638,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/11/13 07:49:01 | 00,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Users\Robert\Program Files\DNA\btdna.exe
PRC - [2009/10/28 20:21:26 | 00,141,600 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/10/28 20:21:14 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/10/26 14:46:54 | 01,458,176 | ---- | M] (Motorola Inc.) -- C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
PRC - [2009/10/11 04:17:36 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/08/22 02:21:19 | 00,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
PRC - [2009/08/19 13:26:40 | 00,098,984 | ---- | M] (Lexmark International, Inc.) -- C:\Windows\System32\spool\drivers\w32x86\3\lxdpserv.exe
PRC - [2009/08/14 08:49:20 | 00,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\TCPSVCS.EXE
PRC - [2009/07/17 22:12:12 | 00,257,440 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10c.exe
PRC - [2009/05/29 12:41:26 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/05/19 10:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/04/11 01:28:08 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe
PRC - [2009/04/11 01:27:36 | 02,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/01/25 21:49:04 | 00,269,448 | ---- | M] (CyberLink) -- C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
PRC - [2008/01/23 15:33:00 | 00,021,752 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
PRC - [2008/01/22 19:46:20 | 00,049,152 | ---- | M] (NewTech InfoSystems, Inc.) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
PRC - [2008/01/22 19:45:56 | 00,131,072 | ---- | M] () -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
PRC - [2008/01/20 21:25:33 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2008/01/20 21:24:59 | 00,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WUDFHost.exe
PRC - [2008/01/20 21:23:32 | 00,397,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Mail\WinMail.exe
PRC - [2007/12/07 05:17:04 | 00,656,040 | ---- | M] () -- C:\Program Files\Lexmark Z2300 Series\lxdpmon.exe
PRC - [2007/12/01 02:16:54 | 00,594,600 | ---- | M] ( ) -- C:\Windows\System32\lxdpcoms.exe
PRC - [2007/09/10 17:28:18 | 00,057,344 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
PRC - [2007/09/06 14:02:04 | 00,393,216 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
PRC - [2007/08/13 23:53:34 | 00,610,304 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\Ati2evxx.exe
PRC - [2007/07/17 12:13:56 | 00,049,152 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
PRC - [2007/07/17 12:13:34 | 00,049,152 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
PRC - [2007/07/05 22:06:52 | 04,669,440 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/06/11 14:27:23 | 00,291,760 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\lxddmon.exe
PRC - [2007/05/25 04:41:53 | 00,099,248 | ---- | M] (Lexmark International, Inc.) -- C:\Windows\System32\spool\drivers\w32x86\3\lxddserv.exe
PRC - [2007/05/25 04:41:37 | 00,537,520 | ---- | M] ( ) -- C:\Windows\System32\lxddcoms.exe
PRC - [2007/04/30 03:19:53 | 00,020,480 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\lxddamon.exe
PRC - [2007/01/17 14:20:10 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/07/19 13:36:58 | 00,262,247 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe

========== Modules (SafeList) ==========

MOD - [2009/12/13 10:07:19 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Users\Robert\Desktop\Geeks\OTL.exe
MOD - [2009/04/11 01:21:38 | 01,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2009/12/02 08:19:01 | 01,184,912 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/10/28 20:21:14 | 00,545,568 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/09/24 20:27:04 | 00,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/08/22 02:21:19 | 00,117,640 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe -- (Norton Internet Security)
SRV - [2009/08/19 13:26:40 | 00,098,984 | ---- | M] () [Auto | Running] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxdpserv.exe -- (lxdpCATSCustConnectService)
SRV - [2009/08/14 08:49:20 | 00,009,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\TCPSVCS.EXE -- (simptcp)
SRV - [2009/05/29 12:41:26 | 00,144,712 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/05/19 10:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/11/04 00:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/01/29 15:09:02 | 00,394,704 | ---- | M] (Symantec, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe -- (Symantec RemoteAssist)
SRV - [2008/01/25 21:49:04 | 00,269,448 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe -- (Acer HomeMedia Connect Service)
SRV - [2008/01/23 15:33:00 | 00,021,752 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe -- (BUNAgentSvc)
SRV - [2008/01/22 19:46:20 | 00,049,152 | ---- | M] (NewTech InfoSystems, Inc.) [Auto | Running] -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe -- (NTIBackupSvc)
SRV - [2008/01/22 19:45:56 | 00,131,072 | ---- | M] () [Auto | Running] -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe -- (NTISchedulerSvc)
SRV - [2008/01/20 21:23:32 | 00,272,952 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/01 02:16:54 | 00,594,600 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxdpcoms.exe -- (lxdp_device)
SRV - [2007/09/10 17:28:18 | 00,057,344 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
SRV - [2007/09/05 20:25:04 | 00,204,800 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/08/13 23:53:34 | 00,610,304 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\Windows\System32\Ati2evxx.exe -- (Ati External Event Utility)
SRV - [2007/05/25 04:41:53 | 00,099,248 | ---- | M] () [Auto | Running] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe -- (lxddCATSCustConnectService)
SRV - [2007/05/25 04:41:37 | 00,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxddcoms.exe -- (lxdd_device)
SRV - [2007/01/17 14:20:10 | 00,061,440 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/11/02 07:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2006/10/26 17:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/07/19 13:36:58 | 00,262,247 | ---- | M] () [Auto | Running] -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe -- (RichVideo) Cyberlink RichVideo Service(CRVS)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/a/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://mailcenter.co...c0&from=wmgoto"
FF - prefs.js..extensions.enabledItems: {8EB91CF2-9DA1-4FEC-9266-DA762C6BBF26}:1.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/09/16 16:45:11 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/10/30 17:16:10 | 00,000,000 | ---D | M]

[2009/04/28 18:03:03 | 00,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Mozilla\Extensions
[2008/05/03 20:18:29 | 00,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\t9vry01x.default\extensions
[2009/12/14 12:49:09 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/04/28 18:02:58 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2009/04/28 18:02:58 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2009/03/31 21:47:26 | 00,324,976 | ---- | M] (Symantec Corporation) -- C:\Program Files\Mozilla Firefox\components\coFFPlgn.dll
[2008/09/03 19:11:24 | 00,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
[2009/04/12 12:28:20 | 00,239,432 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll
[2009/03/30 16:13:54 | 00,098,304 | ---- | M] (RealNetworks) -- C:\Program Files\Mozilla Firefox\plugins\npraclient.dll
[2005/04/27 15:10:49 | 00,102,400 | ---- | M] (RealNetworks) -- C:\Program Files\Mozilla Firefox\plugins\npracplug.dll
[2007/04/16 12:07:12 | 00,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
[2009/03/03 09:51:42 | 00,098,304 | ---- | M] (Zylom) -- C:\Program Files\Mozilla Firefox\plugins\npzylomgamesplayer.dll

O1 HOSTS File: (771 bytes) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe ()
O4 - HKLM..\Run: [Acer Product Registration] C:\Program Files\Acer Registration\ACE1.exe (Leader Technologies)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [lxddamon] C:\Program Files\Lexmark 2500 Series\lxddamon.exe ()
O4 - HKLM..\Run: [lxddmon.exe] C:\Program Files\Lexmark 2500 Series\lxddmon.exe ()
O4 - HKLM..\Run: [lxdpmon.exe] C:\Program Files\Lexmark Z2300 Series\lxdpmon.exe ()
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [BitTorrent DNA] C:\Users\Robert\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onec...s/wlscctrl2.cab (Windows Live OneCare safety scanner control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.64.150 68.87.75.198
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\CoIEPlg.dll (Symantec Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2009/12/14 09:21:35 | 00,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\Malwarebytes
[2009/12/14 09:21:31 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/12/14 09:21:29 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/12/14 09:21:28 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/12/14 09:21:28 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/12/14 09:20:47 | 04,844,296 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Robert\Desktop\mbam-setup.exe
[2009/12/14 09:14:15 | 00,343,040 | ---- | C] (OldTimer Tools) -- C:\Users\Robert\Desktop\TFC.exe
[2009/12/13 19:57:30 | 00,000,000 | ---D | C] -- C:\_OTM
[2009/12/13 19:56:11 | 00,425,472 | ---- | C] (OldTimer Tools) -- C:\Users\Robert\Desktop\OTM.exe
[2009/12/13 18:28:16 | 00,000,000 | ---D | C] -- C:\Users\Robert\Desktop\avenger
[2009/12/13 16:54:15 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/12/13 10:25:02 | 00,000,000 | ---D | C] -- C:\Users\Robert\Desktop\Geeks
[2009/12/12 21:09:06 | 00,000,000 | ---D | C] -- C:\GameHouse Games
[2009/12/11 22:47:19 | 00,000,000 | ---D | C] -- C:\Program Files\ThreatExpert Memory Scanner
[2009/12/11 17:57:56 | 00,064,288 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2009/12/11 17:56:17 | 00,000,000 | -H-D | C] -- C:\ProgramData\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
[2009/12/11 17:55:38 | 00,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2009/12/11 17:55:38 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2009/12/09 22:27:20 | 00,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\Leadertech
[2009/12/09 19:48:20 | 00,000,000 | ---D | C] -- C:\Windows\pss
[2009/12/09 18:15:54 | 00,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\lowsec
[2009/12/08 15:47:04 | 00,000,000 | ---D | C] -- C:\Windows\Westward IV
[2009/10/20 16:59:04 | 00,409,600 | ---- | C] ( ) -- C:\Windows\System32\lxdpcoin.dll
[2009/10/18 15:58:43 | 00,438,272 | ---- | C] ( ) -- C:\Windows\System32\LXDPhcp.dll
[2009/10/18 15:58:43 | 00,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxdpinpa.dll
[2009/10/18 15:58:43 | 00,339,968 | ---- | C] ( ) -- C:\Windows\System32\lxdpiesc.dll
[2009/10/18 15:58:42 | 01,101,824 | ---- | C] ( ) -- C:\Windows\System32\lxdpserv.dll
[2009/10/18 15:58:42 | 00,843,776 | ---- | C] ( ) -- C:\Windows\System32\lxdpusb1.dll
[2009/10/18 15:58:42 | 00,053,248 | ---- | C] ( ) -- C:\Windows\System32\lxdpprox.dll
[2009/10/18 15:58:41 | 00,647,168 | ---- | C] ( ) -- C:\Windows\System32\lxdppmui.dll
[2009/10/18 15:58:41 | 00,569,344 | ---- | C] ( ) -- C:\Windows\System32\lxdplmpm.dll
[2009/10/18 15:58:39 | 00,663,552 | ---- | C] ( ) -- C:\Windows\System32\lxdphbn3.dll
[2009/10/18 15:58:37 | 00,851,968 | ---- | C] ( ) -- C:\Windows\System32\lxdpcomc.dll
[2009/10/18 15:58:37 | 00,376,832 | ---- | C] ( ) -- C:\Windows\System32\lxdpcomm.dll
[2008/05/05 10:06:32 | 00,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll
[2008/04/19 17:45:28 | 00,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXDDhcp.dll
[2008/04/19 17:45:27 | 00,999,424 | ---- | C] ( ) -- C:\Windows\System32\lxddusb1.dll
[2008/04/19 17:45:27 | 00,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxddinpa.dll
[2008/04/19 17:45:27 | 00,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxddiesc.dll
[2008/04/19 17:45:26 | 01,232,896 | ---- | C] ( ) -- C:\Windows\System32\lxddserv.dll
[2008/04/19 17:45:26 | 00,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxddpmui.dll
[2008/04/19 17:45:26 | 00,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxddprox.dll
[2008/04/19 17:45:26 | 00,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxddpplc.dll
[2008/04/19 17:45:25 | 00,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxddlmpm.dll
[2008/04/19 17:45:24 | 00,700,416 | ---- | C] ( ) -- C:\Windows\System32\lxddhbn3.dll
[2008/04/19 17:45:23 | 00,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxddcomc.dll
[2008/04/19 17:45:23 | 00,425,984 | ---- | C] ( ) -- C:\Windows\System32\lxddcomm.dll

========== Files - Modified Within 14 Days ==========

[2009/12/14 13:00:41 | 03,407,872 | ---- | M] () -- C:\Users\Robert\NTUSER.DAT
[2009/12/14 12:54:24 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/12/14 12:54:24 | 00,595,446 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/12/14 12:54:24 | 00,101,144 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/12/14 12:48:58 | 00,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/12/14 12:48:58 | 00,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/12/14 12:48:56 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/12/14 12:48:53 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/12/14 12:46:20 | 00,524,288 | -HS- | M] () -- C:\Users\Robert\NTUSER.DAT{bc4b182e-2864-11de-8232-001c2556b627}.TMContainer00000000000000000001.regtrans-ms
[2009/12/14 12:46:20 | 00,065,536 | -HS- | M] () -- C:\Users\Robert\NTUSER.DAT{bc4b182e-2864-11de-8232-001c2556b627}.TM.blf
[2009/12/14 09:28:51 | 06,291,456 | -H-- | M] () -- C:\Users\Robert\AppData\Local\IconCache.db
[2009/12/14 09:21:34 | 00,000,782 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/12/14 09:20:50 | 04,844,296 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Robert\Desktop\mbam-setup.exe
[2009/12/14 09:14:18 | 00,343,040 | ---- | M] (OldTimer Tools) -- C:\Users\Robert\Desktop\TFC.exe
[2009/12/13 20:28:27 | 00,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{32A6B19E-C9A8-447F-B4B3-4ED2DCAB0056}.job
[2009/12/13 19:56:15 | 00,425,472 | ---- | M] (OldTimer Tools) -- C:\Users\Robert\Desktop\OTM.exe
[2009/12/13 19:20:47 | 00,019,944 | ---- | M] () -- C:\Windows\System32\drivers\atapi.sys
[2009/12/13 19:20:46 | 20,436,8825 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2009/12/13 18:28:09 | 00,724,952 | ---- | M] () -- C:\Users\Robert\Desktop\avenger.zip
[2009/12/13 17:06:42 | 00,292,864 | ---- | M] () -- C:\Users\Robert\Desktop\gmer.exe
[2009/12/12 21:09:25 | 00,000,935 | ---- | M] () -- C:\Users\Robert\Desktop\GameHouse Solitaire Challenge.lnk
[2009/12/12 21:09:06 | 00,000,137 | ---- | M] () -- C:\Users\Robert\Desktop\More Games at GameHouse.com.url
[2009/12/12 14:51:06 | 00,102,912 | ---- | M] () -- C:\Users\Robert\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/11 22:42:08 | 00,000,306 | ---- | M] () -- C:\Users\Robert\Documents\Backup Registry.reg
[2009/12/11 18:18:30 | 00,000,771 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2009/12/11 17:56:15 | 00,000,971 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2009/12/10 10:14:49 | 00,036,352 | ---- | M] () -- C:\Users\Robert\Documents\Resume Robert.doc
[2009/12/09 22:47:31 | 00,001,186 | ---- | M] () -- C:\Users\Public\Desktop\Acer GameZone Online.lnk
[2009/12/08 10:47:34 | 00,001,214 | ---- | M] () -- C:\Users\Public\Desktop\More Great Games.lnk
[2009/12/07 19:59:59 | 00,000,548 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Run Full System Scan - Robert.job
[2009/12/03 16:14:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/12/03 16:13:56 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/12/02 08:19:06 | 00,064,288 | ---- | M] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2009/12/02 08:19:04 | 00,015,880 | ---- | M] () -- C:\Windows\System32\lsdelete.exe

========== Files Created - No Company Name ==========

[2009/12/14 09:21:34 | 00,000,782 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/12/13 18:28:07 | 00,724,952 | ---- | C] () -- C:\Users\Robert\Desktop\avenger.zip
[2009/12/12 21:09:25 | 00,000,935 | ---- | C] () -- C:\Users\Robert\Desktop\GameHouse Solitaire Challenge.lnk
[2009/12/12 21:09:06 | 00,000,137 | ---- | C] () -- C:\Users\Robert\Desktop\More Games at GameHouse.com.url
[2009/12/11 22:42:08 | 00,000,306 | ---- | C] () -- C:\Users\Robert\Documents\Backup Registry.reg
[2009/12/11 20:47:40 | 00,015,880 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2009/12/11 18:13:42 | 00,292,864 | ---- | C] () -- C:\Users\Robert\Desktop\gmer.exe
[2009/12/11 17:56:15 | 00,000,971 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2009/12/10 21:25:03 | 00,115,909 | ---- | C] () -- C:\Users\Robert\AppData\Local\edsinstaller.txt-20091210.log
[2009/12/08 10:47:34 | 00,001,214 | ---- | C] () -- C:\Users\Public\Desktop\More Great Games.lnk
[2009/10/18 15:59:34 | 00,000,252 | ---- | C] () -- C:\ProgramData\FastPics.log
[2009/10/18 15:58:56 | 00,000,044 | ---- | C] () -- C:\Windows\System32\lxdprwrd.ini
[2009/10/18 15:58:44 | 00,348,160 | ---- | C] () -- C:\Windows\System32\LXDPinst.dll
[2009/10/12 06:47:01 | 00,000,000 | ---- | C] () -- C:\Users\Robert\AppData\Local\Dgehedi.binDgehedi.bin
[2009/08/24 18:06:01 | 00,000,552 | ---- | C] () -- C:\Users\Robert\AppData\Local\d3d8caps.dat
[2009/08/03 14:07:42 | 00,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/14 08:02:58 | 00,208,896 | ---- | C] () -- C:\Windows\System32\lxdpgrd.dll
[2009/05/26 17:44:30 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/05/26 17:44:11 | 00,019,944 | ---- | C] () -- C:\Windows\System32\drivers\atapi.sys
[2009/04/22 19:17:29 | 00,000,300 | ---- | C] () -- C:\Users\Robert\AppData\Local\Lcabu.dat
[2009/03/10 14:42:35 | 00,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2009/02/14 18:44:49 | 00,003,580 | ---- | C] () -- C:\Users\Robert\AppData\Local\slot1.mm1
[2009/01/02 19:43:00 | 00,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008/08/13 08:40:54 | 00,000,000 | ---- | C] () -- C:\Users\Robert\AppData\Roaming\wklnhst.dat
[2008/06/06 22:32:34 | 00,002,944 | ---- | C] () -- C:\ProgramData\lxdd
[2008/05/05 10:32:19 | 00,000,398 | ---- | C] () -- C:\Users\Robert\AppData\Local\DownloadLog.txt
[2008/04/24 07:25:06 | 00,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008/04/24 07:25:05 | 00,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008/04/24 07:21:00 | 00,102,912 | ---- | C] () -- C:\Users\Robert\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/04/19 17:51:26 | 00,344,064 | ---- | C] () -- C:\Windows\System32\lxddcoin.dll
[2008/04/19 17:48:40 | 00,045,056 | ---- | C] () -- C:\Windows\System32\LXF3PMON.DLL
[2008/04/19 17:48:40 | 00,032,768 | ---- | C] () -- C:\Windows\System32\LXF3FXPU.DLL
[2008/04/19 17:48:20 | 00,036,864 | ---- | C] () -- C:\Windows\System32\lxf3oem.dll
[2008/04/19 17:48:20 | 00,012,288 | ---- | C] () -- C:\Windows\System32\LXF3PMRC.DLL
[2008/04/19 17:46:26 | 00,000,044 | ---- | C] () -- C:\Windows\System32\lxddrwrd.ini
[2008/04/19 17:45:28 | 00,286,720 | ---- | C] () -- C:\Windows\System32\LXDDinst.dll
[2008/04/19 17:45:24 | 00,208,896 | ---- | C] () -- C:\Windows\System32\lxddgrd.dll
[2008/03/14 15:36:09 | 00,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini
[2008/03/14 15:36:09 | 00,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini
[2008/02/26 03:03:46 | 00,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys
[2008/02/26 03:03:26 | 00,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2008/02/26 03:03:25 | 00,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2008/02/26 01:23:01 | 00,001,047 | ---- | C] () -- C:\Windows\generic.ini
[2008/02/26 01:23:01 | 00,000,128 | ---- | C] () -- C:\Windows\Alaunch.ini
[2008/02/26 01:22:58 | 00,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2007/11/28 12:51:49 | 00,040,960 | ---- | C] () -- C:\Windows\System32\lxdpvs.dll
[2007/01/23 13:40:03 | 00,065,536 | ---- | C] () -- C:\Windows\System32\lxddcaps.dll
[2007/01/09 11:13:08 | 00,692,224 | ---- | C] () -- C:\Windows\System32\lxdddrs.dll
[2006/11/02 07:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/10/06 12:08:04 | 00,069,632 | ---- | C] () -- C:\Windows\System32\lxddcnv4.dll
[2006/05/17 21:47:12 | 00,040,960 | ---- | C] () -- C:\Windows\System32\lxddvs.dll
[2001/12/26 19:12:30 | 00,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/09/04 02:46:38 | 00,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/30 19:33:56 | 00,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/24 01:04:36 | 00,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

========== LOP Check ==========

[2009/07/06 17:44:06 | 00,000,000 | -HSD | M] -- C:\Users\Robert\AppData\Roaming\.#
[2008/05/03 20:01:31 | 00,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Acer
[2008/02/26 03:11:52 | 00,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Acer GameZone Console
[2009/10/08 17:04:11 | 00,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Alawar
[2008/08/05 11:31:08 | 00,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Amaranth Games
[2008/08/08 15:01:45 | 00,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Ancient Quest of Saqqarah__oberon
[2008/11/11 15:24:30 | 00,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Artogon
[2009/06/12 10:43:00 | 00,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Aveyond 3
[2008/07/29 16:15:13 | 00,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Azgard
[2008/09/04 12:58:11 | 00,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\BeachPartyCraze
[2008/09/10 12:17:08 | 00,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\BFG_JanesRealty
[2008/08/29 08:56:19 | 00,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Big Fish Games
[2009/12/14 12:44:59 | 00,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\BitTorrent
[2009/07/06 11:18:00 | 00,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\BlamGames
[2009/02/24 12:11:27 | 00,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\blg
[2008/06/06 14:22:38 | 00,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\BloodTies
[2008/05/22 15:39:35 | 00,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Bloom RU
[2009/03/17 10:33:35 | 00,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Boolat Games
[2009/01/28 11:08:35 | 00,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Boomzap
[2008/10/18 13:05:07 | 00,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\BottleBuster
[2009/07/30 10:09:41 | 00,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\CasualForge
[2009/11/01 12:01:55 | 00,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Dekovir
[2009/09/07 15:05:31 | 00,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\DivoGames
[2009/12/14 13:00:14 | 00,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\DNA
[2008/10/16 12:05:55 | 00,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Dragon Altar Games
[2009/06/11 17:57:27 | 00,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\DreamDale
[2009/11/15 13:41:39 | 00,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\EleFun Games
[2009/05/11 15:49:50 | 00,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Enchanted Katya
[2009/07/16 21:10:27 | 00,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\ERS G-Studio
[2009/06/23 14:19:21 | 00,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\EscapeFromParadise2
[2008/04/19 23:00:05 | 00,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\eSobi
[2008/09/06 17:21:19 | 00,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Eyeblaster
[2009/01/08 17:05:58 | 00,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Fabulous Finds
[2008/10/29 08:35:14 | 00,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Farm Mania
[2008/07/13 16:04:12 | 00,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\FarmerJane
[2009/08/27 06:59:47 | 00,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\fillup
[2008/11/07 09:19:05 | 00,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\FirstColony
[2009/03/12 09:37:32 | 00,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Flood Light Games
[2008/04/20 18:13:44 | 00,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\FloodLightGames
[2009/04/07 13:57:18 | 00,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\ForgottenRiddles2
[2009/01/28 15:32:59 | 00,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Friday's games
[2008/08/04 17:18:11 | 00,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Gaijin Ent
[2009/08/06 14:16:52 | 00,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\game
[2009/09/20 12:57:52 | 00,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\GameInvest
[2008/11/15 12:35:46 | 00,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Gamelab
[2008/05/09 10:30:07 | 00,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Games
[2009/09/24 18:13:55 | 00,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\GamesCafe
[2008/08/14 10:45:48 | 00,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Go-Go Gourmet Chef of the Year
[2009/11/13 21:58:06 | 00,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\GOA
[2008/11/19 11:17:58 | 00,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Gogii Games
[2009/08/11 11:13:14 | 00,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\GraveyardShift
[2009/01/02 19:00:14 | 00,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\HandBrake
[2008/05/19 09:47:27 | 00,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Home Sweet Home
[2008/09/05 14:43:15 | 00,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Home Sweet Home 2
[2008/12/24 10:33:53 | 00,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Home Sweet Home Christmas
[2009/06/17 14:08:50 | 00,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\HuruBeachParty
[2009/05/24 12:05:02 | 00,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\IronCode
[2008/06/23 09:15:18 | 00,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\ITTNord
[2008/06/17 18:12:47 | 00,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\iWin
[2009/07/16 16:09:17 | 00,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Jane s Hotel Family Hero
[2008/09/02 13:26:32 | 00,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Jane s Realty TAC CM
[2009/12/09 22:27:20 | 00,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Leadertech
[2008/06/18 19:44:33 | 00,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Lexmark Productivity Studio
[2009/05/05 08:00:59 | 00,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Little Worlds Online
[2009/04/06 14:38:22 | 00,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\LocusGames
[2009/12/13 21:43:05 | 00,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\lowsec
[2008/05/31 21:13:37 | 00,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Ludia
[2009/08/21 11:10:31 | 00,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\MA
[2009/10/27 17:42:56 | 00,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Magic Academy 2
[2009/06/11 17:57:24 | 00,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\MagicBall4
[2009/09/11 19:30:33 | 00,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\md studio
[2009/07/20 19:47:50 | 00,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\MegaplexMadnessSummerBlockbuster
[2009/08/06 14:16:52 | 00,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Meridian93
[2009/09/16 17:03:27 | 00,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Merscom
[2009/10/13 16:48:45 | 00,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Millennium_Saves
[2008/10/19 10:53:10 | 00,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Mushroom Age
[2009/01/01 16:10:52 | 00,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\My Games
[2008/11/14 09:00:22 | 00,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\MysteryStudio
[2009/05/04 14:39:12 | 00,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Namco
[2008/04/20 12:19:30 | 00,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Nexon
[2008/09/11 17:27:33 | 00,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Oberon Games
[2009/06/01 18:24:55 | 00,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\panoramik
[2009/07/21 10:39:45 | 00,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Peace Craft
[2008/09/12 11:18:10 | 00,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Pi Eye Games
[2008/06/12 10:23:02 | 00,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\PlanetPlayMore
[2009/11/22 12:56:59 | 00,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\PlayFirst
[2008/06/19 09:48:00 | 00,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Playrix Entertainment
[2009/11/14 12:17:41 | 00,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\PoBros
[2008/10/09 14:04:48 | 00,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Pogo Games
[2009/07/08 10:46:13 | 00,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Quirky Games
[2008/05/08 11:40:53 | 00,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Restorer
[2008/08/23 13:00:39 | 00,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Righteous Kill
[2009/01/05 11:31:56 | 00,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Sahmon Games
[2009/09/13 08:20:18 | 00,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Sanna
[2008/10/30 14:14:54 | 00,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\SecretIslandEng
[2009/04/03 09:41:35 | 00,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Shape games
[2009/04/04 10:52:14 | 00,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\ShinyTales
[2009/04/11 11:35:14 | 00,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Skunk Studios
[2009/03/17 09:39:20 | 00,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Sortasoft
[2008/08/26 18:39:13 | 00,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Spandex Force
[2008/05/07 13:59:25 | 00,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\SprillBermudeEng
[2009/10/31 09:03:25 | 00,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\SquareLogic
[2008/07/29 09:44:35 | 00,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Sudden Games
[2009/10/01 17:00:03 | 00,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Sudden Games LLC
[2008/06/04 13:16:34 | 00,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\SultansLabyrinth
[2008/08/13 08:40:56 | 00,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Template
[2009/04/20 21:08:18 | 00,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\TikGames
[2009/06/23 08:09:43 | 00,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\UClick
[2008/07/22 21:26:47 | 00,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\UNOUndercover
[2009/07/07 13:22:54 | 00,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\V-Games
[2008/11/21 10:18:09 | 00,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Valusoft
[2008/09/03 09:28:14 | 00,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\ViquaSoft
[2008/07/04 11:41:14 | 00,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\VisualShape
[2008/12/17 12:29:40 | 00,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\World-LooM
[2008/04/22 16:38:43 | 00,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Yatec Games
[2009/07/15 17:08:07 | 00,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\YoudaGames
[2009/12/14 12:46:25 | 00,032,568 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009/12/13 20:28:27 | 00,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{32A6B19E-C9A8-447F-B4B3-4ED2DCAB0056}.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:F62CAE78
@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:966CEAE7
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:F78CC2A2
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:E945C214
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:C1C3DC7F
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:B90C7652
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:9B52F176
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:7C7AA745
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:5DFE7EB8
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:580E04D8
@Alternate Data Stream - 97 bytes -> C:\ProgramData\TEMP:466F9D5D
@Alternate Data Stream - 97 bytes -> C:\ProgramData\TEMP:3C282BEA
@Alternate Data Stream - 96 bytes -> C:\ProgramData\TEMP:ED810E46
@Alternate Data Stream - 96 bytes -> C:\ProgramData\TEMP:E41267F2
@Alternate Data Stream - 96 bytes -> C:\ProgramData\TEMP:D708EEF9
@Alternate Data Stream - 96 bytes -> C:\ProgramData\TEMP:BDF08FAF
@Alternate Data Stream - 96 bytes -> C:\ProgramData\TEMP:5D351BC6
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:BDC42529
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:385E2CFD
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:1CAF6B12
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:1B3349CB
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:16B49C20
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:1316EAD4
@Alternate Data Stream - 94 bytes -> C:\ProgramData\TEMP:D994162E
@Alternate Data Stream - 223 bytes -> C:\ProgramData\TEMP:9E3E060F
@Alternate Data Stream - 219 bytes -> C:\ProgramData\TEMP:971DCCE2
@Alternate Data Stream - 200 bytes -> C:\ProgramData\TEMP:F9E46E4C
@Alternate Data Stream - 181 bytes -> C:\ProgramData\TEMP:94B65E3C
@Alternate Data Stream - 180 bytes -> C:\ProgramData\TEMP:DCF7E75A
@Alternate Data Stream - 179 bytes -> C:\ProgramData\TEMP:EB5BDBB0
@Alternate Data Stream - 177 bytes -> C:\ProgramData\TEMP:F27A649C
@Alternate Data Stream - 176 bytes -> C:\ProgramData\TEMP:99A72E3A
@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:D287FACF
@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:EC381680
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:703CE963
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:6051163F
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:D5458F6B
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:589743E1
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:41C283B2
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:F9A04C32
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:2CBB1EC8
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:F791B5EF
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:D05E7A8B
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:56C17A93
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:FDD78BE5
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:BE0BAFE1
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:B42328DE
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:75F5C19E
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:2D723B3A
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:D8F9D810
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:468887B6
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:425759C6
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:C0D722EB
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:87F524B2
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:EED79675
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:4339E80E
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:18BFD8F8
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:05113FB9
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:058A7351
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:CF1334B0
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:CCBF0D67
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:BFBB0142
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:B6C84920
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:B3B92717
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:CAF8DAC8
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:848CC150
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:7920E530
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:4FFA5B5C
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:48070A48
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:41B89F80
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:33A7CC67
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:27790C06
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:AB689DEA
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:85630A39
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:164FA86E
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:E749BCD7
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:D690C7F7
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:8C80FAD6
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:82E1D3A4
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:67DFA32D
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:5D458568
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:5B09C4D9
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:131C0EE9
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:FED25C29
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:AE2EA3C2
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:9BCE9E9B
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:9AE67195
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:861A898F
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:514E900B
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:02573978
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:EF5B3572
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:EB603FE4
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:DDE7FCF4
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:C0A9D0E7
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:90876BA3
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:8E60033F
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5DCA26D5
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5AE33054
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:26C3D553
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:22741C1F
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:FF9C44FE
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:EDC284A8
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:D38415F0
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:ADF0A5DD
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:A6881EE7
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:6710EF08
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:45A334DD
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:1B927722
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:052E15C3
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:DD629819
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:9E64EBA6
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:744478A2
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:7290F122
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:57EE48CA
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:532B5694
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:417B6FAC
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:40DEEFF7
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:EA701346
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:B83BF1A6
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:AADC76BA
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:8AB6C1D7
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:7CEDF9F3
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:7B15F8C8
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:6BF0805F
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:561B1D2B
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:1F96ED45
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:FC420CE6
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:F9E10A82
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:F986CC21
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:E962FBDB
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:E84CA8F2
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DAAE6F43
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:BB7EE465
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:A97FF73C
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:9026FFAC
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:8EEDCEA2
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:5216CD26
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:F72BF074
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:E5294695
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:C928F3BE
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:C6E3FD8C
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:953FDC1A
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:70F0A2F4
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:6C491D31
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:588B60C7
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:4A2862FF
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:42228396
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:2F6462DF
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:1044BAFC
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:0AE6CC6C
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:040E11E4
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:FC60E0F8
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:FBE81670
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:E98C5DD9
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:D2397415
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:CF61CE5A
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:C611D6C8
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:A86C3734
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:79A70C33
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5F1019FF
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:14750D76
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:097FF903
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:08F16DBB
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:F3F0FB8D
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:EC7C9796
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:DE6EED8B
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:D0D17155
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:B093E177
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:AEABFEC4
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:77846FFE
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:5335CE76
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:48FEA089
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:3E06C78F
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:386E239F
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:34BCB6A9
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:2BC498A4
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:101708D3
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:D26DD363
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:A3B8F70C
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:994AEA06
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:6FD26134
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:69E3AF64
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:687D1056
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:43E0EC8A
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:1A5CC80A
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:E89EDC52
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:870649A4
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:71F96743
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:4BB26BE9
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:AC83EA04
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:8FBE0E9C
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:6107567A
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:55BB2521
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:2C460E20
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:16C16B18
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:CF33321C
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:B3B7A337
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:842B0AED
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:7F66BF58
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:478FEFC3
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:EC5EFA15
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:BBF60A29
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:A3251D01
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:9857FAE3
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:24BFD02B
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:096BF2EE
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:E4FCDFD9
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:CD9109D4
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:896E1EFF
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:4F636E25
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:490BCC52
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:375FC7E7
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:0D52F295
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:BFAD7A5D
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:B623B5B8
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:940ECC98
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:730BC923
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:450ABF8D
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:4249A835
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:27AD48A5
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:19254801
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:1740DC47
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:0860D6D6
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:059167AF
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:CE253B51
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:776E54F2
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:6DD87D86
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:52E1DB1D
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:49D43906
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:389D51A1
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:27D1368B
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:0105A66F
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:E1F04E8D
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:AD727397
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:95970EA3
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:67BA17B9
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:614F17D3
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:52641FBE
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:321901CF
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:FDDD8917
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:3C5ABDC7
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:1D32EC29
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:18E45954
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:10F6E97E
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:E8F2B426
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:DEEB5C70
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:B648F38E
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:9DF07E8F
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:89C2A42C
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:7AF9CAEB
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:6C13E971
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:6AF67671
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:51F17BB8
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:4F96D8E6
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:48372097
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:1AFC2166
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:C213B3C4
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:B845F669
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:A18121AD
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:883EDFB5
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:723E56EC
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:5466F106
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:DAFD38AE
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:C95B63DA
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:AC73CDCE
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:A696643D
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:8A633BE5
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:663B62CA
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:55CC8080
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:E2B84483
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:CC7738DB
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:AA60673F
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:A688EF17
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:8DF68137
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:8173A019
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:7E68DD27
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:753A0081
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:4CF61E54
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:3A925163
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:F67AAFC5
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:F0AB86C0
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:E3F37A7D
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:E35A81F4
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:CEB4672B
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:7A7C726F
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:741CA49D
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:592D7272
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:3857ABB7
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:C8E82994
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:B386EC8A
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:957E9765
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:34B9286E
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:2B99FE60
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:12EA4DC9
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:09064307
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:F3EFA8A8
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:F0762150
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:D197DC80
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:CB0FEE2B
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:5A1A3CC5
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:50DD4118
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:31D2961C
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:0C988F7D
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:EEF1584F
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:CDFF58FE
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:B894C266
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:A97118EB
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:71FA8B7F
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:5EBA4934
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:3CF23EC3
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:1C88C8E5
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:01442FD8
< End of report >