Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

msrvwsr.dll error


  • Please log in to reply

#1
zandrailia

zandrailia

    Member

  • Member
  • PipPip
  • 13 posts
Awhile ago, I started to get a pop-up every time I turn my computer on. It says that c:windows/msrvwsr.dll could not be loaded. I haven't noticed anything actually going wrong with the computer. I ran my regular McAfee virus scan and nothing came up.

I got to the point where I ran mbam. That worked fine. I tried to run gmer.exe. When I ran it normally, the computer would restart. I tried running it in safe mode. It will run for several hours, then I get a blue screen saying windows shut down. The file it told me was causing a problem was fwtdipoc.sys with a page fault in a nonpaged area error message.

I ran OTL. It gave me the OTL.txt but not the Extras.txt file. Not really sure what I should do next. Any help would be appreciated.

mbam log
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4336

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

7/21/2010 7:27:45 PM
mbam-log-2010-07-21 (19-27-45).txt

Scan type: Quick scan
Objects scanned: 147110
Time elapsed: 12 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

OTL.txt
OTL logfile created on: 7/22/2010 5:44:40 PM - Run 5
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Trista Williams\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 78.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.93 Gb Total Space | 12.12 Gb Free Space | 17.09% Space Free | Partition Type: NTFS
Drive D: | 4.60 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
Drive F: | 298.09 Gb Total Space | 211.47 Gb Free Space | 70.94% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TRISTA
Current User Name: Trista Williams
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/07/22 17:35:50 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Trista Williams\Desktop\OTL.exe
PRC - [2010/06/10 06:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2010/03/26 11:16:04 | 000,093,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2009/10/29 07:54:44 | 001,218,008 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2009/09/16 11:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2009/09/16 10:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2009/07/08 12:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/07 20:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2008/06/10 15:56:29 | 001,442,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliType Pro\itype.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003/04/06 02:06:58 | 000,028,672 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe


========== Modules (SafeList) ==========

MOD - [2010/07/22 17:35:50 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Trista Williams\Desktop\OTL.exe
MOD - [2009/07/11 19:41:02 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll
MOD - [2009/03/06 04:33:26 | 000,961,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveUtil.dll
MOD - [2009/02/12 15:19:38 | 000,178,040 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
MOD - [2009/02/12 15:19:32 | 002,217,848 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
MOD - [2008/10/25 11:44:34 | 000,022,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveNew.dll
MOD - [2008/07/25 11:17:20 | 000,635,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcr80.dll
MOD - [2008/04/13 20:12:08 | 000,184,320 | ---- | M] () -- C:\WINDOWS\elagewus.dll
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\msscript.ocx
MOD - [2008/04/13 13:37:57 | 000,208,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\rsaenh.dll
MOD - [2004/08/04 07:00:00 | 000,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\SERWVDRV.DLL
MOD - [2004/08/04 07:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\UMDMXFRM.DLL


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\RapidBIT\cisvc.exe -- (FlexService)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/06/10 06:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2010/04/28 17:13:42 | 000,820,488 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\WINDOWS\Temp\0030971279833479mcinst.exe -- (0030971279833479mcinstcleanup) McAfee Application Installer Cleanup (0030971279833479)
SRV - [2010/03/26 11:16:04 | 000,093,320 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/09/16 12:23:32 | 000,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/09/16 11:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009/09/16 10:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/07/08 12:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 20:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Disabled | Stopped] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/11/02 20:40:12 | 000,174,656 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\PSIService.exe -- (ProtexisLicensing)
SRV - [2004/04/07 14:07:32 | 001,135,728 | ---- | M] (America Online, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS)
SRV - [2003/03/09 00:31:02 | 000,065,795 | R--- | M] (HP) [Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2002/12/17 21:23:30 | 000,311,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlagent.EXE -- (SQLAgent$MICROSOFTBCM)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\57.tmp -- (MEMSWEEP2)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\EagleNT.sys -- (EagleNT)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Comodo\CBOClean\BOCDRIVE.sys -- (BOCDRIVE)
DRV - [2010/07/15 15:18:22 | 000,120,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\Mpfp.sys -- (MPFP)
DRV - [2010/04/03 18:55:31 | 010,232,128 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys -- (nv)
DRV - [2009/09/16 11:22:48 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfehidk.sys -- (mfehidk)
DRV - [2009/09/16 11:22:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfeavfk.sys -- (mfeavfk)
DRV - [2009/09/16 11:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 11:22:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfebopk.sys -- (mfebopk)
DRV - [2009/09/16 11:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mferkdk.sys -- (mferkdk)
DRV - [2009/06/21 20:29:53 | 000,002,208 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\nxsIO32.sys -- (nxsIO32)
DRV - [2009/06/17 17:10:29 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/05/09 01:14:20 | 000,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\nuidfltr.sys -- (NuidFltr)
DRV - [2009/04/09 12:57:31 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2009/01/15 17:17:42 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/01/15 17:17:38 | 000,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2008/11/08 14:19:11 | 000,271,360 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\atksgt.sys -- (atksgt)
DRV - [2008/11/08 14:19:11 | 000,018,048 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\lirsgt.sys -- (lirsgt)
DRV - [2008/04/13 14:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 14:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2006/03/05 19:46:29 | 000,223,128 | ---- | M] (Alcohol Soft Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\vaxscsi.sys -- (vaxscsi)
DRV - [2004/12/09 11:25:49 | 000,047,104 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2004/11/23 18:11:30 | 000,028,352 | ---- | M] (MusicMatch, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\MxlW2k.sys -- (MxlW2k)
DRV - [2004/10/28 06:47:59 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2004/10/07 21:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/08/13 04:56:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\drvnddm.sys -- (drvnddm)
DRV - [2004/08/13 03:05:00 | 000,100,603 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2004/08/13 03:05:00 | 000,098,714 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2004/08/13 03:05:00 | 000,086,202 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2004/08/13 03:05:00 | 000,034,843 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2004/08/13 03:05:00 | 000,025,723 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2004/08/13 03:05:00 | 000,014,715 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2004/08/13 03:05:00 | 000,006,363 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2004/08/13 03:05:00 | 000,004,123 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2004/08/13 03:05:00 | 000,002,239 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndres.sys -- (tfsndres)
DRV - [2004/08/04 05:21:00 | 000,087,136 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2004/07/14 13:29:04 | 000,005,627 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\sscdbhk5.sys -- (sscdbhk5)
DRV - [2004/07/14 13:28:50 | 000,023,545 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ssrtln.sys -- (ssrtln)
DRV - [2004/06/16 00:52:40 | 000,061,157 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC53.sys -- (IntelC53)
DRV - [2004/06/09 14:16:00 | 000,840,960 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\P17.sys -- (P17)
DRV - [2004/03/06 00:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC52.sys -- (IntelC52)
DRV - [2004/03/06 00:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC51.sys -- (IntelC51)
DRV - [2004/03/06 00:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mohfilt.sys -- (mohfilt)
DRV - [2003/09/22 10:48:00 | 000,130,192 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctsfm2k.sys -- (ctsfm2k)
DRV - [2003/09/22 10:47:00 | 000,178,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctoss2k.sys -- (ossrv)
DRV - [2003/03/05 14:19:00 | 000,015,840 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\Pfmodnt.sys -- (PfModNT)
DRV - [2003/01/10 18:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2002/11/08 15:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2001/08/17 16:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 16:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 16:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 16:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 16:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 15:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 15:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 15:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 15:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 15:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 15:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 15:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 15:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 15:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 15:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 15:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search"
FF - prefs.js..browser.search.defaulturl: "http://flvdirect.iam...c=tops&search="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.1
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.7.1.3
FF - prefs.js..extensions.enabledItems: {cc6ef5ab-35be-4300-bd07-d12850fc97ff}:4.5.0
FF - prefs.js..keyword.URL: "http://flvdirect.iam...c=tops&search="
FF - prefs.js..network.proxy.type: 4

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/06/24 11:17:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{A3EF0A2D-D5BB-4543-8601-EDBC6185D451}: C:\Documents and Settings\Trista Williams\Local Settings\Application Data\{A3EF0A2D-D5BB-4543-8601-EDBC6185D451} [2010/06/04 18:34:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/27 10:55:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/18 18:39:44 | 000,000,000 | ---D | M]

[2009/02/23 20:01:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\Mozilla\Extensions
[2009/02/23 20:01:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\Mozilla\Extensions\[email protected]
[2010/07/20 20:32:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\Mozilla\Firefox\Profiles\j3sif6nu.default\extensions
[2010/07/19 20:47:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Trista Williams\Application Data\Mozilla\Firefox\Profiles\j3sif6nu.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/07/15 09:57:17 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Trista Williams\Application Data\Mozilla\Firefox\Profiles\j3sif6nu.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/07/19 20:47:38 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Documents and Settings\Trista Williams\Application Data\Mozilla\Firefox\Profiles\j3sif6nu.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2010/04/23 08:24:31 | 000,000,000 | ---D | M] (Curacao) -- C:\Documents and Settings\Trista Williams\Application Data\Mozilla\Firefox\Profiles\j3sif6nu.default\extensions\{cc6ef5ab-35be-4300-bd07-d12850fc97ff}
[2010/07/15 09:57:15 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Trista Williams\Application Data\Mozilla\Firefox\Profiles\j3sif6nu.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2008/09/25 11:17:42 | 000,000,000 | ---D | M] (Miint) -- C:\Documents and Settings\Trista Williams\Application Data\Mozilla\Firefox\Profiles\j3sif6nu.default\extensions\{d596c130-b00a-11db-abbd-0800200c9a66}
[2009/02/07 23:57:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Trista Williams\Application Data\Mozilla\Firefox\Profiles\j3sif6nu.default\extensions\{eeb97566-866d-4551-b292-7de53fb9fe24}
[2008/11/16 13:01:18 | 000,000,000 | ---D | M] (CustomizeGoogle) -- C:\Documents and Settings\Trista Williams\Application Data\Mozilla\Firefox\Profiles\j3sif6nu.default\extensions\{fce36c1e-58d8-498a-b2a5-66ad1cedebbb}
[2009/12/12 20:09:18 | 000,002,164 | ---- | M] () -- C:\Documents and Settings\Trista Williams\Application Data\Mozilla\Firefox\Profiles\j3sif6nu.default\searchplugins\bing.xml
[2008/05/30 18:27:09 | 000,001,045 | ---- | M] () -- C:\Documents and Settings\Trista Williams\Application Data\Mozilla\Firefox\Profiles\j3sif6nu.default\searchplugins\goodsearch.xml
[2010/05/18 11:52:59 | 000,000,266 | ---- | M] () -- C:\Documents and Settings\Trista Williams\Application Data\Mozilla\Firefox\Profiles\j3sif6nu.default\searchplugins\Search.xml
[2010/07/20 20:32:28 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/02 09:31:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2007/04/23 21:50:57 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\Access Privileges Test
[2009/05/20 23:21:52 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/03/30 17:13:54 | 000,098,304 | ---- | M] (RealNetworks) -- C:\Program Files\Mozilla Firefox\plugins\npraclient.dll
[2005/04/27 16:10:49 | 000,102,400 | ---- | M] (RealNetworks) -- C:\Program Files\Mozilla Firefox\plugins\npracplug.dll
[2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: ([2009/11/18 19:56:50 | 000,000,027 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No CLSID value found.
O4 - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] File not found
O4 - HKLM..\Run: [Qneyabo] C:\WINDOWS\elagewus.DLL ()
O4 - HKLM..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE (FUJI PHOTO FILM CO., LTD.)
O4 - HKCU..\Run: [Ftoko] C:\WINDOWS\MSRVWSR.DLL File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....467&clcid=0x409 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} http://www.pogo.com/...erInstaller.CAB (PogoWebLauncher Control)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcaf...99/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1127252322890 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcaf...,21/mcgdmgr.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Trista Williams\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Trista Williams\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/04/20 16:37:17 | 000,054,544 | R--- | M] (Electronic Arts) - D:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2010/03/27 00:03:00 | 000,000,049 | R--- | M] () - D:\Autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/07/22 17:36:00 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Trista Williams\Desktop\OTL.exe
[2010/07/19 12:43:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Trista Williams\Desktop\ecg
[2010/07/18 21:53:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2010/07/15 15:49:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Trista Williams\Desktop\pattern
[2010/07/14 12:26:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/07/08 12:46:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Trista Williams\Application Data\Gamers Digital
[2010/07/08 12:46:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Gamers Digital
[2010/06/15 20:38:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Stardock
[2010/06/15 20:28:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Trista Williams\Application Data\Stardock
[2010/06/15 20:27:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Stardock
[2010/06/15 20:27:43 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{26909E1E-8C8C-4714-BC8D-95CBCE4104DE}
[2010/06/15 20:26:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Trista Williams\Local Settings\Application Data\PackageAware
[2010/06/15 20:18:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Ironclad Games
[2010/06/15 20:11:46 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{0E8E33D8-193A-414A-A909-0F101A142D26}
[2010/06/10 10:17:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Trista Williams\Desktop\New Folder
[2010/06/09 12:05:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Trista Williams\Application Data\NevoSoft Games
[2010/06/04 18:34:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Trista Williams\Local Settings\Application Data\{A3EF0A2D-D5BB-4543-8601-EDBC6185D451}
[2010/06/01 09:49:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Trista Williams\Desktop\Hacks
[2010/05/30 17:35:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Trista Williams\Local Settings\Application Data\xirlfmttj
[2010/05/28 18:43:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Trista Williams\Local Settings\Application Data\Buried In Time
[2010/05/27 13:10:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DirectX
[2010/05/27 13:10:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Trista Williams\My Documents\HospitalTycoon
[2010/05/18 15:25:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Trista Williams\Application Data\MegaplexMadnessSummerBlockbuster
[2010/05/18 11:56:27 | 000,327,168 | ---- | C] (S.A.D.E. s.a.r.l.) -- C:\WINDOWS\System32\vdsrun30.dll
[2010/05/13 10:44:01 | 000,000,000 | ---D | C] -- C:\Program Files\LeeGTs Games
[2010/05/09 18:52:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Trista Williams\My Documents\Royal Envoy
[2010/05/09 18:35:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Playrix Entertainment
[2003/12/09 14:16:52 | 000,442,368 | ---- | C] ( ) -- C:\WINDOWS\System32\comintfs.dll
[1980/01/01 02:00:00 | 000,151,552 | ---- | C] ( ) -- C:\WINDOWS\System32\ATIDEMGR.dll
[1980/01/01 02:00:00 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll

========== Files - Modified Within 90 Days ==========

[2010/07/22 17:35:50 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Trista Williams\Desktop\OTL.exe
[2010/07/22 17:32:01 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/07/22 17:31:44 | 000,030,333 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2010/07/22 17:30:59 | 000,276,202 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010/07/22 17:30:51 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/22 17:30:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/07/22 17:30:45 | 2682,408,960 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/22 17:30:03 | 016,515,072 | ---- | M] () -- C:\Documents and Settings\Trista Williams\ntuser.dat
[2010/07/22 17:16:05 | 000,001,018 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3695989334-299366651-2604234238-1008UA.job
[2010/07/22 17:16:03 | 000,000,966 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3695989334-299366651-2604234238-1008Core.job
[2010/07/21 19:23:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2010/07/21 19:08:02 | 000,018,255 | ---- | M] () -- C:\WINDOWS\Okupevu.dat
[2010/07/20 13:23:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2010/07/18 23:00:19 | 000,000,024 | ---- | M] () -- C:\WINDOWS\popcinfot.dat
[2010/07/18 19:23:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/07/15 15:18:22 | 000,120,136 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\Mpfp.sys
[2010/07/15 15:14:35 | 000,002,117 | ---- | M] () -- C:\WINDOWS\WIN.INI
[2010/07/14 12:46:15 | 000,000,955 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\The Sims™ 3 Create a World Tool - Beta.lnk
[2010/07/09 17:41:17 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Enicolubu.bin
[2010/07/05 17:16:51 | 000,002,358 | ---- | M] () -- C:\Documents and Settings\Trista Williams\Desktop\Google Chrome.lnk
[2010/07/05 17:16:51 | 000,002,336 | ---- | M] () -- C:\Documents and Settings\Trista Williams\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/06/28 22:20:37 | 000,000,521 | ---- | M] () -- C:\hpfr3420.xml
[2010/06/27 07:23:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2010/06/24 23:07:34 | 000,533,546 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/24 23:07:34 | 000,463,200 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2010/06/24 23:07:34 | 000,080,226 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2010/06/24 20:25:45 | 000,001,130 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\The Sims™ 3 Create a Pattern Tool.lnk
[2010/06/17 12:48:28 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/06/15 20:28:05 | 000,000,904 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Impulse.lnk
[2010/06/13 22:43:39 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010/06/13 22:43:39 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest
[2010/06/13 22:43:39 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010/06/13 22:43:39 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2010/06/13 22:43:39 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010/06/13 22:43:39 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2010/06/13 21:56:49 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Trista Williams\NTUSER.INI
[2010/06/12 10:13:26 | 000,282,928 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/11 23:02:11 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/01 17:05:17 | 000,000,861 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\The Sims™ 3 Ambitions.lnk
[2010/05/26 22:52:18 | 003,179,678 | -H-- | M] () -- C:\Documents and Settings\Trista Williams\Local Settings\Application Data\IconCache.db
[2010/05/18 11:56:31 | 000,000,114 | ---- | M] () -- C:\WINDOWS\CS_MD_T.ini
[2010/05/10 16:56:35 | 000,076,280 | ---- | M] () -- C:\Documents and Settings\Trista Williams\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/26 13:13:54 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for

========== Files Created - No Company Name ==========

[2010/07/22 17:11:08 | 2682,408,960 | -HS- | C] () -- C:\hiberfil.sys
[2010/07/18 23:00:19 | 000,000,024 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2010/07/14 12:46:15 | 000,000,955 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\The Sims™ 3 Create a World Tool - Beta.lnk
[2010/06/24 20:25:45 | 000,001,130 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\The Sims™ 3 Create a Pattern Tool.lnk
[2010/06/15 20:28:05 | 000,000,904 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Impulse.lnk
[2010/06/04 18:34:29 | 000,018,255 | ---- | C] () -- C:\WINDOWS\Okupevu.dat
[2010/06/04 18:34:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Enicolubu.bin
[2010/06/01 17:05:17 | 000,000,861 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\The Sims™ 3 Ambitions.lnk
[2010/05/18 11:56:31 | 000,000,114 | ---- | C] () -- C:\WINDOWS\CS_MD_T.ini
[2010/05/18 11:56:27 | 000,001,225 | ---- | C] () -- C:\WINDOWS\System32\readme.htm
[2010/04/26 13:13:54 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2010/04/26 13:13:54 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2009/07/09 20:01:46 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\nvRegDev.dll
[2009/07/09 19:26:39 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\367F8E8C8E.sys
[2009/07/02 14:57:42 | 000,001,468 | ---- | C] () -- C:\WINDOWS\ips.INI
[2009/06/21 20:29:53 | 000,002,208 | ---- | C] () -- C:\WINDOWS\System32\drivers\nxsIO32.sys
[2009/02/06 14:55:10 | 000,000,037 | ---- | C] () -- C:\WINDOWS\Viewer.ini
[2009/02/06 14:42:27 | 000,000,091 | ---- | C] () -- C:\WINDOWS\WSIMFARM.INI
[2008/11/08 14:19:11 | 000,271,360 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2008/11/08 14:19:11 | 000,018,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/09/17 13:36:22 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2008/09/17 13:36:20 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2008/09/17 13:36:20 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2008/09/17 13:36:20 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\Ogg.dll
[2008/09/09 14:48:54 | 000,000,220 | ---- | C] () -- C:\WINDOWS\RomeTW.ini
[2007/10/17 18:06:14 | 000,000,050 | ---- | C] () -- C:\WINDOWS\MegaManager.INI
[2007/09/02 19:26:10 | 000,000,008 | RHS- | C] () -- C:\WINDOWS\System32\2A4CA0365A.sys
[2007/07/16 16:07:53 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2007/05/31 20:49:51 | 000,107,520 | ---- | C] () -- C:\WINDOWS\System32\SIMANT.DLL
[2007/05/31 20:49:51 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\VERMONT1.DLL
[2007/05/31 20:49:51 | 000,012,416 | ---- | C] () -- C:\WINDOWS\System32\VRX1.DLL
[2007/05/10 17:00:40 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\IYVU9_32.DLL
[2007/05/09 21:02:00 | 000,002,554 | ---- | C] () -- C:\WINDOWS\WAVEMIX.INI
[2006/09/06 19:25:33 | 000,314,880 | ---- | C] () -- C:\WINDOWS\System32\cfssvradmin.dll
[2006/09/06 19:25:32 | 000,095,744 | ---- | C] () -- C:\WINDOWS\System32\CFFileProxy.dll
[2006/09/06 19:25:31 | 000,292,352 | ---- | C] () -- C:\WINDOWS\System32\cfproject.dll
[2006/09/06 19:25:31 | 000,082,432 | ---- | C] () -- C:\WINDOWS\System32\CFFtp.dll
[2006/09/06 19:25:30 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\CFFPTree.dll
[2006/09/06 19:25:18 | 000,038,400 | ---- | C] () -- C:\WINDOWS\System32\cfmsg.dll
[2006/09/06 19:16:56 | 000,005,987 | ---- | C] () -- C:\WINDOWS\cool.ini
[2006/08/02 11:59:15 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2006/07/28 18:35:16 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2006/04/03 17:29:09 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\6FD9BF5D28.sys
[2006/04/03 17:20:55 | 000,006,998 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/03/05 19:39:51 | 000,721,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2005/09/22 12:03:47 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2004/12/16 23:34:15 | 000,000,075 | ---- | C] () -- C:\WINDOWS\USBBC.ini
[2004/12/16 23:34:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\DettoMe.INI
[2004/12/12 12:44:59 | 000,001,229 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2004/12/11 20:32:57 | 000,002,281 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2004/11/23 18:18:11 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/11/23 18:14:26 | 000,001,271 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/11/23 18:03:17 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/11/23 17:59:34 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2004/11/23 17:59:23 | 000,003,278 | ---- | C] () -- C:\WINDOWS\System32\LudaP17.ini
[2004/11/23 17:59:23 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2004/11/23 17:59:17 | 000,000,072 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2004/11/23 17:33:50 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/09/16 02:28:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 15:13:12 | 000,000,780 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/08/04 07:00:00 | 000,184,320 | ---- | C] () -- C:\WINDOWS\elagewus.dll
[2004/08/04 07:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI
[2003/03/09 00:31:04 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[1996/04/03 15:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
[1980/01/01 02:00:00 | 000,060,928 | ---- | C] () -- C:\WINDOWS\System32\P17.dll
[1980/01/01 02:00:00 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\P17CPI.dll
[1980/01/01 02:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

========== LOP Check ==========

[2009/01/24 00:04:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2010/02/17 13:34:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AlawarWrapper
[2009/08/25 14:02:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Artist Colony
[2009/06/17 17:01:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ashampoo
[2009/02/19 16:21:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ashtons. Family Resort
[2009/02/07 13:59:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\blg
[2008/11/01 21:04:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BOONTY
[2004/11/23 17:58:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2009/07/29 14:21:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CasualForge
[2010/03/03 12:53:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cateia Games
[2009/06/17 17:16:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2009/01/23 16:16:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DivoGames
[2009/02/12 17:51:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eGames
[2010/07/14 12:26:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2006/09/24 20:45:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2009/11/07 17:07:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EscapeFromParadise2
[2009/01/20 11:52:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy-PizzaParty
[2008/07/29 18:51:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy2
[2009/11/10 13:49:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy3
[2010/02/17 13:37:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy3_America
[2010/02/17 13:49:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy3_Arctica
[2008/06/07 22:13:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flood Light Games
[2008/04/13 20:26:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fugazo
[2009/10/11 13:36:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse
[2010/07/08 12:46:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gamers Digital
[2009/08/26 11:46:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\game_fillup_v2_usa
[2008/01/17 22:48:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Go Go Gourmet
[2009/03/18 17:44:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gogii
[2008/02/20 22:05:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2010/03/27 17:04:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Happyville__
[2008/11/19 23:04:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HipSoft
[2010/06/15 20:18:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ironclad Games
[2009/10/04 12:18:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Islands
[2009/08/09 16:40:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin
[2009/08/09 16:39:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin Games
[2008/12/14 01:21:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JollyBear
[2009/12/05 10:44:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kristanix Games
[2006/09/02 14:18:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lionhead Studios
[2008/06/07 20:11:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ludia
[2009/09/21 17:23:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Merscom
[2009/04/09 13:16:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Namco
[2008/12/18 19:56:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NevoSoft Games
[2010/03/17 17:47:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2010/05/09 18:35:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Playrix Entertainment
[2009/03/17 17:20:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PoBros
[2010/07/18 21:53:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2006/06/11 22:29:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QubeSoft
[2009/06/26 12:32:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2009/08/30 12:52:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2008/06/08 17:13:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SimCity Societies
[2009/11/07 16:58:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sprouts Adventure
[2010/06/15 20:27:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Stardock
[2009/08/28 11:43:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SuperRanch
[2010/04/16 17:56:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/04/24 18:19:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TikGames
[2009/04/24 17:09:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UClick
[2006/09/24 20:45:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2010/02/11 20:40:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Valusoft
[2008/09/15 17:59:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/09/12 23:09:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VirtualFarm
[2009/11/14 11:07:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2010/06/15 20:11:48 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{0E8E33D8-193A-414A-A909-0F101A142D26}
[2010/06/15 20:28:06 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{26909E1E-8C8C-4714-BC8D-95CBCE4104DE}
[2010/02/13 18:50:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\1morebee
[2007/01/21 00:34:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\acccore
[2008/02/23 14:57:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\Aim
[2009/10/11 13:24:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\Alawar
[2008/11/09 14:33:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\AlterLab
[2009/07/01 12:46:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\Anvil-Soft
[2009/06/01 16:51:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\Ascaron Entertainment
[2009/06/17 17:02:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\Ashampoo
[2009/02/19 16:21:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\Ashtons. Family Resort
[2008/09/01 18:09:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\Atari
[2010/04/13 17:14:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\Big Fish Games
[2009/02/07 13:59:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\blg
[2009/01/24 12:03:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\Boomzap
[2009/07/29 14:21:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\CasualForge
[2010/03/13 13:19:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\CKK
[2009/06/17 19:56:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\DAEMON Tools Lite
[2009/01/29 13:31:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\DataCast
[2005/12/26 01:32:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\eGames
[2009/02/26 09:38:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\EleFun Games
[2009/01/24 14:44:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\Fabulous Finds
[2008/11/09 13:46:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\FirstColony
[2008/06/07 22:13:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\Flood Light Games
[2006/02/05 22:37:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\FUJIFILM
[2009/09/22 18:55:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\funkitron
[2006/12/12 20:42:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\Gaijin Ent
[2009/01/24 15:02:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\GameInvest
[2008/08/17 16:06:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\Gamelab
[2010/07/08 12:46:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\Gamers Digital
[2008/06/04 16:03:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\GamesCafe
[2008/08/16 01:34:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\Go-Go Gourmet Chef of the Year
[2009/12/19 19:25:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\Got Game Entertainment
[2010/03/10 12:32:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\gtk-2.0
[2007/10/22 18:55:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\Home Sweet Home
[2008/09/12 21:30:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\Home Sweet Home 2
[2005/12/26 01:28:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\Hulabee
[2009/03/09 19:27:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\IOMediaSupport6SZZ001s
[2008/06/07 20:31:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\iWin
[2005/11/30 18:29:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\Jamdat
[2008/08/09 14:03:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\Jane s Realty
[2010/03/31 18:06:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\Janes Realty2
[2010/02/16 13:00:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\Ladia Group
[2004/12/13 13:44:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\Leadertech
[2006/03/07 14:10:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\Lionhead Studios
[2008/06/07 20:11:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\Ludia
[2006/01/17 18:47:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\Magic Match
[2008/05/19 16:43:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\Magic Seeds
[2007/05/14 19:15:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\Magic Stones
[2010/05/18 16:09:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\MegaplexMadnessSummerBlockbuster
[2008/04/11 18:56:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\Meridian93
[2009/09/21 17:23:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\Merscom
[2007/11/26 22:11:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\MilkShape 3D 1.x.x
[2005/04/13 11:35:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\Mind Control Software
[2008/09/01 18:00:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\My Games
[2007/05/02 22:09:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\MysteryStudio
[2009/04/09 13:16:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\Namco
[2010/06/09 12:05:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\NevoSoft Games
[2006/09/24 20:50:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\Nikon
[2007/05/02 21:42:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\Ohana Games
[2008/02/19 19:48:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\Orbit
[2009/07/27 18:15:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\Peace Craft
[2009/09/22 09:12:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\PlayFirst
[2009/03/17 17:20:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\PoBros
[2008/10/29 22:33:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\Pogo Games
[2009/07/02 14:02:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\Ransen Software
[2009/09/13 16:39:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\Sanna
[2007/04/15 15:00:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\SecondLife
[2009/04/02 11:16:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\Shape games
[2009/05/15 16:20:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\ShinyTales
[2008/10/17 00:09:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\Skip-Bo
[2009/03/09 19:27:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\Spinapse
[2009/10/12 14:52:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\SPORE
[2010/06/15 20:28:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\Stardock
[2008/09/12 21:58:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\SulusGames
[2009/03/09 19:27:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\Suspects and Clues Players
[2009/03/09 19:27:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\Suspects and Clues Prefs
[2010/02/07 12:25:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\SystemRequirementsLab
[2009/04/24 18:19:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\TikGames
[2010/06/16 14:41:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\Tropico 3
[2009/10/27 14:36:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\TSRWorkshop
[2009/04/24 17:09:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\UClick
[2010/05/11 16:14:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\uTorrent
[2010/02/11 20:40:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\Valusoft
[2007/02/22 17:02:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\Viewpoint
[2010/02/16 19:29:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\Virtual City
[2006/02/06 11:46:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\Webshots
[2007/12/13 22:02:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\Wings3D
[2009/01/01 17:56:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\World-LooM
[2010/05/16 10:33:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\Youdagames
[2010/07/21 19:23:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 1).job
[2010/02/22 02:23:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 2).job
[2010/06/27 07:23:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 3).job
[2010/07/20 13:23:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 4).job
[2010/07/18 19:23:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2005/01/18 14:29:18 | 000,000,362 | ---- | M] () -- C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1106072886.job
[2009/10/15 01:17:59 | 000,000,360 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job
[2009/11/01 01:00:33 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/11/12 19:13:29 | 000,000,211 | -HS- | M] () -- C:\Boot.bak
[2009/11/16 20:47:05 | 000,000,281 | -HS- | M] () -- C:\boot.ini
[2004/08/04 00:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2004/08/10 15:04:08 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2004/11/23 17:37:32 | 000,005,410 | RH-- | M] () -- C:\DELL.SDR
[2007/07/25 22:25:18 | 000,000,104 | ---- | M] () -- C:\DownloadLog.txt
[2009/10/11 13:22:45 | 000,001,510 | ---- | M] () -- C:\ErrLog.txt
[2010/07/22 17:30:45 | 2682,408,960 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/28 22:20:37 | 000,000,521 | ---- | M] () -- C:\hpfr3420.xml
[2010/06/28 22:20:37 | 000,292,584 | ---- | M] () -- C:\hpfr3425.log
[2004/08/10 15:14:36 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2004/08/10 15:04:08 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2008/02/23 14:55:27 | 000,000,125 | ---- | M] () -- C:\ioSpecial.ini
[2009/01/24 00:04:26 | 000,003,453 | -H-- | M] () -- C:\IPH.PH
[2010/05/16 08:58:23 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2009/03/26 20:11:44 | 000,014,666 | ---- | M] () -- C:\moduleName.txt
[2004/08/10 15:04:08 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2004/08/04 07:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/09/03 21:13:06 | 000,250,048 | RHS- | M] () -- C:\NTLDR
[2007/06/28 23:13:44 | 000,000,018 | ---- | M] () -- C:\OPTION.DAT
[2010/07/22 17:30:42 | 805,306,368 | -HS- | M] () -- C:\pagefile.sys
[2003/10/02 19:36:24 | 000,507,904 | ---- | M] (Jasc Software) -- C:\Player.exe
[2003/10/02 19:36:22 | 000,172,032 | ---- | M] (Jasc Software) -- C:\playerrc.dll
[2009/11/13 21:09:13 | 000,003,476 | ---- | M] () -- C:\RootRepeal report 11-13-09 (20-09-13).txt
[2009/11/13 21:13:34 | 000,003,476 | ---- | M] () -- C:\RootRepeal report 11-13-09 (20-13-34).txt
[2009/11/14 18:09:55 | 000,000,016 | ---- | M] () -- C:\RootRepeal report 11-14-09 (17-09-55).txt
[2009/11/14 18:10:25 | 000,003,476 | ---- | M] () -- C:\RootRepeal report 11-14-09 (17-10-25).txt
[2007/05/02 22:18:03 | 001,265,421 | ---- | M] () -- C:\saida.txt
[2009/06/12 01:14:18 | 002,717,696 | ---- | M] () -- C:\sims3workshop.msi
[2009/09/24 18:39:12 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2009/09/24 18:39:12 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2005/10/31 11:56:00 | 000,700,416 | ---- | M] (LimeWire) -- C:\StubInstaller.exe
[2004/11/23 18:16:25 | 000,000,087 | ---- | M] () -- C:\SystemInfo.ini
[2010/02/13 09:41:59 | 000,002,835 | ---- | M] () -- C:\test.spr
[2010/07/15 15:14:34 | 000,973,661 | ---- | M] () -- C:\winzip.log
[2006/12/06 15:09:03 | 000,000,144 | ---- | M] () -- C:\YServer.txt

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2004/08/10 15:03:42 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\DESKTOP.INI

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\filterpipelineprintproc.dll
[2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\mdippr.dll
[2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\msonpppr.dll
[2008/07/06 06:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.scr >
[2006/03/07 20:39:23 | 000,802,816 | ---- | M] (Sprout Games, LLC) -- C:\WINDOWS\feedingfrenzy.scr

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >
[2004/05/18 12:49:54 | 000,000,213 | ---- | M] () -- C:\Documents and Settings\All Users\Favorites\Yahoo! Bookmarks.url

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[1996/12/12 09:06:00 | 000,031,744 | ---- | M] () -- C:\Program Files\ADPCM.FLT
[1996/12/12 09:06:00 | 000,032,256 | ---- | M] () -- C:\Program Files\AIF.FLT
[1996/12/12 09:06:00 | 000,058,880 | ---- | M] () -- C:\Program Files\AMPLIFY.XFM
[1996/12/12 09:06:00 | 000,028,160 | ---- | M] () -- C:\Program Files\AU.FLT
[2005/03/25 20:37:05 | 004,076,673 | ---- | M] () -- C:\Program Files\bbb_demo_at.exe
[1996/12/12 09:06:00 | 000,001,919 | ---- | M] () -- C:\Program Files\cfade.scp
[1996/12/12 09:06:00 | 000,048,128 | ---- | M] () -- C:\Program Files\CHAMBER.XFM
[1996/12/12 09:06:00 | 000,049,152 | ---- | M] () -- C:\Program Files\CHANMIX.XFM
[1996/12/12 09:06:00 | 000,047,104 | ---- | M] () -- C:\Program Files\COMPRESS.XFM
[1997/04/29 08:06:00 | 000,151,217 | ---- | M] () -- C:\Program Files\cool.au
[1996/12/12 09:06:00 | 000,818,688 | ---- | M] (Syntrillium Software Corporation) -- C:\Program Files\COOL96.EXE
[2006/09/06 19:17:30 | 000,016,826 | -H-- | M] () -- C:\Program Files\COOL96.GID
[1997/12/16 01:00:00 | 000,240,732 | ---- | M] () -- C:\Program Files\cool96.hlp
[1996/12/12 09:06:00 | 000,048,640 | ---- | M] () -- C:\Program Files\COOLACM.FLT
[1996/12/12 09:06:00 | 000,039,424 | ---- | M] () -- C:\Program Files\COOLTEXT.FLT
[1996/12/12 09:06:00 | 000,043,008 | ---- | M] () -- C:\Program Files\DELAY.XFM
[2005/03/26 13:21:11 | 009,863,000 | ---- | M] () -- C:\Program Files\DinerDashSetup.exe
[1996/12/12 09:06:00 | 000,040,448 | ---- | M] () -- C:\Program Files\DISTORT.XFM
[1996/12/12 09:06:00 | 000,044,544 | ---- | M] () -- C:\Program Files\DTMF.XFM
[1996/12/12 09:06:00 | 000,037,888 | ---- | M] () -- C:\Program Files\DVI.FLT
[1997/04/29 08:06:00 | 000,021,504 | ---- | M] () -- C:\Program Files\dwd96.flt
[1996/12/12 09:06:00 | 000,056,320 | ---- | M] () -- C:\Program Files\ECHO.XFM
[1996/12/12 09:06:00 | 000,043,008 | ---- | M] () -- C:\Program Files\ENVELOPE.XFM
[1996/12/12 09:06:00 | 000,075,776 | ---- | M] () -- C:\Program Files\FILTER.XFM
[1996/12/12 09:06:00 | 000,048,640 | ---- | M] () -- C:\Program Files\FLANGE.XFM
[2006/09/06 19:17:56 | 000,003,252 | ---- | M] () -- C:\Program Files\flt.dat
[1996/12/12 09:06:00 | 000,004,080 | ---- | M] () -- C:\Program Files\fxns2.scp
[2007/06/28 13:54:49 | 181,639,163 | ---- | M] () -- C:\Program Files\Gamescampus.rar
[1996/12/12 09:06:00 | 000,026,112 | ---- | M] () -- C:\Program Files\IFF.FLT
[1996/12/12 09:06:00 | 000,017,234 | ---- | M] () -- C:\Program Files\mindsnc2.scp
[1996/12/12 09:06:00 | 000,043,008 | ---- | M] () -- C:\Program Files\NOISE.XFM
[1996/12/12 09:06:00 | 000,064,512 | ---- | M] () -- C:\Program Files\NONOISE.XFM
[1996/12/12 09:06:00 | 000,041,472 | ---- | M] () -- C:\Program Files\NORMAL.XFM
[1996/12/12 09:06:00 | 000,027,648 | ---- | M] () -- C:\Program Files\PCM.FLT
[1996/12/12 09:06:00 | 000,045,056 | ---- | M] () -- C:\Program Files\pika8000.flt
[1996/12/12 09:06:00 | 000,055,808 | ---- | M] () -- C:\Program Files\QFILT.XFM
[1996/12/12 09:06:00 | 000,028,672 | ---- | M] () -- C:\Program Files\ra3.flt
[1996/12/12 09:06:00 | 000,058,368 | ---- | M] () -- C:\Program Files\RESAMPLE.XFM
[1996/12/12 09:06:00 | 000,052,736 | ---- | M] () -- C:\Program Files\REVERB.XFM
[1996/12/12 09:06:00 | 000,019,456 | ---- | M] () -- C:\Program Files\SAM.FLT
[2005/07/12 15:31:06 | 000,000,382 | ---- | M] () -- C:\Program Files\Shortcut to Program Files.lnk
[2008/01/05 15:19:29 | 000,000,030 | ---- | M] () -- C:\Program Files\Sims2Pack Clean Installer.ini
[1996/12/12 09:06:00 | 000,030,208 | ---- | M] () -- C:\Program Files\smp.flt
[1996/12/12 09:06:00 | 000,006,207 | ---- | M] () -- C:\Program Files\sndefx2.scp
[1996/12/12 09:06:00 | 000,045,056 | ---- | M] () -- C:\Program Files\stats.xfm
[1996/12/12 09:06:00 | 000,069,120 | ---- | M] () -- C:\Program Files\STRETCH.XFM
[1996/12/12 09:06:00 | 000,066,560 | ---- | M] () -- C:\Program Files\TONES.XFM
[1997/04/29 08:06:00 | 000,055,808 | ---- | M] () -- C:\Program Files\vce.flt
[1996/12/12 09:06:00 | 000,037,888 | ---- | M] () -- C:\Program Files\VOC.FLT
[1996/12/12 09:06:00 | 000,046,080 | ---- | M] () -- C:\Program Files\VOX.FLT
[1996/12/12 09:06:00 | 000,030,208 | ---- | M] () -- C:\Program Files\WAVEAU.FLT
[1996/12/12 09:06:00 | 000,040,960 | ---- | M] () -- C:\Program Files\WAVEPCM.FLT
[1996/12/12 09:06:00 | 000,048,128 | ---- | M] () -- C:\Program Files\WAVESYNC.XFM
[2004/12/14 22:29:32 | 000,943,835 | ---- | M] () -- C:\Program Files\winzip70.exe
[2006/09/06 19:17:55 | 000,044,114 | ---- | M] () -- C:\Program Files\xfm.dat

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2004/08/10 14:56:48 | 000,094,208 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.SAV
[2004/08/10 14:56:46 | 000,634,880 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.SAV
[2004/08/10 14:56:46 | 000,872,448 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.SAV

< %systemroot%\system32\user32.dll /md5 >
[2008/04/13 20:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\SYSTEM32\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2008/04/13 20:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\SYSTEM32\ws2_32.dll

< %systemroot%\system32\ws2help.dll /md5 >
[2008/04/13 20:12:10 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=9789E95E1D88EEB4B922BF3EA7779C28 -- C:\WINDOWS\SYSTEM32\ws2help.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-07-14 04:29:31

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:68DF9542
@Alternate Data Stream - 498 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
@Alternate Data Stream - 205 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:40587A0C
@Alternate Data Stream - 169 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BB785348
@Alternate Data Stream - 154 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FAFEC4B9
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1E22E44
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4A99C15E
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:931BB48A
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9E3E060F
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F2DC4B0B
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:95CCDA36
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A6346EE9
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:375FC7E7
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AC73CDCE
< End of report >
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,188 posts
  • MVP
Copy the text in the code box by highlighting and Ctrl + c

:OTL
MOD - [2008/04/13 20:12:08 | 000,184,320 | ---- | M] () -- C:\WINDOWS\elagewus.dll
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\RapidBIT\cisvc.exe -- (FlexService)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\57.tmp -- (MEMSWEEP2)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\EagleNT.sys -- (EagleNT)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKLM..\Run: [nwiz] File not found
O4 - HKLM..\Run: [Qneyabo] C:\WINDOWS\elagewus.DLL ()
O4 - HKCU..\Run: [Ftoko] C:\WINDOWS\MSRVWSR.DLL File not found
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcaf...,21/mcgdmgr.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O32 - AutoRun File - [2010/04/20 16:37:17 | 000,054,544 | R--- | M] (Electronic Arts) - D:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2010/03/27 00:03:00 | 000,000,049 | R--- | M] () - D:\Autorun.inf -- [ UDF ]


:Files
C:\WINDOWS\elagewus.dll
C:\Documents and Settings\Trista Williams\Local Settings\Application Data\xirlfmttj
C:\WINDOWS\Okupevu.dat
C:\WINDOWS\Enicolubu.bin
C:\WINDOWS\System32\367F8E8C8E.sys
C:\WINDOWS\System32\2A4CA0365A.sys
C:\Documents and Settings\Trista Williams\Local Settings\Application Data\{A3EF0A2D-D5BB-4543-8601-EDBC6185D451}
C:\Documents and Settings\All Users\Application Data\{26909E1E-8C8C-4714-BC8D-95CBCE4104DE}

:Commands
[purity]
[emptytemp]
[Reboot]

then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it to a reply.

Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Download but do not yet run ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Rename this file -- (call it george.exe ) to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on george to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Re-activate your protection programs at this time :!:

You have what may be an infected USB drive so install Autorun Eater v2.4.
http://oldmcdonald.w...orun-eater-v24/




Ron

Edited by RKinner, 22 July 2010 - 11:57 PM.

  • 0

#3
zandrailia

zandrailia

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Ok, here's the new OTL.txt. After the computer restarted from this, I got the message saying Windows had recovered from a serious error. I did not get the pop-up about the dll file this time.

Also, I tried to install autorun eater and mcafee keeps blocking it saying that the exe file is infected, not sure if it's just because the av doesn't like it.

OTL logfile created on: 7/23/2010 6:20:34 PM - Run 6
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Trista Williams\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 76.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.93 Gb Total Space | 14.39 Gb Free Space | 20.29% Space Free | Partition Type: NTFS
Drive D: | 4.60 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
Drive F: | 298.09 Gb Total Space | 212.60 Gb Free Space | 71.32% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TRISTA
Current User Name: Trista Williams
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/07/22 17:35:50 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Trista Williams\Desktop\OTL.exe
PRC - [2010/06/27 10:54:54 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/06/10 06:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2010/03/26 11:16:04 | 000,093,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2009/10/29 07:54:44 | 001,218,008 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2009/09/16 11:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2009/07/08 12:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/07 20:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2008/06/10 15:56:29 | 001,442,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliType Pro\itype.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003/04/06 02:06:58 | 000,028,672 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe


========== Modules (SafeList) ==========

MOD - [2010/07/22 17:35:50 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Trista Williams\Desktop\OTL.exe
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/06/10 06:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2010/03/26 11:16:04 | 000,093,320 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/09/16 12:23:32 | 000,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/09/16 11:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009/09/16 10:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/07/08 12:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 20:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Disabled | Stopped] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/11/02 20:40:12 | 000,174,656 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\PSIService.exe -- (ProtexisLicensing)
SRV - [2004/04/07 14:07:32 | 001,135,728 | ---- | M] (America Online, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS)
SRV - [2003/03/09 00:31:02 | 000,065,795 | R--- | M] (HP) [Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2002/12/17 21:23:30 | 000,311,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlagent.EXE -- (SQLAgent$MICROSOFTBCM)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Comodo\CBOClean\BOCDRIVE.sys -- (BOCDRIVE)
DRV - [2010/07/15 15:18:22 | 000,120,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\Mpfp.sys -- (MPFP)
DRV - [2010/04/03 18:55:31 | 010,232,128 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys -- (nv)
DRV - [2009/09/16 11:22:48 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfehidk.sys -- (mfehidk)
DRV - [2009/09/16 11:22:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfeavfk.sys -- (mfeavfk)
DRV - [2009/09/16 11:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 11:22:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfebopk.sys -- (mfebopk)
DRV - [2009/09/16 11:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mferkdk.sys -- (mferkdk)
DRV - [2009/06/21 20:29:53 | 000,002,208 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\nxsIO32.sys -- (nxsIO32)
DRV - [2009/06/17 17:10:29 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/05/09 01:14:20 | 000,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\nuidfltr.sys -- (NuidFltr)
DRV - [2009/04/09 12:57:31 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2009/01/15 17:17:42 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/01/15 17:17:38 | 000,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2008/11/08 14:19:11 | 000,271,360 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\atksgt.sys -- (atksgt)
DRV - [2008/11/08 14:19:11 | 000,018,048 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\lirsgt.sys -- (lirsgt)
DRV - [2008/04/13 14:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 14:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2006/03/05 19:46:29 | 000,223,128 | ---- | M] (Alcohol Soft Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\vaxscsi.sys -- (vaxscsi)
DRV - [2004/12/09 11:25:49 | 000,047,104 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2004/11/23 18:11:30 | 000,028,352 | ---- | M] (MusicMatch, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\MxlW2k.sys -- (MxlW2k)
DRV - [2004/10/28 06:47:59 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2004/10/07 21:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/08/13 04:56:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\drvnddm.sys -- (drvnddm)
DRV - [2004/08/13 03:05:00 | 000,100,603 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2004/08/13 03:05:00 | 000,098,714 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2004/08/13 03:05:00 | 000,086,202 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2004/08/13 03:05:00 | 000,034,843 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2004/08/13 03:05:00 | 000,025,723 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2004/08/13 03:05:00 | 000,014,715 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2004/08/13 03:05:00 | 000,006,363 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2004/08/13 03:05:00 | 000,004,123 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2004/08/13 03:05:00 | 000,002,239 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndres.sys -- (tfsndres)
DRV - [2004/08/04 05:21:00 | 000,087,136 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2004/07/14 13:29:04 | 000,005,627 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\sscdbhk5.sys -- (sscdbhk5)
DRV - [2004/07/14 13:28:50 | 000,023,545 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ssrtln.sys -- (ssrtln)
DRV - [2004/06/16 00:52:40 | 000,061,157 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC53.sys -- (IntelC53)
DRV - [2004/06/09 14:16:00 | 000,840,960 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\P17.sys -- (P17)
DRV - [2004/03/06 00:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC52.sys -- (IntelC52)
DRV - [2004/03/06 00:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC51.sys -- (IntelC51)
DRV - [2004/03/06 00:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mohfilt.sys -- (mohfilt)
DRV - [2003/09/22 10:48:00 | 000,130,192 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctsfm2k.sys -- (ctsfm2k)
DRV - [2003/09/22 10:47:00 | 000,178,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctoss2k.sys -- (ossrv)
DRV - [2003/03/05 14:19:00 | 000,015,840 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\Pfmodnt.sys -- (PfModNT)
DRV - [2003/01/10 18:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2002/11/08 15:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2001/08/17 16:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 16:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 16:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 16:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 16:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 15:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 15:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 15:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 15:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 15:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 15:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 15:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 15:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 15:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 15:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 15:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search"
FF - prefs.js..browser.search.defaulturl: "http://flvdirect.iam...c=tops&search="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.1
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.7.1.3
FF - prefs.js..extensions.enabledItems: {cc6ef5ab-35be-4300-bd07-d12850fc97ff}:4.5.0
FF - prefs.js..keyword.URL: "http://flvdirect.iam...c=tops&search="
FF - prefs.js..network.proxy.type: 4

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/06/24 11:17:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{A3EF0A2D-D5BB-4543-8601-EDBC6185D451}: C:\Documents and Settings\Trista Williams\Local Settings\Application Data\{A3EF0A2D-D5BB-4543-8601-EDBC6185D451}
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/27 10:55:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/18 18:39:44 | 000,000,000 | ---D | M]

[2009/02/23 20:01:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\Mozilla\Extensions
[2009/02/23 20:01:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\Mozilla\Extensions\[email protected]
[2010/07/22 17:58:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\Mozilla\Firefox\Profiles\j3sif6nu.default\extensions
[2010/07/19 20:47:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Trista Williams\Application Data\Mozilla\Firefox\Profiles\j3sif6nu.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/07/15 09:57:17 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Trista Williams\Application Data\Mozilla\Firefox\Profiles\j3sif6nu.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/07/19 20:47:38 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Documents and Settings\Trista Williams\Application Data\Mozilla\Firefox\Profiles\j3sif6nu.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2010/04/23 08:24:31 | 000,000,000 | ---D | M] (Curacao) -- C:\Documents and Settings\Trista Williams\Application Data\Mozilla\Firefox\Profiles\j3sif6nu.default\extensions\{cc6ef5ab-35be-4300-bd07-d12850fc97ff}
[2010/07/15 09:57:15 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Trista Williams\Application Data\Mozilla\Firefox\Profiles\j3sif6nu.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2008/09/25 11:17:42 | 000,000,000 | ---D | M] (Miint) -- C:\Documents and Settings\Trista Williams\Application Data\Mozilla\Firefox\Profiles\j3sif6nu.default\extensions\{d596c130-b00a-11db-abbd-0800200c9a66}
[2009/02/07 23:57:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Trista Williams\Application Data\Mozilla\Firefox\Profiles\j3sif6nu.default\extensions\{eeb97566-866d-4551-b292-7de53fb9fe24}
[2008/11/16 13:01:18 | 000,000,000 | ---D | M] (CustomizeGoogle) -- C:\Documents and Settings\Trista Williams\Application Data\Mozilla\Firefox\Profiles\j3sif6nu.default\extensions\{fce36c1e-58d8-498a-b2a5-66ad1cedebbb}
[2009/12/12 20:09:18 | 000,002,164 | ---- | M] () -- C:\Documents and Settings\Trista Williams\Application Data\Mozilla\Firefox\Profiles\j3sif6nu.default\searchplugins\bing.xml
[2008/05/30 18:27:09 | 000,001,045 | ---- | M] () -- C:\Documents and Settings\Trista Williams\Application Data\Mozilla\Firefox\Profiles\j3sif6nu.default\searchplugins\goodsearch.xml
[2010/05/18 11:52:59 | 000,000,266 | ---- | M] () -- C:\Documents and Settings\Trista Williams\Application Data\Mozilla\Firefox\Profiles\j3sif6nu.default\searchplugins\Search.xml
[2010/07/22 17:58:09 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/02 09:31:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2007/04/23 21:50:57 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\Access Privileges Test
[2009/05/20 23:21:52 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/03/30 17:13:54 | 000,098,304 | ---- | M] (RealNetworks) -- C:\Program Files\Mozilla Firefox\plugins\npraclient.dll
[2005/04/27 16:10:49 | 000,102,400 | ---- | M] (RealNetworks) -- C:\Program Files\Mozilla Firefox\plugins\npracplug.dll
[2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: ([2009/11/18 19:56:50 | 000,000,027 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No CLSID value found.
O4 - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE (FUJI PHOTO FILM CO., LTD.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....467&clcid=0x409 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} http://www.pogo.com/...erInstaller.CAB (PogoWebLauncher Control)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcaf...99/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1127252322890 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Trista Williams\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Trista Williams\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/04/20 16:37:17 | 000,054,544 | R--- | M] (Electronic Arts) - D:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2010/03/27 00:03:00 | 000,000,049 | R--- | M] () - D:\Autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/07/23 18:12:49 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/07/22 17:36:00 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Trista Williams\Desktop\OTL.exe
[2010/07/19 12:43:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Trista Williams\Desktop\ecg
[2010/07/18 21:53:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2010/07/15 15:49:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Trista Williams\Desktop\pattern
[2010/07/14 12:26:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/07/08 12:46:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Trista Williams\Application Data\Gamers Digital
[2010/07/08 12:46:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Gamers Digital
[2010/06/15 20:38:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Stardock
[2010/06/15 20:28:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Trista Williams\Application Data\Stardock
[2010/06/15 20:27:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Stardock
[2010/06/15 20:26:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Trista Williams\Local Settings\Application Data\PackageAware
[2010/06/15 20:18:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Ironclad Games
[2010/06/15 20:11:46 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{0E8E33D8-193A-414A-A909-0F101A142D26}
[2010/06/10 10:17:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Trista Williams\Desktop\New Folder
[2010/06/09 12:05:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Trista Williams\Application Data\NevoSoft Games
[2010/06/01 09:49:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Trista Williams\Desktop\Hacks
[2010/05/28 18:43:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Trista Williams\Local Settings\Application Data\Buried In Time
[2010/05/27 13:10:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DirectX
[2010/05/27 13:10:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Trista Williams\My Documents\HospitalTycoon
[2010/05/18 15:25:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Trista Williams\Application Data\MegaplexMadnessSummerBlockbuster
[2010/05/18 11:56:27 | 000,327,168 | ---- | C] (S.A.D.E. s.a.r.l.) -- C:\WINDOWS\System32\vdsrun30.dll
[2010/05/13 10:44:01 | 000,000,000 | ---D | C] -- C:\Program Files\LeeGTs Games
[2010/05/09 18:52:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Trista Williams\My Documents\Royal Envoy
[2010/05/09 18:35:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Playrix Entertainment
[2003/12/09 14:16:52 | 000,442,368 | ---- | C] ( ) -- C:\WINDOWS\System32\comintfs.dll
[1980/01/01 02:00:00 | 000,151,552 | ---- | C] ( ) -- C:\WINDOWS\System32\ATIDEMGR.dll
[1980/01/01 02:00:00 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll

========== Files - Modified Within 90 Days ==========

[2010/07/23 18:19:51 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/07/23 18:19:16 | 000,030,333 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2010/07/23 18:18:39 | 000,276,202 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010/07/23 18:18:28 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/23 18:18:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/07/23 18:18:22 | 2682,408,960 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/23 18:17:39 | 016,515,072 | ---- | M] () -- C:\Documents and Settings\Trista Williams\ntuser.dat
[2010/07/23 18:16:00 | 000,001,018 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3695989334-299366651-2604234238-1008UA.job
[2010/07/22 19:23:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/07/22 19:23:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2010/07/22 17:35:50 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Trista Williams\Desktop\OTL.exe
[2010/07/22 17:16:03 | 000,000,966 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3695989334-299366651-2604234238-1008Core.job
[2010/07/20 13:23:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2010/07/18 23:00:19 | 000,000,024 | ---- | M] () -- C:\WINDOWS\popcinfot.dat
[2010/07/15 15:18:22 | 000,120,136 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\Mpfp.sys
[2010/07/15 15:14:35 | 000,002,117 | ---- | M] () -- C:\WINDOWS\WIN.INI
[2010/07/14 12:46:15 | 000,000,955 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\The Sims™ 3 Create a World Tool - Beta.lnk
[2010/07/05 17:16:51 | 000,002,358 | ---- | M] () -- C:\Documents and Settings\Trista Williams\Desktop\Google Chrome.lnk
[2010/07/05 17:16:51 | 000,002,336 | ---- | M] () -- C:\Documents and Settings\Trista Williams\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/06/28 22:20:37 | 000,000,521 | ---- | M] () -- C:\hpfr3420.xml
[2010/06/27 07:23:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2010/06/24 23:07:34 | 000,533,546 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/24 23:07:34 | 000,463,200 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2010/06/24 23:07:34 | 000,080,226 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2010/06/24 20:25:45 | 000,001,130 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\The Sims™ 3 Create a Pattern Tool.lnk
[2010/06/17 12:48:28 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/06/15 20:28:05 | 000,000,904 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Impulse.lnk
[2010/06/13 22:43:39 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010/06/13 22:43:39 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest
[2010/06/13 22:43:39 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010/06/13 22:43:39 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2010/06/13 22:43:39 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010/06/13 22:43:39 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2010/06/13 21:56:49 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Trista Williams\NTUSER.INI
[2010/06/12 10:13:26 | 000,282,928 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/11 23:02:11 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/01 17:05:17 | 000,000,861 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\The Sims™ 3 Ambitions.lnk
[2010/05/26 22:52:18 | 003,179,678 | -H-- | M] () -- C:\Documents and Settings\Trista Williams\Local Settings\Application Data\IconCache.db
[2010/05/18 11:56:31 | 000,000,114 | ---- | M] () -- C:\WINDOWS\CS_MD_T.ini
[2010/05/10 16:56:35 | 000,076,280 | ---- | M] () -- C:\Documents and Settings\Trista Williams\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/26 13:13:54 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for

========== Files Created - No Company Name ==========

[2010/07/22 17:11:08 | 2682,408,960 | -HS- | C] () -- C:\hiberfil.sys
[2010/07/18 23:00:19 | 000,000,024 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2010/07/14 12:46:15 | 000,000,955 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\The Sims™ 3 Create a World Tool - Beta.lnk
[2010/06/24 20:25:45 | 000,001,130 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\The Sims™ 3 Create a Pattern Tool.lnk
[2010/06/15 20:28:05 | 000,000,904 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Impulse.lnk
[2010/06/01 17:05:17 | 000,000,861 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\The Sims™ 3 Ambitions.lnk
[2010/05/18 11:56:31 | 000,000,114 | ---- | C] () -- C:\WINDOWS\CS_MD_T.ini
[2010/05/18 11:56:27 | 000,001,225 | ---- | C] () -- C:\WINDOWS\System32\readme.htm
[2010/04/26 13:13:54 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2010/04/26 13:13:54 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2009/07/09 20:01:46 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\nvRegDev.dll
[2009/07/02 14:57:42 | 000,001,468 | ---- | C] () -- C:\WINDOWS\ips.INI
[2009/06/21 20:29:53 | 000,002,208 | ---- | C] () -- C:\WINDOWS\System32\drivers\nxsIO32.sys
[2009/02/06 14:55:10 | 000,000,037 | ---- | C] () -- C:\WINDOWS\Viewer.ini
[2009/02/06 14:42:27 | 000,000,091 | ---- | C] () -- C:\WINDOWS\WSIMFARM.INI
[2008/11/08 14:19:11 | 000,271,360 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2008/11/08 14:19:11 | 000,018,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/09/17 13:36:22 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2008/09/17 13:36:20 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2008/09/17 13:36:20 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2008/09/17 13:36:20 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\Ogg.dll
[2008/09/09 14:48:54 | 000,000,220 | ---- | C] () -- C:\WINDOWS\RomeTW.ini
[2007/10/17 18:06:14 | 000,000,050 | ---- | C] () -- C:\WINDOWS\MegaManager.INI
[2007/07/16 16:07:53 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2007/05/31 20:49:51 | 000,107,520 | ---- | C] () -- C:\WINDOWS\System32\SIMANT.DLL
[2007/05/31 20:49:51 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\VERMONT1.DLL
[2007/05/31 20:49:51 | 000,012,416 | ---- | C] () -- C:\WINDOWS\System32\VRX1.DLL
[2007/05/10 17:00:40 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\IYVU9_32.DLL
[2007/05/09 21:02:00 | 000,002,554 | ---- | C] () -- C:\WINDOWS\WAVEMIX.INI
[2006/09/06 19:25:33 | 000,314,880 | ---- | C] () -- C:\WINDOWS\System32\cfssvradmin.dll
[2006/09/06 19:25:32 | 000,095,744 | ---- | C] () -- C:\WINDOWS\System32\CFFileProxy.dll
[2006/09/06 19:25:31 | 000,292,352 | ---- | C] () -- C:\WINDOWS\System32\cfproject.dll
[2006/09/06 19:25:31 | 000,082,432 | ---- | C] () -- C:\WINDOWS\System32\CFFtp.dll
[2006/09/06 19:25:30 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\CFFPTree.dll
[2006/09/06 19:25:18 | 000,038,400 | ---- | C] () -- C:\WINDOWS\System32\cfmsg.dll
[2006/09/06 19:16:56 | 000,005,987 | ---- | C] () -- C:\WINDOWS\cool.ini
[2006/08/02 11:59:15 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2006/07/28 18:35:16 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2006/04/03 17:29:09 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\6FD9BF5D28.sys
[2006/04/03 17:20:55 | 000,006,998 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/03/05 19:39:51 | 000,721,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2005/09/22 12:03:47 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2004/12/16 23:34:15 | 000,000,075 | ---- | C] () -- C:\WINDOWS\USBBC.ini
[2004/12/16 23:34:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\DettoMe.INI
[2004/12/12 12:44:59 | 000,001,229 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2004/12/11 20:32:57 | 000,002,281 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2004/11/23 18:18:11 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/11/23 18:14:26 | 000,001,271 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/11/23 18:03:17 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/11/23 17:59:34 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2004/11/23 17:59:23 | 000,003,278 | ---- | C] () -- C:\WINDOWS\System32\LudaP17.ini
[2004/11/23 17:59:23 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2004/11/23 17:59:17 | 000,000,072 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2004/11/23 17:33:50 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/09/16 02:28:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 15:13:12 | 000,000,780 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/08/04 07:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI
[2003/03/09 00:31:04 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[1996/04/03 15:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
[1980/01/01 02:00:00 | 000,060,928 | ---- | C] () -- C:\WINDOWS\System32\P17.dll
[1980/01/01 02:00:00 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\P17CPI.dll
[1980/01/01 02:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

========== LOP Check ==========

[2009/01/24 00:04:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2010/02/17 13:34:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AlawarWrapper
[2009/08/25 14:02:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Artist Colony
[2009/06/17 17:01:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ashampoo
[2009/02/19 16:21:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ashtons. Family Resort
[2009/02/07 13:59:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\blg
[2008/11/01 21:04:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BOONTY
[2004/11/23 17:58:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2009/07/29 14:21:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CasualForge
[2010/03/03 12:53:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cateia Games
[2009/06/17 17:16:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2009/01/23 16:16:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DivoGames
[2009/02/12 17:51:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eGames
[2010/07/14 12:26:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2006/09/24 20:45:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2009/11/07 17:07:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EscapeFromParadise2
[2009/01/20 11:52:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy-PizzaParty
[2008/07/29 18:51:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy2
[2009/11/10 13:49:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy3
[2010/02/17 13:37:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy3_America
[2010/02/17 13:49:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy3_Arctica
[2008/06/07 22:13:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flood Light Games
[2008/04/13 20:26:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fugazo
[2009/10/11 13:36:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse
[2010/07/08 12:46:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gamers Digital
[2009/08/26 11:46:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\game_fillup_v2_usa
[2008/01/17 22:48:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Go Go Gourmet
[2009/03/18 17:44:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gogii
[2008/02/20 22:05:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2010/03/27 17:04:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Happyville__
[2008/11/19 23:04:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HipSoft
[2010/06/15 20:18:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ironclad Games
[2009/10/04 12:18:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Islands
[2009/08/09 16:40:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin
[2009/08/09 16:39:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin Games
[2008/12/14 01:21:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JollyBear
[2009/12/05 10:44:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kristanix Games
[2006/09/02 14:18:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lionhead Studios
[2008/06/07 20:11:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ludia
[2009/09/21 17:23:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Merscom
[2009/04/09 13:16:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Namco
[2008/12/18 19:56:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NevoSoft Games
[2010/03/17 17:47:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2010/05/09 18:35:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Playrix Entertainment
[2009/03/17 17:20:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PoBros
[2010/07/18 21:53:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2006/06/11 22:29:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QubeSoft
[2009/06/26 12:32:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2009/08/30 12:52:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2008/06/08 17:13:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SimCity Societies
[2009/11/07 16:58:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sprouts Adventure
[2010/06/15 20:27:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Stardock
[2009/08/28 11:43:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SuperRanch
[2010/04/16 17:56:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/04/24 18:19:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TikGames
[2009/04/24 17:09:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UClick
[2006/09/24 20:45:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2010/02/11 20:40:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Valusoft
[2008/09/15 17:59:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/09/12 23:09:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VirtualFarm
[2009/11/14 11:07:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2010/06/15 20:11:48 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{0E8E33D8-193A-414A-A909-0F101A142D26}
[2010/02/13 18:50:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\1morebee
[2007/01/21 00:34:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\acccore
[2008/02/23 14:57:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\Aim
[2009/10/11 13:24:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\Alawar
[2008/11/09 14:33:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\AlterLab
[2009/07/01 12:46:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\Anvil-Soft
[2009/06/01 16:51:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\Ascaron Entertainment
[2009/06/17 17:02:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\Ashampoo
[2009/02/19 16:21:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\Ashtons. Family Resort
[2008/09/01 18:09:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\Atari
[2010/04/13 17:14:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\Big Fish Games
[2009/02/07 13:59:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\blg
[2009/01/24 12:03:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\Boomzap
[2009/07/29 14:21:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\CasualForge
[2010/03/13 13:19:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\CKK
[2009/06/17 19:56:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\DAEMON Tools Lite
[2009/01/29 13:31:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\DataCast
[2005/12/26 01:32:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\eGames
[2009/02/26 09:38:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\EleFun Games
[2009/01/24 14:44:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\Fabulous Finds
[2008/11/09 13:46:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\FirstColony
[2008/06/07 22:13:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\Flood Light Games
[2006/02/05 22:37:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\FUJIFILM
[2009/09/22 18:55:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\funkitron
[2006/12/12 20:42:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\Gaijin Ent
[2009/01/24 15:02:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\GameInvest
[2008/08/17 16:06:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\Gamelab
[2010/07/08 12:46:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\Gamers Digital
[2008/06/04 16:03:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\GamesCafe
[2008/08/16 01:34:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\Go-Go Gourmet Chef of the Year
[2009/12/19 19:25:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\Got Game Entertainment
[2010/03/10 12:32:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\gtk-2.0
[2007/10/22 18:55:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\Home Sweet Home
[2008/09/12 21:30:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\Home Sweet Home 2
[2005/12/26 01:28:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\Hulabee
[2009/03/09 19:27:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\IOMediaSupport6SZZ001s
[2008/06/07 20:31:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\iWin
[2005/11/30 18:29:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\Jamdat
[2008/08/09 14:03:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\Jane s Realty
[2010/03/31 18:06:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\Janes Realty2
[2010/02/16 13:00:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\Ladia Group
[2004/12/13 13:44:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\Leadertech
[2006/03/07 14:10:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\Lionhead Studios
[2008/06/07 20:11:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\Ludia
[2006/01/17 18:47:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\Magic Match
[2008/05/19 16:43:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\Magic Seeds
[2007/05/14 19:15:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\Magic Stones
[2010/05/18 16:09:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\MegaplexMadnessSummerBlockbuster
[2008/04/11 18:56:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\Meridian93
[2009/09/21 17:23:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\Merscom
[2007/11/26 22:11:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\MilkShape 3D 1.x.x
[2005/04/13 11:35:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\Mind Control Software
[2008/09/01 18:00:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\My Games
[2007/05/02 22:09:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\MysteryStudio
[2009/04/09 13:16:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\Namco
[2010/06/09 12:05:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\NevoSoft Games
[2006/09/24 20:50:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\Nikon
[2007/05/02 21:42:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\Ohana Games
[2008/02/19 19:48:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\Orbit
[2009/07/27 18:15:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\Peace Craft
[2009/09/22 09:12:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\PlayFirst
[2009/03/17 17:20:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\PoBros
[2008/10/29 22:33:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\Pogo Games
[2009/07/02 14:02:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\Ransen Software
[2009/09/13 16:39:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\Sanna
[2007/04/15 15:00:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\SecondLife
[2009/04/02 11:16:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\Shape games
[2009/05/15 16:20:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\ShinyTales
[2008/10/17 00:09:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\Skip-Bo
[2009/03/09 19:27:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\Spinapse
[2009/10/12 14:52:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\SPORE
[2010/06/15 20:28:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\Stardock
[2008/09/12 21:58:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\SulusGames
[2009/03/09 19:27:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\Suspects and Clues Players
[2009/03/09 19:27:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\Suspects and Clues Prefs
[2010/02/07 12:25:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\SystemRequirementsLab
[2009/04/24 18:19:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\TikGames
[2010/06/16 14:41:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\Tropico 3
[2009/10/27 14:36:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\TSRWorkshop
[2009/04/24 17:09:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\UClick
[2010/05/11 16:14:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\uTorrent
[2010/02/11 20:40:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\Valusoft
[2007/02/22 17:02:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\Viewpoint
[2010/02/16 19:29:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\Virtual City
[2006/02/06 11:46:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\Webshots
[2007/12/13 22:02:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\Wings3D
[2009/01/01 17:56:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\World-LooM
[2010/05/16 10:33:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trista Williams\Application Data\Youdagames
[2010/07/22 19:23:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 1).job
[2010/02/22 02:23:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 2).job
[2010/06/27 07:23:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 3).job
[2010/07/20 13:23:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 4).job
[2010/07/22 19:23:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2005/01/18 14:29:18 | 000,000,362 | ---- | M] () -- C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1106072886.job
[2009/10/15 01:17:59 | 000,000,360 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job
[2009/11/01 01:00:33 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:68DF9542
@Alternate Data Stream - 498 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
@Alternate Data Stream - 205 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:40587A0C
@Alternate Data Stream - 169 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BB785348
@Alternate Data Stream - 154 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FAFEC4B9
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1E22E44
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4A99C15E
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:931BB48A
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9E3E060F
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F2DC4B0B
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:95CCDA36
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A6346EE9
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:375FC7E7
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AC73CDCE
< End of report >


And this is ComboFix.txt
ComboFix 10-07-23.01 - Trista Williams 07/23/2010 18:34:35.5.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2558.2057 [GMT -4:00]
Running from: c:\documents and settings\Trista Williams\Desktop\george.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Trista Williams\My Documents\DPE.DUS
C:\ErrLog.txt
c:\windows\settings.reg

.
((((((((((((((((((((((((( Files Created from 2010-06-23 to 2010-07-23 )))))))))))))))))))))))))))))))
.

2010-07-23 22:12 . 2010-07-23 22:12 -------- d-----w- C:\_OTL
2010-07-20 00:47 . 2010-07-19 23:00 52224 ----a-w- c:\documents and settings\Trista Williams\Application Data\Mozilla\Firefox\Profiles\j3sif6nu.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
2010-07-20 00:47 . 2010-07-19 23:00 101376 ----a-w- c:\documents and settings\Trista Williams\Application Data\Mozilla\Firefox\Profiles\j3sif6nu.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
2010-07-19 03:00 . 2010-07-19 03:00 24 ----a-w- c:\windows\popcinfot.dat
2010-07-19 01:53 . 2010-07-19 01:53 -------- d-----w- c:\documents and settings\All Users\Application Data\PopCap Games
2010-07-14 16:26 . 2010-07-14 16:27 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-07-13 23:34 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-08 16:46 . 2010-07-08 16:46 -------- d-----w- c:\documents and settings\Trista Williams\Application Data\Gamers Digital
2010-07-08 16:46 . 2010-07-08 16:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Gamers Digital

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-23 21:59 . 2009-03-17 14:26 -------- d-----w- c:\program files\McAfee
2010-07-15 19:18 . 2009-03-17 14:28 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2010-07-14 16:45 . 2004-11-23 21:57 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-14 16:26 . 2009-05-23 16:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts
2010-07-14 04:23 . 2007-08-15 16:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-07-12 15:37 . 2008-09-03 00:35 -------- d-----w- c:\program files\MilkShape 3D 1.8.2
2010-07-10 16:39 . 2004-12-14 22:24 -------- d-----w- c:\program files\Electronic Arts
2010-06-16 18:41 . 2009-10-22 20:32 -------- d-----w- c:\documents and settings\Trista Williams\Application Data\Tropico 3
2010-06-16 00:38 . 2010-06-16 00:38 -------- d-----w- c:\program files\Common Files\Stardock
2010-06-16 00:28 . 2010-06-16 00:28 -------- d-----w- c:\documents and settings\Trista Williams\Application Data\Stardock
2010-06-16 00:27 . 2010-06-16 00:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Stardock
2010-06-16 00:18 . 2010-06-16 00:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Ironclad Games
2010-06-16 00:11 . 2010-06-16 00:11 -------- d--h--w- c:\documents and settings\All Users\Application Data\{0E8E33D8-193A-414A-A909-0F101A142D26}
2010-06-14 14:31 . 2004-08-04 11:00 744448 ----a-w- c:\windows\PCHEALTH\HELPCTR\BINARIES\helpsvc.exe
2010-06-14 02:41 . 2010-06-14 02:41 300384 ----a-w- c:\documents and settings\All Users\Application Data\McAfee\Supportability\Content\MVT\XMLFiles\detect.dll
2010-06-14 02:41 . 2009-01-28 16:48 300384 ----a-w- c:\documents and settings\Trista Williams\Application Data\McAfee\Supportability\MVTLogs\Results\detect.dll
2010-06-09 16:05 . 2010-06-09 16:05 -------- d-----w- c:\documents and settings\Trista Williams\Application Data\NevoSoft Games
2010-06-04 17:51 . 2007-09-02 23:20 -------- d-----w- c:\program files\NVIDIA Corporation
2010-05-27 17:10 . 2010-05-27 17:10 -------- d-----w- c:\program files\Common Files\DirectX
2010-05-24 15:22 . 2010-05-24 15:22 61440 ----a-w- c:\documents and settings\Trista Williams\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-542577b8-n\decora-sse.dll
2010-05-24 15:22 . 2010-05-24 15:22 503808 ----a-w- c:\documents and settings\Trista Williams\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-2c2df6d6-n\msvcp71.dll
2010-05-24 15:22 . 2010-05-24 15:22 499712 ----a-w- c:\documents and settings\Trista Williams\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-2c2df6d6-n\jmc.dll
2010-05-24 15:22 . 2010-05-24 15:22 348160 ----a-w- c:\documents and settings\Trista Williams\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-2c2df6d6-n\msvcr71.dll
2010-05-24 15:22 . 2010-05-24 15:22 12800 ----a-w- c:\documents and settings\Trista Williams\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-542577b8-n\decora-d3d.dll
2010-05-10 20:56 . 2004-12-12 03:00 76280 -c--a-w- c:\documents and settings\Trista Williams\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-02 05:22 . 2004-08-04 11:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 19:39 . 2009-01-23 18:53 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39 . 2009-01-23 18:53 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2008-01-05 19:19 . 2008-01-03 16:21 30 ----a-w- c:\program files\Sims2Pack Clean Installer.ini
2007-06-28 17:54 . 2007-06-28 17:51 181639163 -c--a-w- c:\program files\Gamescampus.rar
2006-09-06 23:17 . 2006-09-06 23:17 3252 -c--a-w- c:\program files\flt.dat
2006-09-06 23:17 . 2006-09-06 23:17 44114 -c--a-w- c:\program files\xfm.dat
2006-09-06 23:17 . 2006-09-06 23:17 16826 -c-ha-w- c:\program files\COOL96.GID
2005-07-12 19:31 . 2005-07-12 19:31 382 ----a-w- c:\program files\Shortcut to Program Files.lnk
2005-03-26 17:21 . 2005-03-25 22:29 9863000 -c--a-w- c:\program files\DinerDashSetup.exe
2005-03-26 00:37 . 2005-03-26 00:36 4076673 -c--a-w- c:\program files\bbb_demo_at.exe
2004-12-15 02:29 . 2004-12-15 02:29 943835 -c--a-w- c:\program files\winzip70.exe
1997-12-16 05:00 . 2006-09-06 23:16 240732 -c--a-w- c:\program files\cool96.hlp
1997-04-29 12:06 . 2006-09-06 23:16 55808 -c--a-w- c:\program files\vce.flt
1997-04-29 12:06 . 2006-09-06 23:16 21504 -c--a-w- c:\program files\dwd96.flt
1997-04-29 12:06 . 2006-09-06 23:16 151217 -c--a-w- c:\program files\cool.au
2006-04-03 21:37 . 2006-04-03 21:29 88 --sh--r- c:\windows\SYSTEM32\6FD9BF5D28.sys
2009-07-23 19:17 . 2006-04-03 21:20 6998 -csha-w- c:\windows\SYSTEM32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Trista Williams\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-03-15 135664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-05 53248]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-25 98304]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2008-06-10 1442888]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-03 13670504]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-04-03 110696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp psc 1000 series.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\hp psc 1000 series.lnk
backup=c:\windows\pss\hp psc 1000 series.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkbMonitor.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\NkbMonitor.exe.lnk
backup=c:\windows\pss\NkbMonitor.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
2003-09-17 16:43 57344 ----a-w- c:\program files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2004-08-24 00:19 57344 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 15:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2004-04-12 02:15 290816 ------w- c:\program files\Dell\Media Experience\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
2006-03-30 20:45 313472 ----a-r- c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Viewpoint Manager Service"=2 (0x2)
"SiteAdvisor Service"=2 (0x2)
"ProtexisLicensing"=3 (0x3)
"Pml Driver HPZ12"=3 (0x3)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)
"MDM"=2 (0x2)
"AOL ACS"=2 (0x2)
"NetSvc"=3 (0x3)
"Creative Service for CDROM Access"=2 (0x2)
"iWinTrusted"=2 (0x2)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"GameConsoleService"=3 (0x3)
"FlexService"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"mmtask"=c:\program files\MusicMatch\MusicMatch Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"f:\\Programs\\Civ4\\Civilization4.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"f:\\Programs\\colonization\\Colonization.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"f:\\Program Files\\Stardock Games\\Sins of a Solar Empire\\Sins of a Solar Empire.exe"=
"f:\\Program Files\\Stardock Games\\Sins of a Solar Empire\\Sins of a Solar Empire Entrenchment.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [1/15/2009 5:17 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/15/2009 5:17 PM 55024]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [3/17/2009 10:30 AM 93320]
R2 nxsIO32;NextSensor Kernel I/O Driver;c:\windows\SYSTEM32\DRIVERS\nxsIO32.sys [6/21/2009 8:29 PM 2208]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/15/2009 5:17 PM 7408]
S3 vaxscsi;vaxscsi;c:\windows\SYSTEM32\DRIVERS\vaxscsi.sys [3/5/2006 7:46 PM 223128]
S4 sptd;sptd;c:\windows\SYSTEM32\DRIVERS\sptd.sys [3/5/2006 7:39 PM 721904]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [9/15/2008 5:59 PM 24652]
.
Contents of the 'Scheduled Tasks' folder

2005-01-18 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B8106072886.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 05:52]

2010-07-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3695989334-299366651-2604234238-1008Core.job
- c:\documents and settings\Trista Williams\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-15 02:00]

2010-07-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3695989334-299366651-2604234238-1008UA.job
- c:\documents and settings\Trista Williams\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-15 02:00]

2009-10-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-03-17 17:22]

2009-11-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-03-17 17:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: mcafee.com
DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
FF - ProfilePath - c:\documents and settings\Trista Williams\Application Data\Mozilla\Firefox\Profiles\j3sif6nu.default\
FF - prefs.js: browser.search.defaulturl - hxxp://flvdirect.iamwired.net/websearch.php?src=tops&search=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://flvdirect.iamwired.net/websearch.php?src=tops&search=
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\Trista Williams\Application Data\Mozilla\Firefox\Profiles\j3sif6nu.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Trista Williams\Application Data\Mozilla\Firefox\Profiles\j3sif6nu.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\documents and settings\All Users\Application Data\RealArcade\npraclient.dll
FF - plugin: c:\documents and settings\Trista Williams\Application Data\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: c:\documents and settings\Trista Williams\Application Data\Move Networks\plugins\npqmp071505000011.dll
FF - plugin: c:\documents and settings\Trista Williams\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\McAfee\Supportability\MVT\NPMVTPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-!AVG Anti-Spyware - c:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
MSConfigStartUp-408809432 - c:\docume~1\TRISTA~1\LOCALS~1\Temp\Reg\EGAMES~1.EXE
MSConfigStartUp-Application Layer Gateway - c:\program files\Common Files\alg.exe
AddRemove-El-Rail Facelift Mod - c:\documents and settings\Trista Williams\My Documents\SimCity 4\Plugins\Network Addon Mod\El-Rail Facelift Mod\uninst.exe
AddRemove-Impulse - c:\documents and settings\All Users\Application Data\{26909E1E-8C8C-4714-BC8D-95CBCE4104DE}\Impulse_setup.exe
AddRemove-NVIDIA Display Control Panel - c:\program files\NVIDIA Corporation\Uninstall\nvuninst.exe
AddRemove-{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7} - c:\documents and settings\All Users\Application Data\{26909E1E-8C8C-4714-BC8D-95CBCE4104DE}\Impulse_setup.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-23 18:41
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3695989334-299366651-2604234238-1008\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:54,d5,6d,31,03,0d,68,4c,d0,4a,c2,83,f8,b3,78,f4,2c,d2,46,b1,d7,d6,ac,
af,01,35,a3,1b,65,70,0f,d2,03,e0,cd,42,c2,c7,fd,cd,5b,e2,0b,ae,60,d4,49,7e,\
"??"=hex:8b,21,3a,12,14,a2,a9,29,db,63,63,48,de,7e,e7,7c

[HKEY_USERS\S-1-5-21-3695989334-299366651-2604234238-1008\Software\SecuROM\License information*]
"datasecu"=hex:d2,54,fa,7f,2a,d7,0c,48,39,f0,59,2b,73,26,59,e8,d5,f2,e0,f9,2c,
75,51,b0,3d,65,c1,63,c5,c2,fc,29,89,23,41,02,06,a0,42,b3,e6,81,f2,e1,c7,8f,\
"rkeysecu"=hex:e5,f2,09,3f,a1,19,c2,c6,31,3a,30,4c,6d,5c,8a,3d

[HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\Software\CLASSES\CLSID\{2CDC19AF-8603-2A41-69DD-72C69844EE53}*\InprocServer32]
"{2CDC19AF-8603-2A41-69DD-72C69844EE53}"=hex:a5,cf,39,a0,8d,84,6a,c8,c7,f9,f7,
ac,03,ba,f8,3f,6f,40,97,84,c1,fc,ff,73,a5,cf,39,a0,8d,84,6a,c8,a5,cf,39,a0,\

[HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\Software\CLASSES\CLSID\{4ADD3D0D-1B17-5755-7F97-AD2A71A2E27A}*\InprocServer32]
"{4ADD3D0D-1B17-5755-7F97-AD2A71A2E27A}"=hex:1e,73,f3,70,50,35,18,65,68,b2,aa,
48,3e,e6,71,24,11,51,8a,be,2b,c6,f1,8c,1e,73,f3,70,50,35,18,65,1e,73,f3,70,\

[HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\Software\CLASSES\CLSID\{50B22C5B-FF37-F69D-6540-4D9CA61E6256}*\InprocServer32]
"{50B22C5B-FF37-F69D-6540-4D9CA61E6256}"=hex:e7,43,de,8f,8e,0b,c0,09,a2,cb,b5,
8d,db,03,db,a6,3b,0f,3c,43,ae,06,3a,84,e7,43,de,8f,8e,0b,c0,09,e7,43,de,8f,\

[HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\Software\CLASSES\CLSID\{5956025D-122E-984A-B0AB-A95C4402A935}*\InprocServer32]
"{5956025D-122E-984A-B0AB-A95C4402A935}"=hex:a1,32,f4,39,c3,87,f2,f0,97,42,e2,
99,02,01,f6,50,af,82,9e,64,8b,7c,90,64,a1,32,f4,39,c3,87,f2,f0,a1,32,f4,39,\

[HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\Software\CLASSES\CLSID\{802C461E-D244-85C4-2DE7-48FF83089E92}*\InprocServer32]
"{802C461E-D244-85C4-2DE7-48FF83089E92}"=hex:b4,48,dc,a0,4b,8d,42,68,4c,a1,77,
48,fd,f2,63,3f,16,50,ed,e0,dd,50,27,2c,b4,48,dc,a0,4b,8d,42,68,b4,48,dc,a0,\
.
Completion time: 2010-07-23 18:45:05
ComboFix-quarantined-files.txt 2010-07-23 22:45

Pre-Run: 15,406,829,568 bytes free
Post-Run: 15,381,532,672 bytes free

- - End Of File - - 4BEA1A7D0AC283EAF0734BFE0B866EC5

Edited by zandrailia, 23 July 2010 - 05:33 PM.

  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,188 posts
  • MVP
McAfee is, as usual, mistaken. I think they are the worst waste of money out there. You get better protection from the free Avast! http://www.avast.com...avast-home.html


However, the AutoEater download seems to be broken today.

As an alternative you can use Flash_Disinfector.exe by sUBs. Download
http://download.blee...Disinfector.exe
and save it to your desktop.

* Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
* The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.
* Wait until it has finished scanning and then exit the program.
* Reboot your computer when done.


Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.

Your logs now look pretty clean. Any problems left?

We need to clean up System Restore. Follow Jim's procedure here:
http://forum.aumha.o...581099691bf108f


Ron
  • 0

#5
zandrailia

zandrailia

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
I'm not seeing any further problems. Thanks so much for your help.
  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,188 posts
  • MVP
You can uninstall or delete any tools we had you download and their logs.
To uninstall combofix, copy the next line:

"%userprofile%\Desktop\george.exe" /Uninstall

Start, Run, cmd, OK then right click, Paste, then hit Enter.

To hide hidden files again:

XP

# Close all programs so that you are at your desktop.
# Double-click on the My Computer icon.
# Select the Tools menu and click Folder Options.
# After the new window appears select the View tab.
# Uncheck the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the 'Hide protected operating system files (recommended)' option.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and shutdown My Computer.

You do not have the latest Java. Get the latest (6 update 21) at:

http://www.java.com/...nload/index.jsp


Once you install it, go into Control Panel, Add/Remove Software and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)
I see:
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150080}" = J2SE Runtime Environment 5.0 Update 8
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat. Adobe is fond of foisting GetPlus on you. You can let them install it and then afterwards, go into Control Panel, Add/Remove Software and remove it. It probably doesn't hurt to leave it but I don't see the need for it and it has caused problems in the past.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

I recommend you install the free WinPatrol 2010 from http://www.winpatrol.com/download.html

It's a small program that will sit in your systray and warn you if something tries to make changes to your system.

If you use USB drives you might want to install Autorun Eater v2.4.
http://oldmcdonald.w...orun-eater-v24/
Another small program which will stay resident and prevent an infected USB drive from infecting your PC.

If you use Firefox then get the AdBlock Plus Add-on. WOT (Web of Trust) and No Script are two others you might want to try.

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox. It seems to work best if you reboot right after running it. You can run it any time that Firefox seems slow.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.

If you install the MVP Hosts file:
http://www.mvps.org/...p2002/hosts.htm
it will keep you from going to most bad sites. You do not need Spybot's Immunize which does the same thing.

If you have a router, log on to it today and change the default password!

Ron
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP